mfoemmel / fig

Fig is a utility for configuring environments and managing dependencies across a team of developers.
Other
81 stars 13 forks source link

Bump json from 2.0.1 to 2.3.0 #77

Open dependabot[bot] opened 4 years ago

dependabot[bot] commented 4 years ago

Bumps json from 2.0.1 to 2.3.0.

Changelog

Sourced from json's changelog.

2019-12-11 (2.3.0)

  • Fix default of create_additions to always be false for JSON(user_input) and JSON.parse(user_input, nil). Note that JSON.load remains with default true and is meant for internal serialization of trusted data. [CVE-2020-10663]
  • Fix passing args all #to_json in json/add/*.
  • Fix encoding issues
  • Fix issues of keyword vs positional parameter
  • Fix JSON::Parser against bigdecimal updates
  • Bug fixes to JRuby port

2019-02-21 (2.2.0)

  • Adds support for 2.6 BigDecimal and ruby standard library Set datetype.

2017-04-18 (2.1.0)

  • Allow passing of decimal_class option to specify a class as which to parse JSON float numbers.

2017-03-23 (2.0.4)

  • Raise exception for incomplete unicode surrogates/character escape sequences. This problem was reported by Daniel Gollahon (dgollahon).
  • Fix arbitrary heap exposure problem. This problem was reported by Ahmad Sherif (ahmadsherif).

2017-01-12 (2.0.3)

  • Set required_ruby_version to 1.9
  • Some small fixes

2016-07-26 (2.0.2)

  • Specify required_ruby_version for json_pure.
  • Fix issue #295 failure when parsing frozen strings.
Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mfoemmel/fig/network/alerts).