libruby2.7 has rexml 3.2.3.1 which has latest security fixes --- a/Gemfile +++ b/Gemfile @@ -28,7 +28,7 @@ gem 'bcrypt', '~> 3.1', '>= 3.1.14' gem 'doorkeeper', '~> 5.5' gem 'doorkeeper-openid_connect', '~> 1.7', '>= 1.7.5' -gem 'rexml', '~> 3.2', '>= 3.2.5' +gem 'rexml', '~> 3.2', '>= 3.2.3.1' gem 'ruby-saml', '~> 1.12', '>= 1.12.1' gem 'omniauth', '~> 1.8' gem 'omniauth-auth0', '~> 2.0'