diff --git a/CHANGELOG.md b/CHANGELOG.md
index 99257f9..2ae05bf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [1.2.7] - 2022-10-06
+- Upgrade cucumber (2.99.0 -> 7.1.0) and aruba (1.1.2 -> 2.0.0)
+to resolve medium severity security issue on Snyk
+  [cyberark/conjur-service-broker#294](https://github.com/cyberark/conjur-service-broker/pull/294)
+
 ## [1.2.6] - 2022-08-16
 ### Security
 - Updated tzinfo to 1.2.10 in Gemfile.lock and test/integration/test-app/Gemfile.lock to 
diff --git a/Gemfile.lock b/Gemfile.lock
index 52c44d0..bb27cb7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,31 +1,32 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (5.2.7.1)
-      actionview (= 5.2.7.1)
-      activesupport (= 5.2.7.1)
-      rack (~> 2.0, >= 2.0.8)
+    actionpack (6.1.6.1)
+      actionview (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
+      rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.7.1)
-      activesupport (= 5.2.7.1)
+    actionview (6.1.6.1)
+      activesupport (= 6.1.6.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activesupport (5.2.7.1)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activesupport (6.1.6.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    aruba (1.1.2)
+    aruba (2.0.0)
       bundler (>= 1.17, < 3.0)
       childprocess (>= 2.0, < 5.0)
       contracts (>= 0.16.0, < 0.18.0)
-      cucumber (>= 2.4, < 7.0)
+      cucumber (>= 4.0, < 8.0)
       rspec-expectations (~> 3.4)
       thor (~> 1.0)
     builder (3.2.4)
@@ -40,34 +41,43 @@ GEM
       ci_reporter (~> 2.0)
       rspec (>= 2.14, < 4)
     coderay (1.1.3)
-    concurrent-ruby (1.1.9)
-    conjur-api (5.3.7)
+    concurrent-ruby (1.1.10)
+    conjur-api (5.3.8.pre.194)
       activesupport (>= 4.2)
       addressable (~> 2.0)
       rest-client
-    contracts (0.16.1)
+    contracts (0.17)
     crass (1.0.6)
-    cucumber (2.99.0)
-      builder (>= 2.1.2)
-      cucumber-core (~> 1.5.0)
-      cucumber-wire (~> 0.0.1)
-      diff-lcs (>= 1.1.3)
-      gherkin (~> 4.0)
-      multi_json (>= 1.7.5, < 2.0)
-      multi_test (>= 0.1.2)
-    cucumber-core (1.5.0)
-      gherkin (~> 4.0)
-    cucumber-wire (0.0.1)
-    diff-lcs (1.5.0)
+    cucumber (7.1.0)
+      builder (~> 3.2, >= 3.2.4)
+      cucumber-core (~> 10.1, >= 10.1.0)
+      cucumber-create-meta (~> 6.0, >= 6.0.1)
+      cucumber-cucumber-expressions (~> 14.0, >= 14.0.0)
+      cucumber-gherkin (~> 22.0, >= 22.0.0)
+      cucumber-html-formatter (~> 17.0, >= 17.0.0)
+      cucumber-messages (~> 17.1, >= 17.1.1)
+      cucumber-wire (~> 6.2, >= 6.2.0)
+      diff-lcs (~> 1.4, >= 1.4.4)
+      mime-types (~> 3.3, >= 3.3.1)
+      multi_test (~> 0.1, >= 0.1.2)
+      sys-uname (~> 1.2, >= 1.2.2)
+    cucumber-core (10.1.0)
+      cucumber-gherkin (~> 22.0, >= 22.0.0)
+      cucumber-messages (~> 17.1, >= 17.1.1)
+      cucumber-tag-expressions (~> 4.0, >= 4.0.2)
+    cucumber-wire (6.2.0)
+      cucumber-core (~> 10.1, >= 10.1.0)
+      cucumber-cucumber-expressions (~> 14.0, >= 14.0.0)
+      cucumber-messages (~> 17.1, >= 17.1.1)
+    diff-lcs (1.4.4)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     erubi (1.10.0)
-    ffi (1.15.5)
-    gherkin (4.1.3)
+    ffi (1.15.4)
     http-accept (1.7.0)
     http-cookie (1.0.4)
       domain_name (~> 0.5)
-    i18n (1.10.0)
+    i18n (1.8.11)
       concurrent-ruby (~> 1.0)
     json-schema (2.8.0)
