🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more
Sign In

json

Package Overview
Dependencies
Maintainers
1
Versions
131
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

json - rubygems Package Compare versions

Comparing version
2.19.7
to
2.19.8
+5
-0
CHANGES.md

@@ -5,2 +5,7 @@ # Changes

### 2026-06-03 (2.19.8)
* Fix 1-byte buffer overread on EOS errors.
* Handle invalid types passed as `max_nesting` option.
### 2026-05-28 (2.19.7)

@@ -7,0 +12,0 @@

@@ -388,2 +388,9 @@ #include "../json.h"

{
JSON_ASSERT(state->cursor <= state->end);
// Redundant but helpful for hardening
if (RB_UNLIKELY(state->cursor > state->end)) {
state->cursor = state->end;
}
const char *cursor = state->cursor;

@@ -1026,2 +1033,9 @@ long column = 0;

}
// If the string ended with an unterminated escape sequence, we might
// have gone past the end.
if (RB_UNLIKELY(state->cursor > state->end)) {
state->cursor = state->end;
}
return false;

@@ -1028,0 +1042,0 @@ }

+3
-0

@@ -310,2 +310,5 @@ # frozen_string_literal: true

elsif opts[:max_nesting]
unless opts[:max_nesting].is_a?(Integer)
raise TypeError, ":max_nesting must be an Integer, got: #{opts[:max_nesting].class}"
end
@max_nesting = opts[:max_nesting]

@@ -312,0 +315,0 @@ else

+1
-1
# frozen_string_literal: true
module JSON
VERSION = '2.19.7'
VERSION = '2.19.8'
end

@@ -252,2 +252,13 @@ # JSON implementation for Ruby

## Security
When parsing or serializing untrusted input, parser and generator options should never be user controlled.
```ruby
# Dangerous, DO NOT DO THIS.
JSON.generate(params[:data], params[:options])
```
Security vulnerability reports relying on attacker controlled parsing or generator options will be handled as regular bug fixes.
## Development

@@ -254,0 +265,0 @@

Sorry, the diff of this file is too big to display