fix(deps): bump: bump com.cedarsoftware:json-io from 4.93.0 to 4.96.0

[dependabot]

Bumps com.cedarsoftware:json-io from 4.93.0 to 4.96.0.

Release notes

Sourced from com.cedarsoftware:json-io's releases.

4.96.0

Highlights

• 25 annotations for declarative serialization control (@IoProperty, @IoIgnore, @IoCreator, @IoValue, @IoFormat, @IoNaming, and more) — with Jackson annotation compatibility at zero compile-time cost
• Spring Boot starter — expanded YAML configuration for WriteOptions and ReadOptions without writing Java code
• TOON format enhancements — tabular POJO format, configurable delimiters, cycle support with $id/$ref, and full type metadata emission
• Significant performance optimizations across parser, writer, resolver, and injector hot paths

---

Features

• Spring Boot starter — expanded YAML configuration properties. All commonly used WriteOptions/ReadOptions settings now configurable via application.yml. New write properties: force-map-output-as-two-arrays, write-enum-as-json-object, cycle-support, json5, date-format, indentation-size, show-root-type-info, meta-prefix, toon-delimiter. New read properties: use-unsafe, floating-point, integer-type.
• AnnotationResolver — 25 annotations in com.cedarsoftware.io.annotation for full declarative serialization control: @IoProperty, @IoIgnore, @IoIgnoreProperties, @IoAlias, @IoPropertyOrder, @IoInclude, @IoCreator, @IoValue, @IoNaming, @IoIncludeProperties, @IoIgnoreType, @IoTypeInfo, @IoDeserialize, @IoClassFactory, @IoGetter, @IoSetter, @IoNonReferenceable, @IoNotCustomReader, @IoNotCustomWritten, @IoCustomWriter, @IoCustomReader, @IoTypeName, @IoAnySetter, @IoAnyGetter, @IoFormat.
• Jackson annotation compatibility — json-io reflectively honors Jackson annotations when the Jackson JAR is on the classpath with zero compile-time dependency. json-io annotations take priority.
• ToonWriter — tabular format for POJO collections/arrays (compact CSV-style [N]{field1,field2,...}: row1 row2 ...).
• ToonWriter — configurable delimiters (comma, tab, pipe) encoded in count bracket for auto-detection on read.
• ToonWriter — TOON type metadata emission (@type/@t/$type/$t) when type output is enabled.
• ToonWriter — defaults TOON metadata keys to $ variants ($id/$ref/$items/$keys) for JSON5-friendly output.
• ToonWriter — uses WriteFieldPlan/Accessor abstraction, giving TOON automatic support for all write-side annotations.

Improvements

• @type elimination — now considers @IoDeserialize(as=X) and @IoTypeInfo(X) annotations, producing smaller JSON without sacrificing round-trip fidelity.
• AnnotationResolver — uses ClassUtilities.forName() for proper classloader resolution in OSGi/JPMS environments.

Performance

• Accessor.retrieve() — sticky fallback flags for lambda/VarHandle/MethodHandle paths; failed paths bypassed on subsequent calls.
• Injector — numeric kind and primitive-wrapper lookups now use ClassValueMap O(1) dispatch.
• Injector.inject() — assignability-based pre-conversion reduces exception-driven control flow.
• JsonIo — thread-local buffer recycling in String-based JSON paths removes repeated stream/buffer construction.
• JsonObject.appendFieldForParser() — parser-only fast path avoids indexOf duplicate-key search.
• JsonParser — read numeric pipeline optimized with direct Double.parseDouble() fast path for DOUBLE mode and primitive-array direct assignment.
• JsonParser — ASCII-only lowercase conversion, lookup-table hex parsing, bounded string dedupe caching, simplified strict-mode handling.
• JsonWriter — string escaping with precomputed control escape strings; unified smart-quote decision logic.
• JsonWriter — class-cached custom-writer gate checks via ClassValueMap.
• JsonWriter — cycleSupport(false) bypasses objsReferenced/@id lookup across all write hot paths.
• JsonWriter.writeMapBody() — hoisted invariants reduce per-entry branch checks.
• Resolver — target-kind based scalar coercion with precomputed kinds in array/field hot loops and direct no-allocation primitive array writes.
• ReadOptionsBuilder / WriteOptionsBuilder — cached injector/write-field planning reduces repeated reflection/generic analysis.

Bug Fixes

• JsonWriter.write() — always clears objVisited/objsReferenced in finally block, preventing state leakage.
• JsonWriter.traceReferences() — fixed off-by-one in object-limit enforcement.
• JsonWriter / ToonWriter — cycleSupport(false) throws JsonIoException with remediation hint; cycleSupport(true) retains normal id/ref handling.
• ObjectResolver — map generic typing preserves both key and value generic types during traversal.
• ObjectResolver.processJsonObjectElement() — preserves explicit element @type metadata in arrays for polymorphic deserialization.
• ObjectResolver — generic inference now runs incrementally instead of deep markUntypedObjects() pre-pass.

... (truncated)

Changelog

Sourced from com.cedarsoftware:json-io's changelog.

