Vulnerability in Rouge 2.0.7

[dvelopmberg]

New Issue Checklist

• Updated fastlane to the latest version
• I read the Contribution Guidelines
• I read docs.fastlane.tools
• I searched for existing GitHub issues

Issue Description

The fastlane release 2.212.1 is conusming xcpretty 0.3.0
https://github.com/fastlane/fastlane/blob/master/Gemfile.lock

xcpretty 0.3.0 is conusming rouge 2.0.7 and this version has vulnerabilities
https://ossindex.sonatype.org/vulnerability/sonatype-2021-4771?component-type=gem&component-name=rouge&utm_source=dependency-track&utm_medium=integration&utm_content=v4.5.0

I don't know what to do, because the xcpretty project is dead i think? There are no changes since 2018
and the active pull request with the update of rouge is open since end of 2022
xcpretty/xcpretty#383

Command executed

Not relevant.

Complete output when running fastlane, including the stack trace and command used

 Not relevant 

Environment

 Not relevant 

[fastlane-bot]

It seems like you have not included the output of fastlane env
To make it easier for us help you resolve this issue, please update the issue to include the output of fastlane env 👍

[lolezy]

issue still valid on the latest version

[DevMobileAS]

See xcpretty/xcpretty#383 (comment)
Please fix this!

[DevMobileAS]

FYI: xcpretty is now at 0.4.0 containing the needed update for rouge to fix the vulnerability.

I'm not sure what exactly I need to update within fastlane to just use the new xcpretty version, but maybe some of the existing contributors could help with this?