build(deps): bump the bundler group across 13 directories with 14 updates

[dependabot]

Bumps the bundler group with 3 updates in the /pkgs/applications/office/ledger-web directory: activerecord, rack and rack-session.
Bumps the bundler group with 3 updates in the /pkgs/applications/version-management/bitbucket-server-cli directory: addressable, git and json.
Bumps the bundler group with 4 updates in the /pkgs/applications/version-management/danger-gitlab directory: addressable, git, httparty and rexml.
Bumps the bundler group with 1 update in the /pkgs/applications/version-management/git-fame directory: activesupport.
Bumps the bundler group with 2 updates in the /pkgs/by-name/ce/cewl directory: rexml and nokogiri.
Bumps the bundler group with 1 update in the /pkgs/by-name/cf/cfn-nag directory: rexml.
Bumps the bundler group with 1 update in the /pkgs/by-name/co/coltrane directory: activesupport.
Bumps the bundler group with 1 update in the /pkgs/by-name/fu/fusuma directory: rexml.
Bumps the bundler group with 5 updates in the /pkgs/by-name/go/gollum directory:

Package	From	To
rack	3.1.8	3.1.16
rack-session	2.1.0	2.1.1
json	2.9.1	2.13.2
rexml	3.4.0	3.4.2
nokogiri	1.18.1	1.18.9

Bumps the bundler group with 4 updates in the /pkgs/by-name/li/licensed directory: activesupport, rack, json and nokogiri.
Bumps the bundler group with 1 update in the /pkgs/by-name/mp/mpdcron directory: nokogiri.
Bumps the bundler group with 1 update in the /pkgs/by-name/ov/overcommit directory: rexml.
Bumps the bundler group with 5 updates in the /pkgs/by-name/pg/pghero directory:

Package	From	To
activesupport	7.0.8.6	7.0.8.7
rack	2.2.10	2.2.14
nokogiri	1.16.7	1.18.9
net-imap	0.5.0	0.5.7
rails-html-sanitizer	1.6.0	1.6.1

Updates activerecord from 8.0.2 to 8.0.2.1

Release notes

Sourced from activerecord's releases.

8.0.2.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Call inspect on ids in RecordNotFound error

  [CVE-2025-55193]

  Gannon McGibbon, John Hawthorn

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

Remove dangerous transformations
[CVE-2025-24293]

... (truncated)

Changelog

Sourced from activerecord's changelog.

Rails 8.0.2.1 (August 13, 2025)

• Call inspect on ids in RecordNotFound error

  [CVE-2025-55193]

  Gannon McGibbon, John Hawthorn

Commits

• b0c813b Preparing for 8.0.2.1 release
• a6d50ae Update CHANGELOGs
• 568c0bc Call inspect on ids in RecordNotFound error
• See full diff in compare view

Updates activesupport from 8.0.2 to 8.0.2.1

Release notes

Sourced from activesupport's releases.

7.0.7.1

Active Support

• Use a temporary file for storing unencrypted files while editing

  [CVE-2023-38037]

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

... (truncated)

Commits

• c92caef Preparing for 7.0.7.1 release
• 936587d updating version / changelog
• a21d6ed Use a temporary file for storing unencrypted files while editing
• 522c86f Preparing for 7.0.7 release
• 5610cba Sync CHANGELOG with the changes in the repository
• 7e9ffc2 Fix to_s not using :default format with no args
• a8e88e2 Fix Cache::NullStore with local caching for repeated reads
• b18b9df Merge pull request #48800 from robinjam/fix-humanize-nil
• b12fe80 Fix Enumerable#sum for Enumerator#lazy
• e3f80f6 Add lower bound to Listen gem requirement
• Additional commits viewable in compare view

Updates rack from 3.1.12 to 3.1.16

Changelog

Sourced from rack's changelog.

[3.1.16] - 2025-06-04

Security

• CVE-2025-49007 Fix ReDoS in multipart request.

[3.1.15] - 2025-05-18

• Optional support for CGI::Cookie if not available. (#2327, #2333, [@​earlopain])

[3.1.14] - 2025-05-06

⚠️ This release includes a security fix that may cause certain routes in previously working applications to fail if query parameters exceed 4,096 in count or 4 MB in total size. See rack/rack#2356 for more details.

Security

• CVE-2025-46727 Unbounded parameter parsing in Rack::QueryParser can lead to memory exhaustion.

[3.1.13] - 2025-04-13

• Ensure Rack::ETag correctly updates response body. (#2324, [@​ioquatix])

Commits

• df2f3f2 Bump patch version.
• aed514d Fix ReDoS and consistency in multipart regexes
• 352650a Synchronize changelog.
• 835e15b Bump patch version.
• bd60f6e Feature detect CGI::Cookie. (#2333)
• 3c1a46d Replace usage of CGI::Cookie (#2328)
• 0ac5c57 Test on Ruby v3.4.
• 5440b2c Bump patch version.
• cd6b70a Merge commit from fork
• 0379537 Bump patch version.
• Additional commits viewable in compare view

Updates rack-session from 2.1.0 to 2.1.1

Release notes

Sourced from rack-session's releases.

v2.1.1

Full Changelog: rack/rack-session@v2.1.0...v2.1.1

Changelog

Sourced from rack-session's changelog.

v2.1.1

• Prevent Rack::Session::Pool from recreating deleted sessions CVE-2025-46336.

Commits

• 96663ec Bump patch version.
• c58ad79 Don't allow session to be recreated accidentally.
• See full diff in compare view

Updates addressable from 2.5.0 to 2.8.7

Changelog

Sourced from addressable's changelog.

Addressable 2.8.7

• Allow public_suffix 6 (#535)

#535: sporkmonger/addressable#535

Addressable 2.8.6

• Memoize regexps for common character classes (#524)

#524: sporkmonger/addressable#524

Addressable 2.8.5

• Fix thread safety issue with encoding tables (#515)
• Define URI::NONE as a module to avoid serialization issues (#509)
• Fix YAML serialization (#508)

#508: sporkmonger/addressable#508 #509: sporkmonger/addressable#509 #515: sporkmonger/addressable#515

Addressable 2.8.4

• Restore Addressable::IDNA.unicode_normalize_kc as a deprecated method (#504)

#504: sporkmonger/addressable#504

Addressable 2.8.3

• Fix template expand level 2 hash support for non-string objects (#499, #498)

#499: sporkmonger/addressable#499 #498: sporkmonger/addressable#498

Addressable 2.8.2

• Improve cache hits and JIT friendliness (#486)
• Improve code style and test coverage (#482)
• Ensure reset of deferred validation (#481)
• Resolve normalization differences between IDNA::Native and IDNA::Pure (#408, #492)
• Remove redundant colon in Addressable::URI::CharacterClasses::AUTHORITY regex (#438) (accidentally reverted by #449 merge but added back in #492)

#492: sporkmonger/addressable#492

Addressable 2.8.1

• refactor Addressable::URI.normalize_path to address linter offenses (#430)
• update gemspec to reflect supported Ruby versions (#466, #464, #463)
• compatibility w/ public_suffix 5.x (#466, #465, #460)
• fixes "invalid byte sequence in UTF-8" exception when unencoding URLs containing non UTF-8 characters (#459)
• Ractor compatibility (#449)
• use the whole string instead of a single line for template match (#431)
• force UTF-8 encoding only if needed (#341)

#449: sporkmonger/addressable#449 #460: sporkmonger/addressable#460

... (truncated)

Commits

• 7930ece Actually install libidn in release workflow (#539)
• cb5eb74 Release workflow needs libidn (#538)
• 83bb919 Update version, gemspec, and CHANGELOG for 2.8.7 (#537)
• 9ed8fe7 Add Trusted Publishing workflow (#536)
• 5b7197d Allow public_suffix 6 (#535)
• 1a09707 CI: Add bigdecimal to Gemfile (#533)
• b136f7d various: fix miscellaneous typos (#530)
• 42424ee Add Ruby 3.3 to CI matrix (#529)
• 2f692e4 Bump github/codeql-action from 2 to 3 (#528)
• 35a0f5c gemspec: more #freeze and rubygems_version bump (#526)
• Additional commits viewable in compare view

Updates git from 1.3.0 to 1.13.0

Release notes

Sourced from git's releases.

v1.13.0

Full Changelog

• ca8ff35 Release v1.13.0 (#603)
• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)

