Raise json to a patched release on next

evolve75 · evolve75 · commit 8d8fd3a324cb · 2026-04-19T11:03:38.000-04:00
Update the runtime json dependency floor and refresh the lockfile to 2.19.4 so next passes the security audit for GHSA-3m6g-2423-7cp3.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -2,7 +2,7 @@ PATH
   remote: .
   specs:
     rubytree (3.0.0pre)
-      json (~> 2.18)
+      json (~> 2.19, >= 2.19.2)
 
 GEM
   remote: https://rubygems.org/
@@ -22,7 +22,7 @@ GEM
     docile (1.4.1)
     erb (4.0.4)
       cgi (>= 0.3.3)
-    json (2.18.1)
+    json (2.19.4)
     kramdown (2.5.2)
       rexml (>= 3.4.4)
     kramdown-parser-gfm (1.1.0)
diff --git a/rubytree.gemspec b/rubytree.gemspec
@@ -67,7 +67,7 @@ Gem::Specification.new do |s|
                             '--main', 'README.md',
                             '--quiet']
 
-  s.add_dependency 'json', '~> 2.18'
+  s.add_dependency 'json', '~> 2.19', '>= 2.19.2'
 
   # NOTE: Rake is added as a development and test dependency in the Gemfile.
   s.add_development_dependency 'bundler', '~> 2.6'
