Bump devise-security from 0.10.1 to 0.11.1

The original devise_security_extension gem has not been maintained for
years. Its last release was version 0.10.0, and wasn't compatible with
Rails 5, and so we were using its master branch.

Since the gem was unmaintained, it was forked as devise-security and the
aforementioned master branch was released as version 0.10.1. This
version wasn't published in Rubygems, though, so we're now using the
first version that was published in Rubygems and had a release
announment [1].

Dependabot will probably open a pull request to upgrade to the latest
version, but for now I'm trying to keep the devise-security gem as
similar as the version we were using to make sure they're compatible,
particularly considering we're monkey-patching some of the modules
provided by this gem.

[1] https://github.com/devise-security/devise-security/releases/tag/v0.11.1

Gemfile

@@ -19,7 +19,7 @@ gem "dalli", "~> 2.7.10"
 gem "delayed_job_active_record", "~> 4.1.4"
 gem "devise", "~> 4.7.3"
 gem "devise-async", "~> 1.0.0"
-gem "devise_security_extension", git: "https://github.com/phatworx/devise_security_extension.git" #, "~> 0.10"
+gem "devise-security", "~> 0.11.1"
 gem "font-awesome-sass", "~> 5.15.1"
 gem "foundation-rails", "~> 6.6.2.0"
 gem "foundation_rails_helper", "~> 3.0.0"

Gemfile.lock

@@ -1,11 +1,3 @@
-GIT
-  remote: https://github.com/phatworx/devise_security_extension.git
-  revision: b2ee978af7d49f0fb0e7271c6ac074dfb4d39353
-  specs:
-    devise_security_extension (0.10.0)
-      devise (>= 3.0.0, < 5.0)
-      railties (>= 3.2.6, < 6.0)
-
 GEM
   remote: https://rubygems.org/
   remote: https://rails-assets.org/
@@ -182,6 +174,9 @@ GEM
     devise-async (1.0.0)
       activejob (>= 5.0)
       devise (>= 4.0)
+    devise-security (0.11.1)
+      devise (>= 4.2.0, < 5.0)
+      railties (>= 3.2.6, < 6.0)
     diff-lcs (1.4.4)
     docile (1.3.2)
     dry-configurable (0.7.0)
@@ -667,7 +662,7 @@ DEPENDENCIES
   delayed_job_active_record (~> 4.1.4)
   devise (~> 4.7.3)
   devise-async (~> 1.0.0)
-  devise_security_extension!
+  devise-security (~> 0.11.1)
   email_spec (~> 2.2.0)
   erb_lint
   factory_bot_rails (~> 4.8.2)

config/initializers/devise-security.rb

@@ -7,10 +7,10 @@ Devise.setup do |config|
   config.expire_password_after = 1.year
 
   # Need 1 char of A-Z, a-z and 0-9
-  # config.password_regex = /(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])/
+  # config.password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
 
   # How many passwords to keep in archive
-  #config.password_archiving_count = 5
+  # config.password_archiving_count = 5
 
   # Deny old password (true, false, count)
   # config.deny_old_passwords = true
@@ -18,6 +18,7 @@ Devise.setup do |config|
   # enable email validation for :secure_validatable. (true, false, validation_options)
   # dependency: need an email validator like rails_email_validator
   # config.email_validation = true
+
   # captcha integration for recover form
   # config.captcha_for_recover = true