Update rack from 2.2.3 to 3.0.0 (!2779) · Merge requests · GitLab.org / charts / GitLab Chart · GitLab

Takuya Noguchi requested to merge tnir-rack-3.0.0 into master Sep 19, 2022

What does this MR do?

Updates rack from 2.2.3 to 3.0.0 to address CVE-2022-30122 (see https://github.com/rack/rack/pull/1733), which does NOT affect our product as the gem is used only in testing.

rack is used only by rubocop-rails in test.
rack-test depends on rack.
rack-test is used only by capybara in test.

Changelog in the upstream

https://github.com/rack/rack/blob/3.0.0/CHANGELOG.md

Related issues

n/a

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

Merge Request Title and Description are up to date, accurate, and descriptive
MR targeting the appropriate branch
MR has a green pipeline on GitLab.com

Expected (please provide an explanation if not completing)

Test plan indicating conditions for success has been posted and passes
[n/a] Documentation created/updated
[n/a] Tests added
[n/a] Integration tests added to GitLab QA
[n/a] Equivalent MR/issue for omnibus-gitlab opened

Edited Sep 21, 2022 by Takuya Noguchi