Release v1.12.0

Full Changelog

• ea79dad Release v1.12.0
• e58cd29 Support the commit --no-gpg-sign flag (#589)
• 323383b Use yard gem version 0.9.8 or later instead of HEAD from GitHub (#592)
• 609ab8b Allow the CI build to be run manually using the GitHub interface (#590)
• 4a96679 Fix windows build (#591)
• 6f2b3fd Support the --all option for git fetch (#583)
• 1b13ec1 Workaround to get JRuby build working (#582)
• 5f0adec Update README.md (#580)
• 45b467c Make the directory param to Git.clone optional (#578)
• b92130c Make Git::URL.clone_to handle cloning to bare and mirror repos (#577)
• 13471d7 Add Git::URL #parse and #clone_to methods (#575)
• 0a43d8b Use the head version of yard (#573)

Release v1.11.0

Full Changelog

• 292087e Supress unneeded test output (#570)
• 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
• 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
• c04d16e remove from maintainer (#567)
• 291ca09 Address command line injection in Git::Lib#fetch
• 521b8e7 Release v1.10.2 (#561)

Release v1.10.2

Full Changelog

• 57f941c Release v1.10.2
• c987a74 Add create-release, setup, and console dev scripts (#560)
• 12e3d03 Store tempfile objects to prevent deletion during tests (#555)

Release v1.10.1

Full Changelog

• c7b12af Release v1.10.1
• ea28118 Properly escape double quotes in shell commands on Windows (#552)
• db060fc Properly unescape diff paths (#504)
• ea47044 Add Ruby 3.0 to CI build (#547)

... (truncated)

Changelog

Sourced from git's changelog.

v1.13.0 (2022-12-10)

Full Changelog

• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)

v1.12.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.12.0

v1.11.0

• 292087e Supress unneeded test output (#570)
• 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
• 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
• c04d16e remove from maintainer (#567)
• 291ca09 Address command line injection in Git::Lib#fetch
• 521b8e7 Release v1.10.2 (#561)

See https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0

v1.10.2

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.2

1.10.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.1

1.10.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.0

1.9.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.9.1

1.9.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.9.0

1.8.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.8.1

1.8.0

... (truncated)

Commits

• ca8ff35 Release v1.13.0
• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)
• ea79dad Release v1.12.0
• e58cd29 Support the commit --no-gpg-sign flag (#589)
• 323383b Use yard gem version 0.9.8 or later instead of HEAD from GitHub (#592)
• 609ab8b Allow the CI build to be run manually using the GitHub interface (#590)
• Additional commits viewable in compare view

Updates json from 2.0.2 to 2.13.2

Release notes

Sourced from json's releases.

v2.13.2

What's Changed

• Improve duplicate key warning and errors to include the key name and point to the right caller.

Full Changelog: ruby/json@v2.13.1...v2.13.2

v2.13.1

What's Changed

• Fix support for older compilers without __builtin_cpu_supports.

Full Changelog: ruby/json@v2.13.0...v2.13.1

v2.13.0

What's Changed

• Add new allow_duplicate_key parsing options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.
• Optimize parsing further using SIMD to scan strings.

Full Changelog: ruby/json@v2.12.2...v2.13.0

v2.12.2

• Fix compiler optimization level.

Full Changelog: ruby/json@v2.12.1...v2.12.2

v2.12.1

What's Changed

• Fix a potential crash in large negative floating point number generation.
• Fix for JSON.pretty_generate to use passed state object's generate instead of state class as the required parameters aren't available.

Full Changelog: ruby/json@v2.12.0...v2.12.1

v2.12.0

What's Changed

• Improve floating point generation to not use scientific notation as much.
• Include line and column in parser errors. Both in the message and as exception attributes.
• Handle non-string hash keys with broken to_s implementations.
• JSON.generate now uses SSE2 (x86) or NEON (arm64) instructions when available to escape strings.

Full Changelog: ruby/json@v2.11.3...v2.12.0

v2.11.3

What's Changed

... (truncated)

Changelog

Sourced from json's changelog.

2025-07-28 (2.13.2)

• Improve duplicate key warning and errors to include the key name and point to the right caller.

2025-07-24 (2.13.1)

• Fix support for older compilers without __builtin_cpu_supports.

2025-07-17 (2.13.0)

• Add new allow_duplicate_key parsing options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.
• Optimize parsing further using SIMD to scan strings.

2025-05-23 (2.12.2)

• Fix compiler optimization level.

2025-05-23 (2.12.1)

• Fix a potential crash in large negative floating point number generation.
• Fix for JSON.pretty_generate to use passed state object's generate instead of state class as the required parameters aren't available.

