Update expectation

What does this MR do?

2 Major changes:

1. Addition of 2 new ActionView vulnerabilities
2. Change in sorting order.

Output of diff -u <(jq -S '.vulnerabilities | map(.cve)' test/expect/gl-dependency-scanning-report.json) <(jq -S '.vulnerabilities | map(.cve)' test/fixtures/gl-dependency-scanning-report.json)

--- /dev/fd/63	2019-03-18 11:26:48.000000000 -0700
+++ /dev/fd/62	2019-03-18 11:26:48.000000000 -0700
@@ -1,11 +1,13 @@
 [
+  "sast-sample-rails/Gemfile.lock:actionview:cve:CVE-2019-5419",
+  "sast-sample-rails/Gemfile.lock:actionview:cve:CVE-2019-5418",
   "sast-sample-rails/Gemfile.lock:activejob:cve:CVE-2018-16476",
   "sast-sample-rails/Gemfile.lock:ffi:cve:CVE-2018-1000201",
-  "sast-sample-rails/Gemfile.lock:loofah:cve:CVE-2018-8048",
   "sast-sample-rails/Gemfile.lock:loofah:cve:CVE-2018-16468",
+  "sast-sample-rails/Gemfile.lock:loofah:cve:CVE-2018-8048",
+  "sast-sample-rails/Gemfile.lock:nokogiri:cve:CVE-2017-15412",
   "sast-sample-rails/Gemfile.lock:nokogiri:cve:CVE-2018-8048",
   "sast-sample-rails/Gemfile.lock:nokogiri:cve:CVE-2018-14404",
-  "sast-sample-rails/Gemfile.lock:nokogiri:cve:CVE-2017-15412",
   "sast-sample-rails/Gemfile.lock:rack:cve:CVE-2018-16471",
   "sast-sample-rails/Gemfile.lock:rails-html-sanitizer:cve:CVE-2018-3741",
   "sast-sample-rails/Gemfile.lock:sprockets:cve:CVE-2018-3760",

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer