dep: update rexml 3.4.1 → 3.4.4

Security bump for CVE-2025-58767 (DoS on malformed XML). Conservative
update landed 3.4.4 (latest patch, above advisory floor of 3.4.2).

Test/build-only transitive dep (webmock→crack, selenium-webdriver);
absent from app runtime. 34 commits analyzed, 1 test-only mitigation
(no-root-element parse change) — verified green via full unit + system
test suites.

https://github.com/basecamp/37signals-hq/blob/main/upgrade-analysis/campfire-20260609-rexml_3.4.1..3.4.4.md

🤖 Assisted by Claude
This commit is contained in:
Mike Dalessio
2026-06-09 11:17:07 -04:00
parent 6ec04cbc28
commit 47cdbb2a0f
+1 -1
View File
@@ -308,7 +308,7 @@ GEM
resque-pool (0.7.1)
rake (>= 10.0, < 14.0)
resque (>= 1.22, < 3)
rexml (3.4.1)
rexml (3.4.4)
rqrcode (3.2.0)
chunky_png (~> 1.0)
rqrcode_core (~> 2.0)