Fix the NEWS.md and change PR reference that fixes CVE-2024-35176 (#133)

andrykonchin · web-flow · commit f59790b0caa8 · 2024-06-01T05:18:44.000+09:00
It seems to me that mentioned in the NEWS.md and in the release notes PR #124 ("Move development dependencies to Gemfile") isn't a correct one and not related to CVE-2024-35176: ``` - Improved parse performance when an attribute has many <s. - GH-124 ``` #126 looks like fixes the issue with attribute value that contains multiple '>' characters. At least it adds a proper test.
diff --git a/NEWS.md b/NEWS.md
@@ -30,7 +30,7 @@
 
   * Improved parse performance when an attribute has many `<`s.
 
-    * GH-124
+    * GH-126
 
 ### Fixes
 
