Workflow

Jsonpickle

Latest version: v4.0.5

Safety actively analyzes 723576 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 10

3.4.2

======
* The breaking changes from v4 were inadvertedly included in v3.4.1, which has
been yanked. This release remedies this by reverting the v4 changes.

3.4.1

======
* Support decoding pandas dataframes encoded with versions 3.3.0 and older. (+536)

3.4.0

======
* Officially support Python 3.12 in the GitHub Actions testing matrix, and update
GHA package versions used. (+524)
* Improve reproducibility of benchmarking commands on Linux by using taskset and
adding a "HOWTO" run benchmarks section in ``benchmarking/README.md``. (+526)
* The ``setup.cfg`` packaging configuration has been replaced by
``pyproject.toml``. (+527)
* ``yaml`` is now supported as a jsonpickle backend. (+528)
* `OSSFuzz <https://github.com/google/oss-fuzz>`_ scripts are now available in
the ``fuzzing/`` directory. (+525)
* Pure-python dtypes are now preserved across ``encode()``/``decode()`` roundtrips
for the pandas extension. (407) (+534)
* Pandas dataframe columns with an ``object`` dtype that contain multiple different
types within (e.g. a column of type ``list[Union[str, int]]``) now preserve the types
upon being roundtripped. (457) (358) (+534)
* Fix warnings in the test suite regarding numpy.compat usage. (533) (+535)

3.3.0

======
* The unpickler was updated to avoid using ``eval``, which helps improve its
security. Users can still pass ``safe=False`` to ``decode`` to use the old
behavior, though this is not recommended. (+513)
* Objects can now exclude specific attributes from pickling by providing a
``_jsonpickle_exclude`` class or instance attribute. This attribute should contain
the list of attribute names to exclude when pickling the object.

3.2.2

Not secure
======
* A bug with the incorrect (de)serialization of NoneType objects has been fixed.
(+507)
* ``tests/benchmark.py`` was updated to avoid Python 2 syntax. (+508)
* The unpickler was updated to avoid creating temporary functions. (+508)
* Some basic scripts have been made to analyze benchmark results. (+511)
* Fix test suite compatibility with Numpy 2.x (+512)
* `setup.cfg` was updated to use `license_files` instead of `license_file`.

3.2.1

Not secure
======
* The ``ignorereserved`` parameter to the private ``_restore_from_dict()``
function has been restored for backwards compatibility. (+501)

Page 2 of 10

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.