Bump concurrent-ruby from 1.3.6 to 1.3.7

[dependabot]

Bumps concurrent-ruby from 1.3.6 to 1.3.7.

Release notes

Sourced from concurrent-ruby's releases.

v1.3.7

There are 3 security fixes in this release, so updating is recommended. These security vulnerabilities are not very likely to be hit in practice and have a corresponding Low severity score.

What's Changed

• CVE-2026-54904 AtomicReference#update livelocks when the stored value is Float::NAN. Fix by @​joshuay03 and @​eregon
• CVE-2026-54905 ReentrantReadWriteLock read-count overflow grants a write lock without exclusivity. Fix by @​joshuay03
• CVE-2026-54906 ReadWriteLock allows wrong-thread write release and stray read-release counter corruption. Fix by @​joshuay03
• concurrent-ruby-ext: fix build on Darwin 32-bit by @​barracuda156 in ruby-concurrency/concurrent-ruby#1064
• Add SECURITY.md by @​eregon in ruby-concurrency/concurrent-ruby#1104
• Add Ruby 4.0 in CI by @​eregon in ruby-concurrency/concurrent-ruby#1106

New Contributors

• @​barracuda156 made their first contribution in ruby-concurrency/concurrent-ruby#1064

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7

Changelog

Sourced from concurrent-ruby's changelog.

Release v1.3.7 (16 June 2026)

concurrent-ruby:

• See the release notes on GitHub.

Commits

• 4c8fc28 Release 1.3.7
• d91ca94 Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...
• 7e4d711 Fix ReentrantReadWriteLock read hold overflow into write-lock bit
• 6e37e06 Fix AtomicReference#update livelock when stored value is Float::NAN
• 2825cfa Cleanup spec
• 3fd4932 Fix ReadWriteLock wrong-thread write release and stray read release
• 1974b47 Add Ruby 4.0 in CI
• df8706d Add SECURITY.md (#1104)
• 7a1b789 Bump actions/upload-pages-artifact from 4 to 5
• 9b2dbf7 Bump actions/deploy-pages from 4 to 5
• Additional commits viewable in compare view