piko-lite-mod 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of piko-lite-mod might be problematic. Click here for more details.

Files changed (42) hide show
  1. checksums.yaml +7 -0
  2. data/json-2.21.1/BSDL +22 -0
  3. data/json-2.21.1/CHANGES.md +810 -0
  4. data/json-2.21.1/COPYING +56 -0
  5. data/json-2.21.1/LEGAL +20 -0
  6. data/json-2.21.1/README.md +308 -0
  7. data/json-2.21.1/ext/json/ext/fbuffer/fbuffer.h +259 -0
  8. data/json-2.21.1/ext/json/ext/generator/extconf.rb +19 -0
  9. data/json-2.21.1/ext/json/ext/generator/generator.c +2066 -0
  10. data/json-2.21.1/ext/json/ext/json.h +183 -0
  11. data/json-2.21.1/ext/json/ext/parser/extconf.rb +37 -0
  12. data/json-2.21.1/ext/json/ext/parser/parser.c +2917 -0
  13. data/json-2.21.1/ext/json/ext/simd/conf.rb +24 -0
  14. data/json-2.21.1/ext/json/ext/simd/simd.h +208 -0
  15. data/json-2.21.1/ext/json/ext/vendor/fast_float_parser.h +814 -0
  16. data/json-2.21.1/ext/json/ext/vendor/fpconv.c +480 -0
  17. data/json-2.21.1/ext/json/ext/vendor/jeaiii-ltoa.h +267 -0
  18. data/json-2.21.1/json.gemspec +62 -0
  19. data/json-2.21.1/lib/json/add/bigdecimal.rb +58 -0
  20. data/json-2.21.1/lib/json/add/complex.rb +51 -0
  21. data/json-2.21.1/lib/json/add/core.rb +13 -0
  22. data/json-2.21.1/lib/json/add/date.rb +54 -0
  23. data/json-2.21.1/lib/json/add/date_time.rb +67 -0
  24. data/json-2.21.1/lib/json/add/exception.rb +49 -0
  25. data/json-2.21.1/lib/json/add/ostruct.rb +54 -0
  26. data/json-2.21.1/lib/json/add/range.rb +54 -0
  27. data/json-2.21.1/lib/json/add/rational.rb +49 -0
  28. data/json-2.21.1/lib/json/add/regexp.rb +48 -0
  29. data/json-2.21.1/lib/json/add/set.rb +48 -0
  30. data/json-2.21.1/lib/json/add/string.rb +35 -0
  31. data/json-2.21.1/lib/json/add/struct.rb +52 -0
  32. data/json-2.21.1/lib/json/add/symbol.rb +52 -0
  33. data/json-2.21.1/lib/json/add/time.rb +52 -0
  34. data/json-2.21.1/lib/json/common.rb +1182 -0
  35. data/json-2.21.1/lib/json/ext/generator/state.rb +104 -0
  36. data/json-2.21.1/lib/json/ext.rb +71 -0
  37. data/json-2.21.1/lib/json/generic_object.rb +67 -0
  38. data/json-2.21.1/lib/json/truffle_ruby/generator.rb +790 -0
  39. data/json-2.21.1/lib/json/version.rb +5 -0
  40. data/json-2.21.1/lib/json.rb +841 -0
  41. data/piko-lite-mod.gemspec +11 -0
  42. metadata +80 -0
@@ -0,0 +1,810 @@
1
+ # Changes
2
+
3
+ ### Unreleased
4
+
5
+ ### 2026-07-13 (2.21.1)
6
+
7
+ * Fix a compilation issue on Window and Microsoft Visual C++.
8
+
9
+ ### 2026-07-12 (2.21.0)
10
+
11
+ * `JSON.generate` now accept a `sort_keys` option, which takes either a boolean or a block.
12
+ * Added `#empty?` and `#partial_value?` methods on `JSON::ResumableParser`.
13
+ * Numerous correctness and performance fixes for `JSON::ResumableParser`.
14
+ * Avoid triggering Ruby's `float out of range` warning when parsing out of range numbers.
15
+ * Declare C types with Ruby 4.1 `RUBY_TYPED_THREAD_SAFE_FREE`.
16
+
17
+ ### 2026-06-23 (2.20.0)
18
+
19
+ * Both C and Java parsers are no longer recursive, so parsing very deep documents with `max_nesting: false` will no longer
20
+ result in `SystemStackError stack level too deep` errors.
21
+ * The `:max_nesting` option still defaults to `100`.
22
+ * Optimized floating point number parsing further by replacing the ryu algorithm by a port of Eisel-Lemire Fast Float.
23
+ * Added `JSON::ResumableParser` to parse streams of JSON documents. Not yet available on JRuby.
24
+ * Deprecate default support of JavaScript comments in the parser and add `allow_comments: true` parsing option.
25
+ * Integrate with Ruby 4.1 `ruby_sized_xfree`.
26
+
27
+ ### 2026-06-11 (2.19.9)
28
+
29
+ * Fix buffer overflow that could lead to a crash when writing JSON directly into an IO
30
+ with `JSON.generate(object, io)`. [CVE-2026-54696].
31
+
32
+ ### 2026-06-03 (2.19.8)
33
+
34
+ * Fix 1-byte buffer overread on EOS errors.
35
+ * Handle invalid types passed as `max_nesting` option.
36
+
37
+ ### 2026-05-28 (2.19.7)
38
+
39
+ * Fix some more edge cases with out of range floats.
40
+ * Ensure the string provided to `JSON.parse` can't be mutated during parsing.
41
+ * Add missing write barriers in `State#dup`.
42
+ * Further validate generator `depth` config.
43
+
44
+ ### 2026-05-28 (2.19.6)
45
+
46
+ * Cleanly handle overly large `depth` generator argument.
47
+ * Add missing write barrier in `ParserConfig`.
48
+
49
+ ### 2026-05-04 (2.19.5)
50
+
51
+ * Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.
52
+
53
+ ### 2026-04-19 (2.19.4)
54
+
55
+ * Fix parsing of out of range floats (very large exponents that lead to either `0.0` or `Inf`).
