Merge pull request #283 from cyberark/update-rack

Update rack to 2.2.3.1
cyberark · Jun 10, 2022 · 28c0016 · 28c0016
2 parents 7583d59 + 9890a99
commit 28c0016
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Security
+- Upgrade rack to 2.2.3.1 to resolves CVE-2022-30122 and CVE-2022-30123
+  [cyberark/conjur-service-broker#283](https://github.com/cyberark/conjur-service-broker/pull/283)
+
 ## [1.2.5] - 2022-05-19
 ### Security
 - Upgrade nokogiri to 1.13.6 to resolve un-numbered libxml CVEs

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -111,7 +111,7 @@ GEM
     puma (5.6.4)
       nio4r (~> 2.0)
     racc (1.6.0)
-    rack (2.2.3)
+    rack (2.2.3.1)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails-dom-testing (2.0.3)

diff --git a/tests/integration/test-app/Gemfile.lock b/tests/integration/test-app/Gemfile.lock
@@ -35,7 +35,7 @@ GEM
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
     netrc (0.11.0)
-    rack (2.2.3)
+    rack (2.2.3.1)
     rack-protection (2.2.0)
       rack
     rest-client (2.0.2)