-
Notifications
You must be signed in to change notification settings - Fork 7
task: Move from ujson to orjson #855
Copy link
Copy link
Open
Labels
priority/2This issue stalls work on the project or its dependents, it's a blocker for a releaseThis issue stalls work on the project or its dependents, it's a blocker for a releasestate/need-triageThis issue needs to be triagedThis issue needs to be triagedtype/taskBody of work related to an epicBody of work related to an epic
Description
Metadata
Metadata
Assignees
Labels
priority/2This issue stalls work on the project or its dependents, it's a blocker for a releaseThis issue stalls work on the project or its dependents, it's a blocker for a releasestate/need-triageThis issue needs to be triagedThis issue needs to be triagedtype/taskBody of work related to an epicBody of work related to an epic
Component
Python SDK
Task Description
The infrahub-sdk relies on package ujson. I have an environment that's flagging the use of ujson as a security issue. The Github repo for ujson directly recommends moving to orjson instead of ujson because its "architecture is fundamentally ill-suited to making changes without risk of introducing new security vulnerabilities":
Warning
UltraJSON's architecture is fundamentally ill-suited to making changes without
risk of introducing new security vulnerabilities. As a result, this library
has been put into a maintenance-only mode. Support for new Python versions
will be added and critical bugs and security issues will still be
fixed but all other changes will be rejected. Users are encouraged to migrate
to orjson which is both much faster and
less likely to introduce a surprise buffer overflow vulnerability in the
future.