CVE-2024-39908: Upgrade rexml

.github/workflows/specs.yml

@@ -14,7 +14,7 @@ jobs:
         rails: ["6.0", "6.1", "7.0", "7.1"]
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Set up Ruby ${{ matrix.ruby }}
         uses: ruby/setup-ruby@v1
         with:
@@ -33,7 +33,6 @@ jobs:
         run: |
           bundle exec rake
       - name: Simplecov Report
-        if: ${{ matrix.rails == '6.1' && matrix.ruby >= '3.0' }}
-        uses: aki77/simplecov-report-action@v1
+        uses: k1LoW/octocov-action@v1
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}

.octocov.yml

@@ -0,0 +1,16 @@
+# generated by octocov init
+coverage:
+  if: true
+testExecutionTime:
+  if: true
+diff:
+  datastores:
+    - artifact://${GITHUB_REPOSITORY}
+comment:
+  if: is_pull_request
+summary:
+  if: true
+report:
+  if: is_default_branch
+  datastores:
+    - artifact://${GITHUB_REPOSITORY}

Gemfile.lock

@@ -166,8 +166,7 @@ GEM
     responders (3.1.0)
       actionpack (>= 5.2)
       railties (>= 5.2)
-    rexml (3.2.9)
-      strscan
+    rexml (3.3.7)
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
       rspec-expectations (~> 3.12.0)
@@ -228,7 +227,6 @@ GEM
       lint_roller (~> 1.0)
       rubocop-performance (~> 1.16.0)
     stringio (3.0.9)
-    strscan (3.1.0)
     thor (1.3.0)
     timeout (0.4.1)
     tzinfo (2.0.6)
@@ -270,4 +268,4 @@ DEPENDENCIES
   webmock
 
 BUNDLED WITH
-   2.5.15
+   2.5.18

spec/spec_helper.rb

@@ -15,7 +15,7 @@
 
 Rails.backtrace_cleaner.remove_silencers!
 
-if Rails.gem_version >= Gem::Version.new("6.0.0")
+if Rails.gem_version < Gem::Version.new("7.0.0")
   ActiveRecord::MigrationContext.new(
     File.expand_path("../dummy_app/db/migrate", __FILE__),
     ActiveRecord::SchemaMigration