From 9825868ba2b2194a2329d24c08d47a054bf265cc Mon Sep 17 00:00:00 2001
From: Edward Woodcock <768254+RemoteCTO@users.noreply.github.com>
Date: Thu, 31 Oct 2024 05:47:17 +0100
Subject: [PATCH] Bump rexml to >= 3.3.9 to resolve GHSA-2rxp-v6pw-ch6m (#857)

A `ReDoS vulnerability in REXML` has been identified in versions <3.3.9

Details in GitHub:
 - https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m

This is a small bump to the latest patched version. This should resolve
anybody getting the following `bundle audit` error when using
overcommit:

```
Name: rexml
Version: 3.3.8
CVE: CVE-2024-49761
GHSA: GHSA-2rxp-v6pw-ch6m
Criticality: High
URL: https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
Title: REXML ReDoS vulnerability
Solution: update to '>= 3.3.9'
```
---
 lib/overcommit/version.rb | 2 +-
 overcommit.gemspec        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/overcommit/version.rb b/lib/overcommit/version.rb
index 9df380b0..afd18470 100644
--- a/lib/overcommit/version.rb
+++ b/lib/overcommit/version.rb
@@ -2,5 +2,5 @@
 
 # Defines the gem version.
 module Overcommit
-  VERSION = '0.64.0'
+  VERSION = '0.64.1'
 end
diff --git a/overcommit.gemspec b/overcommit.gemspec
index 0b3a590d..caaa8499 100644
--- a/overcommit.gemspec
+++ b/overcommit.gemspec
@@ -33,5 +33,5 @@ Gem::Specification.new do |s|
 
   s.add_dependency          'childprocess', '>= 0.6.3', '< 6'
   s.add_dependency          'iniparse', '~> 1.4'
-  s.add_dependency          'rexml', '~> 3.2'
+  s.add_dependency          'rexml', '>= 3.3.9'
 end