`lexical` dependency is unsound

[ivan770]

Hi.

json-number has a dependency on lexical, which contains multiple soundness issues within its implementation. Dependabot mentions that libcore already integrated the updated float parsing algorithm, making it possible to remove the dependency entirely.

[timothee-haudebourg]

Thank you for raising this issue. I'm not using lexical to parse numbers, but to format them according to JCS rules. I'll have to find an alternative before I can get rid of it.

[flavio]

@timothee-haudebourg no need to find an alternative, there's an update that addresses the security issues. See the PR linked above 😄

[timothee-haudebourg]

Fixed with #5, published with version 0.4.9