[Dependency] Bump json from 2.13.2 to 2.15.1

[dependabot]

Bumps json from 2.13.2 to 2.15.1.

Release notes

Sourced from json's releases.

v2.15.1

What's Changed

• Fix incorrect escaping in the JRuby extension when encoding shared strings.

Full Changelog: ruby/json@v2.15.0...v2.15.1

v2.15.0

What's Changed

• JSON::Coder callback now receive a second argument to convey whether the object is a hash key.
• Tuned the floating point number generator to not use scientific notation as aggressively.

Full Changelog: ruby/json@v2.14.1...v2.15.0

v2.14.1

What's Changed

• Fix IndexOutOfBoundsException in the JRuby extension when encoding shared strings.

Full Changelog: ruby/json@v2.14.0...v2.14.1

v2.14.0

What's Changed

• Add new allow_duplicate_key generator options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.

  >> Warning[:deprecated] = true
  >> puts JSON.generate({ foo: 1, "foo" => 2 })
  (irb):2: warning: detected duplicate key "foo" in {foo: 1, "foo" => 2}.
  This will raise an error in json 3.0 unless enabled via `allow_duplicate_key: true`
  {"foo":1,"foo":2}
  >> JSON.generate({ foo: 1, "foo" => 2 }, allow_duplicate_key: false)
  detected duplicate key "foo" in {foo: 1, "foo" => 2} (JSON::GeneratorError)

• Fix JSON.generate strict: true mode to also restrict hash keys.
• Fix JSON::Coder to also invoke block for hash keys that aren't strings nor symbols.
• Fix JSON.unsafe_load usage with proc
• Fix the parser to more consistently reject invalid UTF-16 surogate pairs.
• Stop defining String.json_create, String#to_json_raw, String#to_json_raw_object when json/add isn't loaded.

Full Changelog: ruby/json@v2.13.2...v2.14.0

Changelog

Sourced from json's changelog.

2025-10-07 (2.15.1)

• Fix incorrect escaping in the JRuby extension when encoding shared strings.

2025-09-22 (2.15.0)

• JSON::Coder callback now receive a second argument to convey whether the object is a hash key.
• Tuned the floating point number generator to not use scientific notation as aggressively.

2025-09-18 (2.14.1)

• Fix IndexOutOfBoundsException in the JRuby extension when encoding shared strings.

2025-09-18 (2.14.0)

• Add new allow_duplicate_key generator options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.

  >> Warning[:deprecated] = true
  >> puts JSON.generate({ foo: 1, "foo" => 2 })
  (irb):2: warning: detected duplicate key "foo" in {foo: 1, "foo" => 2}.
  This will raise an error in json 3.0 unless enabled via `allow_duplicate_key: true`
  {"foo":1,"foo":2}
  >> JSON.generate({ foo: 1, "foo" => 2 }, allow_duplicate_key: false)
  detected duplicate key "foo" in {foo: 1, "foo" => 2} (JSON::GeneratorError)

• Fix JSON.generate strict: true mode to also restrict hash keys.
• Fix JSON::Coder to also invoke block for hash keys that aren't strings nor symbols.
• Fix JSON.unsafe_load usage with proc
• Fix the parser to more consistently reject invalid UTF-16 surogate pairs.
• Stop defining String.json_create, String#to_json_raw, String#to_json_raw_object when json/add isn't loaded.

Commits

• 9e6067b Release 2.15.1
• 1e19097 Add a workflow to sync commits to ruby/ruby (#872)
• 1b1647f Update changelog
• eec466d Merge pull request #871 from tompng/fix_sliced_string_escape
• d7baf01 Fix sliced string escaping
• d867e39 Run jruby-head on Windows
• ec85851 Fix a typo in the changelog
• 4abfad0 Release 2.15.0
• bb5db85 Merge pull request #866 from headius/jruby_rakefile_fixes
• e809fab Merge pull request #865 from samyron/sm/swar-better-bounds-fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)