rails-rfc6570 3.5.1 → 3.6.0

data/vendor/bundle/ruby/3.4.0/gems/json-2.16.0/json.gemspec

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+version = File.foreach(File.join(__dir__, "lib/json/version.rb")) do |line|
+  /^\s*VERSION\s*=\s*'(.*)'/ =~ line and break $1
+end rescue nil
+
+spec = Gem::Specification.new do |s|
+  java_ext = Gem::Platform === s.platform && s.platform =~ 'java' || RUBY_ENGINE == 'jruby'
+
+  s.name = "json"
+  s.version = version
+
+  s.summary = "JSON Implementation for Ruby"
+  s.homepage = "https://github.com/ruby/json"
+  s.metadata = {
+    'bug_tracker_uri'   => 'https://github.com/ruby/json/issues',
+    'changelog_uri'     => 'https://github.com/ruby/json/blob/master/CHANGES.md',
+    'documentation_uri' => 'https://docs.ruby-lang.org/en/master/JSON.html',
+    'homepage_uri'      => s.homepage,
+    'source_code_uri'   => 'https://github.com/ruby/json',
+  }
+
+  s.required_ruby_version = Gem::Requirement.new(">= 2.7")
+
+  if java_ext
+    s.description = "A JSON implementation as a JRuby extension."
+    s.author = "Daniel Luz"
+    s.email = "dev+ruby@mernen.com"
+  else
+    s.description = "This is a JSON implementation as a Ruby extension in C."
+    s.authors = ["Florian Frank"]
+    s.email = "flori@ping.de"
+  end
+
+  s.licenses = ["Ruby"]
+
+  s.extra_rdoc_files = ["README.md"]
+  s.rdoc_options = ["--title", "JSON implementation for Ruby", "--main", "README.md"]
+
+  s.files = [
+    "CHANGES.md",
+    "COPYING",
+    "BSDL",
+    "LEGAL",
+    "README.md",
+    "json.gemspec",
+  ] + Dir.glob("lib/**/*.rb", base: File.expand_path("..", __FILE__))
+
+  if java_ext
+    s.platform = 'java'
+    s.files += Dir["lib/json/ext/**/*.jar"]
+  else
+    s.extensions = Dir["ext/json/**/extconf.rb"]
+    s.files += Dir["ext/json/**/*.{c,h,rb}"]
+  end
+end
+
+if RUBY_ENGINE == 'jruby' && $0 == __FILE__
+  Gem::Builder.new(spec).build
+else
+  spec
+end

data/vendor/bundle/ruby/3.4.0/gems/{minitest-5.25.5 → minitest-5.26.2}/README.rdoc

@@ -95,7 +95,9 @@ Given that you'd like to test the following class:
 
 === Unit tests
 
-Define your tests as methods beginning with +test_+.
+Define your tests as methods beginning with +test_+. Use
+{assertions}[/minitest/Minitest/Assertions.html] to test for results
+or state.
 
   require "minitest/autorun"
 
@@ -119,6 +121,9 @@ Define your tests as methods beginning with +test_+.
 
 === Specs
 
+Use {expectations}[/minitest/Minitest/Expectations.html] to check
+results or state. They must be wrapped in a value call (eg +_+).
+
   require "minitest/autorun"
 
   describe Meme do
@@ -146,7 +151,7 @@ For matchers support check out:
 
 === Benchmarks
 
-Add benchmarks to your tests.
+Add {benchmarks}[/minitest/Minitest/Benchmark.html] to your tests.
 
   # optionally run benchmarks, good for CI-only work!
   require "minitest/benchmark" if ENV["BENCH"]
@@ -422,13 +427,10 @@ Current versions of rails: (https://endoflife.date/rails)
 
   | rails | min ruby | minitest | status   |  EOL Date  |
   |-------+----------+----------+----------+------------|
+  |   8.1 | >= 3.2   | >= 5.1   | Current  | 2027-10-07 |
   |   8.0 | >= 3.2   | >= 5.1   | Current  | 2026-11-07 |
-  |   7.2 | >= 3.1   | >= 5.1   | Current  | 2026-08-09 |
-  |   7.1 | >= 2.7   | >= 5.1   | Security | 2025-10-01 |
-  |   7.0 | >= 2.7   | >= 5.1   | Security | 2025-04-01 |
-  |   6.1 | >= 2.5   | >= 5.1   | EOL      | 2024-10-01 |
-  |   6.0 | >= 2.5   | >= 5.1   | EOL      | 2023-06-01 |
-  |   5.2 | >= 2.2.2 | ~> 5.1   | EOL      | 2022-06-01 |
+  |   7.2 | >= 3.1   | >= 5.1   | Security | 2026-08-09 |
+  |   7.1 | >= 2.7   | >= 5.1   | EOL      | 2025-10-01 |
 
