Update concurrent-ruby requirement from < 1.3.7 to < 1.3.8

[dependabot]

Updates the requirements on concurrent-ruby to permit the latest version.

Release notes

Sourced from concurrent-ruby's releases.

v1.3.7

There are 3 security fixes in this release, so updating is recommended. These security vulnerabilities are not very likely to be hit in practice and have a corresponding Low severity score.

What's Changed

• CVE-2026-54904 AtomicReference#update livelocks when the stored value is Float::NAN. Fix by @​joshuay03 and @​eregon
• CVE-2026-54905 ReentrantReadWriteLock read-count overflow grants a write lock without exclusivity. Fix by @​joshuay03
• CVE-2026-54906 ReadWriteLock allows wrong-thread write release and stray read-release counter corruption. Fix by @​joshuay03
• concurrent-ruby-ext: fix build on Darwin 32-bit by @​barracuda156 in ruby-concurrency/concurrent-ruby#1064
• Add SECURITY.md by @​eregon in ruby-concurrency/concurrent-ruby#1104
• Add Ruby 4.0 in CI by @​eregon in ruby-concurrency/concurrent-ruby#1106

New Contributors

• @​barracuda156 made their first contribution in ruby-concurrency/concurrent-ruby#1064

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7

Changelog

Sourced from concurrent-ruby's changelog.

Release v1.3.7 (16 June 2026)

concurrent-ruby:

• See the release notes on GitHub.

Release v1.3.6 (13 December 2025)

concurrent-ruby:

• See the release notes on GitHub.

Release v1.3.5, edge v0.7.2 (15 January 2025)

concurrent-ruby:

• (#1062) Remove dependency on logger.

concurrent-ruby-edge:

• (#1062) Remove dependency on logger.

Release v1.3.4 (10 August 2024)

• (#1060) Fix bug with return value of Concurrent.available_processor_count when cpu.cfs_quota_us is -1.
• (#1058) Add Concurrent.cpu_shares that is cgroups aware.

Release v1.3.3 (9 June 2024)

• (#1053) Improve the speed of Concurrent.physical_processor_count on Windows.

Release v1.3.2, edge v0.7.1 (7 June 2024)

concurrent-ruby:

• (#1051) Remove dependency on win32ole.

concurrent-ruby-edge:

• (#1052) Fix dependency on concurrent-ruby to allow the latest release.

Release v1.3.1 (29 May 2024)

• Release 1.3.0 was broken when pushed to RubyGems. 1.3.1 is a packaging fix.

Release v1.3.0 (28 May 2024)

• (#1042) Align Java Executor Service behavior for shuttingdown?, shutdown?
• (#1038) Add Concurrent.available_processor_count that is cgroups aware.

... (truncated)

Commits

• 4c8fc28 Release 1.3.7
• d91ca94 Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...
• 7e4d711 Fix ReentrantReadWriteLock read hold overflow into write-lock bit
• 6e37e06 Fix AtomicReference#update livelock when stored value is Float::NAN
• 2825cfa Cleanup spec
• 3fd4932 Fix ReadWriteLock wrong-thread write release and stray read release
• 1974b47 Add Ruby 4.0 in CI
• df8706d Add SECURITY.md (#1104)
• 7a1b789 Bump actions/upload-pages-artifact from 4 to 5
• 9b2dbf7 Bump actions/deploy-pages from 4 to 5
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)