Commit 921142d
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
[Dependency] Bump json from 2.13.2 to 2.18.0 (#721)
Bumps [json](https://github.com/ruby/json) from 2.13.2 to 2.18.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ruby/json/releases">json's
releases</a>.</em></p>
<blockquote>
<h2>v2.18.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add <code>:allow_control_characters</code> parser options, to allow
JSON strings containing unescaped ASCII control characters (e.g.
newlines).</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/json/compare/v2.17.1...v2.18.0">https://github.com/ruby/json/compare/v2.17.1...v2.18.0</a></p>
<h2>v2.17.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix a regression in parsing of unicode surogate pairs
(<code>\uXX\uXX</code>) that could cause an invalid string to be
returned.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/json/compare/v2.17.0...v2.17.1">https://github.com/ruby/json/compare/v2.17.0...v2.17.1</a></p>
<h2>v2.17.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Improve <code>JSON.load</code> and <code>JSON.unsafe_load</code> to
allow passing options as second argument.</li>
<li>Fix the parser to no longer ignore invalid escapes in strings.
Only <code>\"</code>, <code>\\</code>, <code>\b</code>,
<code>\f</code>, <code>\n</code>, <code>\r</code>, <code>\t</code> and
<code>\u</code> are valid JSON escapes.</li>
<li>Fixed <code>JSON::Coder</code> to use the depth it was initialized
with.</li>
<li>On TruffleRuby, fix the generator to not call <code>to_json</code>
on the return value of <code>as_json</code> for
<code>Float::NAN</code>.</li>
<li>Fixed handling of <code>state.depth</code>: when
<code>to_json</code> changes <code>state.depth</code> but does not
restore it, it is reset
automatically to its initial value.
In particular, when a <code>NestingError</code> is raised,
<code>depth</code> is no longer equal to <code>max_nesting</code> after
the call to
generate, and is reset to its initial value. Similarly when
<code>to_json</code> raises an exception.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/json/compare/v2.16.0...v2.17.0">https://github.com/ruby/json/compare/v2.16.0...v2.17.0</a></p>
<h2>v2.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate <code>JSON::State#[]</code> and
<code>JSON::State#[]=</code>. Consider using <code>JSON::Coder</code>
instead.</li>
<li><code>JSON::Coder</code> now also yields to the block when
encountering strings with invalid encoding.</li>
<li>Fix GeneratorError messages to be UTF-8 encoded.</li>
<li>Fix memory leak when <code>Exception</code> is raised, or
<code>throw</code> is used during JSON generation.</li>
<li>Optimized floating point number parsing by integrating the ryu
algorithm (thanks to Josef Šimánek).</li>
<li>Optimized numbers parsing using SWAR (thanks to Scott Myron).</li>
<li>Optimized parsing of pretty printed documents using SWAR (thanks to
Scott Myron).</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/json/compare/v2.15.2...v2.16.0">https://github.com/ruby/json/compare/v2.15.2...v2.16.0</a></p>
<h2>v2.15.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix <code>JSON::Coder</code> to have one dedicated depth counter per
invocation.
After encountering a circular reference in
<code>JSON::Coder#dump</code>, any further <code>#dump</code> call would
raise <code>JSON::NestingError</code>.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/json/compare/v2.15.1...v2.15.2">https://github.com/ruby/json/compare/v2.15.1...v2.15.2</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ruby/json/blob/master/CHANGES.md">json's
changelog</a>.</em></p>
<blockquote>
<h3>2025-12-11 (2.18.0)</h3>
<ul>
<li>Add <code>:allow_control_characters</code> parser options, to allow
JSON strings containing unescaped ASCII control characters (e.g.
newlines).</li>
</ul>
<h3>2025-12-04 (2.17.1)</h3>
<ul>
<li>Fix a regression in parsing of unicode surogate pairs
(<code>\uXX\uXX</code>) that could cause an invalid string to be
returned.</li>
</ul>
<h3>2025-12-03 (2.17.0)</h3>
<ul>
<li>Improve <code>JSON.load</code> and <code>JSON.unsafe_load</code> to
allow passing options as second argument.</li>
<li>Fix the parser to no longer ignore invalid escapes in strings.
Only <code>\"</code>, <code>\\</code>, <code>\b</code>,
<code>\f</code>, <code>\n</code>, <code>\r</code>, <code>\t</code> and
<code>\u</code> are valid JSON escapes.</li>
<li>Fixed <code>JSON::Coder</code> to use the depth it was initialized
with.</li>
<li>On TruffleRuby, fix the generator to not call <code>to_json</code>
on the return value of <code>as_json</code> for
<code>Float::NAN</code>.</li>
<li>Fixed handling of <code>state.depth</code>: when
<code>to_json</code> changes <code>state.depth</code> but does not
restore it, it is reset
automatically to its initial value.
