From 89c10f4de5f43c625f166beab7b1f1583773d0ae Mon Sep 17 00:00:00 2001 From: Joe Rafaniello Date: Fri, 2 Aug 2024 10:39:12 -0400 Subject: [PATCH] Merge pull request #582 from Fryguy/rexml_3_3_4 Upgrade rexml to 3.3.3+ for CVE-2024-41123 and CVE-2024-41946 (cherry picked from commit aa3f5b2f93c3f55426f010ff751ce7728abbc748) --- manageiq-gems-pending.gemspec | 2 +- spec/util/miq-xml_spec.rb | 13 ------------- 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/manageiq-gems-pending.gemspec b/manageiq-gems-pending.gemspec index 1fccd835..3901b43b 100644 --- a/manageiq-gems-pending.gemspec +++ b/manageiq-gems-pending.gemspec @@ -28,7 +28,7 @@ Gem::Specification.new do |s| s.add_runtime_dependency "more_core_extensions", "~> 4.4" s.add_runtime_dependency "net-ftp", "~> 0.1.2" s.add_runtime_dependency "nokogiri", "~> 1.14", ">= 1.14.3" - s.add_runtime_dependency "rexml", ">= 3.3.2" + s.add_runtime_dependency "rexml", ">= 3.3.4" s.add_runtime_dependency "sys-proctable", "~> 1.2.5" s.add_runtime_dependency "sys-uname", "~> 1.2.1" s.add_runtime_dependency "win32ole", "~> 1.8.8" # this gem was extracted in ruby 3 - required if we use wmi on windows diff --git a/spec/util/miq-xml_spec.rb b/spec/util/miq-xml_spec.rb index fac51eb8..7ba0f9fb 100644 --- a/spec/util/miq-xml_spec.rb +++ b/spec/util/miq-xml_spec.rb @@ -6,19 +6,6 @@ expect(xml.root.elements[1].attributes['attr1']).to eq(attr_string) end - it "handles loaded document with top-level text nodes" do - attr_string = "test string" - doc_text = "XXX" - - xml = MiqXml.load(doc_text) - expect(xml.root.elements[1].attributes['attr1']).to eq(attr_string) - - expect(xml.to_s).to start_with("XXX") - - xml.write(xml_str = '', 1) - expect(xml_str).to start_with("\n") - end - it "handles loaded document with UTF-8 BOM" do bom = "\xEF\xBB\xBF".force_encoding("US-ASCII") attr_string = "test string"