Vuln update rexml to 3.3.8 #179

#179
authgear · Oct 3, 2024 · 63c2e94 · 63c2e94
2 parents db167f3 + ba3547b
commit 63c2e94
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 24 deletions.
diff --git a/.tool-versions b/.tool-versions
@@ -1 +1 @@
-ruby 3.3.0
+ruby 3.3.5
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,6 +1,31 @@
 ## How to update Gems when some Gems are vulnerable
 
-- Update ruby to the latest version in [.tool-versions](./tool-versions)
-- Update Bundler to the latest version with `gem install bundler`
-- Use the latest version of Bundler to manage Gemfile.lock `bundle update --bundler`.
-- Update Gems with `bundle update`.
+```
+# Run bash shell, if you are not using it already
+bash 
+
+# Clean PATH
+export PATH=""
+
+# Initialize PATH
+. /etc/profile
+
+# Bring in homebrew
+eval "$(/opt/homebrew/bin/brew shellenv)"
+
+# Assume you have install libyaml with homebrew, as ruby depends on it.
+
+# Bring in asdf
+. "$HOME"/.asdf/asdf.sh
+
+# Update ruby to the latest version in ./.tool-versions
+
+# Update Bundler to the latest version.
+gem install bundler
+
+# Use the latest version of Bundler to manage Gemfile.lock
+bundle update --bundler
+
+# Update Gems
+bundle update
+```
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -5,18 +5,19 @@ GEM
       base64
       nkf
       rexml
-    activesupport (7.1.3.3)
+    activesupport (7.2.1)
       base64
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
-    addressable (2.8.6)
-      public_suffix (>= 2.0.2, < 6.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     algoliasearch (1.27.5)
       httpclient (~> 2.8, >= 2.8.3)
       json (>= 1.5.1)
@@ -62,18 +63,18 @@ GEM
       netrc (~> 0.11)
     cocoapods-try (1.2.0)
     colored2 (3.1.2)
-    concurrent-ruby (1.3.1)
+    concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     drb (2.2.1)
     escape (0.0.4)
     ethon (0.16.0)
       ffi (>= 1.15.0)
-    ffi (1.16.3)
+    ffi (1.17.0)
     fourflusher (2.3.1)
     fuzzy_match (2.0.4)
     gh_inspector (1.1.3)
     httpclient (2.8.3)
-    i18n (1.14.5)
+    i18n (1.14.6)
       concurrent-ruby (~> 1.0)
     jazzy (0.15.0)
       cocoapods (~> 1.5)
@@ -87,40 +88,39 @@ GEM
       xcinvoke (~> 0.3.0)
     json (2.7.2)
     liferaft (0.0.6)
-    mini_portile2 (2.8.6)
-    minitest (5.23.1)
+    logger (1.6.1)
+    mini_portile2 (2.8.7)
+    minitest (5.25.1)
     molinillo (0.8.0)
     mustache (1.1.1)
-    mutex_m (0.2.0)
     nanaimo (0.3.0)
     nap (1.1.0)
     netrc (0.11.0)
     nkf (0.2.0)
     open4 (1.3.4)
     public_suffix (4.0.7)
     redcarpet (3.6.0)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
-    rouge (4.2.1)
+    rexml (3.3.8)
+    rouge (4.4.0)
     ruby-macho (2.5.1)
     sassc (2.4.0)
       ffi (~> 1.9)
+    securerandom (0.3.1)
     sqlite3 (1.7.3)
       mini_portile2 (~> 2.8.0)
-    strscan (3.1.0)
     typhoeus (1.4.1)
       ethon (>= 0.9.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     xcinvoke (0.3.0)
       liferaft (~> 0.0.6)
-    xcodeproj (1.24.0)
+    xcodeproj (1.25.1)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
       nanaimo (~> 0.3.0)
-      rexml (~> 3.2.4)
+      rexml (>= 3.3.6, < 4.0)
 
 PLATFORMS
   ruby
@@ -130,4 +130,4 @@ DEPENDENCIES
   jazzy (= 0.15.0)
 
 BUNDLED WITH
-   2.5.11
+   2.5.20