Merge branch 'fix-rexml-security-warning' into 'master'

蔡耀賢 · 蔡耀賢 · commit a179cb32fce2 · 2025-09-23T06:57:06.000Z
Fix CVE-2025-58767 security warning See merge request kdanmobile/shared-code-base/gems/json_requester!19
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## [2.0.2] - 2025-09-23
+- Update REXML to version `3.4.4` for [CVE-2025-58767](https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767/) DoS vulnerability warning.
+
 ## [2.0.1] - 2025-07-16
 - Update Faraday to version `2.13.2` for better stability and performance.
 - Update faraday-multipart to version `1.1.1`.
diff --git a/Gemfile b/Gemfile
@@ -3,6 +3,6 @@ source 'https://rubygems.org'
 gemspec
 
 # Simple, but flexible HTTP client library, with support for multiple backends.
-gem 'faraday', '~> 2.13.2'
+gem 'faraday', '~> 2.13.4'
 # Perform multipart-post requests using Faraday.
 gem 'faraday-multipart', '~> 1.1.1'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    json_requester (2.0.1)
+    json_requester (2.0.2)
       faraday (~> 2.0, >= 2.0.1)
       faraday-multipart (~> 1.1.0)
 
@@ -10,22 +10,22 @@ GEM
   specs:
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
-    bigdecimal (3.1.9)
+    bigdecimal (3.2.3)
     coderay (1.1.3)
     crack (1.0.0)
       bigdecimal
       rexml
-    diff-lcs (1.6.1)
-    faraday (2.13.2)
+    diff-lcs (1.6.2)
+    faraday (2.13.4)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
     faraday-multipart (1.1.1)
       multipart-post (~> 2.0)
-    faraday-net_http (3.4.0)
+    faraday-net_http (3.4.1)
       net-http (>= 0.5.0)
-    hashdiff (1.1.2)
-    json (2.11.3)
+    hashdiff (1.2.1)
+    json (2.14.1)
     logger (1.7.0)
     method_source (1.1.0)
     multipart-post (2.4.1)
@@ -34,21 +34,21 @@ GEM
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (6.0.1)
-    rexml (3.4.1)
-    rspec (3.13.0)
+    public_suffix (6.0.2)
+    rexml (3.4.4)
+    rspec (3.13.1)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.3)
+    rspec-core (3.13.5)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.2)
+    rspec-support (3.13.6)
     uri (1.0.3)
     webmock (3.25.1)
       addressable (>= 2.8.0)
@@ -59,12 +59,12 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  faraday (~> 2.13.2)
+  faraday (~> 2.13.4)
   faraday-multipart (~> 1.1.1)
   json_requester!
   pry (~> 0.14.2)
   rspec (~> 3.0)
   webmock (~> 3.25, >= 3.25.1)
 
 BUNDLED WITH
-   2.7.0
+   2.7.2
diff --git a/VERSION.md b/VERSION.md
@@ -1 +1 @@
-2.0.1
+2.0.2