 If you want to look at the requirements for a specific version, run:
 

data/vendor/bundle/ruby/3.4.0/gems/{public_suffix-6.0.2 → public_suffix-7.0.0}/CHANGELOG.md

@@ -3,6 +3,14 @@
 This project uses [Semantic Versioning 2.0.0](https://semver.org/).
 
 
+## 7.0.0
+
+### Changed
+
+- Updated definitions.
+- Minimum Ruby version is 3.2
+
+
 ## 6.0.2
 
 ### Changed

data/vendor/bundle/ruby/3.4.0/gems/{public_suffix-6.0.2 → public_suffix-7.0.0}/README.md

@@ -1,6 +1,6 @@
-# Public Suffix <small>for Ruby</small>
+# PublicSuffix for Ruby
 
-<tt>PublicSuffix</tt> is a Ruby domain name parser based on the [Public Suffix List](https://publicsuffix.org/).
+`PublicSuffix` is a Ruby domain name parser based on the [Public Suffix List](https://publicsuffix.org/).
 
 [![Build Status](https://github.com/weppos/publicsuffix-ruby/actions/workflows/tests.yml/badge.svg)](https://github.com/weppos/publicsuffix-ruby/actions/workflows/tests.yml)
 [![Tidelift dependencies](https://tidelift.com/badges/package/rubygems/public_suffix)](https://tidelift.com/subscription/pkg/rubygems-public-suffix?utm_source=rubygems-public-suffix&utm_medium=referral&utm_campaign=enterprise)
@@ -16,7 +16,7 @@
 
 ## Requirements
 
-<tt>PublicSuffix</tt> requires **Ruby >= 3.0**. For an older versions of Ruby use a previous release.
+`PublicSuffix` requires **Ruby >= 3.2**. For older versions of Ruby, use a previous release.
 
 
 ## Installation
@@ -106,9 +106,9 @@ PublicSuffix.valid?("example.tldnotlisted", default_rule: nil)
 ```
 
 
-## Fully Qualified Domain Names
+## Fully qualified domain names
 
-This library automatically recognizes Fully Qualified Domain Names. A FQDN is a domain name that end with a trailing dot.
+This library automatically recognizes Fully Qualified Domain Names. A FQDN is a domain name that ends with a trailing dot.
 
 ```ruby
 # Parse a standard domain name
@@ -122,7 +122,7 @@ PublicSuffix.domain("www.google.com.")
 
 ## Private domains
 
-This library has support for switching off support for private (non-ICANN).
+This library supports toggling private (non-ICANN) domain handling.
 
 ```ruby
 # Extract a domain including private domains (by default)
@@ -148,15 +148,15 @@ PublicSuffix.domain("something.blogspot.com")
 # => "blogspot.com"
 ```
 
-## Add domain to list
+## Adding custom domains
 
-If you want to manually add a domain to the list just run:
+To manually add a domain to the list:
 
 ```ruby
 PublicSuffix::List.default << PublicSuffix::Rule.factory('onmicrosoft.com')
 ```
 
-## What is the Public Suffix List?
+## What is the public suffix list?
 
 The [Public Suffix List](https://publicsuffix.org) is a cross-vendor initiative to provide an accurate list of domain name suffixes.
 
@@ -165,7 +165,7 @@ The Public Suffix List is an initiative of the Mozilla Project, but is maintaine
 A "public suffix" is one under which Internet users can directly register names. Some examples of public suffixes are ".com", ".co.uk" and "pvt.k12.wy.us". The Public Suffix List is a list of all known public suffixes.
 
 
-## Why the Public Suffix List is better than any available Regular Expression parser?
+## Why use the public suffix list instead of regular expressions?
 
