Bump simplejson from 3.20.2 to 4.1.0

[dependabot]

Bumps simplejson from 3.20.2 to 4.1.0.

Release notes

Sourced from simplejson's releases.

v4.1.0

What's Changed

• Accelerate indented encoding in the C extension; release 4.1.0 by @​etrepum in simplejson/simplejson#376

Full Changelog: simplejson/simplejson@v4.0.1...v4.1.0

v4.0.1

What's Changed

• Exclude Pyodide wheels from PyPI uploads by @​etrepum in simplejson/simplejson#375

Full Changelog: simplejson/simplejson@v4.0.0...v4.0.1

v4.0.0

What's Changed

Version 4.0.0 released 2026-04-18

• simplejson 4 requires Python 2.7 or Python 3.8+. Older Python versions (2.5, 2.6, 3.0-3.7) are no longer supported. pip will not install simplejson 4 on unsupported versions.

• The C extension now uses heap types and per-module state instead of static types and global state. This is required for free-threading support and sub-interpreter isolation. The Python-level API is unchanged.

• Full support for Python 3.13+ free-threading (PEP 703). The C extension is now safe to use with the GIL disabled (python3.14t):

  • Converted all static types to heap types with per-module state
  • Added per-object critical sections to scanner and encoder
  • Added free-threading-safe dict operations for Python 3.13+
  • Unified per-module state management and templated parser simplejson/simplejson#363 simplejson/simplejson#364 simplejson/simplejson#365 simplejson/simplejson#367 simplejson/simplejson#369

• Numerous C extension memory safety fixes:

  • Fix use-after-free and leak in encoder ident handling
  • Fix NULL dereferences on OOM in module init and static string init
  • Fix reference leaks in dict encoder (skipkeys item, variable shadowing)
  • Fix member table copy-paste, exception clobbering, missing Py_VISIT
  • Fix error-as-truthy bugs in maybe_quote_bigint and is_raw_json
  • Fix iterable_as_array swallowing MemoryError and KeyboardInterrupt
  • Fix for_json and _asdict swallowing MemoryError, KeyboardInterrupt, and other non-AttributeError exceptions raised by user getattr simplejson/simplejson#355

... (truncated)

Changelog

Sourced from simplejson's changelog.

Version 4.1.0 released 2026-04-22

• The C extension now accelerates encoding when indent= is set. Previously the encoder fell back to the pure-Python implementation whenever a non-None indent was passed; now the C encoder emits the newline-plus-indent prefix, the level-aware item separator, and the closing indent directly. A representative nested-dict workload benchmarks about 4-5x faster end-to-end, and the indent=0 and empty-container edge cases continue to match the Python output byte-for-byte.

• The C extension now emits PEP 678 exc.add_note() annotations on serialization failures, matching the pure-Python encoder. A chained error on {'a': [1, object(), 3]} produces the same three notes (when serializing object object, when serializing list item 1, when serializing dict item 'a') whether the speedups are loaded or not, so the add_note assertions in test_errors.py no longer need indent=2 to force the Python path.

Version 4.0.1 released 2026-04-18

• Skip uploading Pyodide/wasm wheels to PyPI, which rejects them with "unsupported platform tag 'pyodide_2024_0_wasm32'". The wheels are still built in CI and preserved as workflow artifacts. simplejson/simplejson#375

Version 4.0.0 released 2026-04-18

• simplejson 4 requires Python 2.7 or Python 3.8+. Older Python versions (2.5, 2.6, 3.0-3.7) are no longer supported. pip will not install simplejson 4 on unsupported versions.

• The C extension now uses heap types and per-module state instead of static types and global state. This is required for free-threading support and sub-interpreter isolation. The Python-level API is unchanged.

• Full support for Python 3.13+ free-threading (PEP 703). The C extension is now safe to use with the GIL disabled (python3.14t):

  • Converted all static types to heap types with per-module state
  • Added per-object critical sections to scanner and encoder
  • Added free-threading-safe dict operations for Python 3.13+
  • Unified per-module state management and templated parser simplejson/simplejson#363 simplejson/simplejson#364 simplejson/simplejson#365 simplejson/simplejson#367 simplejson/simplejson#369

• Numerous C extension memory safety fixes:

... (truncated)

Commits

• 0fd3185 Accelerate indented encoding in the C extension; release 4.1.0 (#376)
• 19b5f94 Exclude Pyodide wheels from PyPI uploads (#375)
• 1608c05 Use JSONDecodeError for out-of-range end indices in C scanstring (#374)
• 3bba179 Encoder parity fixes (for_json/_asdict) and TSan stress CI job (#373)
• 7b22d65 Error parity for the C and Python scanstring in surrogate and truncated strin...
• 825100a Release version 4.0.0: free-threading, CPython json parity, Python 2.7 fixes ...
• 0dbb9d8 C extension: dead code cleanup, fast paths for dict/list/string encoding, cor...
• e2e5f0b Add Python 3.13+ free-threading support to dict operations (#369)
• e817370 Fix free-threading (3.14t) crashes: heap types, unified per-module state, tem...
• 6397302 Add per-object critical sections to scanner and encoder (free-threading safet...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.68%. Comparing base (2769537) to head (b608259).

Additional details and impacted files

@@           Coverage Diff            @@
##           master    #9449    +/-   ##
========================================
  Coverage   82.68%   82.68%            
========================================
  Files         600      600            
  Lines       34568    34568            
  Branches     3152     3080    -72     
========================================
  Hits        28582    28582            
- Misses       5654     5866   +212     
+ Partials      332      120   -212     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dependabot]

Superseded by #9470.