Issue #20516 has been updated by nagachika (Tomoyuki Chikanaga).
The version of strscan required has changed,
Right, I think commit:7f0e26b7f99bf76408569892ce20318501f74729 was the follow-up for the dependency change, and the backporting it (with some preceding changesets) cure the failures on the test of rexml(partially) and rss. However the test of rexml on ruby core repo still failed. https://github.com/ruby/ruby/actions/runs/9334302271/job/25692373287#step:16... ---------------------------------------- Bug #20516: The version of rexml in ruby 3.3.2 has not been updated since 3.2.6. https://bugs.ruby-lang.org/issues/20516#change-108582 * Author: naitoh (Jun NAITOH) * Status: Closed * ruby -v: ruby 3.3.2 (2024-05-30 revision e5a195edf6) [arm64-darwin22] * Backport: 3.1: REQUIRED, 3.2: REQUIRED, 3.3: DONE ---------------------------------------- The version of rexml in ruby 3.3.2 has not been updated since 3.2.6. This is still a DoS vulnerable version. https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/ ``` $ ruby -v ruby 3.3.2 (2024-05-30 revision e5a195edf6) [arm64-darwin22] $ gem list rexml *** LOCAL GEMS *** rexml (3.2.6) ``` -- https://bugs.ruby-lang.org/