Skip to content

Commit 9825868

Browse files
RemoteCTORemoteCTO
authored
Bump rexml to >= 3.3.9 to resolve GHSA-2rxp-v6pw-ch6m (#857)
A `ReDoS vulnerability in REXML` has been identified in versions <3.3.9 Details in GitHub: - GHSA-2rxp-v6pw-ch6m This is a small bump to the latest patched version. This should resolve anybody getting the following `bundle audit` error when using overcommit: ``` Name: rexml Version: 3.3.8 CVE: CVE-2024-49761 GHSA: GHSA-2rxp-v6pw-ch6m Criticality: High URL: GHSA-2rxp-v6pw-ch6m Title: REXML ReDoS vulnerability Solution: update to '>= 3.3.9' ```
1 parent 31c83ce commit 9825868

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

lib/overcommit/version.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,5 @@
22

33
# Defines the gem version.
44
module Overcommit
5-
VERSION = '0.64.0'
5+
VERSION = '0.64.1'
66
end

overcommit.gemspec

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,5 +33,5 @@ Gem::Specification.new do |s|
3333

3434
s.add_dependency 'childprocess', '>= 0.6.3', '< 6'
3535
s.add_dependency 'iniparse', '~> 1.4'
36-
s.add_dependency 'rexml', '~> 3.2'
36+
s.add_dependency 'rexml', '>= 3.3.9'
3737
end

0 commit comments

Comments
 (0)