Pt 188114462 (#149)

* uses bundler-audit throughout security scan * upgrades rexml gem to 3.3.5 to fix vulnerabilities
ideacrew · Aug 19, 2024 · afeea8a · afeea8a
1 parent 91802f1
commit afeea8a
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/.github/workflows/security_checks.yml b/.github/workflows/security_checks.yml
@@ -91,10 +91,10 @@ jobs:
           bundle install
       - name: install bundler-audit
         run: |
-          gem install bundler-audit && bundle-audit update
+          gem install bundler-audit && bundler-audit update
       - name: run bundler-audit
         run: |
-          bundle-audit --output=bundler_audit.txt
+          bundler-audit --output=bundler_audit.txt
       - name: upload bundler-audit failure report
         uses: actions/upload-artifact@v3
         if: failure()

diff --git a/Gemfile b/Gemfile
@@ -30,7 +30,7 @@ gem 'mongoid',             '~> 7.4'
 
 gem 'nokogiri', '~> 1.16.5'
 gem 'nokogiri-happymapper'
-gem 'rexml', '~> 3.3.2'
+gem 'rexml', '>= 3.3.3'
 
 # Postgres Database
 gem 'pg'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -429,7 +429,7 @@ GEM
     rbtree (0.4.6)
     redcarpet (3.6.0)
     regexp_parser (2.9.0)
-    rexml (3.3.2)
+    rexml (3.3.5)
       strscan
     rspec-core (3.13.0)
       rspec-support (~> 3.13.0)
@@ -572,7 +572,7 @@ DEPENDENCIES
   rbnacl
   redcarpet
   resource_registry!
-  rexml (~> 3.3.2)
+  rexml (>= 3.3.3)
   rspec-rails
   rubocop
   rubocop-git