Update gems for rexml vulnerability

and related

Author: bernhold

.github/workflows/jekyll.yml

@@ -38,7 +38,7 @@ jobs:
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: '3.3.5' # Not needed with a .ruby-version file
+          ruby-version: '3.4' # Not needed with a .ruby-version file
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
           cache-version: 0 # Increment this number if you need to re-download cached gems
       - name: Setup Pages

Gemfile

@@ -38,3 +38,7 @@ gem "http_parser.rb", "~> 0.6.0", :platforms => [:jruby]
 
 # It seems that jekyll-link-attributes requires this, but the dependency is wonky
 gem "nokogiri"
+
+# Adding gems which are being moved out of Ruby stdlib
+gem "fiddle"
+gem "faraday-retry"

Gemfile.lock

@@ -4,27 +4,30 @@ GEM
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     base64 (0.3.0)
-    bigdecimal (3.2.2)
+    bigdecimal (3.3.1)
     colorator (1.1.0)
     concurrent-ruby (1.3.5)
     csv (3.3.5)
     em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0)
     eventmachine (1.2.7)
-    faraday (2.13.4)
+    faraday (2.14.0)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
     faraday-net_http (3.4.1)
       net-http (>= 0.5.0)
+    faraday-retry (2.3.2)
+      faraday (~> 2.0)
     ffi (1.17.2-x64-mingw-ucrt)
     ffi (1.17.2-x86_64-linux-gnu)
+    fiddle (1.1.8)
     forwardable-extended (2.6.0)
-    google-protobuf (4.31.1-x64-mingw-ucrt)
+    google-protobuf (4.32.1-x64-mingw-ucrt)
       bigdecimal
       rake (>= 13)
-    google-protobuf (4.31.1-x86_64-linux-gnu)
+    google-protobuf (4.32.1-x86_64-linux-gnu)
       bigdecimal
       rake (>= 13)
     http_parser.rb (0.8.0)
@@ -63,7 +66,7 @@ GEM
       jekyll (>= 3.7, < 5.0)
     jekyll-watch (2.2.1)
       listen (~> 3.0)
-    json (2.13.2)
+    json (2.15.1)
     kramdown (2.5.1)
       rexml (>= 3.3.9)
     kramdown-parser-gfm (1.1.0)
@@ -83,9 +86,9 @@ GEM
       jekyll-sitemap (~> 1.3)
     net-http (0.6.0)
       uri
-    nokogiri (1.18.9-x64-mingw-ucrt)
+    nokogiri (1.18.10-x64-mingw-ucrt)
       racc (~> 1.4)
-    nokogiri (1.18.9-x86_64-linux-gnu)
+    nokogiri (1.18.10-x86_64-linux-gnu)
       racc (~> 1.4)
     octokit (4.25.1)
       faraday (>= 1, < 3)
@@ -98,12 +101,12 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rexml (3.4.1)
-    rouge (4.6.0)
+    rexml (3.4.4)
+    rouge (4.6.1)
     safe_yaml (1.0.5)
-    sass-embedded (1.89.2-x64-mingw-ucrt)
+    sass-embedded (1.93.2-x64-mingw-ucrt)
       google-protobuf (~> 4.31)
-    sass-embedded (1.89.2-x86_64-linux-gnu)
+    sass-embedded (1.93.2-x86_64-linux-gnu)
       google-protobuf (~> 4.31)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
@@ -115,7 +118,7 @@ GEM
     tzinfo-data (1.2025.2)
       tzinfo (>= 1.0.0)
     unicode-display_width (2.6.0)
-    uri (1.0.3)
+    uri (1.0.4)
     wdm (0.2.0)
     webrick (1.9.1)
 
@@ -124,6 +127,8 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
+  faraday-retry
+  fiddle
   http_parser.rb (~> 0.6.0)
   jekyll (~> 4.3)
   jekyll-feed
@@ -137,4 +142,4 @@ DEPENDENCIES
   wdm (~> 0.1)
 
 BUNDLED WITH
-   2.5.22
+   2.7.2