summaryrefslogtreecommitdiffhomepage
path: root/ci
diff options
context:
space:
mode:
Diffstat (limited to 'ci')
-rw-r--r--ci/ios/upload-vm/Gemfile.lock2
-rw-r--r--ci/ios/upload-vm/osv-scanner.toml8
2 files changed, 1 insertions, 9 deletions
diff --git a/ci/ios/upload-vm/Gemfile.lock b/ci/ios/upload-vm/Gemfile.lock
index da9e7d9f5a..3217ce338b 100644
--- a/ci/ios/upload-vm/Gemfile.lock
+++ b/ci/ios/upload-vm/Gemfile.lock
@@ -171,7 +171,7 @@ GEM
trailblazer-option (>= 0.1.1, < 0.2.0)
uber (< 0.2.0)
retriable (3.1.2)
- rexml (3.3.5)
+ rexml (3.3.6)
strscan
rouge (2.0.7)
ruby2_keywords (0.0.5)
diff --git a/ci/ios/upload-vm/osv-scanner.toml b/ci/ios/upload-vm/osv-scanner.toml
deleted file mode 100644
index 1a26a0cfe2..0000000000
--- a/ci/ios/upload-vm/osv-scanner.toml
+++ /dev/null
@@ -1,8 +0,0 @@
-# See repository root `osv-scanner.toml` for instructions and rules for this file.
-
-# rexml: The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML
-# that has many deep elements that have same local name attributes.
-[[IgnoredVulns]]
-id = "CVE-2024-43398" # GHSA-952p-6rrq-rcjv
-ignoreUntil = 2024-11-23
-reason = "rexml only parses trusted input (responses from Apple's APIs) in this code"