This is security and bug-fix release.

Security:

1. Update httparty gem to 0.24.2. Fix CVE-2025-68696.
2. Brakeman: set Rails.application.config.action_dispatch.cookies_serializer to :json (#2425).
3. Brakeman: add rel: "noopener noreferrer" to all places with target: "_blank" (#2425).

Bug-fixes:

1. Update brakeman gem from 7.0.2 to 7.1.1.
2. Update thruster gem from 0.1.15 to 0.1.17.
3. Update tzinfo-data gem from 1.2025.2 to 1.2025.3.
4. Ruby 3.4.8.
5. Sync GitHub Actions with main.
6. Fix API JSON serialization for Mongoid documents (PR #2601) by @elektronaut