🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more
Sign In

json

Package Overview
Dependencies
Maintainers
1
Versions
131
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

json - rubygems Package Compare versions

Comparing version
2.19.6
to
2.19.7
+7
-0
CHANGES.md

@@ -5,2 +5,9 @@ # Changes

### 2026-05-28 (2.19.7)
* Fix some more edge cases with out of range floats.
* Ensure the string provided to `JSON.parse` can't be mutated during parsing.
* Add missing write barriers in `State#dup`.
* Further validate generator `depth` config.
### 2026-05-28 (2.19.6)

@@ -7,0 +14,0 @@

+28
-16

@@ -1205,3 +1205,7 @@ #include "../json.h"

exponent = negative_exponent ? -abs_exponent : abs_exponent;
if (RB_UNLIKELY(exponent_digits >= 20 || abs_exponent > (uint64_t)INT64_MAX)) {
exponent = negative_exponent ? INT64_MIN : INT64_MAX;
} else {
exponent = negative_exponent ? -(int64_t)abs_exponent : (int64_t)abs_exponent;
}
}

@@ -1461,14 +1465,17 @@

{
int encindex = RB_ENCODING_GET(source);
StringValue(source);
int encindex = RB_ENCODING_GET(source);
if (RB_LIKELY(encindex == utf8_encindex)) {
return source;
}
if (RB_LIKELY(encindex == utf8_encindex)) {
return source;
}
if (encindex == binary_encindex) {
// For historical reason, we silently reinterpret binary strings as UTF-8
return rb_enc_associate_index(rb_str_dup(source), utf8_encindex);
}
if (encindex == binary_encindex) {
// For historical reason, we silently reinterpret binary strings as UTF-8
return rb_enc_associate_index(rb_str_dup(source), utf8_encindex);
}
return rb_funcall(source, i_encode, 1, Encoding_UTF_8);
source = rb_funcall(source, i_encode, 1, Encoding_UTF_8);
StringValue(source);
return source;
}

@@ -1588,7 +1595,13 @@

static VALUE cParser_parse(JSON_ParserConfig *config, VALUE Vsource)
static VALUE cParser_parse(JSON_ParserConfig *config, VALUE src)
{
Vsource = convert_encoding(StringValue(Vsource));
StringValue(Vsource);
VALUE Vsource = convert_encoding(src);
// Ensure the string isn't mutated under us.
// The classic API to use is `rb_str_locktmp`, but then we'd
// need to use `rb_protect` to make sure we always unlock.
if (Vsource == src) {
Vsource = rb_str_new_frozen(Vsource);
}
VALUE rvalue_stack_buffer[RVALUE_STACK_INITIAL_CAPA];

@@ -1603,2 +1616,3 @@ rvalue_stack stack = {

const char *start;
RSTRING_GETMEM(Vsource, start, len);

@@ -1622,2 +1636,3 @@

RB_GC_GUARD(stack_handle);
RB_GC_GUARD(Vsource);
json_ensure_eof(state);

@@ -1643,5 +1658,2 @@

{
Vsource = convert_encoding(StringValue(Vsource));
StringValue(Vsource);
JSON_ParserConfig _config = {0};

@@ -1648,0 +1660,0 @@ JSON_ParserConfig *config = &_config;

# frozen_string_literal: true
module JSON
VERSION = '2.19.6'
VERSION = '2.19.7'
end

Sorry, the diff of this file is too big to display