Bump rexml from 3.2.4 to 3.2.5

[dependabot[bot]]

Bumps rexml from 3.2.4 to 3.2.5.

Changelog

Sourced from rexml's changelog.

3.2.5 - 2021-04-05 {#version-3-2-5}

Improvements

• Add more validations to XPath parser.

• require "rexml/document" by default. [GitHub#36][Patch by Koichi ITO]

• Don't add #dcloe method to core classes globally. [GitHub#37][Patch by Akira Matsuda]

• Add more documentations. [Patch by Burdette Lamar]

• Added REXML::Elements#parent. [GitHub#52][Patch by Burdette Lamar]

Fixes

• Fixed a bug that REXML::DocType#clone doesn't copy external ID information.

• Fixed round-trip vulnerability bugs. See also: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ [HackerOne#1104077][CVE-2021-28965][Reported by Juho Nurminen]

Thanks

• Koichi ITO

• Akira Matsuda

• Burdette Lamar

• Juho Nurminen

Commits

• a622645 Add 3.2.5 entry
• 3c137eb Fix a parser bug that some data may be ignored before DOCTYPE
• 9b311e5 Fix a bug that invalid document declaration may be accepted
• f9d88e4 Fix a bug that invalid document declaration may be generated
• f7bab89 Fix a bug that invalid element end may be accepted
• 6a250d2 Fix a bug that invalid element start may be accepted
• 2fe62e2 Fix a bug that invalid notation declaration may be accepted
• a659c63 Fix a bug that invalid notation declaration may be generated
• 790dd11 Use ruby/setup-ruby (#66)
• eda1b20 Clean up and enhance high-level RDoc (#65)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ertyseidohl/computing-etymologies/network/alerts).

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.