chore: address CVE-2023-45133 in major version 5

[springerigor]

The vulnerability was found by our security scanner. It has already been patched in version 6, but we would like to stick to major version 5 for now.

• CVE details
• dependabot PR that fixed the issue on master

The similar PRs (https://github.com/rails/webpacker/pull/3330, https://github.com/rails/webpacker/pull/3334) change too many things at once.

[springerigor]

@amatsuda Would it be possible to have this patch released to version 5?