[Dependency] Bump json from 2.7.2 to 2.9.0

[dependabot]

Bumps json from 2.7.2 to 2.9.0.

Release notes

Sourced from json's releases.

v2.9.0

What's Changed

• Fix C implementation of script_safe escaping to not confuse some other 3 wide characters with \u2028 and \u2029. e.g. JSON.generate(["倩", "瀨"], script_safe: true) would generate the wrong JSON.
• JSON.dump(object, some_io) now write into the IO in chunks while previously it would buffer the entire JSON before writing.
• JSON::GeneratorError now has a #invalid_object attribute, making it easier to understand why an object tree cannot be serialized.
• Numerous improvements to the JRuby extension.

Full Changelog: ruby/json@v2.8.2...v2.9.0

v2.8.2

What's Changed

• JSON.load_file: explictly load the file as UTF-8

Full Changelog: ruby/json@v2.8.1...v2.8.2

v2.8.1

• Fix the java version of the package to include the extension implementation. Only concerns JRuby.

Full Changelog: ruby/json@v2.8.0...v2.8.1

v2.8.0

What's Changed

• Emit a deprecation warning when JSON.load create custom types without the create_additions option being explictly enabled.
  • Prefer to use JSON.unsafe_load(string) or JSON.load(string, create_additions: true).
• Emit a deprecation warning when serializing valid UTF-8 strings encoded in ASCII_8BIT aka BINARY.
• Bump required Ruby version to 2.7.
• Add support for optionally parsing trailing commas, via allow_trailing_comma: true, which in cunjunction with the pre-existing support for comments, make it suitable to parse jsonc documents.
• Many performance improvements to JSON.parse and JSON.load, up to 1.7x faster on real world documents.
• Some minor performance improvements to JSON.dump and JSON.generate.
• JSON.pretty_generate no longer include newline inside empty object and arrays.

Parsing performance

Parsing performance is improved by 50-70% on realistic benchmarks, and even more on micro-benchmarks: https://gist.github.com/casperisfine/cf4b3a0594fae24b7d0eb93daaf3841a

== Parsing activitypub.json (58160 bytes)
ruby 3.4.0dev (2024-11-06T07:59:09Z precompute-hash-wh.. 7943f98a8a) +YJIT +PRISM [arm64-darwin24]
Warming up --------------------------------------
          json 2.7.2   638.000 i/100ms
                  oj   798.000 i/100ms
          Oj::Parser   948.000 i/100ms
           rapidjson   631.000 i/100ms
Calculating -------------------------------------
</tr></table> 

... (truncated)

Changelog

Sourced from json's changelog.

Changes

2024-11-14 (2.8.2)

• JSON.load_file explictly read the file as UTF-8.

2024-11-06 (2.8.1)

• Fix the java packages to include the extension.

2024-11-06 (2.8.0)

• Emit a deprecation warning when JSON.load create custom types without the create_additions option being explictly enabled.
  • Prefer to use JSON.unsafe_load(string) or JSON.load(string, create_additions: true).
• Emit a deprecation warning when serializing valid UTF-8 strings encoded in ASCII_8BIT aka BINARY.
• Bump required Ruby version to 2.7.
• Add support for optionally parsing trailing commas, via allow_trailing_comma: true, which in cunjunction with the pre-existing support for comments, make it suitable to parse jsonc documents.
• Many performance improvements to JSON.parse and JSON.load, up to 1.7x faster on real world documents.
• Some minor performance improvements to JSON.dump and JSON.generate.
• JSON.pretty_generate no longer include newline inside empty object and arrays.

2024-11-04 (2.7.6)

• Fix a regression in JSON.generate when dealing with Hash keys that are string subclasses, call to_json on them.

2024-10-25 (2.7.5)

• Fix a memory leak when #to_json methods raise an exception.
• Gracefully handle formatting configs being set to nil instead of "".
• Workaround another issue caused by conflicting versions of both json_pure and json being loaded.

2024-10-25 (2.7.4)

• Workaround a bug in 3.4.8 and older rubygems/rubygems#6490. This bug would cause some gems with native extension to fail during compilation.
• Workaround different versions of json and json_pure being loaded (not officially supported).
• Make json_pure Ractor compatible.

2024-10-24 (2.7.3)

• Numerous performance optimizations in JSON.generate and JSON.dump (up to 2 times faster).
• Limit the size of ParserError exception messages, only include up to 32 bytes of the unparseable source.
• Fix json-pure's Object#to_json to accept non state arguments
• Fix multiline comment support in json-pure.
• Fix JSON.parse to no longer mutate the argument encoding when passed an ASCII-8BIT string.
• Fix String#to_json to raise on invalid encoding in json-pure.
• Delete code that was based on CVTUTF.
• Use the pure-Ruby generator on TruffleRuby.
• Fix strict mode in json-pure to not break on Integer.

Commits

• 20b501a Merge pull request #716 from byroot/fix-script-safe-kanji
• 93a7f87 Fix generate(script_safe: true) to not confuse unrelated characters
• d0c38f2 Add missing entry in changelog
• 686dcb1 Merge pull request #713 from mame/prevent-printf-format-warning
• b8c1490 Prevent a warning of "a candidate for gnu_printf format attribute"
• dbd5042 Merge pull request #712 from byroot/generation-error
• 03d7414 JSON::GeneratorError expose invalid object
• 55015fa Merge pull request #708 from headius/jruby_optz
• ee6bd85 Merge pull request #709 from byroot/stop-mark-locations
• e10d0bf Stop using rb_gc_mark_locations
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)