• fix heap overflow causing crashes, possibly information
  disclosure or worse (CVE-2025-40928), and causes JSON::XS to
  accept invalid JSON texts as valid in some cases. Thanks to
  Michael Hudak for finding this, the CPAN Security Group for
  coordinating this, and Reini Urban for double-checking the patch
  (and Peter Juhasz for potentially reporting this much earlier).