       addressable (>= 2.4)
@@ -81,10 +91,9 @@ GEM
       tomlrb (>= 1.3, < 2.1)
       with_env (= 1.1.0)
       xml-simple (~> 1.1.5)
-    listen (3.1.5)
-      rb-fsevent (~> 0.9, >= 0.9.4)
-      rb-inotify (~> 0.9, >= 0.9.7)
-      ruby_dep (~> 1.2)
+    listen (3.7.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
     loofah (2.18.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
@@ -93,13 +102,12 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2022.0105)
     mini_portile2 (2.8.0)
-    minitest (5.15.0)
+    minitest (5.16.2)
     multi_json (1.15.0)
     multi_test (0.1.2)
     netrc (0.11.0)
     nio4r (2.5.8)
-    nokogiri (1.13.6)
-      mini_portile2 (~> 2.8.0)
+    nokogiri (1.13.7-x86_64-darwin)
       racc (~> 1.4)
     pry (0.13.1)
       coderay (~> 1.1)
@@ -111,20 +119,20 @@ GEM
     puma (5.6.4)
       nio4r (~> 2.0)
     racc (1.6.0)
-    rack (2.2.3.1)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
+    rack (2.2.4)
+    rack-test (2.0.2)
+      rack (>= 1.3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.4.3)
       loofah (~> 2.3)
-    railties (5.2.7.1)
-      actionpack (= 5.2.7.1)
-      activesupport (= 5.2.7.1)
+    railties (6.1.6.1)
+      actionpack (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
       method_source
-      rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
+      rake (>= 12.2)
+      thor (~> 1.0)
     rake (13.0.6)
     rb-fsevent (0.11.1)
     rb-inotify (0.10.1)
@@ -135,43 +143,44 @@ GEM
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
     rexml (3.2.5)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.3)
-      rspec-support (~> 3.9.3)
-    rspec-expectations (3.9.4)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-rails (3.9.1)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-      rspec-support (~> 3.9.0)
-    rspec-support (3.9.4)
+      rspec-support (~> 3.10.0)
+    rspec-rails (5.0.2)
+      actionpack (>= 5.2)
+      activesupport (>= 5.2)
+      railties (>= 5.2)
+      rspec-core (~> 3.10)
+      rspec-expectations (~> 3.10)
+      rspec-mocks (~> 3.10)
+      rspec-support (~> 3.10)
+    rspec-support (3.10.3)
     rspec_junit_formatter (0.5.1)
       rspec-core (>= 2, < 4, != 2.12.0)
     ruby_dep (1.5.0)
     rubyzip (2.3.2)
-    spring (2.1.1)
+    spring (2.1.0)
     spring-watcher-listen (2.0.1)
       listen (>= 2.7, < 4.0)
       spring (>= 1.2, < 3.0)
-    thor (1.0.1)
+    thor (1.2.1)
     thread_safe (0.3.6)
     tomlrb (2.0.1)
-    tzinfo (1.2.10)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
       thread_safe (~> 0.1)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.8)
+    unf_ext (0.0.8.1)
     with_env (1.1.0)
     xml-simple (1.1.9)
       rexml
@@ -180,25 +189,25 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  actionview (~> 5.2.6)
-  activesupport (~> 5.2.6)
+  actionview (~> 6.1)
+  activesupport (~> 6.1)
   aruba
   bundler-audit
   byebug
   ci_reporter_rspec (~> 1)
   conjur-api (~> 5.3.4)
-  cucumber (~> 2)
+  cucumber (~> 7.1)
   json-schema (= 2.8.0)
   json_spec (~> 1.1.5)
   license_finder
-  listen (>= 3.0.5, < 3.2)
+  listen
   pry-byebug
-  puma (= 5.6.4)
-  rack (~> 2.2.3)
-  railties (~> 5.2.6)
+  puma (~> 5.6)
+  rack (~> 2.2)
+  railties (~> 6.1)
   rest-client
-  rspec (~> 3)
-  rspec-rails (~> 3.7)
+  rspec 
+  rspec-rails
   rspec_junit_formatter
   spring
   spring-watcher-listen (~> 2.0.0)