Bump the bundler group across 1 directory with 7 updates

[dependabot]

Updates the requirements on nokogiri, webrick, addressable, httparty, rexml, concurrent-ruby and google-protobuf to permit the latest version.
Updates nokogiri from 1.16.4 to 1.19.4

Release notes

Sourced from nokogiri's releases.

v1.19.4 / 2026-06-18

Security

• [CRuby] (Low) Fixed a possible invalid memory read when XML::Node#initialize_copy_with_args is called with an argument that is not a Node. See GHSA-g9g8-vgvw-g3vf for more information.
• [CRuby] (Low) Fixed a possible use-after-free when an XML::XPathContext is used after its source document has been garbage collected. See GHSA-p67v-3w7g-wjg7 for more information.
• [CRuby] (Low) Fixed a possible use-after-free during XInclude processing via Node#do_xinclude. See GHSA-wfpw-mmfh-qq69 for more information.
• [CRuby] (Low) Fixed a possible use-after-free when Document#root= is assigned a non-element node. See GHSA-wjv4-x9w8-wm3h for more information.
• [CRuby] (Low) Fixed a possible use-after-free when setting an attribute value via XML::Attr#value= or #content=. See GHSA-phwj-rprq-35pp for more information.
• [CRuby] (Low) Fixed a null pointer dereference when methods are called on uninitialized wrapper objects (e.g. via allocate); these now raise instead of crashing the process. See GHSA-9cv2-cfxc-v4v2 for more information.
• [CRuby] (Low) Fixed a possible use-after-free when Document#encoding= raises an exception. See GHSA-5v8h-3h3q-446p for more information.
• [CRuby] (Medium) Fixed an out-of-bounds read in XML::NodeSet#[] (alias #slice) when given a large negative index. See GHSA-5prr-v3j2-97mh for more information.
• [JRuby] (Low) XML::Schema now enforces the NONET parse option, which Nokogiri enables by default. It was not enforced on JRuby, so a schema parsed with default options could still fetch external resources over the network, potentially enabling SSRF or XXE attacks and bypassing the mitigation for CVE-2020-26247. See GHSA-8678-w3jw-xfc2 for more information.

1269fb644a6de405057a53dd5c762b1209b43ca7424f839454d3dbc677c31a8f  nokogiri-1.19.4-aarch64-linux-gnu.gem
35c65b9ce72b3bb03207bdbe7067915019dc18c1b9b59139684bd6690fdd01af  nokogiri-1.19.4-aarch64-linux-musl.gem
a301313e38bb065d68239e79734bcd6f56fb6efaacebde29e9abf2a4735340ca  nokogiri-1.19.4-arm-linux-gnu.gem
588923c101bcfa78869734d247d25b598674323e7f22474fc468f6e5647311eb  nokogiri-1.19.4-arm-linux-musl.gem
a46db9853286e6597b36ebc6953817d15acf3a299583eb3f89fdc6f91dd63527  nokogiri-1.19.4-arm64-darwin.gem
ce04b9e268c9626852231a48b49128ed52034f1ccb39484a6da3875491cd709e  nokogiri-1.19.4-java.gem
051da97b8eccfdb5444fed40246a35e10d7298b9efe759b4cd25455ea04c587e  nokogiri-1.19.4-x64-mingw-ucrt.gem
7fd17057d3e1f00e9954a74b3cd76595d3d4a5ef233b7ed9599047c204f70551  nokogiri-1.19.4-x86_64-darwin.gem
379fae440b28915e3f19d752ce2dcf8465ed2b2fbefd2a7ca0dd497bc981a06a  nokogiri-1.19.4-x86_64-linux-gnu.gem
17dfb7c1fa194ae02fbf7c51a7afc8d278045ab3fdacfd86f91d02d7b274470b  nokogiri-1.19.4-x86_64-linux-musl.gem
50c951611c92bca05c51411aef45f1cbc50f2821c4802758c5c6d34696533ab5  nokogiri-1.19.4.gem

v1.19.3 / 2026-04-27

Fixed / Security

• Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
• [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.

