[Security] Bump loofah from 2.2.3 to 2.4.0

dependabot-preview[bot] · web-flow · commit 34e60b7cdd82 · 2019-11-26T04:12:47.000Z
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.2.3 to 2.4.0. **This update includes a security fix.** - [Release notes](https://github.com/flavorjones/loofah/releases) - [Changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md) - [Commits](flavorjones/loofah@v2.2.3...v2.4.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -81,7 +81,7 @@ GEM
     concurrent-ruby (1.1.5)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    crass (1.0.4)
+    crass (1.0.5)
     database_cleaner (1.7.0)
     debug_inspector (0.0.3)
     delayed_job (4.1.5)
@@ -129,7 +129,7 @@ GEM
       addressable (~> 2.3)
     leaflet-rails (1.0.3)
       rails (>= 4.2.0)
-    loofah (2.2.3)
+    loofah (2.4.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -144,7 +144,7 @@ GEM
       sass (>= 3.3)
     newrelic_rpm (4.2.0.334)
     nio4r (2.4.0)
-    nokogiri (1.10.4)
+    nokogiri (1.10.5)
       mini_portile2 (~> 2.4.0)
     normalize-rails (3.0.3)
     pg (0.20.0)
