🚨 [security] Update ffi: 1.9.23 → 1.9.25 (patch)

[depfu]

---

🚨 Your version of ffi has known security vulnerabilities 🚨

Advisory: CVE-2018-1000201
Disclosed: June 22, 2018
URL: https://github.com/ffi/ffi/releases/tag/1.9.24

ruby-ffi DDL loading issue on Windows OS

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be
hijacked on Windows OS, when a Symbol is used as DLL name instead of a String
This vulnerability appears to have been fixed in v1.9.24 and later.

🚨 We recommend to merge and deploy this update as soon as possible! 🚨

---

We've updated a dependency and here is what you need to know:

name	version specification	old version	new version
ffi	indirect dependency	1.9.23	1.9.25

You should probably take a good look at the info here and the test results before merging this pull request, of course.

What changed?

↗️ ffi (indirect, 1.9.23 → 1.9.25) · Repo

Commits

See the full diff on Github. The new version differs by 18 commits:

• Prepare for release 1.9.25
• Revert "README: Remove now unnecessary PaX workaround [ci skip]"
• Revert "Do closures via libffi"
• Run rspec with dots output only
• Fix integer parameter range specs
• Fix several specs where raise_error was called without class
• Specify error class for several raise_error calls
• Fix missing C declarations causing compiler warnings
• Replace symlinks for mips r6 with plain files
• Update CHANGELOG
• Merge branch 'master' of github.com:ffi/ffi
• Add a CHANGELOG file
• Bump VERSION to 1.9.24
• Update libffi to latest changes on master
• Don't search in hardcoded paths on Windows
• Don't treat Symbol args different to Strings in ffi_lib
• Make sure size_t is defined in Thread.c
• Merge pull request #601 from wzssyqa/master

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.