From e06b48e7f5611e11409fa9607d0db2c2135eda1d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Feb 2026 16:41:03 +0000
Subject: [PATCH] chore(deps): bump rack from 3.1.18 to 3.1.20

Bumps [rack](https://github.com/rack/rack) from 3.1.18 to 3.1.20.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v3.1.18...v3.1.20)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 3.1.20
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Gemfile b/Gemfile
index c306b83..496cd50 100644
--- a/Gemfile
+++ b/Gemfile
@@ -15,7 +15,7 @@ gem 'pg', '~> 1.1'
 gem 'puma', '~> 6.0'
 
 # Security: Force Rack to safe version to fix CVE-2025-61780 and CVE-2025-61919
-gem 'rack', '~> 3.1.18'
+gem 'rack', '~> 3.1.20'
 
 # Build JSON APIs with ease [https://github.com/rails/jbuilder]
 # gem "jbuilder"
diff --git a/Gemfile.lock b/Gemfile.lock
index beb2bd5..b019ebb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -241,7 +241,7 @@ GEM
       activesupport (>= 3.0.0)
     raabro (1.4.0)
     racc (1.8.1)
-    rack (3.1.18)
+    rack (3.1.20)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-cors (3.0.0)
@@ -430,7 +430,7 @@ DEPENDENCIES
   pg (~> 1.1)
   puma (~> 6.0)
   pundit
-  rack (~> 3.1.18)
+  rack (~> 3.1.20)
   rack-attack
   rack-cors
   rails (~> 7.2.0)