2025-05-12 (2.12.0)

• Improve floating point generation to not use scientific notation as much.
• Include line and column in parser errors. Both in the message and as exception attributes.
• Handle non-string hash keys with broken to_s implementations.
• JSON.generate now uses SSE2 (x86) or NEON (arm64) instructions when available to escape strings.

2025-04-25 (2.11.3)

• Fix a regression in JSON.pretty_generate that could cause indentation to be off once some #to_json has been called.

2025-04-24 (2.11.2)

• Add back JSON::PRETTY_STATE_PROTOTYPE. This constant was private API but is used by popular gems like multi_json. It now emits a deprecation warning.

2025-04-24 (2.11.1)

• Add back JSON.restore, JSON.unparse, JSON.fast_unparse and JSON.pretty_unparse. These were deprecated 16 years ago, but never emitted warnings, only undocumented, so are still used by a few gems.

2025-04-24 (2.11.0)

• Optimize Integer generation to be ~1.8x faster.
• Optimize Float generation to be ~10x faster.
• Fix JSON.load proc argument to substitute the parsed object with the return value.

... (truncated)

Commits

• 9e3efbf Release 2.13.2
• 132049b Improve deprecation warning location detection
• db4c428 Merge pull request #832 from byroot/duplicated-key-error-message-2
• cd51557 Fix duplicated key warning location
• bea97e0 Merge pull request #831 from byroot/duplicated-key-error-message
• e3de4cc Improve duplicate key warning and errors to include the key name
• 6d29d75 Merge pull request #830 from nobu/indent
• 1988a3a Keep indentation consistent across functions
• 17dd7b6 Merge pull request #829 from nobu/static-linked-ext
• 020693b Functions defined in headers should be static inline
• Additional commits viewable in compare view

Updates addressable from 2.8.0 to 2.8.7

Changelog

Sourced from addressable's changelog.

Addressable 2.8.7

• Allow public_suffix 6 (#535)

#535: sporkmonger/addressable#535

Addressable 2.8.6

• Memoize regexps for common character classes (#524)

#524: sporkmonger/addressable#524

Addressable 2.8.5

• Fix thread safety issue with encoding tables (#515)
• Define URI::NONE as a module to avoid serialization issues (#509)
• Fix YAML serialization (#508)

#508: sporkmonger/addressable#508 #509: sporkmonger/addressable#509 #515: sporkmonger/addressable#515

Addressable 2.8.4

• Restore Addressable::IDNA.unicode_normalize_kc as a deprecated method (#504)

#504: sporkmonger/addressable#504

Addressable 2.8.3

• Fix template expand level 2 hash support for non-string objects (#499, #498)

#499: sporkmonger/addressable#499 #498: sporkmonger/addressable#498

Addressable 2.8.2

• Improve cache hits and JIT friendliness (#486)
• Improve code style and test coverage (#482)
• Ensure reset of deferred validation (#481)
• Resolve normalization differences between IDNA::Native and IDNA::Pure (#408, #492)
• Remove redundant colon in Addressable::URI::CharacterClasses::AUTHORITY regex (#438) (accidentally reverted by #449 merge but added back in #492)

#492: sporkmonger/addressable#492

Addressable 2.8.1

• refactor Addressable::URI.normalize_path to address linter offenses (#430)
• update gemspec to reflect supported Ruby versions (#466, #464, #463)
• compatibility w/ public_suffix 5.x (#466, #465, #460)
• fixes "invalid byte sequence in UTF-8" exception when unencoding URLs containing non UTF-8 characters (#459)
• Ractor compatibility (#449)
• use the whole string instead of a single line for template match (#431)
• force UTF-8 encoding only if needed (#341)

#449: sporkmonger/addressable#449 #460: sporkmonger/addressable#460

... (truncated)

Commits

• 7930ece Actually install libidn in release workflow (#539)
• cb5eb74 Release workflow needs libidn (#538)
• 83bb919 Update version, gemspec, and CHANGELOG for 2.8.7 (#537)
• 9ed8fe7 Add Trusted Publishing workflow (#536)
• 5b7197d Allow public_suffix 6 (#535)
• 1a09707 CI: Add bigdecimal to Gemfile (#533)
• b136f7d various: fix miscellaneous typos (#530)
• 42424ee Add Ruby 3.3 to CI matrix (#529)
• 2f692e4 Bump github/codeql-action from 2 to 3 (#528)
• 35a0f5c gemspec: more #freeze and rubygems_version bump (#526)
• Additional commits viewable in compare view