 Previously, browsers used an algorithm which basically only denied setting wide-ranging cookies for top-level domains with no dots (e.g. com or org). However, this did not work for top-level domains where only third-level registrations are allowed (e.g. co.uk). In these cases, websites could set a cookie for co.uk which will be passed onto every website registered under co.uk.
 
@@ -180,43 +180,52 @@ Source: https://wiki.mozilla.org/Public_Suffix_List
 Not convinced yet? Check out [this real world example](https://stackoverflow.com/q/288810/123527).
 
 
-## Does <tt>PublicSuffix</tt> make requests to Public Suffix List website?
+## Does PublicSuffix make network requests?
 
-No. <tt>PublicSuffix</tt> comes with a bundled list. It does not make any HTTP requests to parse or validate a domain.
+No. `PublicSuffix` comes with a bundled list. It does not make any HTTP requests to parse or validate a domain.
 
 
-## Support
+## Terminology
 
-Library documentation is auto-generated from the [README](https://github.com/weppos/publicsuffix-ruby/blob/master/README.md) and the source code, and it's available at https://rubydoc.info/gems/public_suffix.
+- **TLD** (Top-Level Domain): The last segment of a domain name. For example, in `mozilla.org`, the `.org` portion is the TLD.
 
-- The PublicSuffix bug tracker is here: https://github.com/weppos/publicsuffix-ruby/issues
-- The PublicSuffix code repository is here: https://github.com/weppos/publicsuffix-ruby. Contributions are welcome! Please include tests and/or feature coverage for every patch, and create a topic branch for every separate change you make.
+- **SLD** (Second-Level Domain): A domain directly below a top-level domain. For example, in `https://www.mozilla.org/en-US/`, `mozilla` is the second-level domain of the `.org` TLD.
 
-[Consider subscribing to Tidelift which provides Enterprise support for this project](https://tidelift.com/subscription/pkg/rubygems-public-suffix?utm_source=rubygems-public-suffix&utm_medium=referral&utm_campaign=readme) as part of the Tidelift Subscription. Tidelift subscriptions also help the maintainers by funding the project, which in turn allows us to ship releases, bugfixes, and security updates more often.
+- **TRD** (Third-Level Domain): Also known as a subdomain, this is the part of the domain before the SLD or root domain. For example, in `https://www.mozilla.org/en-US/`, `www` is the TRD.
 
+- **FQDN** (Fully Qualified Domain Name): A complete domain name that includes the hostname, domain, and top-level domain, ending with a trailing dot. The format is `[hostname].[domain].[tld].` (e.g., `www.mozilla.org.`).
 
-## Security and Vulnerability Reporting
 
-Full information and description of our security policy please visit [`SECURITY.md`](SECURITY.md)
+## Documentation and support
 
+### Documentation
 
-## Changelog
+Library documentation is auto-generated from the [README](https://github.com/weppos/publicsuffix-ruby/blob/master/README.md) and source code, and is available at https://rubydoc.info/gems/public_suffix.
 
-See the [CHANGELOG.md](CHANGELOG.md) file for details.
+### Bug reports and contributions
 
+- **Bug Tracker**: https://github.com/weppos/publicsuffix-ruby/issues
+- **Code Repository**: https://github.com/weppos/publicsuffix-ruby
 
-## License
+Contributions are welcome! Please include tests and/or feature coverage for every patch, and create a topic branch for every separate change you make.
 
-Copyright (c) 2009-2025 Simone Carletti. This is Free Software distributed under the MIT license.
+### Enterprise support
 
-The [Public Suffix List source](https://publicsuffix.org/list/) is subject to the terms of the Mozilla Public License, v. 2.0.
+[Consider subscribing to Tidelift](https://tidelift.com/subscription/pkg/rubygems-public-suffix?utm_source=rubygems-public-suffix&utm_medium=referral&utm_campaign=readme), which provides enterprise support for this project as part of the Tidelift Subscription. Tidelift subscriptions help fund the project, allowing us to ship releases, bugfixes, and security updates more frequently.
 
-## Definitions
 
-tld = Top level domain, this is in reference to the last segment of a domain, sometimes the part that is directly after the "dot" symbol. For example, `mozilla.org`, the `.org` portion is the tld.
+## Security and vulnerability reporting
 
-sld = Second level domain, a domain that is directly below a top-level domain. For example, in `https://www.mozilla.org/en-US/`, `mozilla` is the second-level domain of the .org tld.
+For full information and details about our security policy, please visit [`SECURITY.md`](SECURITY.md).
+
+
+## Changelog
 
-trd = Transit routing domain, or known as a subdomain. This is the part of the domain that is before the sld or root domain. For example, in `https://www.mozilla.org/en-US/`, `www` is the trd.
+See [CHANGELOG.md](CHANGELOG.md) for details.
 
