[Snyk] Fix for 1 vulnerabilities

[melvin-bot]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • Gemfile

⚠️ Warning

Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Uncontrolled Resource Consumption SNYK-RUBY-REXML-6861566	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~01b0e67567e18d03e7
• Upwork Job ID: 1791540288063905792
• Last Price Increase: 2024-05-17

[melvin-bot]

This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.

    C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
    - [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
    - [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
    - [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
    - [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~01b0e67567e18d03e7

[melvin-bot]

Triggered auto assignment to Contributor Plus for review of internal employee PR - @jayeshmangwani (Internal)

[melvin-bot]

This issue has not been updated in over 15 days. @jayeshmangwani eroding to Monthly issue.

P.S. Is everyone reading this sure this is really a near-term priority? Be brave: if you disagree, go ahead and close it out. If someone disagrees, they'll reopen it, and if they don't: one less thing to do!

[jayeshmangwani]

We can close this issue. The Gemfile changes have been made in this PR #42352.

cc: @cristipaval

[jayeshmangwani]

Gemfile changes have been made in this PR #42352. We can close this issue. I am approving this to assign someone to close the issue.

🎀 👀 🎀

[melvin-bot]

Triggered auto assignment to @hayata-suenaga, see https://stackoverflow.com/c/expensify/questions/7972 for more details.

[hayata-suenaga]

According to this comment, I'm closing this issue.