[Breaking] Security bump nokogiri gem to latest 1.18.5

[Shinomix]

What this PR does

In this PR we bump nokogiri to the latest version in order to close security issues https://github.com/Shopify/shopify_app/security/dependabot/164 and https://github.com/Shopify/shopify_app/security/dependabot/157 and be able to release new gem versions.

Reviewer's guide to testing

Nokogiri changelog does not contain breaking changes. This change should be transparent.

Checklist

Before submitting the PR, please consider if any of the following are needed:

• Update CHANGELOG.md if the changes would impact users
• Update README.md, if appropriate.
• Update any relevant pages in /docs, if necessary
• For security fixes, the Disclosure Policy must be followed.

[Shinomix]

@lizkenyon Nokigiri~18.0.0 drops support for Rails 3.0 which this gem still supports. Unfortunately, they don't maintain 2 releases tracks as some gems do, so we have to bump to the latest to fix the CVEs.

Either we can't release our gem because of dependabot or we drop support for rails 3.0. For the latter, we'll need to do a major version bump with a breaking change for our gem.