[Security] Bump loofah from 2.2.3 to 2.4.0

Bumps [loofah](https://github.com/flavorjones/loofah) from 2.2.3 to 2.4.0. **This update includes a security fix.**
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md)
- [Commits](flavorjones/loofah@v2.2.3...v2.4.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Author: dependabot-preview[bot]

Gemfile.lock

@@ -45,13 +45,13 @@ GEM
     arel (9.0.0)
     builder (3.2.3)
     concurrent-ruby (1.1.3)
-    crass (1.0.4)
+    crass (1.0.5)
     erubi (1.7.1)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
     i18n (1.1.1)
       concurrent-ruby (~> 1.0)
-    loofah (2.2.3)
+    loofah (2.4.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -65,7 +65,7 @@ GEM
     minitest (5.11.3)
     mustermann (1.0.3)
     nio4r (2.3.1)
-    nokogiri (1.10.4)
+    nokogiri (1.10.5)
       mini_portile2 (~> 2.4.0)
     rack (2.0.6)
     rack-protection (2.0.4)