Bump com.cedarsoftware:json-io from 4.70.0 to 4.90.0

[dependabot]

Bumps com.cedarsoftware:json-io from 4.70.0 to 4.90.0.

Changelog

Sourced from com.cedarsoftware:json-io's changelog.

4.90.0 - (unreleased)

• FEATURE: TOON key folding support (optional, spec-compliant)
  • Writer: Added WriteOptionsBuilder.toonKeyFolding(boolean) to collapse single-key object chains into dotted notation
    • {data: {metadata: {value: 42}}} → data.metadata.value: 42
    • Works with arrays: data.metadata.items[3]: a,b,c
  • Reader: Always expands dotted keys into nested structures (unless quoted)
    • config.database.host: localhost → {config: {database: {host: localhost}}}
    • Quoted keys preserved as literals: "dotted.key": value → {dotted.key: value}
• FEATURE: TOON tabular format delimiter variants support
  • Added support for tab-separated tabular format: items[2\t]{col1\tcol2}: with tab-delimited rows
  • Added support for pipe-separated tabular format: items[2|]{col1|col2}: with pipe-delimited rows
  • Comma delimiter remains the default: items[2]{col1,col2}:
  • All three variants parse to identical data structures and round-trip correctly
• MAINTENANCE: Migrated test files from deprecated JsonIo.toObjects() to JsonIo.toJava().asClass() API
  • Updated ~148 calls across 5 test files to use the new fluent builder pattern
  • Deprecated toObjects() methods remain available in JsonIo.java for backward compatibility
• REFACTOR: Consolidated duplicate parse/resolve logic in JsonIo builder classes
  • Extracted common parseAndResolve() helper method using functional interface pattern
  • Unified error handling, unsafe mode management, and cleanup across all 5 builders
  • Reduced ~150 lines of duplicated code to ~35 lines of shared infrastructure
• PERFORMANCE: Optimized JsonParser.readString() with bulk character reading
  • Uses new FastReader.readUntil() for bulk reads until quote or backslash
  • Reduces per-character I/O overhead with 256-char buffer reads
  • Bulk appends to StringBuilder instead of character-by-character
• PERFORMANCE: Optimized JsonWriter.writeCustom() to avoid redundant getCustomWriter lookups
  • Combined isCustomWrittenClass check with writer lookup into single getCustomWriterIfAllowed method
  • When declared type equals runtime type (common case), only one getCustomWriter call instead of two
• PERFORMANCE: Optimized JsonWriter.writeJsonUtf8String() with escape lookup table
  • Pre-computed ESCAPE_STRINGS[128] array: null = no escape, non-null = the escape string
  • Single array lookup replaces 4 comparisons + switch statement
  • Also escapes Unicode line/paragraph separators (U+2028/U+2029) for JavaScript compatibility

4.89.0 - 2026-01-31

• RENAMED: showTypeInfoCompact() → showTypeInfoMinimalPlus() for clearer naming
  • WriteOptionsBuilder.showTypeInfoCompact() → WriteOptionsBuilder.showTypeInfoMinimalPlus()
  • WriteOptionsBuilder.addPermanentShowTypeInfoCompact() → WriteOptionsBuilder.addPermanentShowTypeInfoMinimalPlus()
  • WriteOptions.isCompactShowingType() → WriteOptions.isMinimalPlusShowingType()
  • ShowType.COMPACT enum value → ShowType.MINIMAL_PLUS
  • The name "MinimalPlus" better conveys that this mode extends MINIMAL with additional type inference optimizations
• SPRING: Default show-type-info changed from MINIMAL to MINIMAL_PLUS
  • Spring Boot starter now uses MINIMAL_PLUS as the default for optimal JSON size
  • Added MINIMAL_PLUS option to Spring configuration properties
• IMPROVED: Numeric primitive simplification in MINIMAL_PLUS and NEVER type info modes
  • Byte, Short, Integer, and Float values now write as plain JSON numbers when the declared type is Object
  • Applies to fields declared as Object, collection elements in raw collections, and Map<String, Object> values
  • These types round-trip as Long (for integers) or Double (for floats) when read back
  • Reduces JSON size by eliminating {"@type":"Integer","value":42} wrappers in favor of plain 42
  • Does not apply to MINIMAL or ALWAYS modes to maintain backward compatibility

4.88.0 - 2026-01-26

... (truncated)

Commits

• 466a7bc Docs: Fix Maven Central link and reorganize Installation section
• 46b9dd5 updating to 4.90.0
• 9908686 Performance: Move isNotCustomReaderClass check before createInstance
• c9bf75d Performance: Add DirectAssign fast path to traverseCollection
• fea4c31 Performance: Add DirectAssign fast path to traverseArray
• 5c422d4 Refactor assignField with Strategy pattern for clarity and performance
• e6ed6ae Optimize readWithFactoryIfExists with fast paths and simplified logic
• 4aae0ae Add missing JDK types to CONVERTABLE_TYPES and nonRefs.txt
• db5fde1 Performance: Fast path for primitives in readWithFactoryIfExists()
• f9df6ab Performance: Optimize Class-keyed collections with identity-based lookups
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #533.