https://github.com/ruby/json/commit/3187c88c06

There are few legitimate use cases for duplicate keys, and can
in some case be exploited.

Rather to always silently accept them, we should emit a warning,
and in the future require to explictly allow them.

https://github.com/ruby/json/commit/06f00a42e8

https://github.com/ruby/json/commit/eed753ffde

https://github.com/ruby/json/commit/fb25e94aea

Co-authored-by: Jean Boussier <jean.boussier@gmail.com>

It is rather common to directly interpolate JSON string inside
<script> tags in HTML as to provide configuration or parameters to a
script.

However this may lead to XSS vulnerabilities, to prevent that 3
characters need to be escaped:

  - `/` (forward slash)
  - `U+2028` (LINE SEPARATOR)
  - `U+2029` (PARAGRAPH SEPARATOR)

The forward slash need to be escaped to prevent closing the script
tag early, and the other two are valid JSON but invalid Javascript
and can be used to break JS parsing.

Given that the intent of escaping forward slash is the same than escaping
U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash`
option.

This change fixes an incorrect `#` position in the API documentation of the `JSON` module.

https://github.com/flori/json/commit/dc4b62424f

https://github.com/flori/json/commit/e4eead665c