Bump rexml to resolve security advisory (#10953)

aduth · web-flow · commit 87c1d60e757d · 2024-07-17T11:25:26.000-04:00
* Bump rexml to resolve security advisory changelog: Internal, Dependencies, Update dependencies to resolve security advisories * Add rexml as explicit dependency Since we use it in our code, it should be an explicit dependency See: https://github.com/18F/identity-idp/blob/ea8a6081961d6c373a870dd5fea31efce89fde7e/app/services/proofing/aamva/request/verification_request.rb#L60-L102 * Sync AAMVA fixture to expected output Likely a result of ruby/rexml#164
diff --git a/Gemfile b/Gemfile
@@ -66,6 +66,7 @@ gem 'redacted_struct'
 gem 'redis', '>= 3.2.0'
 gem 'redis-session-store', github: '18F/redis-session-store', tag: 'v1.0.1-18f'
 gem 'retries'
+gem 'rexml', '~> 3.3'
 gem 'rotp', '~> 6.3', '>= 6.3.0'
 gem 'rqrcode'
 gem 'ruby-progressbar'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -573,7 +573,7 @@ GEM
       actionpack (>= 5.0)
       railties (>= 5.0)
     retries (0.0.5)
-    rexml (3.3.1)
+    rexml (3.3.2)
       strscan
     rotp (6.3.0)
     rouge (4.2.0)
@@ -832,6 +832,7 @@ DEPENDENCIES
   redis (>= 3.2.0)
   redis-session-store!
   retries
+  rexml (~> 3.3)
   rotp (~> 6.3, >= 6.3.0)
   rqrcode
   rspec (~> 3.13.0)
diff --git a/spec/fixtures/proofing/aamva/requests/verification_request.xml b/spec/fixtures/proofing/aamva/requests/verification_request.xml
@@ -34,4 +34,4 @@
       </dldv:verifyDriverLicenseDataRequest>
     </dldv:VerifyDriverLicenseData>
   </soap:Body>
-</soap:Envelope>
+</soap:Envelope>