-FQDN = Fully Qualified Domain Names, are domain names that are written with the hostname and the domain name, and include the top-level domain, the format looks like `[hostname].[domain].[tld].` for ex. `[www].[mozilla].[org]`.
+
+## License
+
+Copyright (c) 2009-2025 Simone Carletti. This is Free Software distributed under the MIT license.
+
+The [Public Suffix List source](https://publicsuffix.org/list/) is subject to the terms of the Mozilla Public License, v. 2.0.

data/vendor/bundle/ruby/3.4.0/gems/{rack-3.2.1 → rack-3.2.4}/CHANGELOG.md

@@ -2,7 +2,26 @@
 
 All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
 
-## Unreleased
+## [3.2.4] - 2025-11-03
+
+### Fixed
+
+- Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
+
+## [3.2.3] - 2025-10-10
+
+### Security
+
+- [CVE-2025-61780](https://github.com/advisories/GHSA-r657-rxjc-j557) Improper handling of headers in `Rack::Sendfile` may allow proxy bypass.
+- [CVE-2025-61919](https://github.com/advisories/GHSA-6xw4-3v39-52mm) Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion.
+
+## [3.2.2] - 2025-10-07
+
+### Security
+
+- [CVE-2025-61772](https://github.com/advisories/GHSA-wpv5-97wm-hp9c) Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
+- [CVE-2025-61771](https://github.com/advisories/GHSA-w9pc-fmgc-vxvw) Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
+- [CVE-2025-61770](https://github.com/advisories/GHSA-p543-xpfm-54cp) Unbounded multipart preamble buffering enables DoS (memory exhaustion)
 
 ## [3.2.1] -- 2025-09-02
 
@@ -61,6 +80,27 @@ This release continues Rack's evolution toward a cleaner, more efficient foundat
 - `SERVER_NAME` and `HTTP_HOST` are now more strictly validated according to the relevant specifications. ([#2298](https://github.com/rack/rack/pull/2298), [@ioquatix])
 - `Rack::Lint` now disallows `PATH_INFO="" SCRIPT_NAME=""`. ([#2298](https://github.com/rack/rack/issues/2307), [@jeremyevans])
 
+## [3.1.19] - 2025-11-03
+
+### Fixed
+
+- Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
+
+## [3.1.18] - 2025-10-10
+
+### Security
+
+- [CVE-2025-61780](https://github.com/advisories/GHSA-r657-rxjc-j557) Improper handling of headers in `Rack::Sendfile` may allow proxy bypass.
+- [CVE-2025-61919](https://github.com/advisories/GHSA-6xw4-3v39-52mm) Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion.
+
+## [3.1.17] - 2025-10-07
+
+### Security
+
+- [CVE-2025-61772](https://github.com/advisories/GHSA-wpv5-97wm-hp9c) Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
+- [CVE-2025-61771](https://github.com/advisories/GHSA-w9pc-fmgc-vxvw) Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
+- [CVE-2025-61770](https://github.com/advisories/GHSA-p543-xpfm-54cp) Unbounded multipart preamble buffering enables DoS (memory exhaustion)
+
 ## [3.1.16] - 2025-06-04
 
 ### Security
@@ -77,7 +117,7 @@ This release continues Rack's evolution toward a cleaner, more efficient foundat
 
 ### Security
 
-- [CVE-2025-46727](https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion.
+- [CVE-2025-46727](https://github.com/advisories/GHSA-gjh7-p2fx-99vx) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion.
 
