Bump addressable from 2.8.8 to 2.9.0 (#591)

Fixes GHSA-h27x-rffw-24p4 (CVE-2026-35611), a high-severity ReDoS
vulnerability in Addressable URI template matching.

Author: bjorkert

Gemfile.lock

@@ -3,7 +3,7 @@ GEM
   specs:
     CFPropertyList (3.0.8)
     abbrev (0.1.2)
-    addressable (2.8.8)
+    addressable (2.9.0)
       public_suffix (>= 2.0.2, < 8.0)
     artifactory (3.0.17)
     atomos (0.1.3)