rexml 3.0 has a CVE - can you bump it to 3.3.6 or later?

[johnmccrae]

Per this CVE we need to bump our support up. Can you help?

[fwininger]

https://github.com/WinRb/WinRM/blob/main/winrm.gemspec#L40

The gemspec is not blocking an update to 3.3.X for rexml.

I don't think there is a issue here.