Bump devise-two-factor from 4.1.0 to 5.0.0

[dependabot]

Bumps devise-two-factor from 4.1.0 to 5.0.0.

Changelog

Sourced from devise-two-factor's changelog.

5.0.0

Breaking Changes

• attr_encrypted has been deprecated in favor of native Rails attribute encryption. See https://github.com/tinfoil/devise-two-factor/blob/main/UPGRADING.md for details on how to migrate your records. You must use or build a migration strategy (see examples in https://github.com/tinfoil/devise-two-factor/blob/main/UPGRADING.md) to use existing data!
• Rails 7 is now required.

4.0.2

• Add Rails 7.0 support
• Renew signing certificate
• Use after option of TOTP#verify for additional timestamp verification

4.0.1

• Convert CI from Travis CI to Github Actions (#198)
• Fix ActiveSupport::Testing::TimeHelpers require in shared examples (#191)
• Accept whitespace in provided codes (#195)
• Add Truffleruby head to CI (#200)

4.0.0

• [breaking] Drop support for Ruby <= 2.2
• Update ROTP
• Add Rails 6.1 support
• Remove timecop dependency
• Clarify changes in project ownership
• Bugfixes & cleanup

3.1.0

• Add Rails 6.0 support
• New gem signing certificate
• Fix paranoid-mode being ignored

3.0.3

• Add Rails 5.2 support

3.0.2

• Add Rails 5.1 support

3.0.1

• Qualify call to rspec shared_examples

3.0.0

See UPGRADING.md for specific help with breaking changes from 2.x to 3.0.0.

• Adds support for Devise 4.
• Relax dependencies to allow attr_encrypted 3.x.
• Blocks the use of attr_encrypted 2.x. There was a significant vulnerability in the encryption implementation in attr_encrypted 2.x, and that version of the gem should not be used.

2.2.0

• Use 192 bits, not 1024, as a secret key length. RFC 4226 recommends a minimum length of 128 bits and a recommended length of 160 bits. Google Authenticator doesn't accept 160 bit keys.

... (truncated)

Commits

• 7e03c6f Merge pull request #214 from eoinkelly/rails-7-support
• 3d9c9e2 Merge pull request #2 from btrd/patch-1
• dab2de2 Update CI matrix to reflect gem being Rails 7+ only now
• 117d22d Change supported Rails versions to 7.x.y range only
• 4465357 Clarify comments and fix typos
• b73d76b Move TwoFactorAuthenticatable#legacy_otp_secret into upgrading guide
• 69e2c9d fix: Typo in the markdown format
• c26ffee Allow this gem version to install on Rails 7.1,7.2 etc.
• ec3b50b Improve README
• 445ef2f Document upgrading from 4.x to 5.x
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

This pull request has merge conflicts that must be resolved before it can be merged.