fix: security update rack version

Bulletdev · Bulletdev · commit 0920f0289f1d · 2025-10-12T02:14:30.000-03:00
CVE: CVE-2025-61780 CVE: CVE-2025-61919 GHSA: GHSA-6xw4-3v39-52mm GHSA: GHSA-r657-rxjc-j557
diff --git a/Gemfile b/Gemfile
@@ -12,6 +12,9 @@ gem "pg", "~> 1.1"
 # Use the Puma web server [https://github.com/puma/puma]
 gem "puma", "~> 6.0"
 
+# Security: Force Rack to safe version to fix CVE-2025-61780 and CVE-2025-61919
+gem "rack", "~> 3.1.18"
+
 # Build JSON APIs with ease [https://github.com/rails/jbuilder]
 # gem "jbuilder"
 
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -199,7 +199,7 @@ GEM
     pundit (2.5.2)
       activesupport (>= 3.0.0)
     racc (1.8.1)
-    rack (3.1.17)
+    rack (3.1.18)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-cors (3.0.0)
@@ -369,6 +369,7 @@ DEPENDENCIES
   pg (~> 1.1)
   puma (~> 6.0)
   pundit
+  rack (~> 3.1.18)
   rack-attack
   rack-cors
   rails (~> 7.2.0)
