From 452e66f8b059216ef8fe9b9bf152760afade1758 Mon Sep 17 00:00:00 2001
From: Greg Dubicki <566632+gdubicki@users.noreply.github.com>
Date: Wed, 29 May 2024 12:16:26 +0200
Subject: [PATCH] fix: vulnerability CVE-2024-35176

Fixes https://github.com/googleapis/google-api-ruby-client/issues/18987
---
 google-apis-core/google-apis-core.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/google-apis-core/google-apis-core.gemspec b/google-apis-core/google-apis-core.gemspec
index 041ff3c6064..fb5756f6945 100644
--- a/google-apis-core/google-apis-core.gemspec
+++ b/google-apis-core/google-apis-core.gemspec
@@ -26,5 +26,5 @@ Gem::Specification.new do |gem|
   gem.add_runtime_dependency "mini_mime", "~> 1.0"
   gem.add_runtime_dependency "googleauth", "~> 1.9"
   gem.add_runtime_dependency "httpclient", ">= 2.8.1", "< 3.a"
-  gem.add_runtime_dependency "rexml"
+  gem.add_runtime_dependency "rexml", ">= 3.2.7", "< 4.0"
 end