Skip to content

Bump json from 2.18.1 to 2.19.2 in /docs#285

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/bundler/docs/json-2.19.2
Closed

Bump json from 2.18.1 to 2.19.2 in /docs#285
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/bundler/docs/json-2.19.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 19, 2026
edited
Loading

Bumps json from 2.18.1 to 2.19.2.

Release notes

Sourced from json's releases.

v2.19.2

What's Changed

  • Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false). CVE-2026-33210

Full Changelog: ruby/json@v2.19.1...v2.19.2

v2.19.1

What's Changed

  • Fix a compiler dependent GC bug introduced in 2.18.0.

Full Changelog: ruby/json@v2.19.0...v2.19.1

v2.19.0

What's Changed

  • Fix allow_blank parsing option to no longer allow invalid types (e.g. load([], allow_blank: true) now raise a type error).
  • Add allow_invalid_escape parsing option to ignore backslashes that aren't followed by one of the valid escape characters.

Full Changelog: ruby/json@v2.18.1...v2.19.0

Changelog

Sourced from json's changelog.

2026-03-18 (2.19.2)

  • Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false). CVE-2026-33210.

2026-03-08 (2.19.1)

  • Fix a compiler dependent GC bug introduced in 2.18.0.

2026-03-06 (2.19.0)

  • Fix allow_blank parsing option to no longer allow invalid types (e.g. load([], allow_blank: true) now raise a type error).
  • Add allow_invalid_escape parsing option to ignore backslashes that aren't followed by one of the valid escape characters.
Commits
  • 54f8a87 Release 2.19.2
  • 393b41c Fix a format string injection vulnerability
  • dbf6bb1 Merge pull request #953 from ruby/dependabot/github_actions/actions/create-gi...
  • 7187315 Bump actions/create-github-app-token from 2 to 3
  • 4a42a04 Release 2.19.1
  • 13689c2 Add missing GC_GUARD in fbuffer_append_str
  • a11acc1 Release 2.19.0
  • 0a4fb79 fbuffer.h: Use size_t over unsigned long
  • a29fcdc Add depth validation to Jruby and TruffleRuby implementations
  • de993aa Reject negative depth; add overflow guards to prevent hang/crash
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Mar 19, 2026
@dependabot dependabot Bot force-pushed the dependabot/bundler/docs/json-2.19.2 branch from 19306d0 to 8d6b954 Compare April 8, 2026 13:20
@dependabot
Bump json from 2.18.1 to 2.19.2 in /docs
d7aefdf 
Bumps [json](https://github.com/ruby/json) from 2.18.1 to 2.19.2.
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.18.1...v2.19.2)

---
updated-dependencies:
- dependency-name: json
  dependency-version: 2.19.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/docs/json-2.19.2 branch from 8d6b954 to d7aefdf Compare April 8, 2026 13:33
@psymoon psymoon closed this Apr 8, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 8, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/bundler/docs/json-2.19.2 branch April 8, 2026 14:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@psymoon psymoon psymoon approved these changes

@valdesekamdem valdesekamdem Awaiting requested review from valdesekamdem valdesekamdem is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@psymoon