[Security] Bump i18n from 0.7.0 to 1.6.0

[dependabot-preview]

Bumps i18n from 0.7.0 to 1.6.0. This update includes security fixes.

Vulnerabilities fixed

Sourced from The Ruby Advisory Database.

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
i18n Gem for Ruby contains a flaw in the Hash#slice() function in
lib/i18n/core_ext/hash.rb that is triggered when calling a hash when
:some_key is in keep_keys but not in the hash. This may allow an attacker
to cause the program to crash.

Patched versions: >= 0.8.0
Unaffected versions: none

Release notes

Sourced from i18n's releases.

v1.6.0

Major updates

• Added support for eagerloading I18n -- which probably improves boot times for applications if implemented correctly - See #469 for more details.
• Added ability to disable I18n translation resolution by setting I18n.locale = false. See #471 for more information.

Bugfixes / other improvements

• Add support for uppercased date format directives - #468

Other changes

• Fixed flaky test issue with JRuby - #459 / #460
• gemspec homepage now points to ruby-i18n/i18n - #465
• Update README to point to ruby-i18n/i18n - #473

v1.5.3

Fix issue where localize would return strange messages if the translation was missing - #464

v1.5.2

• Fixed a bug where the required_ruby_version was not set correctly in the gemspec - #462

v1.5.1

(Note that there is no v1.5.0 release. was prepping this release and found some more changes to make. So v1.5.1 is the first release for the v1.5.x series)

• Fixed a regression that happened when numeric translation keys contained leading zeros: #456 / #457
• Removed support for Ruby versions older than 2.3. Ruby 2.2 is now 4 years old. Applications have had ample time to upgrade, and if they haven't done so, now is an opportune time to do so.
• Removed some code that was checking for RUBY_VERSION <= 1.9
• Began testing over Ruby 2.6.

v1.4.0

• Fixed two issues with i18n and JRuby compat (commit fb0c8beb29cf75fbb82b66339284e8e3f31ecaff and #455). See #447.
• Fixed issue where keys in an array were not symbolised #450
• Fixed issue where ActiveSupport::HashWithIndifferentAccess was not handled correctly #454

v1.3.0

• Updated post-install message to be more explicit about what versions things changed in - #446
• Fixed a regression in backends where keys were incorrectly typecast - #443, #444, #445, etc.

Please note that as of this release, only 5.x and greater versions of Rails are supported (it might help to think of it as ~> 5.0, sorta.)

v1.2.0

• Provide a uniform API between Simple, KeyValue and Chain backends - #109 (one of our oldest PRs, and I am pleased that @​kidpollo has persisted for all this time!)
• Support translation hashes with numeric keys in Simple backend - #422
• Add CacheFile backend module - #423
• Add JSON backend module - #429
• Updated README to point to the wiki - #438
• Added plural rules for oc locale - #440

... (truncated)

Commits

• 529b83a Bump to 1.6.0
• 6f3d428 Merge pull request #471 from Shopify/allow-disabling-i18n
• a9f6941 Merge pull request #473 from JuanitoFatas/patch-1
• 99332c2 Update README
• 5eeaad7 Allow to prevent calls outside of I18n context by setting locale to false
• 70daba7 Merge pull request #468 from jeffjyang/upcased-date-format-directives
• 405a7a8 resolve TODO with abbr de month names
• 8cfff80 Merge pull request #469 from Shopify/eagerloading
• b08a44b Merge pull request #460 from knapo/Investigate-JRuby-test-failures
• 4ac1683 Implement I18n.eager_load!
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.