From 82c3bbcc9dff5171a6ca7c60dbb006092a821059 Mon Sep 17 00:00:00 2001 From: Theo Truong Date: Wed, 5 Jun 2024 08:58:14 -0600 Subject: [PATCH] Resolve `rexml` CVE Signed-off-by: Theo Truong --- CHANGELOG.md | 2 +- Gemfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e28fdc3..2fc3d8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### Removed ### Fixed ### Security - +- Upgraded `rubocop-rspec` to the latest 2.x version to resolve CVE in its rexml dependency ([#42](https://github.com/opensearch-project/opensearch-ruby-aws-sigv4/pull/42)) --- ## 1.2.1 diff --git a/Gemfile b/Gemfile index f5f895b..8219565 100644 --- a/Gemfile +++ b/Gemfile @@ -21,7 +21,7 @@ gem 'yard', '~> 0.9', '>= 0.9.35' if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.4') && Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.5') gem 'rubocop', '~> 1.12.1' gem 'rubocop-rake', '~> 0.5.1' - gem 'rubocop-rspec', '~> 2.2.0' + gem 'rubocop-rspec', '~> 2' gem 'simplecov', '~> 0.18.5' else # We need to disable Bundler/DuplicatedGem only because of rubocop 1.12.1.