Bump sprockets from 3.7.1 to 3.7.2

[dependabot[bot]]

Bumps sprockets from 3.7.1 to 3.7.2.

Changelog

Sourced from sprockets's changelog.

3.7.2 (June 19, 2018)

• Security release for CVE-2018-3760.

3.7.1 (December 19, 2016)

• Ruby 2.4 support for Sprockets 3.

3.7.0 (July 21, 2016)

• Deprecated interfaces now emit deprecation warnings #345

3.6.3 (July 1, 2016)

• Faster asset lookup in large directories #336
• Faster PathUtils.match_path_extname https://github.com/rails/sprockets/commit/697269cf81e5261fdd7072e32bd489403027fd7e
• Fixed uglifier comment stripping #326
• Error messages now show load path info #313

3.6.2 (June 21, 2016)

• More performance improvements.

3.6.1 (June 17, 2016)

• Some performance improvements.

3.6.0 (April 6, 2016)

• Add Manifest#find_sources to return the source of the compiled assets.
• Fix the list of compressable mime types.
• Improve performance of the FileStore cache.

3.5.2 (December 8, 2015)

• Fix JRuby bug with concurrent-ruby.
• Fix disabling gzip generation in cached environments.

3.5.1 (December 5, 2015)

• Fix gzip asset generation for assets already on disk.

3.5.0 (December 3, 2015)

• Reintroduce Gzip file generation for non-binary assets.

3.4.1 (November 25, 2015)

• PathUtils::Entries will no longer error on an empty directory.

... (truncated)

Commits

• 2f7b7e5 v3.7.2
• 9c34fa0 Do not respond to http requests asking for a file://
• eb0af6d Make sure find_sources behaves in the same way when the assets don't
• cfae3de Merge pull request #487 from mcfiredrill/patch-1
• dbeda82 typo in deprecation message
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @mxie.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/railsbridge/docs/network/alerts).

[mxie]

@dependabot merge