[SECURITY] Bump rexml from 3.3.6 to 3.3.9 (#863)

Bumps [rexml](https://github.com/ruby/rexml) from 3.3.6 to 3.3.9.
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](ruby/rexml@v3.3.6...v3.3.9)

---
updated-dependencies:
- dependency-name: rexml
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

Gemfile.lock

@@ -325,8 +325,7 @@ GEM
       faraday-multipart
       faraday-retry
     require-hooks (0.2.2)
-    rexml (3.3.6)
-      strscan
+    rexml (3.3.9)
     roo (2.10.1)
       nokogiri (~> 1)
       rubyzip (>= 1.3.0, < 3.0.0)
@@ -404,7 +403,6 @@ GEM
       lint_roller (~> 1.1)
       rubocop-performance (~> 1.21.0)
     stringio (3.1.0)
-    strscan (3.1.0)
     thor (1.3.1)
     timeout (0.4.1)
     treetop (1.6.12)