46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem
8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem
3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem
9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem
71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem
40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem
8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.19.4 / 2026-06-18

Security

• [CRuby] (Low) Fixed a possible invalid memory read when XML::Node#initialize_copy_with_args is called with an argument that is not a Node. See GHSA-g9g8-vgvw-g3vf for more information.
• [CRuby] (Low) Fixed a possible use-after-free when an XML::XPathContext is used after its source document has been garbage collected. See GHSA-p67v-3w7g-wjg7 for more information.
• [CRuby] (Low) Fixed a possible use-after-free during XInclude processing via Node#do_xinclude. See GHSA-wfpw-mmfh-qq69 for more information.
• [CRuby] (Low) Fixed a possible use-after-free when Document#root= is assigned a non-element node. See GHSA-wjv4-x9w8-wm3h for more information.
• [CRuby] (Low) Fixed a possible use-after-free when setting an attribute value via XML::Attr#value= or #content=. See GHSA-phwj-rprq-35pp for more information.
• [CRuby] (Low) Fixed a null pointer dereference when methods are called on uninitialized wrapper objects (e.g. via allocate); these now raise instead of crashing the process. See GHSA-9cv2-cfxc-v4v2 for more information.
• [CRuby] (Low) Fixed a possible use-after-free when Document#encoding= raises an exception. See GHSA-5v8h-3h3q-446p for more information.
• [CRuby] (Medium) Fixed an out-of-bounds read in XML::NodeSet#[] (alias #slice) when given a large negative index. See GHSA-5prr-v3j2-97mh for more information.
• [JRuby] (Low) XML::Schema now enforces the NONET parse option, which Nokogiri enables by default. It was not enforced on JRuby, so a schema parsed with default options could still fetch external resources over the network, potentially enabling SSRF or XXE attacks and bypassing the mitigation for CVE-2020-26247. See GHSA-8678-w3jw-xfc2 for more information.

v1.19.3 / 2026-04-27

Fixed / Security

• Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
• [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.

v1.19.2 / 2026-03-19

Dependencies

• [JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. #3611 @​flavorjones

v1.19.1 / 2026-02-16

Security

• [CRuby] Address unchecked return value from xmlC14NExecute which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See GHSA-wx95-c6cv-8532 for more information.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

• Introduce native gem support for Ruby 4.0. #3590
• End support for Ruby 3.1, for which upstream support ended 2025-03-26.
• End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

v1.18.10 / 2025-09-15

... (truncated)

Commits

• 8cfb9da version bump to v1.19.4
• a856d1e fix: JRuby NONET bypass in XML::Schema (v1.19.x) (#3639)
• 6a0aa1e fix(CRuby): use-after-free in Document#encoding= when setter raises (v1.19.x)...
• f658a54 fix: JRuby NONET bypass in XML::Schema
• 39d26fe fix(CRuby): use-after-free in Document#encoding= when setter raises
• 04a09dd fix(CRuby): out-of-bounds read in NodeSet#[] with large negative index (v1.19...
• 7799fbd fix: avoid NPE on uninitialized XML::Node structs (v1.19.x) (#3645)
• ef19e13 fix(CRuby): avoid UAF in XML::Attr#value= (v1.19.x) (#3644)
• 5524fa9 fix: Document#root= rejects non-element nodes (v1.19.x) (#3643)
• 9891ad1 fix(CRuby): use-after-free in XPathContext document lifetime (v1.19.x) (#3641)
• Additional commits viewable in compare view

Updates webrick from 1.8.1 to 1.8.2

Release notes

Sourced from webrick's releases.

v1.8.2

What's Changed

• Drop commented-out line by @​olleolleolle in ruby/webrick#108
• Add Ruby 3.1 & 3.2 to CI matrix by @​tricknotes in ruby/webrick#109
• Fix/redos by @​ooooooo-q in ruby/webrick#114
• Raise HTTPStatus::BadRequest for requests with invalid/duplicate content-length headers by @​jeremyevans in ruby/webrick#120
• Bump actions/checkout from 3 to 4 by @​dependabot in ruby/webrick#121
• Improve CI by @​hsbt in ruby/webrick#123
• Fix WEBrick::TestFileHandler#test_short_filename test not working on mswin by @​KJTsanaktsidis in ruby/webrick#128
• Fix bug chunk extension detection by @​jeremyevans in ruby/webrick#125
• Fix CI. by @​ioquatix in ruby/webrick#131
• Merge multiple cookie headers, preserving semantic correctness. by @​ioquatix in ruby/webrick#130
• Test on macos-latest by @​byroot in ruby/webrick#132
• Require CRLF line endings in request line and headers by @​jeremyevans in ruby/webrick#138
• Prefer squigly heredocs. by @​ioquatix in ruby/webrick#143
• Only strip space and horizontal tab in headers by @​jeremyevans in ruby/webrick#141
• Treat missing CRLF separator after headers as an EOFError by @​jeremyevans in ruby/webrick#142
• Return 400 response for chunked requests with unexpected data after chunk by @​jeremyevans in ruby/webrick#136
• Fix reference to URI::REGEXP::PATTERN::HOST by @​casperisfine in ruby/webrick#144
• Prevent request smuggling by @​jeremyevans in ruby/webrick#146

