Bump rack minor versions to patch CVEs
What does this MR do and why?
Bump rack minor versions to patch CVEs
We were already up to date on the main Gemfile
.
- The biggest jump in the projects using 3.x is 3.0.8 to 3.1.8 https://my.diffend.io/gems/rack/3.0.8/3.1.8
- Breaking changes "Rack v3.1 is primarily a maintenance release that removes features deprecated in Rack v3.0"
- Several security fixes
- The biggest jump in the projects using 2.x is 2.2.3.1 to 2.2.10 https://my.diffend.io/gems/rack/2.2.3.1/2.2.10
- No breaking changes
- Several security fixes
- A ruby 3.4 compatibility patch
With the main Gemfile
up to date we're not vulnerable to those vulnerabilities but this cleans up dependency scanning findings.
MR acceptance checklist
N/A
How to set up and validate locally
N/A
Edited by Dominic Couture