Updates git from 1.9.1 to 1.13.0

Release notes

Sourced from git's releases.

v1.13.0

Full Changelog

• ca8ff35 Release v1.13.0 (#603)
• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)

Release v1.12.0

Full Changelog

• ea79dad Release v1.12.0
• e58cd29 Support the commit --no-gpg-sign flag (#589)
• 323383b Use yard gem version 0.9.8 or later instead of HEAD from GitHub (#592)
• 609ab8b Allow the CI build to be run manually using the GitHub interface (#590)
• 4a96679 Fix windows build (#591)
• 6f2b3fd Support the --all option for git fetch (#583)
• 1b13ec1 Workaround to get JRuby build working (#582)
• 5f0adec Update README.md (#580)
• 45b467c Make the directory param to Git.clone optional (#578)
• b92130c Make Git::URL.clone_to handle cloning to bare and mirror repos (#577)
• 13471d7 Add Git::URL #parse and #clone_to methods (#575)
• 0a43d8b Use the head version of yard (#573)

Release v1.11.0

Full Changelog

• 292087e Supress unneeded test output (#570)
• 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
• 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
• c04d16e remove from maintainer (#567)
• 291ca09 Address command line injection in Git::Lib#fetch
• 521b8e7 Release v1.10.2 (#561)

Release v1.10.2

Full Changelog

• 57f941c Release v1.10.2
• c987a74 Add create-release, setup, and console dev scripts (#560)
• 12e3d03 Store tempfile objects to prevent deletion during tests (#555)

Release v1.10.1

Full Changelog

• c7b12af Release v1.10.1
• ea28118 Properly escape double quotes in shell commands on Windows (#552)
• db060fc Properly unescape diff paths (#504)
• ea47044 Add Ruby 3.0 to CI build (#547)

... (truncated)

Changelog

Sourced from git's changelog.

v1.13.0 (2022-12-10)

Full Changelog

• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)

v1.12.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.12.0

v1.11.0

• 292087e Supress unneeded test output (#570)
• 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
• 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
• c04d16e remove from maintainer (#567)
• 291ca09 Address command line injection in Git::Lib#fetch
• 521b8e7 Release v1.10.2 (#561)

See https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0

v1.10.2

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.2

1.10.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.1

1.10.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.0

1.9.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.9.1

1.9.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.9.0

1.8.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.8.1

1.8.0

... (truncated)

Commits

• ca8ff35 Release v1.13.0
• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)
• ea79dad Release v1.12.0
• e58cd29 Support the commit --no-gpg-sign flag (#589)
• 323383b Use yard gem version 0.9.8 or later instead of HEAD from GitHub (#592)
• 609ab8b Allow the CI build to be run manually using the GitHub interface (#590)
• Additional commits viewable in compare view

Updates httparty from 0.18.1 to 0.21.0

Changelog

Sourced from httparty's changelog.

0.21.0

• escape filename in the multipart/form-data Content-Disposition header
• Fix request marshaling
• Replace mime-types with mini_mime

0.20.0

Breaking changes

• Require Ruby >= 2.3.0

Fixes

• Marshal.dump fails on response objects when request option :logger is set or :parser is a proc
• Switch :pem option to to OpenSSL::PKey.read to support other algorithms

0.19.1

• Remove use of unary + method for creating non-frozen string to increase compatibility with older versions of ruby

0.19.0

• Multipart/Form-Data: rewind files after read
• add frozen_string_literal pragma to all files
• [Better handling of Accept-Encoding / Content-Encoding decompression (fixes #562)](jnunemaker/httparty#729)

Commits

• e731057 Update version
• a2038f2 Add security notice in changelog
• 455c222 Ignore asdf tool-versions
• cdb45a6 Merge pull request from GHSA-5pq7-52mg-hr42
• 243a215 Merge pull request #769 from carlosantoniodasilva/ca-mini-mime
• a577aca Merge pull request #773 from petergoldstein/feature/add_ruby_3_2_to_ci
• 7bb1f94 Adds Ruby 3.2 to the CI matrix. Updates checkout action version.
• 31d3d9d Merge pull request #771 from mishina2228/update-ci-status-badge
• 7737a77 Update CI status badge
• 051c181 escape filename in the multipart/form-data Content-Disposition header
• Additional commits viewable in compare view

Updates rexml from 3.2.5 to 3.4.2

Release notes

Sourced from rexml's releases.

REXML 3.4.2 - 2025-08-26

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

Description has been truncated