In particular, when a <code>NestingError</code> is raised,
<code>depth</code> is no longer equal to <code>max_nesting</code> after
the call to
generate, and is reset to its initial value. Similarly when
<code>to_json</code> raises an exception.</li>
</ul>
<h3>2025-11-07 (2.16.0)</h3>
<ul>
<li>Deprecate <code>JSON::State#[]</code> and
<code>JSON::State#[]=</code>. Consider using <code>JSON::Coder</code>
instead.</li>
<li><code>JSON::Coder</code> now also yields to the block when
encountering strings with invalid encoding.</li>
<li>Fix GeneratorError messages to be UTF-8 encoded.</li>
<li>Fix memory leak when <code>Exception</code> is raised, or
<code>throw</code> is used during JSON generation.</li>
<li>Optimized floating point number parsing by integrating the ryu
algorithm (thanks to Josef Šimánek).</li>
<li>Optimized numbers parsing using SWAR (thanks to Scott Myron).</li>
<li>Optimized parsing of pretty printed documents using SWAR (thanks to
Scott Myron).</li>
</ul>
<h3>2025-10-25 (2.15.2)</h3>
<ul>
<li>Fix <code>JSON::Coder</code> to have one dedicated depth counter per
invocation.
After encountering a circular reference in
<code>JSON::Coder#dump</code>, any further <code>#dump</code> call would
raise <code>JSON::NestingError</code>.</li>
</ul>
<h3>2025-10-07 (2.15.1)</h3>
<ul>
<li>Fix incorrect escaping in the JRuby extension when encoding shared
strings.</li>
</ul>
<h3>2025-09-22 (2.15.0)</h3>
<ul>
<li><code>JSON::Coder</code> callback now receive a second argument to
convey whether the object is a hash key.</li>
<li>Tuned the floating point number generator to not use scientific
notation as aggressively.</li>
</ul>
<h3>2025-09-18 (2.14.1)</h3>
<ul>
<li>Fix <code>IndexOutOfBoundsException</code> in the JRuby extension
when encoding shared strings.</li>
</ul>
<h3>2025-09-18 (2.14.0)</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ruby/json/commit/1cdd2122d537d93b32d554dd013f607148291ba4"><code>1cdd212</code></a>
Release 2.18.0</li>
<li><a
href="https://github.com/ruby/json/commit/3459499cb3074cc8f0c8d70fac7d966edf9b0538"><code>3459499</code></a>
Add <code>allow_control_characters</code> parsing option</li>
<li><a
href="https://github.com/ruby/json/commit/1da3fd9233e5a8232002ecf8ffab73e3c8c5c135"><code>1da3fd9</code></a>
Add a specific error for unescaped newlines</li>
<li><a
href="https://github.com/ruby/json/commit/cf3993ca7d68c6060e49cb3f15aef7ee407b2bef"><code>cf3993c</code></a>
Remove dead code from JSON::TruffleRuby::Generator</li>
<li><a
href="https://github.com/ruby/json/commit/4218a425effd526a45bdf87addf561f75808755d"><code>4218a42</code></a>
Remove dead code in benchmark/encoder.rb</li>
<li><a
href="https://github.com/ruby/json/commit/e5e4fd558e5a8d53db63eeaeca9212e8f0042e19"><code>e5e4fd5</code></a>
Release 2.17.1</li>
<li><a
href="https://github.com/ruby/json/commit/0fce370c417bc16e7deed688e2d2a5ce6a0b31c7"><code>0fce370</code></a>
Fix a regression in parsing of unicode surogate pairs</li>
<li><a
href="https://github.com/ruby/json/commit/4bdb2d14fe30733b02e4c58ce9521d70ee56f2af"><code>4bdb2d1</code></a>
Release 2.17.0</li>
<li><a
href="https://github.com/ruby/json/commit/ccca602274401eedf894c0e633040665dc425e78"><code>ccca602</code></a>
Fix handling of depth</li>
<li><a
href="https://github.com/ruby/json/commit/7b62fac5253ac17e53fff9c68f5607b58117e77a"><code>7b62fac</code></a>
Fix duplicated test_unsafe_load_with_options test case</li>
<li>Additional commits viewable in <a
href="https://github.com/ruby/json/compare/v2.13.2...v2.18.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent 7289402 commit 921142d
1 file changed
+1
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
220 | 220 | | |
221 | 221 | | |
222 | 222 | | |
223 | | - | |
| 223 | + | |
224 | 224 | | |
225 | 225 | | |
226 | 226 | | |
| |||
0 commit comments