From 1768f7c90c3aabbd0681db445311555d6e98cbbf Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Tue, 3 Dec 2024 19:31:31 +0100
Subject: [PATCH] rubyPackages.rexml: 3.3.6 -> 3.3.9

Fixes CVE-2024-49761 (only impacts Ruby 3.1).

Changes:
https://github.com/ruby/rexml/releases/tag/v3.3.9
https://github.com/ruby/rexml/releases/tag/v3.3.8
https://github.com/ruby/rexml/releases/tag/v3.3.7
(cherry picked from commit 81301c73353ed494d1e298f5bbb5883b53f3dfe6)
---
 pkgs/top-level/ruby-packages.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/top-level/ruby-packages.nix b/pkgs/top-level/ruby-packages.nix
index dcaa14483eaf8..4bf3a92264d2b 100644
--- a/pkgs/top-level/ruby-packages.nix
+++ b/pkgs/top-level/ruby-packages.nix
@@ -3148,10 +3148,10 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1ik3in0957l9s6iwdm3nsk4za072cj27riiqgpx6zzcd22flbw3s";
+      sha256 = "1j9p66pmfgxnzp76ksssyfyqqrg7281dyi3xyknl3wwraaw7a66p";
       type = "gem";
     };
-    version = "3.3.6";
+    version = "3.3.9";
   };
   rmagick = {
     dependencies = ["observer" "pkg-config"];