Update rexml to fix CVE-2024-41946

Dominic Couturerequested to merge
dcouture-rexml-CVE-2024-41946 into master

What does this MR do and why?

Update rexml to fix CVE-2024-41946 in several gemfiles.

Our oldest version is 3.2.5

https://my.diffend.io/gems/rexml/3.2.5/3.3.8

The new versions don't have any official breaking changes and they seem to include a lot of performance improvements.

As per the CVE-2024-41946 advisory:

If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability.

We are not impacted.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

N/A

How to set up and validate locally

N/A

Edited by Dominic Couture

Merge request reports