 ## [3.1.13] - 2025-04-13
 
@@ -87,19 +127,19 @@ This release continues Rack's evolution toward a cleaner, more efficient foundat
 
 ### Security
 
-- [CVE-2025-27610](https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
+- [CVE-2025-27610](https://github.com/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
 
 ## [3.1.11] - 2025-03-04
 
 ### Security
 
-- [CVE-2025-27111](https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
+- [CVE-2025-27111](https://github.com/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
 
 ## [3.1.10] - 2025-02-12
 
 ### Security
 
-- [CVE-2025-25184](https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
+- [CVE-2025-25184](https://github.com/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
 
 ## [3.1.9] - 2025-01-31
 
@@ -132,7 +172,7 @@ This release continues Rack's evolution toward a cleaner, more efficient foundat
 
 ### Security
 
-- Fix potential ReDoS attack in `Rack::Request#parse_http_accept_header`. ([GHSA-cj83-2ww7-mvq7](https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7), [@dwisiswant0](https://github.com/dwisiswant0))
+- Fix potential ReDoS attack in `Rack::Request#parse_http_accept_header`. ([GHSA-cj83-2ww7-mvq7](https://github.com/advisories/GHSA-cj83-2ww7-mvq7), [@dwisiswant0](https://github.com/dwisiswant0))
 
 ## [3.1.4] - 2024-06-22
 
@@ -224,7 +264,7 @@ This release is primarily a maintenance release that removes features deprecated
 
 ### Security
 
-- [CVE-2025-46727](https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion.
+- [CVE-2025-46727](https://github.com/advisories/GHSA-gjh7-p2fx-99vx) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion.
 
 ## [3.0.15] - 2025-04-13
 
@@ -234,13 +274,13 @@ This release is primarily a maintenance release that removes features deprecated
 
 ### Security
 
-- [CVE-2025-27610](https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
+- [CVE-2025-27610](https://github.com/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
 
 ## [3.0.13] - 2025-03-04
 
 ### Security
 
-- [CVE-2025-27111](https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
+- [CVE-2025-27111](https://github.com/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
 
 ### Fixed
 
@@ -250,7 +290,7 @@ This release is primarily a maintenance release that removes features deprecated
 
 ### Security
 
-- [CVE-2025-25184](https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
+- [CVE-2025-25184](https://github.com/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
 
 ## [3.0.11] - 2024-05-10
 
@@ -430,6 +470,33 @@ This release introduces major improvements to Rack, including enhanced support f
 - Fix multipart filename generation for filenames that contain spaces. Encode spaces as "%20" instead of "+" which will be decoded properly by the multipart parser. ([#1736](https://github.com/rack/rack/pull/1645), [@muirdm](https://github.com/muirdm))
 - `Rack::Request#scheme` returns `ws` or `wss` when one of the `X-Forwarded-Scheme` / `X-Forwarded-Proto` headers is set to `ws` or `wss`, respectively. ([#1730](https://github.com/rack/rack/issues/1730), [@erwanst](https://github.com/erwanst))
 
+## [2.2.21] - 2025-11-03
+
+### Fixed
+
+- Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
+
+## [2.2.20] - 2025-10-10
+
+### Security
+
+- [CVE-2025-61780](https://github.com/advisories/GHSA-r657-rxjc-j557) Improper handling of headers in `Rack::Sendfile` may allow proxy bypass.
+- [CVE-2025-61919](https://github.com/advisories/GHSA-6xw4-3v39-52mm) Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion.
+
+## [2.2.19] - 2025-10-07
+
+### Security
+
+- [CVE-2025-61772](https://github.com/advisories/GHSA-wpv5-97wm-hp9c) Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
+- [CVE-2025-61771](https://github.com/advisories/GHSA-w9pc-fmgc-vxvw) Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
+- [CVE-2025-61770](https://github.com/advisories/GHSA-p543-xpfm-54cp) Unbounded multipart preamble buffering enables DoS (memory exhaustion)
+
+## [2.2.18] - 2025-09-25
+
+### Security
+
+- [CVE-2025-59830](https://github.com/advisories/GHSA-625h-95r8-8xpm) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion via semicolon-separated parameters.
+
 ## [2.2.17] - 2025-06-03
 
 - Backport `Rack::MediaType#params` now handles parameters without values. ([#2263](https://github.com/rack/rack/pull/2263), [@AllyMarthaJ](https://github.com/AllyMarthaJ))
@@ -448,25 +515,25 @@ This release introduces major improvements to Rack, including enhanced support f
 
 ### Security
 
-- [CVE-2025-46727](https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion.
+- [CVE-2025-46727](https://github.com/advisories/GHSA-gjh7-p2fx-99vx) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion.
 
