Tweak runtime dependency for REXML

Follow up #10572. REXML dependency was introduced in #7701. It makes sense to specify the latest secure REXML version 3.2.5 or higher: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ And it would be clearer to specify `>= X.Y.Z` and `<= X.Y` than to use `~> X.Y` and `>= X.Y.Z` when it comes to protected semantic MAJOR version with required minimum PATCH version.
rubocop · Apr 29, 2022 · 18be0b8 · 18be0b8
1 parent 5f526f7
commit 18be0b8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rubocop.gemspec b/rubocop.gemspec
@@ -35,7 +35,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency('parser', '>= 3.1.0.0')
   s.add_runtime_dependency('rainbow', '>= 2.2.2', '< 4.0')
   s.add_runtime_dependency('regexp_parser', '>= 1.8', '< 3.0')
-  s.add_runtime_dependency('rexml', '~> 3.2', '>= 3.2.5')
+  s.add_runtime_dependency('rexml', '>= 3.2.5', '< 4.0')
   s.add_runtime_dependency('rubocop-ast', '>= 1.17.0', '< 2.0')
   s.add_runtime_dependency('ruby-progressbar', '~> 1.7')
   s.add_runtime_dependency('unicode-display_width', '>= 1.4.0', '< 3.0')