Bump rexml to resolve security advisory

[aduth]

🛠 Summary of changes

Updates rexml to resolve a security advisory.

Name: rexml
Version: 3.3.1
CVE: CVE-2024-39908
Criticality: Unknown
URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
Title: DoS in REXML
Solution: upgrade to '>= 3.3.2'

📜 Testing Plan

1. Run make audit
2. Observe no errors in output

[aduth]

Based on the failing spec, it looks like this version update changed an expected behavior with how AAMVA requests are generated. It's only the difference of a newline character, but I'm going to take a closer look.

[mitchellhenke]

Wonder if it was ruby/rexml#164?

[aduth]

Based on the failing spec, it looks like this version update changed an expected behavior with how AAMVA requests are generated. It's only the difference of a newline character, but I'm going to take a closer look.

The release notes include a number of changes unrelated to the specific security fix. I think the change here is a result of ruby/rexml#164 . I pushed a sync-up to the fixture file in 0493eb0. I also added rexml as an explicit dependency in Gemfile since we're using it in our code.