updates gems

[jduss4]

loofah updated to 2.2.3 https://nvd.nist.gov/vuln/detail/CVE-2018-16468
bumped the version of the repo as well to reflect the patch, but then kinda discovered that we don't have a good place to put the version at this point, it was just hacked into the config file and that's not a sustainable way to do it. I'll open an issue.

[techgique]

Looks good, but we can probably tackle the versioning issue here yet too, yes?

[jduss4]

@techgique how does this solution look? I could either add it straight in there or relative require a version.rb file or something?

https://stackoverflow.com/a/11359471/4154134

[jduss4]

I could just change this line here, really, to not pull from a config file at all: https://github.com/CDRH/api/blob/dev/config/initializers/config.rb#L5

[techgique]

I think I like the config/initializers/version.rb approach from the Stack Overflow link. I like that it gives version changes their own file named version. And then assign from Api::Application::VERSION in that config initializer.

Looking for version changes on the initializer file config.rb in git history could be confusing and read like we're changing how the app itself is configured rather than updating the app's version.