Skip to content

task: Move from ujson to orjson #855

New issue
New issue
Open
Open
task: Move from ujson to orjson#855
Labels
priority/2This issue stalls work on the project or its dependents, it's a blocker for a releasestate/need-triageThis issue needs to be triagedtype/taskBody of work related to an epic
@PhillSimonds

Description

@PhillSimonds
PhillSimonds
opened on Feb 26, 2026

Component

Python SDK

Task Description

The infrahub-sdk relies on package ujson. I have an environment that's flagging the use of ujson as a security issue. The Github repo for ujson directly recommends moving to orjson instead of ujson because its "architecture is fundamentally ill-suited to making changes without risk of introducing new security vulnerabilities":

Warning

UltraJSON's architecture is fundamentally ill-suited to making changes without
risk of introducing new security vulnerabilities. As a result, this library
has been put into a maintenance-only mode. Support for new Python versions
will be added and critical bugs and security issues will still be
fixed but all other changes will be rejected. Users are encouraged to migrate
to orjson which is both much faster and
less likely to introduce a surprise buffer overflow vulnerability in the
future.

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority/2This issue stalls work on the project or its dependents, it's a blocker for a releasestate/need-triageThis issue needs to be triagedtype/taskBody of work related to an epic

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions