From e1c2971825004e155061b2eb8c3bc36fb6cb13a9 Mon Sep 17 00:00:00 2001
From: Lud <swiknaba@users.noreply.github.com>
Date: Wed, 5 May 2021 13:36:46 +0200
Subject: [PATCH] use rexml ~> 3.2.5 due to CVE-2021-28965

https://github.com/advisories/GHSA-8cr8-4vfw-mr7h
---
 pronto.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pronto.gemspec b/pronto.gemspec
index af934c75..42d86499 100644
--- a/pronto.gemspec
+++ b/pronto.gemspec
@@ -44,7 +44,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency('httparty', '>= 0.13.7')
   s.add_runtime_dependency('octokit', '~> 4.7', '>= 4.7.0')
   s.add_runtime_dependency('rainbow', '>= 2.2', '< 4.0')
-  s.add_runtime_dependency('rexml', '~> 3.2')
+  s.add_runtime_dependency('rexml', '~> 3.2', '>= 3.2.5')
   s.add_runtime_dependency('rugged', '>= 0.23.0', '< 1.1.0')
   s.add_runtime_dependency('thor', '>= 0.20.3', '< 2.0')
   s.add_development_dependency('bundler', '>= 1.15')