 ## [2.2.13] - 2025-03-11
 
 ### Security
 
-- [CVE-2025-27610](https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
+- [CVE-2025-27610](https://github.com/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
 
 ## [2.2.12] - 2025-03-04
 
 ### Security
 
-- [CVE-2025-27111](https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
+- [CVE-2025-27111](https://github.com/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
 
 ## [2.2.11] - 2025-02-12
 
 ### Security
 
-- [CVE-2025-25184](https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
+- [CVE-2025-25184](https://github.com/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
 
 ## [2.2.10] - 2024-10-14
 

data/vendor/bundle/ruby/3.4.0/gems/{rack-3.2.1 → rack-3.2.4}/README.md

@@ -230,6 +230,14 @@ query string, before attempting parsing, so if the same parameter key is
 used multiple times in the query, each counts as a separate parameter for
 this check.
 
+### `RACK_MULTIPART_BUFFERED_UPLOAD_BYTESIZE_LIMIT`
+
+This environment variable sets the maximum amount of memory Rack will use
+to buffer multipart parameters when parsing a request body. This considers
+the size of the multipart mime headers and the body part for multipart
+parameters that are buffered in memory and do not use tempfiles. This
+defaults to 16MB if not provided.
+
 ### `param_depth_limit`
 
 ```ruby

data/vendor/bundle/ruby/3.4.0/gems/{rake-13.3.0 → rake-13.3.1}/rake.gemspec

@@ -27,7 +27,7 @@ Gem::Specification.new do |s|
     "bug_tracker_uri" => "https://github.com/ruby/rake/issues",
     "changelog_uri" => "https://github.com/ruby/rake/releases",
     "documentation_uri" => "https://ruby.github.io/rake",
-    "source_code_uri" => "#{s.homepage}/releases/v#{s.version}"
+    "source_code_uri" => s.homepage
   }
 
   s.files = [

data/vendor/bundle/ruby/3.4.0/specifications/{actionpack-8.0.3.gemspec → actionpack-8.1.1.gemspec}

@@ -1,12 +1,12 @@
 # -*- encoding: utf-8 -*-
-# stub: actionpack 8.0.3 ruby lib
+# stub: actionpack 8.1.1 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "actionpack".freeze
-  s.version = "8.0.3".freeze
+  s.version = "8.1.1".freeze
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
-  s.metadata = { "bug_tracker_uri" => "https://github.com/rails/rails/issues", "changelog_uri" => "https://github.com/rails/rails/blob/v8.0.3/actionpack/CHANGELOG.md", "documentation_uri" => "https://api.rubyonrails.org/v8.0.3/", "mailing_list_uri" => "https://discuss.rubyonrails.org/c/rubyonrails-talk", "rubygems_mfa_required" => "true", "source_code_uri" => "https://github.com/rails/rails/tree/v8.0.3/actionpack" } if s.respond_to? :metadata=
+  s.metadata = { "bug_tracker_uri" => "https://github.com/rails/rails/issues", "changelog_uri" => "https://github.com/rails/rails/blob/v8.1.1/actionpack/CHANGELOG.md", "documentation_uri" => "https://api.rubyonrails.org/v8.1.1/", "mailing_list_uri" => "https://discuss.rubyonrails.org/c/rubyonrails-talk", "rubygems_mfa_required" => "true", "source_code_uri" => "https://github.com/rails/rails/tree/v8.1.1/actionpack" } if s.respond_to? :metadata=
   s.require_paths = ["lib".freeze]
   s.authors = ["David Heinemeier Hansson".freeze]
   s.date = "1980-01-02"
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
 
   s.specification_version = 4
 
-  s.add_runtime_dependency(%q<activesupport>.freeze, ["= 8.0.3".freeze])
+  s.add_runtime_dependency(%q<activesupport>.freeze, ["= 8.1.1".freeze])
   s.add_runtime_dependency(%q<nokogiri>.freeze, [">= 1.8.5".freeze])
   s.add_runtime_dependency(%q<rack>.freeze, [">= 2.2.4".freeze])
   s.add_runtime_dependency(%q<rack-session>.freeze, [">= 1.0.1".freeze])
