Bump uri from 1.0.3 to 1.0.4 in the bundler group across 1 directory

[dependabot]

Bumps the bundler group with 1 update in the / directory: uri.

Updates uri from 1.0.3 to 1.0.4

Release notes

Sourced from uri's releases.

v1.0.4

Security fixes

• CVE-2025-61594

---

Full Changelog: ruby/uri@v1.0.3...v1.0.4

Commits

• e507473 Bump up to v1.0.4
• d3116ca Merge branch 'CVE-2025-61594-3-4' into HEAD
• 6c6449e Add authority accessor
• 5cec76b Clear user info totally at setting any of authority info
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

👋 Thanks for opening a pull request!

If you are new, please check out the trimmed down deployment summary listed below:

1. ✔️ Obtain an approval/review on this pull request

2. 🚀 Branch deploy your pull request to production with .deploy

   If anything goes wrong, rollback with .deploy main

3. 🎉 Merge!

[nobe4]

.deploy

[github-actions]

⚠️ Cannot claim deployment lock

Sorry nobe4, the production environment deployment lock is currently claimed by GrantBirki

Lock Details 🔒

• Environment: production
• Branch: test
• Created At: 2025-01-21T22:31:42.604Z
• Created By: GrantBirki
• Sticky: true
• Global: false
• Comment Link: click here
• Lock Link: click here

The current lock has been active for 427d:17h:43m:55s

If you need to release the lock, please comment .unlock production

[nobe4]

.unlock production

[github-actions]

🔓 Deployment Lock Removed

The production deployment lock has been successfully removed

[nobe4]

.deploy

[github-actions]

Deployment Triggered 🚀

nobe4, started a branch deployment to production (branch: dependabot/bundler/bundler-5ba02b25d1)

You can watch the progress here 🔗

Details

{
  "type": "branch",
  "environment": {
    "name": "production",
    "url": null
  },
  "deployment": {
    "timestamp": "2026-03-25T16:17:46.905Z",
    "logs": "https://github.com/github/entitlements-config/actions/runs/23551594783"
  },
  "git": {
    "branch": "dependabot/bundler/bundler-5ba02b25d1",
    "commit": "2e5503a32d223e63ea68a7c2254b922ae6915281",
    "verified": true,
    "committer": "web-flow",
    "html_url": "https://github.com/github/entitlements-config/commit/2e5503a32d223e63ea68a7c2254b922ae6915281"
  },
  "context": {
    "actor": "nobe4",
    "noop": false,
    "fork": false,
    "comment": {
      "created_at": "2026-03-25T16:17:28Z",
      "updated_at": "2026-03-25T16:17:28Z",
      "body": ".deploy",
      "html_url": "https://github.com/github/entitlements-config/pull/41#issuecomment-4127912393"
    }
  },
  "parameters": {
    "raw": null,
    "parsed": null
  }
}

[github-actions]

Deployment Results ✅

nobe4 successfully branch deployed branch dependabot/bundler/bundler-5ba02b25d1 to production

Show Results

====================================================================
Starting LDAP Container
Date: Wed Mar 25 16:17:58 UTC 2026, Environment: entitlements-config
====================================================================
4d320fcf660d6832f31df55e5be03fc763fbaaf47f1f06feb407c6015c5f66b1
====================================================================
Executing deploy-entitlements -c /home/runner/work/entitlements-config/entitlements-config/config/entitlements.yaml
Date: Wed Mar 25 16:18:14 UTC 2026, Environment: entitlements-config
====================================================================
/home/runner/work/entitlements-config/entitlements-config/vendor/bundle/ruby/3.3.0/gems/net-ldap-0.19.0/lib/net/ldap/password.rb:5: warning: base64 was loaded from the standard library, but will no longer be part of the default gems since Ruby 3.4.0. Add base64 to your Gemfile or gemspec. Also contact author of net-ldap-0.19.0 to add base64 into its gemspec.
I, [2026-03-25T16:18:15.194202 #3113]  INFO -- : CHANGE cn=admin,ou=strictly-audited,ou=Entitlements,ou=Groups,dc=example,dc=org in entitlements/strictly-audited
I, [2026-03-25T16:18:15.197645 #3113]  INFO -- : .  - danhoerst
I, [2026-03-25T16:18:15.208739 #3113]  INFO -- : Successfully applied 1 change(s)!