Bump bundled REXML

kenhys · kenhys · commit cd4bd43617aa · 2025-01-30T11:07:22.000+09:00
Fix ReDoS issue. https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/ Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
diff --git a/Dockerfile.template.erb b/Dockerfile.template.erb
@@ -80,7 +80,7 @@ RUN refreshenv \
 && echo gem: --no-document >> C:\ProgramData\gemrc \
 && gem install oj -v 3.16.1 \
 && gem install json -v 2.6.3 \
-&& gem install rexml -v 3.2.6 \
+&& gem install rexml -v 3.4.0 \
 && gem install fluentd -v <%= fluentd_ver %> \
 && gem install win32-service -v 2.3.2 \
 && gem install win32-ipc -v 0.7.0 \
