[Security] Bump sprockets from 3.7.1 to 3.7.2

[greysteil]

Bumps sprockets from 3.7.1 to 3.7.2. This update includes security fixes.

Vulnerabilities fixed

*Sourced from The GitHub Vulnerability Alert Database.* > **CVE-2018-3760** > See https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k. > > Affected versions: >=3.0.0,<3.7.2 *Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sprockets/CVE-2018-3760.yml).* > **Path Traversal in Sprockets** > Specially crafted requests can be used to access files that exist on > the filesystem that is outside an application's root directory, when the > Sprockets server is used in production. > > All users running an affected release should either upgrade or use one of the work arounds immediately. > > Workaround: > In Rails applications, work around this issue, set `config.assets.compile = false` and > `config.public_file_server.enabled = true` in an initializer and precompile the assets. > > This work around will not be possible in all hosting environments and upgrading is advised. > > Patched versions: >= 2.12.5, < 3.0.0; >= 3.7.2, < 4.0.0; >= 4.0.0.beta8 > Unaffected versions: none

(This is an example of the kind of PRs Dependabot creates, so you can see it in action alongside #438. It won't automatically rebase or any of the clever stuff Dependabot normally does because I've manually copied it across, though.)

[coveralls]

Coverage remained the same at 92.221% when pulling 1add2d9c6feaf2135755e14a4831bffd8cc1ba62 on greysteil:dependabot/bundler/sprockets-3.7.2 into 1b9adfd4a350f2b64cd60500a17406328ebd46f9 on ivaldi:master.

[coveralls]

Coverage remained the same at 92.221% when pulling 1add2d9c6feaf2135755e14a4831bffd8cc1ba62 on greysteil:dependabot/bundler/sprockets-3.7.2 into 1b9adfd4a350f2b64cd60500a17406328ebd46f9 on ivaldi:master.