[openstreetmap/openstreetmap-website] Bump secure_headers from 6.1.2 to 6.3.0 (#2517)

[dependabot[bot]]

Bumps [secure_headers](https://github.com/twitter/secureheaders) from 6.1.2 to 6.3.0.
<details>
<summary>Changelog</summary>

*Sourced from [secure_headers's changelog](https://github.com/twitter/secure_headers/blob/master/CHANGELOG.md).*

> ## 6.3.0
> 
> Fixes newline injection issue
> 
> ## 6.2.0
> 
> Fixes semicolon injection issue reported by [@&#8203;mvgijssel](https://github.com/mvgijssel) see [twitter/secure_headers#418](https://github-redirect.dependabot.com/twitter/secure_headers/issues/418)
</details>
<details>
<summary>Commits</summary>

- [`722a690`](https://github.com/twitter/secure_headers/commit/722a69051acce9d26ab0d0648fe10fd2ff77baa8) bump to 6.3
- [`3016957`](https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0) Merge pull request from GHSA-w978-rmpf-qmwg
- [`3a2b548`](https://github.com/twitter/secure_headers/commit/3a2b548223de854ab9768ae07acedfcd2ac211e3) Filter and warn on newlines
- [`1298905`](https://github.com/twitter/secure_headers/commit/1298905068931621a2c1988b175a1da186bcd641) bump to 6.2
- [`6e38cb4`](https://github.com/twitter/secure_headers/commit/6e38cb41d2918d85e9a9e31a6489e99809c840ad) Merge pull request [#419](https://github-redirect.dependabot.com/twitter/secureheaders/issues/419) from twitter/escape-semi-colons
- [`eed6c16`](https://github.com/twitter/secure_headers/commit/eed6c1606feaa874ba53b2ba0e2405accd8d1105) lint
- [`3c4b86e`](https://github.com/twitter/secure_headers/commit/3c4b86edd6745275da22d92290872da202d73e64) escape semicolons by replacing them with spaces
- [`2068ba7`](https://github.com/twitter/secure_headers/commit/2068ba7bb63fb98786db828091cb52304bcae560) clean up some warnings
- [`86c762a`](https://github.com/twitter/secure_headers/commit/86c762aea480d0a776246652586f93e026f6799f) Remove outdated APL license blurb from readme, use only the LICENSE file
- [`902041b`](https://github.com/twitter/secure_headers/commit/902041bab6b3e7c29644f49d6dd0ef75b9c5bbb0) Do years even matter?
- Additional commits viewable in [compare view](https://github.com/twitter/secureheaders/compare/v6.1.2...v6.3.0)
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=secure_headers&package-manager=bundler&previous-version=6.1.2&new-version=6.3.0)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openstreetmap/openstreetmap-website/network/alerts).

</details>
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/2517

-- Commit Summary --

  * Bump secure_headers from 6.1.2 to 6.3.0

-- File Changes --

    M Gemfile.lock (2)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/2517.patch
https://github.com/openstreetmap/openstreetmap-website/pull/2517.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2517
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200122/7320f179/attachment.htm>