Update Dependencies to Resolve Security Advisories

[charleyf]

🛠 Summary of changes

This ticket continues the work from yesterday (PR) to keep main free of security advisories.

1. This PR yesterday locked the version of rack-cors, that's since been fixed (here) so I'm reverting that change.
2. There's a new security advisory about yard (included below). This PR addresses that too by forcing a newer version of yard.

A note: We've had three PRs about this in three days [1, 2, 3 (this one)] I'm not sure we need to do anything differently, but that'e enough of a pattern I'm asking about it here in Slack.

➜  identity-idp git:(main) bundle exec bundler-audit check --update                  
Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db
 * branch            master     -> FETCH_HEAD
Already up to date.
Updated ruby-advisory-db
ruby-advisory-db:
  advisories:   876 advisories
  last updated: 2024-02-28 16:01:01 -0800
  commit:       06f33746747e89af5634a5e6b41004ad7899a6c0
Name: yard
Version: 0.9.34
CVE: CVE-2024-27285
GHSA: GHSA-8mq4-9jjh-9xrc
Criticality: Medium
URL: https://github.com/advisories/GHSA-8mq4-9jjh-9xrc
Title: YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Solution: upgrade to '>= 0.9.35'

Vulnerabilities found!

[aduth]

I'm not seeing that the original issue with rack-cors has been resolved, and it appears that 2.0.1 is still the latest version for the gem.

cyu/rack-cors#274
https://rubygems.org/gems/rack-cors