Build(deps-dev): bump curb from 1.3.2 to 1.3.4

[dependabot]

Bumps curb from 1.3.2 to 1.3.4.

Changelog

Sourced from curb's changelog.

1.3.4

• Fix Curl::Multi socket-action dispatch so ready sockets are collected before calling back into libcurl, avoiding invalid access when socket interest changes during iteration.
• Keep the Fiber scheduler socket-action IO cache registered with Ruby GC during _socket_perform and clear it during cleanup, avoiding stale Ruby object references under valgrind.
• Make Fiber scheduler tests avoid hardcoded port 9993 so local listeners or concurrent valgrind runs do not break the release suite.

1.3.3

• Skip the NTLM-specific username/password assertion when libcurl was built without NTLM support so newer libcurl builds do not fail by falling back to Basic auth.
• Fix Curl::Easy#put_data= with non-String to_s payloads so upload length calculation does not read non-String objects as Ruby strings.
• Guard Curl::Easy#clone against curl_easy_duphandle allocation failure so clone raises NoMemError instead of dereferencing a NULL handle.
• Guard Curl::Multi lifecycle during active perform calls so closing a multi handle from callbacks or perform blocks raises instead of freeing an in-use libcurl multi handle.
• Reject adding an active Curl::Easy handle to a second Curl::Multi before setup mutates request state.
• Restore one-shot request state for HEAD, PATCH, and PUT requests after success or callback/error unwinds so later requests do not inherit stale method/body options.
• Validate Curl::Easy#put_data= before mutating libcurl upload options, preventing failed setup paths from leaving stale upload callbacks installed.
• Preserve CURLOPT_RESOLVE values set through Easy#set across repeated performs, and allow resolve/FTP command entries that convert to strings.
• Fix older build fallback paths for curl_multi_wait and no-GVL select.
• Fix the Fiber scheduler socket-action path so single-socket waits pass the actual ready events back to libcurl, avoiding incomplete HTTP responses on macOS CI.
• Make legacy bug tests avoid hardcoded port 9999 so local SSH tunnels or other listeners do not break the release suite.
• Add regression coverage for multi lifecycle guards, active easy reuse, request state cleanup, upload setup rollback, resolve persistence, string-convertible resolve/FTP command entries, and scheduler socket waits.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)