4.96.0 - 2026-02-28

• FEATURE: Spring Boot starter — expanded YAML configuration properties. All commonly used WriteOptions and ReadOptions settings are now configurable via application.yml without writing Java code. New write properties: force-map-output-as-two-arrays, write-enum-as-json-object, cycle-support, json5, date-format, indentation-size, show-root-type-info, meta-prefix, toon-delimiter. New read properties: use-unsafe, floating-point, integer-type. Advanced/internal tuning settings remain available through ReadOptionsCustomizer/WriteOptionsCustomizer beans.
• IMPROVEMENT: @type elimination on write now considers @IoDeserialize(as=X) and @IoTypeInfo(X) annotations. When the runtime type of a field matches the annotation-specified type, @type is omitted from JSON output because the reader can infer the correct type from the annotation. This produces smaller JSON without sacrificing round-trip fidelity.
• IMPROVEMENT: AnnotationResolver now uses ClassUtilities.forName() instead of Class.forName() for external annotation detection, ensuring proper classloader resolution in OSGi and JPMS environments.
• FEATURE: ToonWriter now uses the same WriteFieldPlan / Accessor abstraction as JsonWriter. This gives TOON serialization automatic support for @IoGetter, @IoFormat, @IoAnyGetter, and all other write-side annotations. Previously ToonWriter used direct Field.get() which bypassed custom getter methods and format patterns.
• PERFORMANCE: Accessor.retrieve() now uses sticky fallback flags for lambda/VarHandle/MethodHandle paths; once an optimized path fails, it is bypassed on subsequent calls instead of repeatedly throwing/falling back.
• FEATURE: AnnotationResolver — annotation-based serialization control. json-io now supports 25 annotations in com.cedarsoftware.io.annotation:
  • @IoProperty("name") — rename a field in JSON output and accept the renamed key on read.
  • @IoIgnore — exclude a field from serialization and deserialization.
  • @IoIgnoreProperties({"a","b"}) — class-level field exclusion by name.
  • @IoAlias({"alt1","alt2"}) — accept alternate JSON property names on read.
  • @IoPropertyOrder({"x","y"}) — control field order during serialization.
  • @IoInclude(Include.NON_NULL) — per-field null skipping on write.
  • @IoCreator — mark a constructor or static factory method for deserialization (supports @IoProperty on parameters for JSON key mapping).
  • @IoValue — mark a no-arg instance method for single-value serialization (e.g., EmailAddress → "user@example.com").
  • @IoNaming(Strategy.SNAKE_CASE) — class-level naming strategy (SNAKE_CASE, KEBAB_CASE, UPPER_CAMEL_CASE, LOWER_DOT_CASE). @IoProperty on individual fields overrides the strategy.
  • @IoIncludeProperties({"a","b"}) — class-level whitelist of fields to include (inverse of @IoIgnoreProperties).
  • @IoIgnoreType — class-level annotation that excludes all fields of this type from serialization/deserialization across all classes.
  • @IoTypeInfo(LinkedList.class) — field-level default concrete type when no @type is present in JSON (fallback hint for polymorphic fields).
  • @IoDeserialize(as = LinkedList.class) — field-level or class-level forced type override during deserialization. Priority: @type in JSON > @IoDeserialize > @IoTypeInfo > declared field type.
  • @IoClassFactory(MyFactory.class) — class-level annotation specifying a ClassFactory implementation for custom deserialization. Factory instances are cached and shared. Programmatic addClassFactory() takes priority.
  • @IoGetter("fieldName") — method-level annotation marking a no-arg instance method as the getter for a field during serialization. Replaces the standard getXxx() convention. Programmatic addNonStandardGetter() takes priority.
  • @IoSetter("fieldName") — method-level annotation marking a 1-arg instance method as the setter for a field during deserialization. Replaces the standard setXxx() convention. Programmatic addPermanentNonStandardSetter() takes priority.
  • @IoNonReferenceable — class-level annotation marking a type as non-referenceable. Instances will never emit @id/@ref pairs. Annotation equivalent of config/nonRefs.txt and addNonReferenceableClass().
  • @IoNotCustomReader — class-level annotation that suppresses custom reader usage for this type, even if a custom reader exists for a parent class. Annotation equivalent of config/notCustomRead.txt and addNotCustomReaderClass().
  • @IoNotCustomWritten — class-level annotation that suppresses custom writer usage for this type, even if a custom writer exists for a parent class. Annotation equivalent of config/notCustomWritten.txt and addNotCustomWrittenClass().
  • @IoCustomWriter(MyWriter.class) — class-level annotation specifying a JsonClassWriter implementation for custom serialization. Writer instances are cached and shared. Programmatic addCustomWrittenClass() takes priority.
  • @IoCustomReader(MyReader.class) — class-level annotation specifying a JsonClassReader implementation for custom deserialization. Reader instances are cached and shared. Programmatic addCustomReaderClass() takes priority.