56
+
57
+ ### 2026-03-25 (2.19.3)
58
+
59
+ * Fix handling of unescaped control characters preceeded by a backslash.
60
+
61
+ ### 2026-03-18 (2.19.2)
62
+
63
+ * Fix a format string injection vulnerability in `JSON.parse(doc, allow_duplicate_key: false)`. `CVE-2026-33210`.
64
+
65
+ ### 2026-03-08 (2.19.1)
66
+
67
+ * Fix a compiler dependent GC bug introduced in `2.18.0`.
68
+
69
+ ### 2026-03-06 (2.19.0)
70
+
71
+ * Fix `allow_blank` parsing option to no longer allow invalid types (e.g. `load([], allow_blank: true)` now raise a type error).
72
+ * Add `allow_invalid_escape` parsing option to ignore backslashes that aren't followed by one of the valid escape characters.
73
+
74
+ ### 2026-02-03 (2.18.1)
75
+
76
+ * Fix a potential crash in very specific circumstance if GC triggers during a call to `to_json`
77
+ without first invoking a user defined `#to_json` method.
78
+
79
+ ### 2025-12-11 (2.18.0)
80
+
81
+ * Add `:allow_control_characters` parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).
82
+
83
+ ### 2026-03-18 (2.17.1.2) - Security Backport
84
+
85
+ * Fix a format string injection vulnerability in `JSON.parse(doc, allow_duplicate_key: false)`. `CVE-2026-33210`.
86
+
87
+ ### 2025-12-04 (2.17.1)
88
+
89
+ * Fix a regression in parsing of unicode surogate pairs (`\uXX\uXX`) that could cause an invalid string to be returned.
90
+
91
+ ### 2025-12-03 (2.17.0)
92
+
93
+ * Improve `JSON.load` and `JSON.unsafe_load` to allow passing options as second argument.
94
+ * Fix the parser to no longer ignore invalid escapes in strings.
95
+ Only `\"`, `\\`, `\b`, `\f`, `\n`, `\r`, `\t` and `\u` are valid JSON escapes.
96
+ * Fixed `JSON::Coder` to use the depth it was initialized with.
97
+ * On TruffleRuby, fix the generator to not call `to_json` on the return value of `as_json` for `Float::NAN`.
98
+ * Fixed handling of `state.depth`: when `to_json` changes `state.depth` but does not restore it, it is reset
99
+ automatically to its initial value.
100
+ In particular, when a `NestingError` is raised, `depth` is no longer equal to `max_nesting` after the call to
101
+ generate, and is reset to its initial value. Similarly when `to_json` raises an exception.
102
+
103
+ ### 2025-11-07 (2.16.0)
104
+
105
+ * Deprecate `JSON::State#[]` and `JSON::State#[]=`. Consider using `JSON::Coder` instead.
106
+ * `JSON::Coder` now also yields to the block when encountering strings with invalid encoding.
107
+ * Fix GeneratorError messages to be UTF-8 encoded.
108
+ * Fix memory leak when `Exception` is raised, or `throw` is used during JSON generation.
109
+ * Optimized floating point number parsing by integrating the ryu algorithm (thanks to Josef Šimánek).
110
+ * Optimized numbers parsing using SWAR (thanks to Scott Myron).
111
+ * Optimized parsing of pretty printed documents using SWAR (thanks to Scott Myron).
112
+
113
+ ### 2026-03-18 (2.15.2.1) - Security Backport
114
+
115
+ * Fix a format string injection vulnerability in `JSON.parse(doc, allow_duplicate_key: false)`. `CVE-2026-33210`.
116
+
117
+ ### 2025-10-25 (2.15.2)
118
+
119
+ * Fix `JSON::Coder` to have one dedicated depth counter per invocation.
120
+ After encountering a circular reference in `JSON::Coder#dump`, any further `#dump` call would raise `JSON::NestingError`.
121
+
122
+ ### 2025-10-07 (2.15.1)
123
+
124
+ * Fix incorrect escaping in the JRuby extension when encoding shared strings.
125
+
126
+ ### 2025-09-22 (2.15.0)
127
+
128
+ * `JSON::Coder` callback now receive a second argument to convey whether the object is a hash key.
129
+ * Tuned the floating point number generator to not use scientific notation as aggressively.
130
+
131
+ ### 2025-09-18 (2.14.1)
132
+
133
+ * Fix `IndexOutOfBoundsException` in the JRuby extension when encoding shared strings.
134
+
135
+ ### 2025-09-18 (2.14.0)
136
+
137
+ * Add new `allow_duplicate_key` generator options. By default a warning is now emitted when a duplicated key is encountered.
138
+ In `json 3.0` an error will be raised.
139
+ ```ruby
140
+ >> Warning[:deprecated] = true
141
+ >> puts JSON.generate({ foo: 1, "foo" => 2 })
142
+ (irb):2: warning: detected duplicate key "foo" in {foo: 1, "foo" => 2}.
143
+ This will raise an error in json 3.0 unless enabled via `allow_duplicate_key: true`
144
+ {"foo":1,"foo":2}
145
+ >> JSON.generate({ foo: 1, "foo" => 2 }, allow_duplicate_key: false)
146
+ detected duplicate key "foo" in {foo: 1, "foo" => 2} (JSON::GeneratorError)
147
+ ```
148
+ * Fix `JSON.generate` `strict: true` mode to also restrict hash keys.
149
+ * Fix `JSON::Coder` to also invoke block for hash keys that aren't strings nor symbols.
150
+ * Fix `JSON.unsafe_load` usage with proc
151
+ * Fix the parser to more consistently reject invalid UTF-16 surogate pairs.
152
+ * Stop defining `String.json_create`, `String#to_json_raw`, `String#to_json_raw_object` when `json/add` isn't loaded.
153
+
154
+ ### 2025-07-28 (2.13.2)
155
+
156
+ * Improve duplicate key warning and errors to include the key name and point to the right caller.
157
+
158
+ ### 2025-07-24 (2.13.1)
159
+
160
+ * Fix support for older compilers without `__builtin_cpu_supports`.
