[Security] Bump simple_form from 4.1.0 to 5.0.0

[dependabot-preview[bot]]

Bumps simple_form from 4.1.0 to 5.0.0. This update includes a security fix.

Vulnerabilities fixed

*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/simple_form/CVE-2019-16676.yml).* > **simple_form Gem for Ruby Incorrect Access Control for forms based on user input** > Simple Form before 5.0 has Incorrect Access Control in `file_method?` in `lib/simple_form/form_builder.rb`, > because a user-supplied string is invoked as a method call. > > This only happens for pages that build forms based on user input. > > Patched versions: >= 5.0 > Unaffected versions: none

Changelog

*Sourced from [simple_form's changelog](https://github.com/plataformatec/simple_form/blob/master/CHANGELOG.md).* > ## 5.0.0 > > ### Enhancements > * Set multiple attribute for grouped selects also. [@​ollym](https://github.com/ollym) > * Removes or renames label classes. [Abduvakilov](https://github.com/Abduvakilov) > * Support to label custom classes for inline collections. [@​feliperenan](https://github.com/feliperenan) > * Update bootstrap generator template to match v4.3.x. [@​m5o](https://github.com/m5o) > * Allow "required" attribute in generated select elements of PriorityInput. [@​mcountis](https://github.com/mcountis) > > ### Bug fix > * Do not call `#send` in form object to check whether the attribute is a file input. [@​tegon](https://github.com/tegon) > > ## Deprecations > * The config `SimpleForm.file_methods` is deprecated and it has no effect. Simple Form now supports automatically discover of file inputs for the following Gems: activestorage, carrierwave, paperclip, refile and shrine. If you are using a custom method that is not from one of the supported Gems, please change your forms to pass the input type explicitly: > > ```erb > <%= form.input :avatar, as: :file %> > ``` > > See http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676 for more information.

Commits

- [`440ed5f`](https://github.com/plataformatec/simple_form/commit/440ed5f2fe093d9066940ab6979099a409576ad9) Include information about security issues in README.md and - [`8c91bd7`](https://github.com/plataformatec/simple_form/commit/8c91bd76a5052ddf3e3ab9fd8333f9aa7b2e2dd6) Don't call `#send` in form object to build file inputs - [`62408e8`](https://github.com/plataformatec/simple_form/commit/62408e80ae0f7c69784d887e26117e2c8eeb8199) Remove `ruby-head` jobs - [`69f4d46`](https://github.com/plataformatec/simple_form/commit/69f4d460449a222bfc75fe1d4352bc438fed1560) Update jruby version - [`bcc1197`](https://github.com/plataformatec/simple_form/commit/bcc119744bfb5dbb2b87ff2326d4eb302ce7fdda) Don't run specs with jruby 9.1 and Rails 6 - [`8d56636`](https://github.com/plataformatec/simple_form/commit/8d56636ccf079739d7e23ef8d56755e340ecae4e) Fix full error message test on Rails 6 - [`13d0341`](https://github.com/plataformatec/simple_form/commit/13d0341bdf1c4bc9f966db8e010d26bd05597189) Use different assertions for Rails 5 and 6 - [`6f677ec`](https://github.com/plataformatec/simple_form/commit/6f677ec0e992d0cc7ebd8eb477dffc39530413c3) Don't run specs with Rails 6 and older rubies - [`fc25ab4`](https://github.com/plataformatec/simple_form/commit/fc25ab40a28ad477e1ac0e45ddcf7ad2b64891f3) Rails 6 and latest rubies on CI - [`9d7921f`](https://github.com/plataformatec/simple_form/commit/9d7921f38d8335c67adbf3dd430992a8ae4c0111) Merge pull request [#1667](https://github-redirect.dependabot.com/plataformatec/simple_form/issues/1667) from olleolleolle/patch-1 - Additional commits viewable in [compare view](https://github.com/plataformatec/simple_form/compare/v4.1.0...v5.0.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.