From 50758ecd0a79256b36813ded4c555665ac72b843 Mon Sep 17 00:00:00 2001
From: Riana Ferreira <riana.ferreira@envato.com>
Date: Tue, 9 Jul 2024 13:29:49 +1000
Subject: [PATCH] Updated rexml dependency version to resolve the DoS
 vulnerability.

---
 CHANGES.md     | 2 ++
 valvat.gemspec | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 98ac54b..47a888c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -3,6 +3,8 @@
 
 [full changelog](http://github.com/yolk/valvat/compare/v1.4.1...master)
 
+* Resolved [rexml security vulnerability](https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh) by [Riana Ferreira](https://github.com/bad-vegan)
+
 ### 1.4.1 / 2024-01-08
 
 [full changelog](http://github.com/yolk/valvat/compare/v1.4.0...v1.4.1)
diff --git a/valvat.gemspec b/valvat.gemspec
index e21bb5c..398e322 100644
--- a/valvat.gemspec
+++ b/valvat.gemspec
@@ -24,5 +24,5 @@ Gem::Specification.new do |s|
     'rubygems_mfa_required' => 'true'
   }
 
-  s.add_runtime_dependency('rexml', '>= 3.2', '< 4.0')
+  s.add_runtime_dependency('rexml', '>= 3.3.1', '< 4.0.0')
 end