@@ -31,6 +31,6 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency(%q<rails-html-sanitizer>.freeze, ["~> 1.6".freeze])
   s.add_runtime_dependency(%q<rails-dom-testing>.freeze, ["~> 2.2".freeze])
   s.add_runtime_dependency(%q<useragent>.freeze, ["~> 0.16".freeze])
-  s.add_runtime_dependency(%q<actionview>.freeze, ["= 8.0.3".freeze])
-  s.add_development_dependency(%q<activemodel>.freeze, ["= 8.0.3".freeze])
+  s.add_runtime_dependency(%q<actionview>.freeze, ["= 8.1.1".freeze])
+  s.add_development_dependency(%q<activemodel>.freeze, ["= 8.1.1".freeze])
 end

data/vendor/bundle/ruby/3.4.0/specifications/{actionview-8.0.3.gemspec → actionview-8.1.1.gemspec}

@@ -1,12 +1,12 @@
 # -*- encoding: utf-8 -*-
-# stub: actionview 8.0.3 ruby lib
+# stub: actionview 8.1.1 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "actionview".freeze
-  s.version = "8.0.3".freeze
+  s.version = "8.1.1".freeze
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
-  s.metadata = { "bug_tracker_uri" => "https://github.com/rails/rails/issues", "changelog_uri" => "https://github.com/rails/rails/blob/v8.0.3/actionview/CHANGELOG.md", "documentation_uri" => "https://api.rubyonrails.org/v8.0.3/", "mailing_list_uri" => "https://discuss.rubyonrails.org/c/rubyonrails-talk", "rubygems_mfa_required" => "true", "source_code_uri" => "https://github.com/rails/rails/tree/v8.0.3/actionview" } if s.respond_to? :metadata=
+  s.metadata = { "bug_tracker_uri" => "https://github.com/rails/rails/issues", "changelog_uri" => "https://github.com/rails/rails/blob/v8.1.1/actionview/CHANGELOG.md", "documentation_uri" => "https://api.rubyonrails.org/v8.1.1/", "mailing_list_uri" => "https://discuss.rubyonrails.org/c/rubyonrails-talk", "rubygems_mfa_required" => "true", "source_code_uri" => "https://github.com/rails/rails/tree/v8.1.1/actionview" } if s.respond_to? :metadata=
   s.require_paths = ["lib".freeze]
   s.authors = ["David Heinemeier Hansson".freeze]
   s.date = "1980-01-02"
@@ -23,11 +23,11 @@ Gem::Specification.new do |s|
 
   s.specification_version = 4
 
-  s.add_runtime_dependency(%q<activesupport>.freeze, ["= 8.0.3".freeze])
+  s.add_runtime_dependency(%q<activesupport>.freeze, ["= 8.1.1".freeze])
   s.add_runtime_dependency(%q<builder>.freeze, ["~> 3.1".freeze])
   s.add_runtime_dependency(%q<erubi>.freeze, ["~> 1.11".freeze])
   s.add_runtime_dependency(%q<rails-html-sanitizer>.freeze, ["~> 1.6".freeze])
   s.add_runtime_dependency(%q<rails-dom-testing>.freeze, ["~> 2.2".freeze])
-  s.add_development_dependency(%q<actionpack>.freeze, ["= 8.0.3".freeze])
-  s.add_development_dependency(%q<activemodel>.freeze, ["= 8.0.3".freeze])
+  s.add_development_dependency(%q<actionpack>.freeze, ["= 8.1.1".freeze])
+  s.add_development_dependency(%q<activemodel>.freeze, ["= 8.1.1".freeze])
 end

data/vendor/bundle/ruby/3.4.0/specifications/{activesupport-8.0.3.gemspec → activesupport-8.1.1.gemspec}

@@ -1,12 +1,12 @@
 # -*- encoding: utf-8 -*-
-# stub: activesupport 8.0.3 ruby lib
+# stub: activesupport 8.1.1 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "activesupport".freeze
-  s.version = "8.0.3".freeze
+  s.version = "8.1.1".freeze
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
-  s.metadata = { "bug_tracker_uri" => "https://github.com/rails/rails/issues", "changelog_uri" => "https://github.com/rails/rails/blob/v8.0.3/activesupport/CHANGELOG.md", "documentation_uri" => "https://api.rubyonrails.org/v8.0.3/", "mailing_list_uri" => "https://discuss.rubyonrails.org/c/rubyonrails-talk", "rubygems_mfa_required" => "true", "source_code_uri" => "https://github.com/rails/rails/tree/v8.0.3/activesupport" } if s.respond_to? :metadata=
