chore(deps)(deps): bump json from 2.19.5 to 2.19.9

[dependabot]

Bumps json from 2.19.5 to 2.19.9.

Release notes

Sourced from json's releases.

v2.19.9

• Fix buffer overflow that could lead to a crash when writing JSON directly into an IO with JSON.generate(object, io). [CVE-PENDING].

Full Changelog: ruby/json@v2.19.8...v2.19.9

v2.19.8

What's Changed

• Fix 1-byte buffer overread on EOS errors.
• Handle invalid types passed as max_nesting option.

Full Changelog: ruby/json@v2.19.7...v2.19.8

v2.19.7

What's Changed

• Fix some more edge cases with out of range floats.
• Ensure the string provided to JSON.parse can't be mutated during parsing.
• Add missing write barriers in State#dup.
• Further validate generator depth config.

Full Changelog: ruby/json@v2.19.6...v2.19.7

v2.19.6

What's Changed

• Cleanly handle overly large depth generator argument.
• Add missing write barrier in ParserConfig.

Full Changelog: ruby/json@v2.19.5...v2.19.6

Changelog

Sourced from json's changelog.

2026-06-11 (2.19.9)

• Fix buffer overflow that could lead to a crash when writing JSON directly into an IO with JSON.generate(object, io). [CVE-PENDING].

2026-06-03 (2.19.8)

• Fix 1-byte buffer overread on EOS errors.
• Handle invalid types passed as max_nesting option.

2026-05-28 (2.19.7)

• Fix some more edge cases with out of range floats.
• Ensure the string provided to JSON.parse can't be mutated during parsing.
• Add missing write barriers in State#dup.
• Further validate generator depth config.

2026-05-28 (2.19.6)

• Cleanly handle overly large depth generator argument.
• Add missing write barrier in ParserConfig.

Commits

• 2cff267 Release 2.19.9
• fd6a65b generator.c: don't start with a stack buffer in IO case
• 5233dd9 Release 2.19.8
• 3f44b26 Prevent buffer over-read when generating EOF error
• be8d068 Handle invalid types passed as max_nesting option
• 59501c0 Get rid of all_images gem
• c7a7b2b Add a security note in README
• ab6c8f2 Release 2.19.7
• f033b9d Fix some more edge cases with out of range floats
• 5ca8a67 parser.c: Ensure the user provided string can't be mutated
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)