Merge pull request #626 from Fryguy/bump_rack

Bump rack to 3.1.20 for CVE-2026-22860

Author: jrafanie

manageiq-gems-pending.gemspec

@@ -42,8 +42,7 @@ Gem::Specification.new do |s|
 
   s.add_development_dependency "ftpd",                      "~> 2.1.0"
   s.add_development_dependency "manageiq-style",            ">= 1.5.4"
-
-  s.add_development_dependency "rack",                      "~> 3.1.19" # this ensures manageiq-style's rack requirement is safe CVE-2025-61919 https://github.com/advisories/GHSA-6xw4-3v39-52mm
+  s.add_development_dependency "rack",                      "~> 3.1.20" # transitive dependency of manageiq-style CVE-2026-22860 https://github.com/advisories/GHSA-mxw3-3hh2-x2mh
   s.add_development_dependency "rake",                      ">= 12.3.3"
   s.add_development_dependency "rspec",                     "~> 3.13"
   s.add_development_dependency "simplecov",                 ">= 0.21.2"