+  s.metadata = { "bug_tracker_uri" => "https://github.com/rails/rails/issues", "changelog_uri" => "https://github.com/rails/rails/blob/v8.1.1/activesupport/CHANGELOG.md", "documentation_uri" => "https://api.rubyonrails.org/v8.1.1/", "mailing_list_uri" => "https://discuss.rubyonrails.org/c/rubyonrails-talk", "rubygems_mfa_required" => "true", "source_code_uri" => "https://github.com/rails/rails/tree/v8.1.1/activesupport" } if s.respond_to? :metadata=
   s.require_paths = ["lib".freeze]
   s.authors = ["David Heinemeier Hansson".freeze]
   s.date = "1980-01-02"
@@ -31,8 +31,8 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency(%q<base64>.freeze, [">= 0".freeze])
   s.add_runtime_dependency(%q<drb>.freeze, [">= 0".freeze])
   s.add_runtime_dependency(%q<bigdecimal>.freeze, [">= 0".freeze])
+  s.add_runtime_dependency(%q<json>.freeze, [">= 0".freeze])
   s.add_runtime_dependency(%q<logger>.freeze, [">= 1.4.2".freeze])
   s.add_runtime_dependency(%q<securerandom>.freeze, [">= 0.3".freeze])
   s.add_runtime_dependency(%q<uri>.freeze, [">= 0.13.1".freeze])
-  s.add_runtime_dependency(%q<benchmark>.freeze, [">= 0.3".freeze])
 end

data/vendor/bundle/ruby/3.4.0/specifications/{addressable-2.8.7.gemspec → addressable-2.8.8.gemspec}

@@ -1,15 +1,15 @@
 # -*- encoding: utf-8 -*-
-# stub: addressable 2.8.7 ruby lib
+# stub: addressable 2.8.8 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "addressable".freeze
-  s.version = "2.8.7".freeze
+  s.version = "2.8.8".freeze
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
-  s.metadata = { "changelog_uri" => "https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md#v2.8.7" } if s.respond_to? :metadata=
+  s.metadata = { "changelog_uri" => "https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md#v2.8.8" } if s.respond_to? :metadata=
   s.require_paths = ["lib".freeze]
   s.authors = ["Bob Aman".freeze]
-  s.date = "2024-06-21"
+  s.date = "1980-01-02"
   s.description = "Addressable is an alternative implementation to the URI implementation that is\npart of Ruby's standard library. It is flexible, offers heuristic parsing, and\nadditionally provides extensive support for IRIs and URI templates.\n".freeze
   s.email = "bob@sporkmonger.com".freeze
   s.extra_rdoc_files = ["README.md".freeze]
@@ -18,13 +18,13 @@ Gem::Specification.new do |s|
   s.licenses = ["Apache-2.0".freeze]
   s.rdoc_options = ["--main".freeze, "README.md".freeze]
   s.required_ruby_version = Gem::Requirement.new(">= 2.2".freeze)
-  s.rubygems_version = "3.5.11".freeze
+  s.rubygems_version = "3.6.9".freeze
   s.summary = "URI Implementation".freeze
 
   s.installed_by_version = "3.6.9".freeze
 
   s.specification_version = 4
 
-  s.add_runtime_dependency(%q<public_suffix>.freeze, [">= 2.0.2".freeze, "< 7.0".freeze])
+  s.add_runtime_dependency(%q<public_suffix>.freeze, [">= 2.0.2".freeze, "< 8.0".freeze])
   s.add_development_dependency(%q<bundler>.freeze, [">= 1.0".freeze, "< 3.0".freeze])
 end

data/vendor/bundle/ruby/3.4.0/specifications/{bigdecimal-3.2.3.gemspec → bigdecimal-3.3.1.gemspec}

@@ -1,10 +1,10 @@
 # -*- encoding: utf-8 -*-
-# stub: bigdecimal 3.2.3 ruby lib
+# stub: bigdecimal 3.3.1 ruby lib
 # stub: ext/bigdecimal/extconf.rb
 
 Gem::Specification.new do |s|
   s.name = "bigdecimal".freeze
-  s.version = "3.2.3".freeze
+  s.version = "3.3.1".freeze
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.metadata = { "changelog_uri" => "https://github.com/ruby/bigdecimal/blob/master/CHANGES.md" } if s.respond_to? :metadata=