Bump puma to 7.2.1 and concurrent-ruby to 1.3.7 for security advisories

[treiff]

What

Bumps two gems to address high-severity CVEs due by Jul 8–23:

Gem	Old	New	CVEs
puma	7.0.2	7.2.1	CVE-2026-47736, CVE-2026-47737
concurrent-ruby	1.3.5	1.3.7	CVE-2026-54904

Changes

• solid_queue.gemspec: tightened constraints to puma ~> 7.2 (dev dep) and concurrent-ruby >= 1.3.7 (runtime dep)
• Gemfile.lock: updated resolved versions accordingly

Test plan

• CI passes

[nathanstpierre-wealthbox]

ship it!

[nathanstpierre-wealthbox]

Failure:
BatchLifecycleTest#test_all_jobs_are_run,_including_jobs_enqueued_inside_of_other_jobs [test/integration/batch_lifecycle_test.rb:125]:
Expected: 3
  Actual: 2

bin/rails test test/integration/batch_lifecycle_test.rb:108

.......................................................................................

Finished in 170.183561s, 1.4808 runs/s, 8.6847 assertions/s.
252 runs, 1478 assertions, 1 failures, 0 errors, 3 skips

You have skipped tests. Run with --verbose for details.
Error: Process completed with exit code 1.

I don't think that's a flake sinc ethere' a few different ones but this is odd.

[treiff]

Failure:
BatchLifecycleTest#test_all_jobs_are_run,_including_jobs_enqueued_inside_of_other_jobs [test/integration/batch_lifecycle_test.rb:125]:
Expected: 3
  Actual: 2

bin/rails test test/integration/batch_lifecycle_test.rb:108

.......................................................................................

Finished in 170.183561s, 1.4808 runs/s, 8.6847 assertions/s.
252 runs, 1478 assertions, 1 failures, 0 errors, 3 skips

You have skipped tests. Run with --verbose for details.
Error: Process completed with exit code 1.

I don't think that's a flake sinc ethere' a few different ones but this is odd.

Since this is a fork, we pulled in all their GitHub action tests. Ever since we forked this repo, at least from what I can tell, a lot of these have been failing. Not the answer we're looking for, but it seems like we've largely just been ignoring them.