161
+
162
+ ### 2025-07-17 (2.13.0)
163
+
164
+ * Add new `allow_duplicate_key` parsing options. By default a warning is now emitted when a duplicated key is encountered.
165
+ In `json 3.0` an error will be raised.
166
+ * Optimize parsing further using SIMD to scan strings.
167
+
168
+ ### 2025-05-23 (2.12.2)
169
+
170
+ * Fix compiler optimization level.
171
+
172
+ ### 2025-05-23 (2.12.1)
173
+
174
+ * Fix a potential crash in large negative floating point number generation.
175
+ * Fix for JSON.pretty_generate to use passed state object's generate instead of state class as the required parameters aren't available.
176
+
177
+ ### 2025-05-12 (2.12.0)
178
+
179
+ * Improve floating point generation to not use scientific notation as much.
180
+ * Include line and column in parser errors. Both in the message and as exception attributes.
181
+ * Handle non-string hash keys with broken `to_s` implementations.
182
+ * `JSON.generate` now uses SSE2 (x86) or NEON (arm64) instructions when available to escape strings.
183
+
184
+ ### 2025-04-25 (2.11.3)
185
+
186
+ * Fix a regression in `JSON.pretty_generate` that could cause indentation to be off once some `#to_json` has been called.
187
+
188
+ ### 2025-04-24 (2.11.2)
189
+
190
+ * Add back `JSON::PRETTY_STATE_PROTOTYPE`. This constant was private API but is used by popular gems like `multi_json`.
191
+ It now emits a deprecation warning.
192
+
193
+ ### 2025-04-24 (2.11.1)
194
+
195
+ * Add back `JSON.restore`, `JSON.unparse`, `JSON.fast_unparse` and `JSON.pretty_unparse`.
196
+ These were deprecated 16 years ago, but never emitted warnings, only undocumented, so are
197
+ still used by a few gems.
198
+
199
+ ### 2025-04-24 (2.11.0)
200
+
201
+ * Optimize Integer generation to be ~1.8x faster.
202
+ * Optimize Float generation to be ~10x faster.
203
+ * Fix `JSON.load` proc argument to substitute the parsed object with the return value.
204
+ This better match `Marshal.load` behavior.
205
+ * Deprecate `JSON.fast_generate` (it's not any faster, so pointless).
206
+ * Deprecate `JSON.load_default_options`.
207
+ * Deprecate `JSON.unsafe_load_default_options`.
208
+ * Deprecate `JSON.dump_default_options`.
209
+ * Deprecate `Kernel#j`
210
+ * Deprecate `Kernel#jj`
211
+ * Remove outdated `JSON.iconv`.
212
+ * Remove `Class#json_creatable?` monkey patch.
213
+ * Remove deprecated `JSON.restore` method.
214
+ * Remove deprecated `JSON.unparse` method.
215
+ * Remove deprecated `JSON.fast_unparse` method.
216
+ * Remove deprecated `JSON.pretty_unparse` method.
217
+ * Remove deprecated `JSON::UnparserError` constant.
218
+ * Remove outdated `JSON::MissingUnicodeSupport` constant.
219
+
220
+ ### 2025-03-12 (2.10.2)
221
+
222
+ * Fix a potential crash in the C extension parser.
223
+ * Raise a ParserError on all incomplete unicode escape sequence. This was the behavior until `2.10.0` inadvertently changed it.
224
+ * Ensure document snippets that are included in parser errors don't include truncated multibyte characters.
225
+ * Ensure parser error snippets are valid UTF-8.
226
+ * Fix `JSON::GeneratorError#detailed_message` on Ruby < 3.2
227
+
228
+ ### 2025-02-10 (2.10.1)
229
+
230
+ * Fix a compatibility issue with `MultiJson.dump(obj, pretty: true)`: `no implicit conversion of false into Proc (TypeError)`.
231
+
232
+ ### 2025-02-10 (2.10.0)
233
+
234
+ * `strict: true` now accept symbols as values. Previously they'd only be accepted as hash keys.
235
+ * The C extension Parser has been entirely reimplemented from scratch.
236
+ * Introduced `JSON::Coder` as a new API allowing to customize how non native types are serialized in a non-global way.
237
+ * Introduced `JSON::Fragment` to allow assembling cached fragments in a safe way.
238
+ * The Java implementation of the generator received many optimizations.
239
+
240
+ ### 2024-12-18 (2.9.1)
241
+
242
+ * Fix support for Solaris 10.
243
+
244
+ ### 2024-12-03 (2.9.0)
245
+
246
+ * Fix C implementation of `script_safe` escaping to not confuse some other 3 wide characters with `\u2028` and `\u2029`.
247
+ e.g. `JSON.generate(["倩", "瀨"], script_safe: true)` would generate the wrong JSON.
248
+ * `JSON.dump(object, some_io)` now write into the IO in chunks while previously it would buffer the entire JSON before writing.
249
+ * `JSON::GeneratorError` now has a `#invalid_object` attribute, making it easier to understand why an object tree cannot be serialized.
250
+ * Numerous improvements to the JRuby extension.
251
+
252
+ ### 2024-11-14 (2.8.2)
253
+
254
+ * `JSON.load_file` explicitly read the file as UTF-8.
255
+
256
+ ### 2024-11-06 (2.8.1)
257
+
258
+ * Fix the java packages to include the extension.
259
+
260
+ ### 2024-11-06 (2.8.0)
261
+
262
+ * Emit a deprecation warning when `JSON.load` create custom types without the `create_additions` option being explicitly enabled.
263
+ * Prefer to use `JSON.unsafe_load(string)` or `JSON.load(string, create_additions: true)`.
264
+ * Emit a deprecation warning when serializing valid UTF-8 strings encoded in `ASCII_8BIT` aka `BINARY`.
265
+ * Bump required Ruby version to 2.7.
266
+ * Add support for optionally parsing trailing commas, via `allow_trailing_comma: true`, which in cunjunction with the
267
+ pre-existing support for comments, make it suitable to parse `jsonc` documents.