New Contributors

• @​tricknotes made their first contribution in ruby/webrick#109
• @​ooooooo-q made their first contribution in ruby/webrick#114
• @​KJTsanaktsidis made their first contribution in ruby/webrick#128
• @​byroot made their first contribution in ruby/webrick#132
• @​casperisfine made their first contribution in ruby/webrick#144

Full Changelog: ruby/webrick@v1.8.1...v1.8.2

Commits

• 0fb9de6 Bump up v1.8.2
• b9a4c81 Removed trailing spaces
• f5faca9 Prevent request smuggling
• 0c600e1 Fix reference to URI::REGEXP::PATTERN::HOST
• 15a9391 Return 400 response for chunked requests with unexpected data after chunk
• 2b38d56 Treat missing CRLF separator after headers as an EOFError
• e4efb4a Remove unnecessary gsub calls in test_httprequest.rb
• 426e214 Only strip space and horizontal tab in headers
• e72cb69 Prefer squigly heredocs. (#143)
• ee60354 Require CRLF line endings in request line and headers
• Additional commits viewable in compare view

Updates addressable from 2.8.6 to 2.9.0

Changelog

Sourced from addressable's changelog.

Addressable 2.9.0

• fixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete remediation in 2.8.10)

Addressable 2.8.10

• fixes ReDoS vulnerability in Addressable::Template#match

Addressable 2.8.9

• Reduce gem size by excluding test files (#569)
• No need for bundler as development dependency (#571, 5fc1d93)
• idna/pure: stop building the useless COMPOSITION_TABLE (removes the Addressable::IDNA::COMPOSITION_TABLE constant) (#564)

#569: sporkmonger/addressable#569 #571: sporkmonger/addressable#571 #564: sporkmonger/addressable#564

Addressable 2.8.8

• Replace the unicode.data blob by a ruby constant (#561)
• Allow public_suffix 7 (#558)

#561: sporkmonger/addressable#561 #558: sporkmonger/addressable#558

Addressable 2.8.7

• Allow public_suffix 6 (#535)

#535: sporkmonger/addressable#535

Commits

• 0c3e858 Revving version and changelog
• 91915c1 Fixing additional vulnerable paths
• a091e39 Add many more adversarial test cases to ensure we don't have any ReDoS regres...
• 463a819 Regenerate gemspec on newer rubygems
• 0afcb0b Improve from O(n^2) to O(n)
• c87f768 Fix a ReDoS vulnerability in URI template matching
• 0d7e9b2 Fix links for 2.8.9 in CHANGELOG (#573)
• e209120 Update version, gemspec, and CHANGELOG for 2.8.9 (#572)
• 3875874 Reduce gem size by excluding test files (#569)
• 3e57cc6 CI: back to windows-2022 for MRI job
• Additional commits viewable in compare view

Updates httparty from 0.21.0 to 0.24.0

Release notes

Sourced from httparty's releases.

v0.24.0

What's Changed

• Force binary encoding throughout by @​jnunemaker in jnunemaker/httparty#823
• set Content-Type for Hash body in requests by @​jnunemaker in jnunemaker/httparty#828
• feat: stream multipart file uploads to reduce memory usage by @​jnunemaker in jnunemaker/httparty#829
• fix: prevent SSRF via absolute URL bypassing base_uri by @​jnunemaker in jnunemaker/httparty#830

Full Changelog: jnunemaker/httparty@v0.23.2...v0.24.0

0.23.2

What's Changed

• Add changelog_uri metadata to gemspec by @​baraidrissa in jnunemaker/httparty#817
• Fix multipart with files in binary mode and fields including non-ASCII characters by @​rdimartino in jnunemaker/httparty#822

New Contributors

• @​baraidrissa made their first contribution in jnunemaker/httparty#817
• @​rdimartino made their first contribution in jnunemaker/httparty#822

Full Changelog: jnunemaker/httparty@v0.23.1...v0.23.2

v0.23.1

• Add foul option to class level jnunemaker/httparty@d268387

Full Changelog: jnunemaker/httparty@v0.23.0...v0.23.1

v0.23.0

What's Changed

• new: foul mode to rescue all common network errors: https://github.com/jnunemaker/httparty/blob/891a4a8093afd4cacecab2719223e3170d07f1c0/examples/party_foul_mode.rb
• docs: replace master branch to main for better view by @​bestony in jnunemaker/httparty#803
• Update README.md by @​tradesmanhelix in jnunemaker/httparty#811

