From de087cd0a3c175ad28741f96112ce56fbd75fc47 Mon Sep 17 00:00:00 2001
From: Eric Amorde <eric.amorde@gmail.com>
Date: Wed, 2 Oct 2024 19:19:17 -0700
Subject: [PATCH 1/5] Bump minimum rexml version to 3.3.6 to address
 CVE-2024-43398

---
 Gemfile.lock      | 6 ++----
 xcodeproj.gemspec | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 7a013833..7c2a6771 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -20,7 +20,7 @@ PATH
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
       nanaimo (~> 0.3.0)
-      rexml (>= 3.3.2, < 4.0)
+      rexml (>= 3.3.6, < 4.0)
 
 GEM
   remote: https://rubygems.org/
@@ -98,8 +98,7 @@ GEM
       ffi (>= 0.5.0)
     rb-kqueue (0.2.4)
       ffi (>= 0.5.0)
-    rexml (3.3.4)
-      strscan
+    rexml (3.3.8)
     rubocop (0.47.1)
       parser (>= 2.3.3.1, < 3.0)
       powerpack (~> 0.1)
@@ -115,7 +114,6 @@ GEM
       multi_json (~> 1.0)
       simplecov-html (~> 0.9.0)
     simplecov-html (0.9.0)
-    strscan (3.1.0)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
     unicode-display_width (1.4.0)
diff --git a/xcodeproj.gemspec b/xcodeproj.gemspec
index 15fa248c..4c1f41fa 100644
--- a/xcodeproj.gemspec
+++ b/xcodeproj.gemspec
@@ -26,7 +26,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'claide',         '>= 1.0.2', '< 2.0'
   s.add_runtime_dependency 'colored2',       '~> 3.1'
   s.add_runtime_dependency 'nanaimo',        '~> 0.3.0'
-  s.add_runtime_dependency 'rexml',          '>= 3.3.2', '< 4.0'
+  s.add_runtime_dependency 'rexml',          '>= 3.3.6', '< 4.0'
 
   ## Make sure you can build the gem on older versions of RubyGems too:
   s.rubygems_version = '1.6.2'

From a5a703d8b5c0d0dbbbd6c3b17e50025823bf97a5 Mon Sep 17 00:00:00 2001
From: Eric Amorde <eric.amorde@gmail.com>
Date: Wed, 2 Oct 2024 19:26:51 -0700
Subject: [PATCH 2/5] Add CHANGELOG entry

---
 CHANGELOG.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 179f2b8e..039c7041 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,9 @@
 
 ##### Bug Fixes
 
-* None.  
+* Bump `rexml` dependency to address [CVE-2024-43398](https://www.ruby-lang.org/en/news/2024/08/22/dos-rexml-cve-2024-43398/).  
+  [Eric Amorde](https://github.com/amorde)
+  [#970](https://github.com/CocoaPods/Xcodeproj/pull/970)
 
 
 ## 1.25.0 (2024-08-07)

From 8dedfc8fbd3f3626f65f80293211815a2b31ea12 Mon Sep 17 00:00:00 2001
From: Eric Amorde <eric.amorde@gmail.com>
Date: Wed, 2 Oct 2024 19:30:22 -0700
Subject: [PATCH 3/5] Release 1.25.1

---
 CHANGELOG.md                 | 2 +-
 Gemfile.lock                 | 2 +-
 lib/xcodeproj/gem_version.rb | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 039c7041..1cec3295 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,6 @@
 # Xcodeproj Changelog
 
-## Master
+## 1.25.1 (2024-10-03)
 
 ##### Enhancements
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 7c2a6771..b491d27f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
 PATH
   remote: .
   specs:
-    xcodeproj (1.25.0)
+    xcodeproj (1.25.1)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
diff --git a/lib/xcodeproj/gem_version.rb b/lib/xcodeproj/gem_version.rb
index 70220f5a..81c87bf2 100644
--- a/lib/xcodeproj/gem_version.rb
+++ b/lib/xcodeproj/gem_version.rb
@@ -1,5 +1,5 @@
 module Xcodeproj
   # The version of the xcodeproj gem.
   #
-  VERSION = '1.25.0'.freeze unless defined? Xcodeproj::VERSION
+  VERSION = '1.25.1'.freeze unless defined? Xcodeproj::VERSION
 end

From c4ba8537300b6925fc0e829d9037216204e242b4 Mon Sep 17 00:00:00 2001
From: Eric Amorde <eric.amorde@gmail.com>
Date: Wed, 2 Oct 2024 19:30:23 -0700
Subject: [PATCH 4/5] [CHANGELOG] Add empty Master section

---
 CHANGELOG.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1cec3295..6a3f6d10 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,16 @@
 # Xcodeproj Changelog
 
+## Master
+
+##### Enhancements
+
+* None.  
+
+##### Bug Fixes
+
+* None.  
+
+
 ## 1.25.1 (2024-10-03)
 
 ##### Enhancements

From 5f7d32f92da0f0ff85015790e164f207adc00545 Mon Sep 17 00:00:00 2001
From: Eric Amorde <eric.amorde@gmail.com>
Date: Wed, 2 Oct 2024 19:45:37 -0700
Subject: [PATCH 5/5] [Gemspec] Bump Nanaimo to `'~> 0.4.0'`

---
 Gemfile.lock      | 4 ++--
 xcodeproj.gemspec | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index b491d27f..d4e45221 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -19,7 +19,7 @@ PATH
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
-      nanaimo (~> 0.3.0)
+      nanaimo (~> 0.4.0)
       rexml (>= 3.3.6, < 4.0)
 
 GEM
@@ -77,7 +77,7 @@ GEM
       mocha (>= 0.13.0)
     multi_json (1.12.1)
     multipart-post (2.1.1)
-    nanaimo (0.3.0)
+    nanaimo (0.4.0)
     nap (1.1.0)
     nkf (0.2.0)
     notify (0.5.2)
diff --git a/xcodeproj.gemspec b/xcodeproj.gemspec
index 4c1f41fa..cf78d8c3 100644
--- a/xcodeproj.gemspec
+++ b/xcodeproj.gemspec
@@ -25,7 +25,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'CFPropertyList', '>= 2.3.3', '< 4.0'
   s.add_runtime_dependency 'claide',         '>= 1.0.2', '< 2.0'
   s.add_runtime_dependency 'colored2',       '~> 3.1'
-  s.add_runtime_dependency 'nanaimo',        '~> 0.3.0'
+  s.add_runtime_dependency 'nanaimo',        '~> 0.4.0'
   s.add_runtime_dependency 'rexml',          '>= 3.3.6', '< 4.0'
 
   ## Make sure you can build the gem on older versions of RubyGems too: