[Dependency] Bump json from 2.13.2 to 2.16.0

[dependabot[bot]]

Bumps json from 2.13.2 to 2.16.0.

Release notes

Sourced from json's releases.

v2.16.0

What's Changed

• Deprecate JSON::State#[] and JSON::State#[]=. Consider using JSON::Coder instead.
• JSON::Coder now also yields to the block when encountering strings with invalid encoding.
• Fix GeneratorError messages to be UTF-8 encoded.
• Fix memory leak when Exception is raised, or throw is used during JSON generation.
• Optimized floating point number parsing by integrating the ryu algorithm (thanks to Josef Šimánek).
• Optimized numbers parsing using SWAR (thanks to Scott Myron).
• Optimized parsing of pretty printed documents using SWAR (thanks to Scott Myron).

Full Changelog: https://github.com/ruby/json/compare/v2.15.2...v2.16.0

v2.15.2

What's Changed

• Fix JSON::Coder to have one dedicated depth counter per invocation. After encountering a circular reference in JSON::Coder#dump, any further #dump call would raise JSON::NestingError.

Full Changelog: https://github.com/ruby/json/compare/v2.15.1...v2.15.2

v2.15.1

What's Changed

• Fix incorrect escaping in the JRuby extension when encoding shared strings.

Full Changelog: https://github.com/ruby/json/compare/v2.15.0...v2.15.1

v2.15.0

What's Changed

• JSON::Coder callback now receive a second argument to convey whether the object is a hash key.
• Tuned the floating point number generator to not use scientific notation as aggressively.

Full Changelog: https://github.com/ruby/json/compare/v2.14.1...v2.15.0

v2.14.1

What's Changed

• Fix IndexOutOfBoundsException in the JRuby extension when encoding shared strings.

Full Changelog: https://github.com/ruby/json/compare/v2.14.0...v2.14.1

v2.14.0

What's Changed

• Add new allow_duplicate_key generator options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.

... (truncated)

Changelog

Sourced from json's changelog.

2025-11-07 (2.16.0)

• Deprecate JSON::State#[] and JSON::State#[]=. Consider using JSON::Coder instead.
• JSON::Coder now also yields to the block when encountering strings with invalid encoding.
• Fix GeneratorError messages to be UTF-8 encoded.
• Fix memory leak when Exception is raised, or throw is used during JSON generation.
• Optimized floating point number parsing by integrating the ryu algorithm (thanks to Josef Šimánek).
• Optimized numbers parsing using SWAR (thanks to Scott Myron).
• Optimized parsing of pretty printed documents using SWAR (thanks to Scott Myron).

2025-10-25 (2.15.2)

• Fix JSON::Coder to have one dedicated depth counter per invocation. After encountering a circular reference in JSON::Coder#dump, any further #dump call would raise JSON::NestingError.

2025-10-07 (2.15.1)

• Fix incorrect escaping in the JRuby extension when encoding shared strings.

2025-09-22 (2.15.0)

• JSON::Coder callback now receive a second argument to convey whether the object is a hash key.
• Tuned the floating point number generator to not use scientific notation as aggressively.

2025-09-18 (2.14.1)

• Fix IndexOutOfBoundsException in the JRuby extension when encoding shared strings.

2025-09-18 (2.14.0)

• Add new allow_duplicate_key generator options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.

  >> Warning[:deprecated] = true
  >> puts JSON.generate({ foo: 1, "foo" => 2 })
  (irb):2: warning: detected duplicate key "foo" in {foo: 1, "foo" => 2}.
  This will raise an error in json 3.0 unless enabled via `allow_duplicate_key: true`
  {"foo":1,"foo":2}
  >> JSON.generate({ foo: 1, "foo" => 2 }, allow_duplicate_key: false)
  detected duplicate key "foo" in {foo: 1, "foo" => 2} (JSON::GeneratorError)
  

• Fix JSON.generate strict: true mode to also restrict hash keys.
• Fix JSON::Coder to also invoke block for hash keys that aren't strings nor symbols.
• Fix JSON.unsafe_load usage with proc
• Fix the parser to more consistently reject invalid UTF-16 surogate pairs.
• Stop defining String.json_create, String#to_json_raw, String#to_json_raw_object when json/add isn't loaded.

Commits

• 5a12067 Release 2.16.0
• e9fbc89 Deprecate JSON::State#[] and JSON::State#[]=
• 826cb2a Get rid of JSON.deep_const_get (private API)
• fce1c7e Tentative fix for RHEL8 compiler
• a67d1a1 Micro-optimize rstring_cache_fetch
• ddad00b Extract JSON_CPU_LITTLE_ENDIAN_64BITS definition
• 3bc1787 ext/json/ext/json.h: Add missing newline at end of file
• 5915103 Fix duplicate 'inline' declaration specifier
• 043880f parser.c: Always inline json_eat_whitespace
• 21284ea parser.c: use rb_str_to_interned_str over rb_funcall
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)