268
+ * Many performance improvements to `JSON.parse` and `JSON.load`, up to `1.7x` faster on real world documents.
269
+ * Some minor performance improvements to `JSON.dump` and `JSON.generate`.
270
+ * `JSON.pretty_generate` no longer includes newlines inside empty object and arrays.
271
+
272
+ ### 2024-11-04 (2.7.6)
273
+
274
+ * Fix a regression in JSON.generate when dealing with Hash keys that are string subclasses, call `to_json` on them.
275
+
276
+ ### 2024-10-25 (2.7.5)
277
+
278
+ * Fix a memory leak when `#to_json` methods raise an exception.
279
+ * Gracefully handle formatting configs being set to `nil` instead of `""`.
280
+ * Workaround another issue caused by conflicting versions of both `json_pure` and `json` being loaded.
281
+
282
+ ### 2024-10-25 (2.7.4)
283
+
284
+ * Workaround a bug in 3.4.8 and older https://github.com/rubygems/rubygems/pull/6490.
285
+ This bug would cause some gems with native extension to fail during compilation.
286
+ * Workaround different versions of `json` and `json_pure` being loaded (not officially supported).
287
+ * Make `json_pure` Ractor compatible.
288
+
289
+ ### 2024-10-24 (2.7.3)
290
+
291
+ * Numerous performance optimizations in `JSON.generate` and `JSON.dump` (up to 2 times faster).
292
+ * Limit the size of ParserError exception messages, only include up to 32 bytes of the unparsable source.
293
+ * Fix json-pure's `Object#to_json` to accept non-state arguments.
294
+ * Fix multiline comment support in `json-pure`.
295
+ * Fix `JSON.parse` to no longer mutate the argument encoding when passed an ASCII-8BIT string.
296
+ * Fix `String#to_json` to raise on invalid encoding in `json-pure`.
297
+ * Delete code that was based on CVTUTF.
298
+ * Use the pure-Ruby generator on TruffleRuby.
299
+ * Fix `strict` mode in `json-pure` to not break on Integer.
300
+
301
+ ### 2024-04-04 (2.7.2)
302
+
303
+ * Use rb_sym2str instead of SYM2ID #561
304
+ * Fix memory leak when exception is raised during JSON generation #574
305
+ * Remove references to "19" methods in JRuby #576
306
+ * Make OpenStruct support as optional by @hsbt in #565
307
+ * Autoload JSON::GenericObject to avoid require ostruct warning in Ruby 3.4 #577
308
+ * Warn to install ostruct if json couldn't load it by @hsbt #578
309
+
310
+ ### 2023-12-05 (2.7.1)
311
+
312
+ * JSON.dump: handle unenclosed hashes regression #554
313
+ * Overload kwargs in JSON.dump #556
314
+ * [DOC] RDoc for additions #557
315
+ * Fix JSON.dump overload combination #558
316
+
317
+ ### 2023-12-01 (2.7.0)
318
+
319
+ * Add a strict option to Generator #519
320
+ * `escape_slash` option was renamed as `script_safe` and now also escape U+2028 and U+2029. `escape_slash` is now an alias of `script_safe` #525
321
+ * Remove unnecessary initialization of create_id in JSON.parse() #454
322
+ * Improvements to Hash#to_json in pure implementation generator #203
323
+ * Use ruby_xfree to free buffers #518
324
+ * Fix "unexpected token" offset for Infinity #507
325
+ * Avoid using deprecated BigDecimal.new on JRuby #546
326
+ * Removed code for Ruby 1.8 #540
327
+ * Rename JSON::ParseError to JSON:ParserError #530
328
+ * Call super in included hook #486
329
+ * JRuby requires a minimum of Java 8 #516
330
+ * Always indent even if empty #517
331
+
332
+ ### 2022-11-30 (2.6.3)
333
+
334
+ * bugfix json/pure mixing escaped with literal unicode raises Encoding::CompatibilityError #483
335
+ * Stop including the parser source __LINE__ in exceptions #470
336
+
337
+ ### 2022-11-17 (2.6.2)
338
+
339
+ * Remove unknown keyword arg from DateTime.parse #488
340
+ * Ignore java artifacts by @hsbt #489
341
+ * Fix parser bug for empty string allocation #496
342
+
343
+ ### 2021-10-24 (2.6.1)
344
+
345
+ * Restore version.rb with 2.6.1
346
+
347
+ ### 2021-10-14 (2.6.0)
348
+
349
+ * Use `rb_enc_interned_str` if available to reduce allocations in `freeze: true` mode. #451.
350
+ * Bump required_ruby_version to 2.3.
351
+ * Fix compatibility with `GC.compact`.
352
+ * Fix some compilation warnings. #469
353
+
354
+ ## 2020-12-22 (2.5.1)
355
+
356
+ * Restore the compatibility for constants of JSON class.
357
+
358
+ ## 2020-12-22 (2.5.0)
359
+
360
+ * Ready to Ractor-safe at Ruby 3.0.
361
+
362
+ ## 2020-12-17 (2.4.1)
363
+
364
+ * Restore version.rb with 2.4.1
365
+
366
+ ## 2020-12-15 (2.4.0)
367
+
368
+ * Implement a freeze: parser option #447
369
+ * Fix an issue with generate_pretty and empty objects in the Ruby and Java implementations #449
370
+ * Fix JSON.load_file doc #448
371
+ * Fix pure parser with unclosed arrays / objects #425
372
+ * bundle the LICENSE file in the gem #444
373
+ * Add an option to escape forward slash character #405
374
+ * RDoc for JSON #439 #446 #442 #434 #433 #430
375
+
376
+ ## 2020-06-30 (2.3.1)
377
+
378
+ * Spelling and grammar fixes for comments. Pull request #191 by Josh
379
+ Kline.
380
+ * Enhance generic JSON and #generate docs. Pull request #347 by Victor
381
+ Shepelev.
382
+ * Add :nodoc: for GeneratorMethods. Pull request #349 by Victor Shepelev.
383
+ * Baseline changes to help (JRuby) development. Pull request #371 by Karol
384
+ Bucek.
