Merge branch 'fix-rexml-once-again-ios-part-3'

4 files changed, 2 insertions, 18 deletions

diff --git a/ci/ios/upload-vm/Gemfile.lock b/ci/ios/upload-vm/Gemfile.lock
index da9e7d9f5a..3217ce338b 100644
--- a/ci/ios/upload-vm/Gemfile.lock
+++ b/ci/ios/upload-vm/Gemfile.lock
@@ -171,7 +171,7 @@ GEM
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.3.5)
+    rexml (3.3.6)
       strscan
     rouge (2.0.7)
     ruby2_keywords (0.0.5)
diff --git a/ci/ios/upload-vm/osv-scanner.toml b/ci/ios/upload-vm/osv-scanner.toml
deleted file mode 100644
index 1a26a0cfe2..0000000000
--- a/ci/ios/upload-vm/osv-scanner.toml
+++ /dev/null
@@ -1,8 +0,0 @@
-# See repository root `osv-scanner.toml` for instructions and rules for this file.
-
-# rexml: The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML
-# that has many deep elements that have same local name attributes.
-[[IgnoredVulns]]
-id = "CVE-2024-43398" # GHSA-952p-6rrq-rcjv
-ignoreUntil = 2024-11-23
-reason = "rexml only parses trusted input (responses from Apple's APIs) in this code"
diff --git a/ios/Gemfile.lock b/ios/Gemfile.lock
index da9e7d9f5a..3217ce338b 100644
--- a/ios/Gemfile.lock
+++ b/ios/Gemfile.lock
@@ -171,7 +171,7 @@ GEM
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.3.5)
+    rexml (3.3.6)
       strscan
     rouge (2.0.7)
     ruby2_keywords (0.0.5)
diff --git a/ios/osv-scanner.toml b/ios/osv-scanner.toml
deleted file mode 100644
index 1a26a0cfe2..0000000000
--- a/ios/osv-scanner.toml
+++ /dev/null
@@ -1,8 +0,0 @@
-# See repository root `osv-scanner.toml` for instructions and rules for this file.
-
-# rexml: The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML
-# that has many deep elements that have same local name attributes.
-[[IgnoredVulns]]
-id = "CVE-2024-43398" # GHSA-952p-6rrq-rcjv
-ignoreUntil = 2024-11-23
-reason = "rexml only parses trusted input (responses from Apple's APIs) in this code"