fix: replace NaN and Infinity with null in JSON reports

[ssrhaso]

Closes #366

JSON reports produced by attacks could contain bare NaN, Infinity,
and -Infinity tokens which are invalid per the JSON spec and cause
parse errors in browsers.

Changes:

• Added float nan/inf guard in CustomJSONEncoder.default()
• Sanitised output string in write_json() via .replace()
• Added test to verify non-finite floats serialise as null

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.51%. Comparing base (3ac6354) to head (9575ee2).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #421   +/-   ##
=======================================
  Coverage   99.51%   99.51%           
=======================================
  Files          23       23           
  Lines        2668     2678   +10     
=======================================
+ Hits         2655     2665   +10     
  Misses         13       13           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[rpreen]

I believe that:

1. this wont catch the case where it's "nan" instead of "NaN"
2. if any part of the metrics include this text it will replace them too; try adding "BaNaNa": "BaNaNa" to the test data for example
3. it seems safer to handle this problem in the JSON encoder?

[rpreen]

• Added float nan/inf guard in CustomJSONEncoder.default()

The code does not match your comments.

[ssrhaso]

• Added float nan/inf guard in CustomJSONEncoder.default()

The code does not match your comments.

Apologies for any errors I have made on this issue, I have tried to implement your suggested changes, please let me know your thoughts @rpreen

[rpreen]

I don't think this will work for numpy arrays.

Try adding the test case:

"array": np.array([1.0, np.nan, np.inf])

which should assert to the following:

assert inner["array"] == [1.0, None, None]

[ssrhaso]

I don't think this will work for numpy arrays.

Try adding the test case:

"array": np.array([1.0, np.nan, np.inf])

which should assert to the following:

assert inner["array"] == [1.0, None, None]

Changes made and updated branch. I couldn't think of a different way other than the one you suggested for numpy array handling but lgtm. Let me know your thoughts @rpreen

[jim-smith]

This looks reasonable to me.
@rpreen ?
For reference, I encountered this problem when looking at results.json produced from running attacks on some very vulnerable xgboost models.
it was always the first entries in the roc_thresholds entries - which probably arise from a divide by zero issue

[rpreen]

lgtm; thanks for making the changes

[rpreen]

You need to add your details to the CITATION.cff but you can do that in another PR - I'll just merge this one now.