385
+ * Add metadata for rubygems.org. Pull request #379 by Alexandre ZANNI.
386
+ * Remove invalid JSON.generate description from JSON module rdoc. Pull
387
+ request #384 by Jeremy Evans.
388
+ * Test with TruffleRuby in CI. Pull request #402 by Benoit Daloze.
389
+ * Rdoc enhancements. Pull request #413 by Burdette Lamar.
390
+ * Fixtures/ are not being tested... Pull request #416 by Marc-André
391
+ Lafortune.
392
+ * Use frozen string for hash key. Pull request #420 by Marc-André
393
+ Lafortune.
394
+ * Added :call-seq: to RDoc for some methods. Pull request #422 by Burdette
395
+ Lamar.
396
+ * Small typo fix. Pull request #423 by Marc-André Lafortune.
397
+
398
+ ## 2019-12-11 (2.3.0)
399
+ * Fix default of `create_additions` to always be `false` for `JSON(user_input)`
400
+ and `JSON.parse(user_input, nil)`.
401
+ Note that `JSON.load` remains with default `true` and is meant for internal
402
+ serialization of trusted data. [CVE-2020-10663]
403
+ * Fix passing args all #to_json in json/add/*.
404
+ * Fix encoding issues
405
+ * Fix issues of keyword vs positional parameter
406
+ * Fix JSON::Parser against bigdecimal updates
407
+ * Bug fixes to JRuby port
408
+
409
+ ## 2019-02-21 (2.2.0)
410
+ * Adds support for 2.6 BigDecimal and ruby standard library Set datetype.
411
+
412
+ ## 2017-04-18 (2.1.0)
413
+ * Allow passing of `decimal_class` option to specify a class as which to parse
414
+ JSON float numbers.
415
+ ## 2017-03-23 (2.0.4)
416
+ * Raise exception for incomplete unicode surrogates/character escape
417
+ sequences. This problem was reported by Daniel Gollahon (dgollahon).
418
+ * Fix arbitrary heap exposure problem. This problem was reported by Ahmad
419
+ Sherif (ahmadsherif).
420
+
421
+ ## 2017-01-12 (2.0.3)
422
+ * Set `required_ruby_version` to 1.9
423
+ * Some small fixes
424
+
425
+ ## 2016-07-26 (2.0.2)
426
+ * Specify `required_ruby_version` for json\_pure.
427
+ * Fix issue #295 failure when parsing frozen strings.
428
+
429
+ ## 2016-07-01 (2.0.1)
430
+ * Fix problem when requiring json\_pure and Parser constant was defined top
431
+ level.
432
+ * Add `RB_GC_GUARD` to avoid possible GC problem via Pete Johns.
433
+ * Store `current_nesting` on stack by Aaron Patterson.
434
+
435
+ ## 2015-09-11 (2.0.0)
436
+ * Now complies to newest JSON RFC 7159.
437
+ * Implements compatibility to ruby 2.4 integer unification.
438
+ * Removed support for `quirks_mode` option.
439
+ * Drops support for old rubies whose life has ended, that is rubies < 2.0.
440
+ Also see https://www.ruby-lang.org/en/news/2014/07/01/eol-for-1-8-7-and-1-9-2/
441
+ * There were still some mentions of dual GPL licensing in the source, but JSON
442
+ has just the Ruby license that itself includes an explicit dual-licensing
443
+ clause that allows covered software to be distributed under the terms of
444
+ the Simplified BSD License instead for all ruby versions >= 1.9.3. This is
445
+ however a GPL compatible license according to the Free Software Foundation.
446
+ I changed these mentions to be consistent with the Ruby license setting in
447
+ the gemspec files which were already correct now.
448
+
449
+ ## 2017-01-13 (1.8.6)
450
+ * Be compatible with ancient ruby 1.8 (maybe?)
451
+
452
+ ## 2015-09-11 (1.8.5)
453
+ * Be compatible with ruby 2.4.0
454
+ * There were still some mentions of dual GPL licensing in the source, but JSON
455
+ has just the Ruby license that itself includes an explicit dual-licensing
456
+ clause that allows covered software to be distributed under the terms of
457
+ the Simplified BSD License instead for all ruby versions >= 1.9.3. This is
458
+ however a GPL compatible license according to the Free Software Foundation.
459
+ I changed these mentions to be consistent with the Ruby license setting in
460
+ the gemspec files which were already correct now.
461
+
462
+ ## 2015-06-01 (1.8.3)
463
+ * Fix potential memory leak, thx to nobu.
464
+
465
+ ## 2015-01-08 (1.8.2)
466
+ * Some performance improvements by Vipul A M <vipulnsward@gmail.com>.
467
+ * Fix by Jason R. Clark <jclark@newrelic.com> to avoid mutation of
468
+ `JSON.dump_default_options`.
469
+ * More tests by Michael Mac-Vicar <mmacvicar@gmail.com> and fixing
470
+ `space_before` accessor in generator.
471
+ * Performance on Jruby improved by Ben Browning <bbrownin@redhat.com>.
472
+ * Some fixes to be compatible with the new Ruby 2.2 by Zachary Scott <e@zzak.io>
473
+ and SHIBATA Hiroshi <hsbt@ruby-lang.org>.
474
+
475
+ ## 2013-05-13 (1.8.1)
476
+ * Remove Rubinius exception since transcoding should be working now.
477
+
478
+ ## 2013-05-13 (1.8.0)
479
+ * Fix https://github.com/ruby/json/issues/162 reported by Marc-Andre
480
+ Lafortune <github_rocks@marc-andre.ca>. Thanks!
481
+ * Applied patches by Yui NARUSE <naruse@airemix.jp> to suppress warning with
482
+ -Wchar-subscripts and better validate UTF-8 strings.
483
+ * Applied patch by ginriki@github to remove unnecessary if.
484
+ * Add load/dump interface to `JSON::GenericObject` to make
485
+ serialize :some_attribute, `JSON::GenericObject`
486
+ work in Rails active models for convenient `SomeModel#some_attribute.foo.bar`
487
+ access to serialised JSON data.