New Contributors

• @​ashishra0 made their first contribution with foul mode
• @​bestony made their first contribution in jnunemaker/httparty#803
• @​tradesmanhelix made their first contribution in jnunemaker/httparty#811

Full Changelog: jnunemaker/httparty@v0.22.0...v0.23.0

v0.22.0

What's Changed

• Fix typo in example name by @​xymbol in jnunemaker/httparty#780
• Extract request building method by @​aliismayilov in jnunemaker/httparty#786
• CI: Tell dependabot to update GH Actions by @​olleolleolle in jnunemaker/httparty#791
• Add CSV gem as a dependency for Ruby 3.4 by @​ngan in jnunemaker/httparty#796
• Clear body when redirecting to a GET by @​rhett-inbox in jnunemaker/httparty#783
• CI against Ruby 3.3 by @​y-yagi in jnunemaker/httparty#798
• Bump actions/checkout from 3 to 4 by @​dependabot in jnunemaker/httparty#792

... (truncated)

Changelog

Sourced from httparty's changelog.

Changelog

All notable changes since 0.22 are documented in GitHub Releases.

Commits

• 55ec76e Release 0.24.0
• ddfbc8d Merge pull request #830 from jnunemaker/fix-ssrf-base-uri-bypass
• 0529bcd fix: prevent SSRF via absolute URL bypassing base_uri (GHSA-hm5p-x4rq-38w4)
• 05f38fd Merge pull request #829 from jnunemaker/memory
• 8901c23 feat: stream multipart file uploads to reduce memory usage
• 091bd6a Merge pull request #828 from jnunemaker/issue-826
• 59c0ac5 feat: set Content-Type for Hash body in requests
• 5c8b45e Merge pull request #823 from jnunemaker/mixed-encodings
• 6419cb3 Force binary encoding throughout
• c74571f Release 0.23.2
• Additional commits viewable in compare view

Updates rexml from 3.2.6 to 3.4.2

Release notes

Sourced from rexml's releases.

REXML 3.4.2 - 2025-08-26

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Changelog

Sourced from rexml's changelog.

3.4.2 - 2025-08-26 {#version-3-4-2}

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Commits

• f36916f Add 3.4.2 entry (#284)
• 5859bde Added XML declaration check & Source#skip_spaces method (#282)
• 1d876e3 Bump actions/checkout from 4 to 5 (#283)
• c87bda8 Remove ostruct from dev deps (#281)
• c60ae02 Remove bundler from dev deps (#277)
• 9b084d7 Fix & Deprecate REXML::Text#text_indent (#275)
• 04a589a Fix a bug that XPath can't be used for no document element (#268)
• 66232ea Remove redundant return statements (#266)
• 63f3e97 Use Safe Navigation (&.) from Ruby 2.3 (#265)
• d427fc5 Avoid redundant calls for doctype (#264)
• Additional commits viewable in compare view

Updates concurrent-ruby from 1.2.3 to 1.3.7

Release notes

Sourced from concurrent-ruby's releases.

v1.3.7

There are 3 security fixes in this release, so updating is recommended. These security vulnerabilities are not very likely to be hit in practice and have a corresponding Low severity score.

What's Changed

• CVE-2026-54904 AtomicReference#update livelocks when the stored value is Float::NAN. Fix by @​joshuay03 and @​eregon
• CVE-2026-54905 ReentrantReadWriteLock read-count overflow grants a write lock without exclusivity. Fix by @​joshuay03
• CVE-2026-54906 ReadWriteLock allows wrong-thread write release and stray read-release counter corruption. Fix by @​joshuay03
• concurrent-ruby-ext: fix build on Darwin 32-bit by @​barracuda156 in ruby-concurrency/concurrent-ruby#1064
• Add SECURITY.md by @​eregon in ruby-concurrency/concurrent-ruby#1104
• Add Ruby 4.0 in CI by @​eregon in ruby-concurrency/concurrent-ruby#1106

New Contributors

• @​barracuda156 made their first contribution in ruby-concurrency/concurrent-ruby#1064

