Merge pull request #815 from kbrock/CVE-2025-61919

Fryguy · web-flow · commit b514795a6474 · 2025-10-14T13:32:28.000-04:00
update rack for CVE-2025-59830
diff --git a/Gemfile b/Gemfile
@@ -16,5 +16,5 @@ require File.join(Bundler::Plugin.index.load_paths("bundler-inject")[0], "bundle
 gem "rails", "~>7.2.2", ">=7.2.2.1"
 
 # security fixes for indirect dependencies
-gem "rack", ">=2.2.19" # CVE-2025-61772 https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
+gem "rack", ">=2.2.20" # CVE-2025-61919 https://github.com/advisories/GHSA-6xw4-3v39-52mm
 gem "thor", ">= 1.4.0" # CVE-2025-54314 https://github.com/advisories/GHSA-mqcp-p2hv-vw6x (railties)
