Bump loofah from 2.3.0 to 2.4.0

Bumps loofah from 2.3.0 to 2.4.0.

Release notes

*Sourced from [loofah's releases](https://github.com/flavorjones/loofah/releases).* > ## 2.4.0 / 2019-11-25 > > ### Features > > * Allow CSS property `max-width` [#175](https://github-redirect.dependabot.com/flavorjones/loofah/issues/175) (Thanks, [@bchaney](https://github.com/bchaney)!) > * Allow CSS sizes expressed in `rem` [#176, [#177](https://github-redirect.dependabot.com/flavorjones/loofah/issues/177)] > * Add `frozen_string_literal: true` magic comment to all `lib` files. [#118](https://github-redirect.dependabot.com/flavorjones/loofah/issues/118) > > ## 2.3.1 / 2019-10-22 > > ### Security > > Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. > > This CVE's public notice is at [flavorjones/loofah#171](https://github-redirect.dependabot.com/flavorjones/loofah/issues/171)

Changelog

*Sourced from [loofah's changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md).* > ## 2.4.0 / 2019-11-25 > > ### Features > > * Allow CSS property `max-width` [#175](https://github-redirect.dependabot.com/flavorjones/loofah/issues/175) (Thanks, [@bchaney](https://github.com/bchaney)!) > * Allow CSS sizes expressed in `rem` [#176, [#177](https://github-redirect.dependabot.com/flavorjones/loofah/issues/177)] > * Add `frozen_string_literal: true` magic comment to all `lib` files. [#118](https://github-redirect.dependabot.com/flavorjones/loofah/issues/118) > > > ## 2.3.1 / 2019-10-22 > > ### Security > > Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. > > This CVE's public notice is at [flavorjones/loofah#171](https://github-redirect.dependabot.com/flavorjones/loofah/issues/171)

Commits

- [`724ac1c`](https://github.com/flavorjones/loofah/commit/724ac1c9d689e1fdce9542816909a12632cf410f) version bump to v2.4.0 - [`e808fb6`](https://github.com/flavorjones/loofah/commit/e808fb67a3b4778dd58030bdfffccfac6019fa47) ci: don't turn on frozen strings until after bundle install - [`0eb9976`](https://github.com/flavorjones/loofah/commit/0eb99761d1d86309f403a767d6254c05e1bea42b) update CHANGELOG - [`0783f5b`](https://github.com/flavorjones/loofah/commit/0783f5b1b102046cc8dae23634e8ab27227a9def) add magic comment for frozen string literals to all files - [`5ce3a71`](https://github.com/flavorjones/loofah/commit/5ce3a7175974bf88f338cdae518234bc1abae224) add rubocop as dev dep and configure security and frozen string cops - [`82ae384`](https://github.com/flavorjones/loofah/commit/82ae384998ea1769371233dd2181de644284fc42) test suite should check compatibility with frozen string literals - [`8747065`](https://github.com/flavorjones/loofah/commit/8747065613a0b1faf48681bf431efae8430801a2) Merge pull request [#175](https://github-redirect.dependabot.com/flavorjones/loofah/issues/175) from bchaney/allow-css-max-width - [`2767ae3`](https://github.com/flavorjones/loofah/commit/2767ae3be611a40c8c4c01c92188343a91eb8bfc) Merge pull request [#177](https://github-redirect.dependabot.com/flavorjones/loofah/issues/177) from flavorjones/176-allow-rem-css-sizes - [`13f734f`](https://github.com/flavorjones/loofah/commit/13f734ff46642c6d0b1cf784eb138f6ab66e05b7) css sanitizer allows "rem" sizes - [`2699b61`](https://github.com/flavorjones/loofah/commit/2699b61a50e67adacabd1fc0990e8bfa69f63d1a) Allow CSS property: max-width - Additional commits viewable in [compare view](https://github.com/flavorjones/loofah/compare/v2.3.0...v2.4.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rails-firebird/ar_firebird_adapter/network/alerts).

rails-firebird / ar_firebird_adapter

Bump loofah from 2.3.0 to 2.4.0 #5