  • @IoTypeName("ShortName") — class-level annotation assigning a short alias for @type in JSON. Equivalent of aliases.txt and aliasTypeName(). On write, emits the alias instead of the FQCN; on read, resolves the alias back to the class. Programmatic aliasTypeName() takes priority.
  • @IoAnySetter — method-level annotation marking a 2-arg instance method (String key, Object value) as the receiver for unrecognized JSON fields during deserialization. Takes priority over the global MissingFieldHandler. Equivalent to Jackson's @JsonAnySetter.
  • @IoAnyGetter — method-level annotation marking a no-arg instance method returning Map<String, Object> as the source of extra fields during serialization. Extra fields are written after regular declared fields. Equivalent to Jackson's @JsonAnyGetter.
  • @IoFormat("pattern") — field-level annotation specifying a format pattern for date/time, numeric, or any type. Three pattern engines are auto-detected: (1) C-style String.format() patterns containing % (e.g., "%,d", "%.2f", "%05d", "%x", "%10s") — works on any type; (2) DecimalFormat patterns (e.g., "#,###", "$#,#[#0](https://github.com/jdereg/json-io/issues/0).00", "0.00") — for numeric types; (3) DateTimeFormatter/SimpleDateFormat patterns (e.g., "dd/MM/yyyy", "yyyy-MM-dd HH:mm") — for date/time types. Formatted values are written as JSON strings and parsed back on read. Supports String, LocalDate, LocalTime, LocalDateTime, ZonedDateTime, OffsetDateTime, OffsetTime, Instant, java.util.Date, int, long, double, float, short, byte (and wrappers), BigDecimal, BigInteger, AtomicInteger, AtomicLong. Annotations are scanned once per class and cached in a ClassValueMap. Programmatic API always overrides annotations.
• FEATURE: AnnotationResolver — Jackson annotation compatibility. json-io reflectively honors Jackson annotations when the Jackson JAR is on the classpath — with zero compile-time dependency. json-io annotations take priority over Jackson annotations on the same element. Supported Jackson annotations:
  • @JsonProperty, @JsonIgnore, @JsonIgnoreProperties, @JsonAlias, @JsonPropertyOrder, @JsonInclude(Include.NON_NULL) (jackson-annotations)
  • @JsonCreator, @JsonValue, @JsonIgnoreType, @JsonTypeInfo(defaultImpl=...), @JsonIncludeProperties, @JsonGetter, @JsonSetter, @JsonTypeName, @JsonFormat(pattern="..."), @JsonAnySetter, @JsonAnyGetter (jackson-annotations)
  • @JsonNaming(SnakeCaseStrategy.class), @JsonDeserialize(as=...) (jackson-databind)
• PERFORMANCE: Injector numeric kind and primitive-wrapper lookups now use ClassValueMap O(1) dispatch instead of sequential class == chains.
• PERFORMANCE: Injector.inject() now applies assignability-based pre-conversion before reflective set/invoke, reducing exception-driven control flow in hot assignment paths while preserving fallback conversion behavior.
• PERFORMANCE: JsonIo — added thread-local buffer recycling in String-based JSON paths:
  • toJson(Object, WriteOptions) now reuses FastByteArrayOutputStream and FastWriter buffers.
  • toJava(String, ...) and toJava(InputStream, ...) builder paths now reuse FastReader char/pushback buffers. This removes repeated stream/buffer construction churn in benchmark loops and reduces allocation pressure.
• PERFORMANCE: JsonObject.appendFieldForParser() — JsonParser now uses a parser-only fast path for object field insertion, avoiding JsonObject.put() duplicate-key search (indexOf) on the common unique-key path. This reduces parse-time key insertion overhead and shifts work from linear duplicate checks to direct append.
• MAINTENANCE: JsonParser — removed redundant strict-mode checks in skipWhitespaceRead() that were unreachable after strict-branch early return.
• PERFORMANCE: JsonParser — read numeric pipeline optimized:
  • Floating-point parsing now takes a direct Double.parseDouble() fast path when configured for DOUBLE mode, bypassing minimal-number analysis in the default path.
  • ObjectResolver.traverseArray() now has a primitive-array direct assignment path for parsed JSON Long/Double values, avoiding intermediate wrapper coercion in hot loops.
• PERFORMANCE: JsonParser — hot paths optimized with ASCII-only lowercase conversion for token reads, lookup-table hex parsing, bounded string dedupe caching, and simplified strict-mode whitespace/comment handling.
• BUG FIX: JsonWriter.write() now always clears objVisited/objsReferenced in a finally block, preventing state leakage and object retention if write/flush throws.

... (truncated)

Commits

• d16815e updated build libraries:
• 1a9ce07 Update java-util dependency to 4.96.0 release version
• 94c8fce Set version to 4.96.0 for release
• 6e1cc43 Update changelog for java-util trySetAccessible fix and test updates
• ce2683c Update tests for java-util 4.96.0-SNAPSHOT compatibility
• 6a8d729 Optimize ToonWriter and ToonReader performance, update README
• 8d2bfa8 Finalize TOON cycle/type updates
• 8ff11d4 Feature: Expand Spring Boot YAML configuration properties
• b266ecb Docs: Fix README Table of Contents
• 8243a79 Docs: Cross-reference annotations in config file sections
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #370.