Bump rexml from 3.1.9 to 3.2.5

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps rexml from 3.1.9 to 3.2.5.

Changelog

3.2.5 - 2021-04-05 {#version-3-2-5}

Improvements

Add more validations to XPath parser.

require "rexml/document" by default. [GitHub#36][Patch by Koichi ITO]

Don't add #dcloe method to core classes globally. [GitHub#37][Patch by Akira Matsuda]

Add more documentations. [Patch by Burdette Lamar]

Added REXML::Elements#parent. [GitHub#52][Patch by Burdette Lamar]

Fixes

Fixed a bug that REXML::DocType#clone doesn't copy external ID information.

Fixed round-trip vulnerability bugs. See also: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ [HackerOne#1104077][CVE-2021-28965][Reported by Juho Nurminen]

Thanks

Koichi ITO

Akira Matsuda

Burdette Lamar

Juho Nurminen

3.2.4 - 2020-01-31 {#version-3-2-4}

Improvements

Don't use taint with Ruby 2.7 or later. [GitHub#21][Patch by Jeremy Evans]

Fixes

Fixed a elsif typo. [GitHub#22][Patch by Nobuyoshi Nakada]

Thanks

... (truncated)

Commits

a622645 Add 3.2.5 entry
3c137eb Fix a parser bug that some data may be ignored before DOCTYPE
9b311e5 Fix a bug that invalid document declaration may be accepted
f9d88e4 Fix a bug that invalid document declaration may be generated
f7bab89 Fix a bug that invalid element end may be accepted
6a250d2 Fix a bug that invalid element start may be accepted
2fe62e2 Fix a bug that invalid notation declaration may be accepted
a659c63 Fix a bug that invalid notation declaration may be generated
790dd11 Use ruby/setup-ruby (#66)
eda1b20 Clean up and enhance high-level RDoc (#65)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TheDigitalStandard/TheDigitalStandard/network/alerts).

consumer-reports-innovation-lab / TheDigitalStandard

Bump rexml from 3.1.9 to 3.2.5 #184

3.2.5 - 2021-04-05 {#version-3-2-5}

Improvements

Fixes

Thanks

3.2.4 - 2020-01-31 {#version-3-2-4}

Improvements

Fixes

Thanks