build(deps): bump the bundler group across 1 directory with 4 updates

[dependabot]

Bumps the bundler group with 4 updates in the / directory: bigdecimal, minitest, parallel and rack.

Updates bigdecimal from 4.0.1 to 4.1.0

Release notes

Sourced from bigdecimal's releases.

v4.1.0

What's Changed

• Remove ENABLE_NUMERIC_STRING flag by @​tompng in ruby/bigdecimal#479
• Sample code without deprecated modules by @​tompng in ruby/bigdecimal#480
• Improve performance of add/sub when exponent of two bigdecimals have huge difference by @​tompng in ruby/bigdecimal#478
• Change frozen_string_literal from false to true by @​tompng in ruby/bigdecimal#481
• NTT multiplication and Newton-Raphson division by @​tompng in ruby/bigdecimal#407
• Implement BigMath::PI with Gauss-Legendre algorithm by @​tompng in ruby/bigdecimal#434
• Improve taylor series calculation of exp and sin by bit burst algorithm by @​tompng in ruby/bigdecimal#433
• Remove calculating log(10) in BigMath.log for large/small x by @​tompng in ruby/bigdecimal#484
• Add missing call-seq by @​tompng in ruby/bigdecimal#485
• Split internal extra calculation prec and BigDecimal.double_fig usage by @​tompng in ruby/bigdecimal#486
• Add RBS signature and testing by @​ksss in ruby/bigdecimal#488
• Add missing sig file by @​ksss in ruby/bigdecimal#492
• Simplify butterfly operation of Number Theoretic Transform by @​tompng in ruby/bigdecimal#496
• Assume always have uint64_t by @​tompng in ruby/bigdecimal#497
• Use bit_length to calculate NTT bit size by @​tompng in ruby/bigdecimal#498
• Update depend files, etc by @​tompng in ruby/bigdecimal#499
• Fix erfc(x,prec) precision when x is huge by @​tompng in ruby/bigdecimal#502
• Increase BigMath converge test precisions by @​tompng in ruby/bigdecimal#503
• Fix error compiling with ruby.wasm by @​tompng in ruby/bigdecimal#504
• Bump version to 4.1.0 by @​tompng in ruby/bigdecimal#505

New Contributors

• @​ksss made their first contribution in ruby/bigdecimal#488

Full Changelog: ruby/bigdecimal@v4.0.1...v4.1.0

Changelog

Sourced from bigdecimal's changelog.

4.1.0

• Drop Ruby 2.5 support GH-505

  @​tompng

• Performance improvements: NTT multiplication, Newton-Raphson division, bit-burst algorithm for exp/sin, Gauss-Legendre for PI, improved log, and faster add/sub for large exponent differences GH-407 GH-433 GH-434 GH-478 GH-484

  @​tompng

• Remove ENABLE_NUMERIC_STRING flag GH-479

  @​tompng

• Add RBS signature and testing GH-488 GH-492

  @​ksss

• Fix erfc(x,prec) precision when x is huge GH-502

  @​tompng

• Fix error compiling with ruby.wasm GH-504

  @​tompng

Commits

• e64c502 Bump version to 4.1.0 (#505)
• 4782fc5 Fix error compiling with ruby.wasm (#504)
• 39853fa Increase BigMath converge test precisions (#503)
• 4a7268e Fix erfc(x,prec) precision when x is huge (#502)
• 34e4715 Update depend files, etc (#499)
• 0a47ee4 Use bit_length to calculate NTT bit size (#498)
• fa02252 Remove DECDIG=uint16_t branch. BigDecimal already requires uint64_t from v3.1...
• af72ebd Simplify butterfly operation of Number Theoretic Transform (#496)
• dba0783 Merge pull request #494 from ruby/dependabot/github_actions/rubygems/release-...
• 0bafaae Merge pull request #495 from ruby/dependabot/github_actions/step-security/har...
• Additional commits viewable in compare view

Updates minitest from 6.0.2 to 6.0.3

Changelog

Sourced from minitest's changelog.

=== 6.0.3 / 2026-03-31

• 1 bug fix:

  • assert_same(nil, value) no longer allowed. Use assert_nil to be explicit. (paddor)

Commits

• 649b075 prepped for release
• a2d0904 - assert_same(nil, value) no longer allowed. Use assert_nil to be explicit. (...
• See full diff in compare view

Updates parallel from 1.27.0 to 1.28.0

Commits

• e141db9 v1.28.0
• 679f6ec Merge pull request #360 from grosser/grosser/dump
• 0da8239 dump undumpable exceptions without cause if that fixes the issue
• 8d638d0 Merge pull request #358 from grosser/grosser/up
• 998ce26 bundle and cleanup test duplication
• See full diff in compare view

Updates rack from 3.2.5 to 3.2.6

Release notes

Sourced from rack's releases.

v3.2.6

Full Changelog: rack/rack@v3.2.5...v3.2.6

Changelog

Sourced from rack's changelog.

[3.2.6] - 2026-04-01

Security

• CVE-2026-34763 Root directory disclosure via unescaped regex interpolation in Rack::Directory.
• CVE-2026-34230 Avoid O(n^2) algorithm in Rack::Utils.select_best_encoding which could lead to denial of service.
• CVE-2026-32762 Forwarded header semicolon injection enables Host and Scheme spoofing.
• CVE-2026-26961 Raise error for multipart requests with multiple boundary parameters.
• CVE-2026-34786 Rack::Static header_rules bypass via URL-encoded path mismatch.
• CVE-2026-34831 Content-Length mismatch in Rack::Files error responses.
• CVE-2026-34826 Multipart byte range processing allows denial of service via excessive overlapping ranges.
• CVE-2026-34835 Rack::Request accepts invalid Host characters, enabling host allowlist bypass.
• CVE-2026-34830 Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect.
• CVE-2026-34785 Rack::Static prefix matching can expose unintended files under the static root.
• CVE-2026-34829 Multipart parsing without Content-Length header allows unbounded chunked file uploads.
• CVE-2026-34827 Multipart header parsing allows denial of service via escape-heavy quoted parameters.
• CVE-2026-26962 Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.

Commits

• e1f22fd Bump patch version.
• 31989fd Fix typo in test.
• d268165 Fix test expectation.
• 8f425de Add Ruby v4.0 to the test matrix.
• bf83042 Drop EOL Rubies from external tests.
• d50c4d3 Implement OBS unfolding for multipart requests per RFC 5322 2.2.3
• bfb6914 Limit the number of quoted escapes during multipart parsing
• b3e5945 Add Content-Length size check in Rack::Multipart::Parser
• 7a8f326 Fix root prefix bug in Rack::Static
• a57bc14 Only do a simple substitution on the x-accel-mapping paths
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.