Skip to content

Commit

Permalink
Bump rexml to >= 3.3.9 to resolve GHSA-2rxp-v6pw-ch6m (#857)
Browse files Browse the repository at this point in the history 
A `ReDoS vulnerability in REXML` has been identified in versions <3.3.9

Details in GitHub:
 - GHSA-2rxp-v6pw-ch6m

This is a small bump to the latest patched version. This should resolve
anybody getting the following `bundle audit` error when using
overcommit:

```
Name: rexml
Version: 3.3.8
CVE: CVE-2024-49761
GHSA: GHSA-2rxp-v6pw-ch6m
Criticality: High
URL: GHSA-2rxp-v6pw-ch6m
Title: REXML ReDoS vulnerability
Solution: update to '>= 3.3.9'
```
  • Loading branch information
@RemoteCTO
RemoteCTO authored Oct 31, 2024
1 parent 31c83ce commit 9825868
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/overcommit/version.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@

# Defines the gem version.
module Overcommit
VERSION = '0.64.0'
VERSION = '0.64.1'
end
2 changes: 1 addition & 1 deletion overcommit.gemspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,5 +33,5 @@ Gem::Specification.new do |s|

s.add_dependency 'childprocess', '>= 0.6.3', '< 6'
s.add_dependency 'iniparse', '~> 1.4'
s.add_dependency 'rexml', '~> 3.2'
s.add_dependency 'rexml', '>= 3.3.9'
end

0 comments on commit 9825868

Please sign in to comment.