CodeQL for Ruby: false alert for `URI.parse`

[nobu]

https://github.com/ruby/ruby/security/code-scanning/127
URI.parse('https://www.example.com/search?q=%XX') is alerted to escape dots as the string is used as a regex and, but it is matched against RFC3986_URI and RFC3986_relative_ref which are regex both.

[aibaars]

You're right. It looks like the analysis is confusing Regexp.match(String) and String.match(Regexp|String) causing it to wrongly conclude that the uri argument in RFC3986_URI.match(uri) is the regular expression.

[aibaars]

I think this should be addressed by #10559 which is likely to be available in the CodeQL release in two or three weeks time.