Upgrade the REXML gem (#460)

vasconsaurus · web-flow · commit 4ef92f3b07a5 · 2024-08-02T09:47:19.000-03:00
Impact The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as <, 0 and %>. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. References - GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability - https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -322,8 +322,8 @@ GEM
       actionpack (>= 5.2)
       railties (>= 5.2)
     retryable (3.0.5)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
+    rexml (3.3.4)
+      strscan
     rspec-core (3.12.2)
       rspec-support (~> 3.12.0)
     rspec-expectations (3.12.3)
