Bump jason from 1.1.2 to 1.2.1

[dependabot-preview]

Bumps jason from 1.1.2 to 1.2.1.

Changelog

Sourced from jason's changelog.

1.2.1 (04.05.2020)

Security

• Fix html_safe escaping in Jason.encode

The <!-- sequence of characters would not be escaped in Jason.encode withhtml_escape mode, which could lead to DoS attacks when used for embedding of arbitrary, user controlled strings into HTML through JSON (e.g. inside of <script> tags).

If you were not using the html_safe option, you are not affected.

Affected versions: < 1.2.1 Patched versions: >= 1.2.1

1.2.0 (17.03.2020)

Enhancements

• Add Jason.Encode.keyword/2 (cb1f26a).

Bug fixes

• Fix Jason.Helpers.json_map/1 value expansion (70b046a).

Commits

• c12a20f Bump version
• c998492 Run CI on OTP 22/Elixir 1.10
• bdbd96d Fix reference string decoding test
• 188e66b html_safe option protects against comment injection
• 91a4eaf Delete unused Jason.Codegen.jump_table_case/4 (#108)
• c326c91 Bump version
• 4db5910 Update deps
• fb1bfe2 Update changelog
• 70b046a Do not delay execution nor bind over values in json_map, closes #94 (#95)
• 97893dd Use full name and short identifier from SPDX License List (#96)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)