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7

v1.3.6

What's Changed

• Run tests without the C extension in CI by @​eregon in ruby-concurrency/concurrent-ruby#1081
• Fix typo in Promise docs by @​danieldiekmeier in ruby-concurrency/concurrent-ruby#1083
• Correct word in readme by @​wwahammy in ruby-concurrency/concurrent-ruby#1084
• Fix mistakes in MVar documentation by @​trinistr in ruby-concurrency/concurrent-ruby#1087
• Fix multi require concurrent/executor/cached_thread_pool by @​OuYangJinTing in ruby-concurrency/concurrent-ruby#1085
• Use typed data APIs by @​nobu in ruby-concurrency/concurrent-ruby#1096
• Add Joshua Young to the list of maintainers by @​eregon in ruby-concurrency/concurrent-ruby#1097
• Asynchronous pruning for RubyThreadPoolExecutor by @​joshuay03 in ruby-concurrency/concurrent-ruby#1082
• Mark RubySingleThreadExecutor as a SerialExecutorService by @​meineerde in ruby-concurrency/concurrent-ruby#1070
• Allow TimerTask to be safely restarted after shutdown and avoid duplicate tasks by @​bensheldon in ruby-concurrency/concurrent-ruby#1001
• Flaky test fix: allow ThreadPool to shutdown before asserting completed_task_count by @​bensheldon in ruby-concurrency/concurrent-ruby#1098
• ThreadPoolExecutor#kill will wait_for_termination in JRuby; ensure TimerSet timer thread shuts down cleanly by @​bensheldon in ruby-concurrency/concurrent-ruby#1044

New Contributors

• @​danieldiekmeier made their first contribution in ruby-concurrency/concurrent-ruby#1083
• @​wwahammy made their first contribution in ruby-concurrency/concurrent-ruby#1084
• @​trinistr made their first contribution in ruby-concurrency/concurrent-ruby#1087
• @​OuYangJinTing made their first contribution in ruby-concurrency/concurrent-ruby#1085
• @​nobu made their first contribution in ruby-concurrency/concurrent-ruby#1096
• @​joshuay03 made their first contribution in ruby-concurrency/concurrent-ruby#1082

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.5...v1.3.6

... (truncated)

Changelog

Sourced from concurrent-ruby's changelog.

Release v1.3.7 (16 June 2026)

concurrent-ruby:

• See the release notes on GitHub.

Release v1.3.6 (13 December 2025)

concurrent-ruby:

• See the release notes on GitHub.

Release v1.3.5, edge v0.7.2 (15 January 2025)

concurrent-ruby:

• (#1062) Remove dependency on logger.

concurrent-ruby-edge:

• (#1062) Remove dependency on logger.

Release v1.3.4 (10 August 2024)

• (#1060) Fix bug with return value of Concurrent.available_processor_count when cpu.cfs_quota_us is -1.
• (#1058) Add Concurrent.cpu_shares that is cgroups aware.

Release v1.3.3 (9 June 2024)

• (#1053) Improve the speed of Concurrent.physical_processor_count on Windows.

Release v1.3.2, edge v0.7.1 (7 June 2024)

concurrent-ruby:

• (#1051) Remove dependency on win32ole.

concurrent-ruby-edge:

• (#1052) Fix dependency on concurrent-ruby to allow the latest release.

Release v1.3.1 (29 May 2024)

• Release 1.3.0 was broken when pushed to RubyGems. 1.3.1 is a packaging fix.

Release v1.3.0 (28 May 2024)

• (#1042) Align Java Executor Service behavior for shuttingdown?, shutdown?
• (#1038) Add Concurrent.available_processor_count that is cgroups aware.

Commits

• 4c8fc28 Release 1.3.7
• d91ca94 Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...
• 7e4d711 Fix ReentrantReadWriteLock read hold overflow into write-lock bit
• 6e37e06 Fix AtomicReference#update livelock when stored value is Float::NAN
• 2825cfa Cleanup spec
• 3fd4932 Fix ReadWriteLock wrong-thread write release and stray read release
• 1974b47 Add Ruby 4.0 in CI
• df8706d Add SECURITY.md (#1104)
• 7a1b789 Bump actions/upload-pages-artifact from 4 to 5
• 9b2dbf7 Bump actions/deploy-pages from 4 to 5
• Additional commits viewable in compare view

Updates google-protobuf from 3.24.4 to 3.25.5

Commits

• 70e85ae Updating version.json and repo version numbers to: 25.5-dev
• 489aba5 Merge pull request #15984 from mkruskal-google/staleness-fix-25
• 367c7be Regen stale files
• bbbd2de Updating version.json and repo version numbers to: 25.4-dev
• fc222b9 Updating version.json and repo version numbers to: 25.3-dev
• 6ac0447 Updating version.json and repo version numbers to: 25.2-dev
• 7f94235 Updating version.json and repo version numbers to: 25.1
• e4b00c7 Add support for extensions in CRuby, JRuby, and FFI Ruby (#14703) (#14756)
• 2495d4f Add support for options in CRuby, JRuby and FFI (#14594) (#14739)
• 6b5d8db Updating version.json and repo version numbers to: 25.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.