mirror of
https://github.com/basecamp/once-campfire.git
synced 2026-07-08 00:50:22 +09:00
dep: update rexml 3.4.1 → 3.4.4
Security bump for CVE-2025-58767 (DoS on malformed XML). Conservative update landed 3.4.4 (latest patch, above advisory floor of 3.4.2). Test/build-only transitive dep (webmock→crack, selenium-webdriver); absent from app runtime. 34 commits analyzed, 1 test-only mitigation (no-root-element parse change) — verified green via full unit + system test suites. https://github.com/basecamp/37signals-hq/blob/main/upgrade-analysis/campfire-20260609-rexml_3.4.1..3.4.4.md 🤖 Assisted by Claude
This commit is contained in:
+1
-1
@@ -308,7 +308,7 @@ GEM
|
||||
resque-pool (0.7.1)
|
||||
rake (>= 10.0, < 14.0)
|
||||
resque (>= 1.22, < 3)
|
||||
rexml (3.4.1)
|
||||
rexml (3.4.4)
|
||||
rqrcode (3.2.0)
|
||||
chunky_png (~> 1.0)
|
||||
rqrcode_core (~> 2.0)
|
||||
|
||||
Reference in New Issue
Block a user