488
+
489
+ ## 2013-02-04 (1.7.7)
490
+ * Security fix for JSON create_additions default value and
491
+ `JSON::GenericObject`. It should not be possible to create additions unless
492
+ explicitly requested by setting the create_additions argument to true or
493
+ using the JSON.load/dump interface. If `JSON::GenericObject` is supposed to
494
+ be automatically deserialised, this has to be explicitly enabled by
495
+ setting
496
+ JSON::GenericObject.json_creatable = true
497
+ as well.
498
+ * Remove useless assert in fbuffer implementation.
499
+ * Apply patch attached to https://github.com/ruby/json/issues#issue/155
500
+ provided by John Shahid <jvshahid@gmail.com>, Thx!
501
+ * Add license information to rubygems spec data, reported by Jordi Massaguer Pla <jmassaguerpla@suse.de>.
502
+ * Improve documentation, thx to Zachary Scott <zachary@zacharyscott.net>.
503
+
504
+ ## 2012-11-29 (1.7.6)
505
+ * Add `GeneratorState#merge` alias for JRuby, fix state accessor methods. Thx to
506
+ jvshahid@github.
507
+ * Increase hash likeness of state objects.
508
+
509
+ ## 2012-08-17 (1.7.5)
510
+ * Fix compilation of extension on older rubies.
511
+
512
+ ## 2012-07-26 (1.7.4)
513
+ * Fix compilation problem on AIX, see https://github.com/ruby/json/issues/142
514
+
515
+ ## 2012-05-12 (1.7.3)
516
+ * Work around Rubinius encoding issues using iconv for conversion instead.
517
+
518
+ ## 2012-05-11 (1.7.2)
519
+ * Fix some encoding issues, that cause problems for the pure and the
520
+ extension variant in jruby 1.9 mode.
521
+
522
+ ## 2012-04-28 (1.7.1)
523
+ * Some small fixes for building
524
+
525
+ ## 2012-04-28 (1.7.0)
526
+ * Add `JSON::GenericObject` for method access to objects transmitted via JSON.
527
+
528
+ ## 2012-04-27 (1.6.7)
529
+ * Fix possible crash when trying to parse nil value.
530
+
531
+ ## 2012-02-11 (1.6.6)
532
+ * Propagate src encoding to values made from it (fixes 1.9 mode converting
533
+ everything to ascii-8bit; harmless for 1.8 mode too) (Thomas E. Enebo
534
+ <tom.enebo@gmail.com>), should fix
535
+ https://github.com/ruby/json/issues#issue/119.
536
+ * Fix https://github.com/ruby/json/issues#issue/124 Thx to Jason Hutchens.
537
+ * Fix https://github.com/ruby/json/issues#issue/117
538
+
539
+ ## 2012-01-15 (1.6.5)
540
+ * Vit Ondruch <v.ondruch@tiscali.cz> reported a bug that shows up when using
541
+ optimisation under GCC 4.7. Thx to him, Bohuslav Kabrda
542
+ <bkabrda@redhat.com> and Yui NARUSE <naruse@airemix.jp> for debugging and
543
+ developing a patch fix.
544
+
545
+ ## 2011-12-24 (1.6.4)
546
+ * Patches that improve speed on JRuby contributed by Charles Oliver Nutter
547
+ <headius@headius.com>.
548
+ * Support `object_class`/`array_class` with duck typed hash/array.
549
+
550
+ ## 2011-12-01 (1.6.3)
551
+ * Let `JSON.load('')` return nil as well to make mysql text columns (default to
552
+ `''`) work better for serialization.
553
+
554
+ ## 2011-11-21 (1.6.2)
555
+ * Add support for OpenStruct and BigDecimal.
556
+ * Fix bug when parsing nil in `quirks_mode`.
557
+ * Make JSON.dump and JSON.load methods better cooperate with Rails' serialize
558
+ method. Just use:
559
+ serialize :value, JSON
560
+ * Fix bug with time serialization concerning nanoseconds. Thanks for the
561
+ patch go to Josh Partlow (jpartlow@github).
562
+ * Improve parsing speed for JSON numbers (integers and floats) in a similar way to
563
+ what Evan Phoenix <evan@phx.io> suggested in:
564
+ https://github.com/ruby/json/pull/103
565
+
566
+ ## 2011-09-18 (1.6.1)
567
+ * Using -target 1.5 to force Java bits to compile with 1.5.
568
+
569
+ ## 2011-09-12 (1.6.0)
570
+ * Extract utilities (prettifier and GUI-editor) in its own gem json-utils.
571
+ * Split json/add/core into different files for classes to be serialised.
572
+
573
+ ## 2011-08-31 (1.5.4)
574
+ * Fix memory leak when used from multiple JRuby. (Patch by
575
+ jfirebaugh@github).
576
+ * Apply patch by Eric Wong <nocode@yhbt.net> that fixes garbage collection problem
577
+ reported in https://github.com/ruby/json/issues/46.
578
+ * Add :quirks_mode option to parser and generator.
579
+ * Add support for Rational and Complex number additions via json/add/complex
580
+ and json/add/rational requires.
581
+
582
+ ## 2011-06-20 (1.5.3)
583
+ * Alias State#configure method as State#merge to increase duck type synonymy with Hash.
584
+ * Add `as_json` methods in json/add/core, so rails can create its json objects the new way.
585
+
586
+ ## 2011-05-11 (1.5.2)
587
+ * Apply documentation patch by Cory Monty <cory.monty@gmail.com>.
588
+ * Add gemspecs for json and json\_pure.
589
+ * Fix bug in jruby pretty printing.
590
+ * Fix bug in `object_class` and `array_class` when inheriting from Hash or
591
+ Array.
592
+
593
+ ## 2011-01-24 (1.5.1)
594
+ * Made rake-compiler build a fat binary gem. This should fix issue
595
+ https://github.com/ruby/json/issues#issue/54.
596
+
597
+ ## 2011-01-22 (1.5.0)
598
+ * Included Java source codes for the Jruby extension made by Daniel Luz
599
+ <dev@mernen.com>.
