* updated gems and yarn dependencies * updated yarn * added csrf gem to deal with omniauth vulnerability * updated dependencies