Bump com.cedarsoftware:json-io from 4.70.0 to 4.93.0

[dependabot]

Bumps com.cedarsoftware:json-io from 4.70.0 to 4.93.0.

Changelog

Sourced from com.cedarsoftware:json-io's changelog.

4.93.0 - 2026-02-10

• PERFORMANCE: JsonWriter - Localized this.out to stack variable in 8 hot-path methods (writeKey, writeField, writeObject, writePrimitive, writeLongDirect, writeIntDirect, writeIntArray, writeShortArray, writeIdAndTypeIfNeeded) for consistent register allocation, matching the pattern already used by 14 other methods in the class.
• MAINTENANCE: Injector/Accessor - Reordered creation paths to prefer privateLookupIn-based LambdaMetafactory first (no setAccessible needed), demoting setAccessible(true) to a legacy fallback. Prepares for Java 25+ which may further restrict reflective access. No behavioral change — runtime dispatch order unchanged.
• MAINTENANCE: Version bump to 4.93.0, java-util dependency updated to 4.93.0.

4.92.0 - 2026-02-08

• PERFORMANCE: Optimized Resolver/ObjectResolver read path (~6% faster Java deserialization)
  • Correctness fix: createSameTypeCollection() - Fixed inheritance-order bug where LinkedHashSet was incorrectly created as HashSet, losing insertion-order preservation
  • Correctness fix: shouldSkipTraversal() - Fixed rawClass.isInstance(Number.class) (always false) to Number.class.isAssignableFrom(rawClass)
  • Performance: Eliminated strategy pattern in assignField() - removed AssignmentStrategy interface, AssignmentContext class, and 7 strategy methods; inlined as direct if/else chain, eliminating ~16M object allocations per 100k iterations
  • Performance: Added fast primitive coercion to ObjectResolver (traverseArray, traverseCollection, assignField) - direct Long→int/short/byte and Double→float casts bypass expensive Converter lookup chains
  • Performance: Injector now uses LambdaMetafactory-generated BiConsumer for field injection (~5-8% faster Read). The JIT can inline the generated lambda to near-direct field access speed, replacing non-inlinable MethodHandle/VarHandle instance-field dispatch. Uses privateLookupIn (JDK 9+) for non-public classes; falls back gracefully to existing mechanisms.
  • Performance: Accessor now uses LambdaMetafactory-generated Function for field access during JSON writing. Same JIT-inlinable technique as Injector, applied to the write path.
• BUG FIX: JsonWriter.doesValueTypeMatchFieldType() - declaredClassIsLongWrittenAsString incorrectly checked objectClass instead of declaredType for the long.class case, causing unnecessary @type wrappers on primitive long fields when writeLongsAsStrings was enabled
• BUG FIX: JsonWriter.doesValueTypeMatchFieldType() - Long.class vs long.class autoboxing mismatch caused unnecessary @type wrappers on Long values assigned to primitive long fields
• BUG FIX: JsonWriter - Removed JSON5 trailing comma writes; trailing commas are now supported on READ (JSON5 tolerance) but never written, as they added complexity without benefit
• BUG FIX: ToonWriter/ToonReader - Fixed empty map handling: ToonWriter now writes empty maps inline as {} in both standalone and list-element contexts; ToonReader now recognizes {} in list arrays as empty objects instead of treating them as strings
• BUG FIX: ToonReader.parseNumber() - Replaced custom numeric parsing with delegation to MathUtilities.parseToMinimalNumericType() from java-util, fixing extreme doubles (e.g., Double.MAX_VALUE written as 309-digit plain integer) and large BigInteger values that were incorrectly returned as strings
• BUG FIX: ToonWriter - Fixed double-colon bug in nested collections: writeCollection() was writing [N]: then calling writeCollectionElements() which added {cols}: for tabular format, producing [N]:{cols}: instead of [N]{cols}:
• BUG FIX: ToonReader.isArrayStart() - Fixed tabular array detection: the method checked for ]: as a contiguous substring but tabular format [N]{cols}: has ]{ between ] and :. Now correctly checks the character after ] for either : or {
• PERFORMANCE: JsonWriter - Pre-fetched custom writers for primitive array hot paths (long[], double[], float[]), avoiding per-array getCustomWriter() lookups
• PERFORMANCE: JsonWriter - Added writeIntDirect() for zero-allocation int/short writing using digit-pair lookup tables, replacing Integer.toString() + Writer.write(String)
• PERFORMANCE: JsonWriter - Cached EnumSet.elementType field reflectively (lazy-initialized volatile) to avoid repeated getDeepDeclaredFields() lookups
• PERFORMANCE: ObjectResolver.coerceLong() - Reordered branches by frequency (int/double first, then byte/float/short)
• FEATURE: TOON key folding support (optional, spec-compliant)
  • Writer: Added WriteOptionsBuilder.toonKeyFolding(boolean) to collapse single-key object chains into dotted notation
    • {data: {metadata: {value: 42}}} → data.metadata.value: 42
    • Works with arrays: data.metadata.items[3]: a,b,c
  • Reader: Always expands dotted keys into nested structures (unless quoted)
    • config.database.host: localhost → {config: {database: {host: localhost}}}
    • Quoted keys preserved as literals: "dotted.key": value → {dotted.key: value}
• FEATURE: TOON tabular format delimiter variants support
  • Added support for tab-separated tabular format: items[2\t]{col1\tcol2}: with tab-delimited rows
  • Added support for pipe-separated tabular format: items[2|]{col1|col2}: with pipe-delimited rows
  • Comma delimiter remains the default: items[2]{col1,col2}:
  • All three variants parse to identical data structures and round-trip correctly
• TESTING: Comprehensive TOON test suite — 241 tests total across ToonReaderTest and ToonWriterTest
  • 30 high-priority spec compliance tests (scalars, arrays, objects, nesting, round-trips)
  • 43 medium/lower priority tests (special types, edge cases, quoting rules, format variants)
  • 9 heterogeneous depth chain tests (all structural type combinations at every nesting level)
  • 31 gap tests: blank lines in tabular/list/object data, odd indentation, array count mismatches, fromToonToMaps() with tabular arrays, unclosed quotes/malformed input resilience, invalid escape sequence error handling
• MAINTENANCE: Version 4.92.0, java-util dependency updated to 4.92.0

4.91.0 - not released

4.90.0 - 2026-02-02

• MAINTENANCE: Migrated test files from deprecated JsonIo.toObjects() to JsonIo.toJava().asClass() API
  • Updated ~148 calls across 5 test files to use the new fluent builder pattern
  • Deprecated toObjects() methods remain available in JsonIo.java for backward compatibility
• REFACTOR: Consolidated duplicate parse/resolve logic in JsonIo builder classes
  • Extracted common parseAndResolve() helper method using functional interface pattern

... (truncated)

Commits

• cbe84ea Update changelog for 4.93.0 release
• cbd5b8c Performance: localize this.out in 9 hot-path JsonWriter methods, bump to 4.93.0
• d787a8d Prepare for Java 25+: reorder Injector/Accessor to prefer privateLookupIn
• 0114110 updated readme
• 380402e Update changelog with detailed TOON bug fix descriptions and test breakdown
• c230757 Prepare release 4.92.0: version bump, changelog update, java-util 4.92.0
• 36894fb Tests: Add 31 TOON gap tests across 6 categories
• d0a5075 Tests: Add 5 heterogeneous depth chain tests for TOON format
• 57f946c Fix: ToonWriter/ToonReader nested collection and tabular array handling
• 897a1f9 Fix: ToonReader parseNumber for extreme doubles and large integers
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #535.