Skip to content

Commit dc8573f

Browse files
dependabot[bot]dependabot[bot]
authored
[Dependency] Bump json from 2.18.1 to 2.19.3 (#742)
Bumps [json](https://github.com/ruby/json) from 2.18.1 to 2.19.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ruby/json/releases">json's releases</a>.</em></p> <blockquote> <h2>v2.19.3</h2> <ul> <li>Fix handling of unescaped control characters preceeded by a backslash.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ruby/json/compare/v2.19.2...v2.19.3">https://github.com/ruby/json/compare/v2.19.2...v2.19.3</a></p> <h2>v2.19.2</h2> <h2>What's Changed</h2> <ul> <li>Fix a format string injection vulnerability in <code>JSON.parse(doc, allow_duplicate_key: false)</code>. <code>CVE-2026-33210</code></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ruby/json/compare/v2.19.1...v2.19.2">https://github.com/ruby/json/compare/v2.19.1...v2.19.2</a></p> <h2>v2.19.1</h2> <h2>What's Changed</h2> <ul> <li>Fix a compiler dependent GC bug introduced in <code>2.18.0</code>.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ruby/json/compare/v2.19.0...v2.19.1">https://github.com/ruby/json/compare/v2.19.0...v2.19.1</a></p> <h2>v2.19.0</h2> <h2>What's Changed</h2> <ul> <li>Fix <code>allow_blank</code> parsing option to no longer allow invalid types (e.g. <code>load([], allow_blank: true)</code> now raise a type error).</li> <li>Add <code>allow_invalid_escape</code> parsing option to ignore backslashes that aren't followed by one of the valid escape characters.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ruby/json/compare/v2.18.1...v2.19.0">https://github.com/ruby/json/compare/v2.18.1...v2.19.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ruby/json/blob/master/CHANGES.md">json's changelog</a>.</em></p> <blockquote> <h3>2026-03-25 (2.19.3)</h3> <ul> <li>Fix handling of unescaped control characters preceeded by a backslash.</li> </ul> <h3>2026-03-18 (2.19.2)</h3> <ul> <li>Fix a format string injection vulnerability in <code>JSON.parse(doc, allow_duplicate_key: false)</code>. <code>CVE-2026-33210</code>.</li> </ul> <h3>2026-03-08 (2.19.1)</h3> <ul> <li>Fix a compiler dependent GC bug introduced in <code>2.18.0</code>.</li> </ul> <h3>2026-03-06 (2.19.0)</h3> <ul> <li>Fix <code>allow_blank</code> parsing option to no longer allow invalid types (e.g. <code>load([], allow_blank: true)</code> now raise a type error).</li> <li>Add <code>allow_invalid_escape</code> parsing option to ignore backslashes that aren't followed by one of the valid escape characters.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ruby/json/commit/779d4415a077e24cfaa00208f39dba825f2e0ae8"><code>779d441</code></a> Release 2.19.3</li> <li><a href="https://github.com/ruby/json/commit/75e2f6453a3bf79df086ac10e41dbc5b7f124a76"><code>75e2f64</code></a> Fix handling of unescaped control characters preceeded by a backslash</li> <li><a href="https://github.com/ruby/json/commit/54f8a878aebee090476a53c851c943128894be62"><code>54f8a87</code></a> Release 2.19.2</li> <li><a href="https://github.com/ruby/json/commit/393b41c3e5f87491e1e34fa59fa78ff6fa179a74"><code>393b41c</code></a> Fix a format string injection vulnerability</li> <li><a href="https://github.com/ruby/json/commit/dbf6bb12aac85db939df1180028aea06c8d3b762"><code>dbf6bb1</code></a> Merge pull request <a href="https://redirect.github.com/ruby/json/issues/953">#953</a> from ruby/dependabot/github_actions/actions/create-gi...</li> <li><a href="https://github.com/ruby/json/commit/7187315b4571ade59d68a1fad84be2794cda744d"><code>7187315</code></a> Bump actions/create-github-app-token from 2 to 3</li> <li><a href="https://github.com/ruby/json/commit/4a42a04280d96d8dd94558078c16f1c078c38e1b"><code>4a42a04</code></a> Release 2.19.1</li> <li><a href="https://github.com/ruby/json/commit/13689c269970f18316952541f8544830ec2dc5c4"><code>13689c2</code></a> Add missing GC_GUARD in <code>fbuffer_append_str</code></li> <li><a href="https://github.com/ruby/json/commit/a11acc1ff496627e5d72c71d6d1229e8c8ffeaa1"><code>a11acc1</code></a> Release 2.19.0</li> <li><a href="https://github.com/ruby/json/commit/0a4fb79cd97f535701cc2240ac736d76b9af5025"><code>0a4fb79</code></a> fbuffer.h: Use size_t over unsigned long</li> <li>Additional commits viewable in <a href="https://github.com/ruby/json/compare/v2.18.1...v2.19.3">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 5e82ab9 commit dc8573f

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Gemfile.lock

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -221,7 +221,7 @@ GEM
221221
gemoji (>= 3, < 5)
222222
html-pipeline (~> 2.2)
223223
jekyll (>= 3.0, < 5.0)
224-
json (2.18.1)
224+
json (2.19.3)
225225
kramdown (2.4.0)
226226
rexml
227227
kramdown-parser-gfm (1.1.0)

0 commit comments

Comments
 (0)