Upgrade JSON to 2.3.0 for CVE-2020-10663

[#172131349](https://www.pivotaltracker.com/story/show/172131349)

packages/director/packaging

@@ -19,7 +19,7 @@ done
 
 cat > Gemfile <<EOF
 # Explicitly require vendored version to avoid requiring builtin json gem
-gem 'json', '2.1.0'
+gem 'json', '2.3.0'
 
 gem 'bosh-director'
 gem 'mysql2'

packages/health_monitor/packaging

@@ -6,7 +6,7 @@ source /var/vcap/packages/ruby-2.6.5-r0.29.0/bosh/compile.env
 
 cat > Gemfile <<EOF
 # Explicitly require vendored version to avoid requiring builtin json gem
-gem 'json', '2.1.0'
+gem 'json', '2.3.0'
 gem 'bosh-monitor'
 EOF
 

packages/registry/packaging

@@ -18,7 +18,7 @@ done
 
 cat > Gemfile <<EOF
 # Explicitly require vendored version to avoid requiring builtin json gem
-gem 'json', '2.1.0'
+gem 'json', '2.3.0'
 gem 'bosh-registry'
 gem 'mysql2'
 gem 'pg'

src/Gemfile

@@ -14,7 +14,7 @@ gem 'rake', '~>12.3'
 
 # json version is hardcoded in release director, health_monitor and registry packages
 # when modified needs to be updated there as well
-gem 'json', '=2.1.0'
+gem 'json', '=2.3.0'
 
 gem 'talentbox-delayed_job_sequel', '~>4.3'
 

src/Gemfile.lock

@@ -1074,7 +1074,7 @@ GEM
     ipaddress (0.8.3)
     jaro_winkler (1.5.4)
     jmespath (1.4.0)
-    json (2.1.0)
+    json (2.3.0)
     little-plugger (1.1.4)
     logging (2.2.2)
       little-plugger (~> 1.1)
@@ -1231,7 +1231,7 @@ DEPENDENCIES
   factory_bot
   fakefs
   httpclient
-  json (= 2.1.0)
+  json (= 2.3.0)
   machinist (~> 1.0)
   minitar
   mono_logger