[Security] Bump ffi from 1.9.21 to 1.9.25

[dependabot-preview]

Bumps ffi from 1.9.21 to 1.9.25. This update includes security fixes.

Vulnerabilities fixed

Sourced from The GitHub Vulnerability Alert Database.

CVE-2018-1000201
See https://nvd.nist.gov/vuln/detail/CVE-2018-1000201.

Affected versions: < 1.9.24

Changelog

Sourced from ffi's changelog.

1.9.25 / 2018-06-03

Changed:

• Revert closures via libffi.
  This re-adds ClosurePool and fixes compat with SELinux enabled systems. #621

1.9.24 / 2018-06-02

Security Note:

This update addresses vulnerability CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String. Found by Matthew Bush.

Added:

• Added a CHANGELOG file
• Add mips64(eb) support, and mips r6 support. (#601)

Changed:

• Update libffi to latest changes on master.
• Don't search in hardcoded /usr paths on Windows.
• Don't treat Symbol args different to Strings in ffi_lib.
• Make sure size_t is defined in Thread.c. Fixes #609

1.9.23 / 2018-02-25

Changed:

• Fix unnecessary rebuild of configure in darwin multi arch. Fixes #605

1.9.22 / 2018-02-22

Changed:

• Update libffi to latest changes on master.
• Update detection of system libffi to match new requirements. Fixes #617
• Prefer bundled libffi over system libffi on Mac OS.
• Do closures via libffi. This removes ClosurePool and fixes compat with PaX. #540
• Use a more deterministic gem packaging.
• Fix unnecessary update of autoconf files at gem install.

Commits

• aa1b844 Prepare for release 1.9.25
• f1385ae Revert "README: Remove now unnecessary PaX workaround [ci skip]"
• 94441aa Revert "Do closures via libffi"
• 4e1051a Run rspec with dots output only
• e70b13d Fix integer parameter range specs
• 55ae232 Fix several specs where raise_error was called without class
• 8821d4f Specify error class for several raise_error calls
• bf48d44 Fix missing C declarations causing compiler warnings
• f569788 Replace symlinks for mips r6 with plain files
• fedbae0 Update CHANGELOG
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #29.