Merge pull request #3 from qoqa/fix_rexml_vulnerabilities

fix rexml vulnerabilities
qoqa · May 11, 2021 · 2baf57d · 2baf57d
2 parents fa9db37 + 3076d31
commit 2baf57d
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 17 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,33 +1,34 @@
 PATH
   remote: .
   specs:
-    swiss_bank_validator (0.5.0)
+    swiss_bank_validator (0.6.1)
       activemodel (~> 6.0)
+      rexml (~> 3.2.5)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (6.0.3.4)
-      activesupport (= 6.0.3.4)
-    activesupport (6.0.3.4)
+    activemodel (6.1.3.2)
+      activesupport (= 6.1.3.2)
+    activesupport (6.1.3.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2, >= 2.2.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     ast (2.4.1)
-    concurrent-ruby (1.1.7)
+    concurrent-ruby (1.1.8)
     diff-lcs (1.4.4)
-    i18n (1.8.5)
+    i18n (1.8.10)
       concurrent-ruby (~> 1.0)
-    minitest (5.14.2)
+    minitest (5.14.4)
     parallel (1.20.1)
     parser (2.7.2.0)
       ast (~> 2.4.1)
     rainbow (3.0.0)
     rake (12.3.3)
     regexp_parser (2.0.0)
-    rexml (3.2.4)
+    rexml (3.2.5)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)
@@ -53,9 +54,8 @@ GEM
     rubocop-ast (1.3.0)
       parser (>= 2.7.1.5)
     ruby-progressbar (1.10.1)
-    thread_safe (0.3.6)
-    tzinfo (1.2.8)
-      thread_safe (~> 0.1)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
     unicode-display_width (1.7.0)
     zeitwerk (2.4.2)
 

diff --git a/changelog.md b/changelog.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.6.1]
+
+- Fix Rexml vulnerabilities
+
 ## [0.6.0]
 
 - Add validation for bank field that not accept special char

diff --git a/lib/swiss_bank_validator/locale/fr.yml b/lib/swiss_bank_validator/locale/fr.yml
@@ -8,6 +8,5 @@ fr:
         must_start_with_ch: "doit commencer par CH"
         invalid_bank_field: Ce champ n'accepte pas certains caractères spéciaux (&/<>°\|...)
 
-
   activerecord:
     <<: *activemodel
diff --git a/lib/swiss_bank_validator/version.rb b/lib/swiss_bank_validator/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SwissBankValidator
-  VERSION = '0.6.0'
+  VERSION = '0.6.1'
 end
diff --git a/swiss_bank_validator.gemspec b/swiss_bank_validator.gemspec
@@ -28,6 +28,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_dependency 'activemodel', '~> 6.0'
+  spec.add_dependency 'rexml', '~> 3.2.5'
 
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rubocop', '~> 1.5'