600
+ * Output full exception message of `deep_const_get` to aid debugging.
601
+ * Fixed an issue with ruby 1.9 `Module#const_defined?` method, that was
602
+ reported by Riley Goodside.
603
+
604
+ ## 2010-08-09 (1.4.6)
605
+ * Fixed oversight reported in http://github.com/ruby/json/issues/closed#issue/23,
606
+ always create a new object from the state prototype.
607
+ * Made pure and ext api more similar again.
608
+
609
+ ## 2010-08-07 (1.4.5)
610
+ * Manage data structure nesting depth in state object during generation. This
611
+ should reduce problems with `to_json` method definіtions that only have one
612
+ argument.
613
+ * Some fixes in the state objects and additional tests.
614
+ ## 2010-08-06 (1.4.4)
615
+ * Fixes build problem for rubinius under OS X, http://github.com/ruby/json/issues/closed#issue/25
616
+ * Fixes crashes described in http://github.com/ruby/json/issues/closed#issue/21 and
617
+ http://github.com/ruby/json/issues/closed#issue/23
618
+ ## 2010-05-05 (1.4.3)
619
+ * Fixed some test assertions, from Ruby r27587 and r27590, patch by nobu.
620
+ * Fixed issue http://github.com/ruby/json/issues/#issue/20 reported by
621
+ electronicwhisper@github. Thx!
622
+
623
+ ## 2010-04-26 (1.4.2)
624
+ * Applied patch from naruse Yui NARUSE <naruse@airemix.com> to make building with
625
+ Microsoft Visual C possible again.
626
+ * Applied patch from devrandom <c1.github@niftybox.net> in order to allow building of
627
+ json_pure if extensiontask is not present.
628
+ * Thanks to Dustin Schneider <dustin@stocktwits.com>, who reported a memory
629
+ leak, which is fixed in this release.
630
+ * Applied 993f261ccb8f911d2ae57e9db48ec7acd0187283 patch from josh@github.
631
+
632
+ ## 2010-04-25 (1.4.1)
633
+ * Fix for a bug reported by Dan DeLeo <dan@kallistec.com>, caused by T_FIXNUM
634
+ being different on 32bit/64bit architectures.
635
+
636
+ ## 2010-04-23 (1.4.0)
637
+ * Major speed improvements and building with simplified
638
+ directory/file-structure.
639
+ * Extension should at least be compatible with MRI, YARV and Rubinius.
640
+
641
+ ## 2010-04-07 (1.2.4)
642
+ * Trigger const_missing callback to make Rails' dynamic class loading work.
643
+
644
+ ## 2010-03-11 (1.2.3)
645
+ * Added a `State#[]` method which returns an attribute's value in order to
646
+ increase duck type compatibility to Hash.
647
+
648
+ ## 2010-02-27 (1.2.2)
649
+ * Made some changes to make the building of the parser/generator compatible
650
+ to Rubinius.
651
+
652
+ ## 2009-11-25 (1.2.1)
653
+ * Added `:symbolize_names` option to Parser, which returns symbols instead of
654
+ strings in object names/keys.
655
+
656
+ ## 2009-10-01 (1.2.0)
657
+ * `fast_generate` now raises an exception for nan and infinite floats.
658
+ * On Ruby 1.8 json supports parsing of UTF-8, UTF-16BE, UTF-16LE, UTF-32BE,
659
+ and UTF-32LE JSON documents now. Under Ruby 1.9 the M17n conversion
660
+ functions are used to convert from all supported encodings. ASCII-8BIT
661
+ encoded strings are handled like all strings under Ruby 1.8 were.
662
+ * Better documentation
663
+
664
+ ## 2009-08-23 (1.1.9)
665
+ * Added forgotten main doc file `extra_rdoc_files`.
666
+
667
+ ## 2009-08-23 (1.1.8)
668
+ * Applied a patch by OZAWA Sakuro <sakuro@2238club.org> to make json/pure
669
+ work in environments that don't provide iconv.
670
+ * Applied patch by okkez_ in order to fix Ruby Bug #1768:
671
+ http://redmine.ruby-lang.org/issues/show/1768.
672
+ * Finally got around to avoid the rather paranoid escaping of ?/ characters
673
+ in the generator's output. The parsers aren't affected by this change.
674
+ Thanks to Rich Apodaca <rapodaca@metamolecular.com> for the suggestion.
675
+
676
+ ## 2009-06-29 (1.1.7)
677
+ * Security Fix for JSON::Pure::Parser. A specially designed string could
678
+ cause catastrophic backtracking in one of the parser's regular expressions
679
+ in earlier 1.1.x versions. JSON::Ext::Parser isn't affected by this issue.
680
+ Thanks to Bartosz Blimke <bartosz@new-bamboo.co.uk> for reporting this
681
+ problem.
682
+ * This release also uses a less strict ruby version requirement for the
683
+ creation of the mswin32 native gem.
684
+
685
+ ## 2009-05-10 (1.1.6)
686
+ * No changes. І tested native linux gems in the last release and they don't
687
+ play well with different ruby versions other than the one the gem was built
688
+ with. This release is just to bump the version number in order to skip the
689
+ native gem on rubyforge.
690
+
691
+ ## 2009-05-10 (1.1.5)
692
+ * Started to build gems with rake-compiler gem.
693
+ * Applied patch object/array class patch from Brian Candler
694
+ <B.Candler@pobox.com> and fixes.
695
+
696
+ ## 2009-04-01 (1.1.4)
697
+ * Fixed a bug in the creation of serialized generic rails objects reported by
698
+ Friedrich Graeter <graeter@hydrixos.org>.
699
+ * Deleted tests/runner.rb, we're using testrb instead.
700
+ * Editor supports Infinity in numbers now.
701
+ * Made some changes in order to get the library to compile/run under Ruby
702
+ 1.9.
703
+ * Improved speed of the code path for the fast_generate method in the pure
704
+ variant.
705
+
706
+ ## 2008-07-10 (1.1.3)
707
+ * Wesley Beary <monki@geemus.com> reported a bug in json/add/core's DateTime
708
+ handling: If the nominator and denominator of the offset were divisible by
709
+ each other Ruby's Rational#to_s returns them as an integer not a fraction
710
+ with '/'. This caused a ZeroDivisionError during parsing.
711
+ * Use Date#start and DateTime#start instead of sg method, while
712
+ remaining backwards compatible.
713
+ * Supports ragel >= 6.0 now.
714
+ * Corrected some tests.
715
+ * Some minor changes.
716
+
717
+ ## 2007-11-27 (1.1.2)
718
+ * Remember default dir (last used directory) in editor.
719
+ * JSON::Editor.edit method added, the editor can now receive json texts from
720
+ the clipboard via C-v.
721
+ * Load json texts from an URL pasted via middle button press.
722
+ * Added :create_additions option to Parser. This makes it possible to disable
723
+ the creation of additions by force, in order to treat json texts as data
724
+ while having additions loaded.
725
+ * Jacob Maine <jmaine@blurb.com> reported, that JSON(:foo) outputs a JSON
726
+ object if the rails addition is enabled, which is wrong. It now outputs a
727
+ JSON string "foo" instead, like suggested by Jacob Maine.
728
+ * Discovered a bug in the Ruby Bugs Tracker on rubyforge, that was reported
729
+ by John Evans lgastako@gmail.com. He could produce a crash in the JSON
730
+ generator by returning something other than a String instance from a
731
+ to_json method. I now guard against this by doing a rather crude type
732
+ check, which raises an exception instead of crashing.
733
+
734
+ ## 2007-07-06 (1.1.1)
735
+ * Yui NARUSE <naruse@airemix.com> sent some patches to fix tests for Ruby
736
+ 1.9. I applied them and adapted some of them a bit to run both on 1.8 and
737
+ 1.9.
738
+ * Introduced a `JSON.parse!` method without depth checking for people who
739
+ like danger.
740
+ * Made generate and `pretty_generate` methods configurable by an options hash.
741
+ * Added :allow_nan option to parser and generator in order to handle NaN,
742
+ Infinity, and -Infinity correctly - if requested. Floats, which aren't numbers,
743
+ aren't valid JSON according to RFC4627, so by default an exception will be
744
+ raised if any of these symbols are encountered. Thanks to Andrea Censi
745
+ <andrea.censi@dis.uniroma1.it> for his hint about this.
746
+ * Fixed some more tests for Ruby 1.9.
747
+ * Implemented dump/load interface of Marshal as suggested in ruby-core:11405
748
+ by murphy <murphy@rubychan.de>.
749
+ * Implemented the `max_nesting` feature for generate methods, too.
750
+ * Added some implementations for ruby core's custom objects for
751
+ serialisation/deserialisation purposes.
752
+
753
+ ## 2007-05-21 (1.1.0)
754
+ * Implemented max_nesting feature for parser to avoid stack overflows for
755
+ data from untrusted sources. If you trust the source, you can disable it
756
+ with the option max_nesting => false.
757
+ * Piers Cawley <pdcawley@bofh.org.uk> reported a bug, that not every
758
+ character can be escaped by `\` as required by RFC4627. There's a
759
+ contradiction between David Crockford's JSON checker test vectors (in
760
+ tests/fixtures) and RFC4627, though. I decided to stick to the RFC, because
761
+ the JSON checker seems to be a bit older than the RFC.
762
+ * Extended license to Ruby License, which includes the GPL.
763
+ * Added keyboard shortcuts, and 'Open location' menu item to edit_json.rb.
764
+
765
+ ## 2007-05-09 (1.0.4)
766
+ * Applied a patch from Yui NARUSE <naruse@airemix.com> to make JSON compile
767
+ under Ruby 1.9. Thank you very much for mailing it to me!
768
+ * Made binary variants of JSON fail early, instead of falling back to the
769
+ pure version. This should avoid overshadowing of eventual problems while
770
+ loading of the binary.
771
+
772
+ ## 2007-03-24 (1.0.3)
773
+ * Improved performance of pure variant a bit.
774
+ * The ext variant of this release supports the mswin32 platform. Ugh!
775
+
776
+ ## 2007-03-24 (1.0.2)
777
+ * Ext Parser didn't parse 0e0 correctly into 0.0: Fixed!
778
+
779
+ ## 2007-03-24 (1.0.1)
780
+ * Forgot some object files in the build dir. I really like that - not!
781
+
782
+ ## 2007-03-24 (1.0.0)
783
+ * Added C implementations for the JSON generator and a ragel based JSON
784
+ parser in C.
785
+ * Much more tests, especially fixtures from json.org.
786
+ * Further improved conformance to RFC4627.
787
+
788
+ ## 2007-02-09 (0.4.3)
789
+ * Conform more to RFC4627 for JSON: This means JSON strings
790
+ now always must contain exactly one object `"{ ... }"` or array `"[ ... ]"` in
791
+ order to be parsed without raising an exception. The definition of what
792
+ constitutes a whitespace is narrower in JSON than in Ruby ([ \t\r\n]), and
793
+ there are differences in floats and integers (no octals or hexadecimals) as
794
+ well.
795
+ * Added aliases generate and `pretty_generate` of unparse and `pretty_unparse`.
796
+ * Fixed a test case.
797
+ * Catch an `Iconv::InvalidEncoding` exception, that seems to occur on some Sun
798
+ boxes with SunOS 5.8, if iconv doesn't support utf16 conversions. This was
799
+ reported by Andrew R Jackson <andrewj@bcm.tmc.edu>, thanks a bunch!
800
+
801
+ ## 2006-08-25 (0.4.2)
802
+ * Fixed a bug in handling solidi (/-characters), that was reported by
803
+ Kevin Gilpin <kevin.gilpin@alum.mit.edu>.
804
+
805
+ ## 2006-02-06 (0.4.1)
806
+ * Fixed a bug related to escaping with backslashes. Thanks for the report go
807
+ to Florian Munz <surf@theflow.de>.
808
+
809
+ ## 2005-09-23 (0.4.0)
810
+ * Initial Rubyforge Version