Merge pull request #970 from CocoaPods/amorde/bump-rexml

Bump minimum rexml version to 3.3.6 to address CVE-2024-43398
CocoaPods · Oct 3, 2024 · dda7a2f · dda7a2f
2 parents 1268b7e + de087cd
commit dda7a2f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -20,7 +20,7 @@ PATH
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
       nanaimo (~> 0.3.0)
-      rexml (>= 3.3.2, < 4.0)
+      rexml (>= 3.3.6, < 4.0)
 
 GEM
   remote: https://rubygems.org/
@@ -98,8 +98,7 @@ GEM
       ffi (>= 0.5.0)
     rb-kqueue (0.2.4)
       ffi (>= 0.5.0)
-    rexml (3.3.4)
-      strscan
+    rexml (3.3.8)
     rubocop (0.47.1)
       parser (>= 2.3.3.1, < 3.0)
       powerpack (~> 0.1)
@@ -115,7 +114,6 @@ GEM
       multi_json (~> 1.0)
       simplecov-html (~> 0.9.0)
     simplecov-html (0.9.0)
-    strscan (3.1.0)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
     unicode-display_width (1.4.0)

diff --git a/xcodeproj.gemspec b/xcodeproj.gemspec
@@ -26,7 +26,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'claide',         '>= 1.0.2', '< 2.0'
   s.add_runtime_dependency 'colored2',       '~> 3.1'
   s.add_runtime_dependency 'nanaimo',        '~> 0.3.0'
-  s.add_runtime_dependency 'rexml',          '>= 3.3.2', '< 4.0'
+  s.add_runtime_dependency 'rexml',          '>= 3.3.6', '< 4.0'
 
   ## Make sure you can build the gem on older versions of RubyGems too:
   s.rubygems_version = '1.6.2'