Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Follow up #10572. REXML dependency was introduced in #7701. It makes sense to specify the latest secure REXML version 3.2.5 or higher: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ And it would be clearer to specify `>= X.Y.Z` and `<= X.Y` than to use `~> X.Y` and `>= X.Y.Z` when it comes to protected semantic MAJOR version with required minimum PATCH version.
- Loading branch information