From 19c7bd188a7e45acfeefbd074692d11ee98a198b Mon Sep 17 00:00:00 2001
From: Denis Talakevich <senid231@gmail.com>
Date: Tue, 21 May 2024 23:55:15 +0300
Subject: [PATCH] fix vulnerability rexml 3.2.5

Name: rexml
Version: 3.2.5
CVE: CVE-2024-35176
GHSA: GHSA-vg3r-rm7w-2xgh
Criticality: Medium
URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
Title: REXML contains a denial of service vulnerability
Solution: upgrade to '>= 3.2.7'
---
 Gemfile.lock | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 9253dbe28..6707558af 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -713,7 +713,8 @@ GEM
     responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
-    rexml (3.2.5)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)
@@ -803,6 +804,7 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
+    strscan (3.1.0)
     syslog-logger (1.6.8)
     text (1.3.1)
     thin (1.7.2)