Merge pull request #23725 from Fryguy/bump_rack

Bump rack to 2.2.22 for CVE-2026-22860

Author: jrafanie

Gemfile

@@ -65,7 +65,7 @@ gem "pg-dsn_parser",                    "~>0.1.1",           :require => false
 gem "prism",                            ">=0.25.0",          :require => false # Used by DescendantLoader
 gem "psych",                            ">=3.1",             :require => false # 3.1 safe_load changed positional to kwargs like aliases: true: https://github.com/ruby/psych/commit/4d4439d6d0adfcbd211ea295779315f1baa7dadd
 gem "query_relation",                   "~>0.2.0",           :require => false
-gem "rack",                             ">=2.2.20",          :require => false # https://github.com/advisories/GHSA-6xw4-3v39-52mm https://github.com/advisories/GHSA-6xw4-3v39-52mm https://github.com/advisories/GHSA-6xw4-3v39-52mm https://github.com/advisories/GHSA-6xw4-3v39-52mm https://github.com/advisories/GHSA-6xw4-3v39-52mm https://github.com/advisories/GHSA-6xw4-3v39-52mm
+gem "rack",                             ">=2.2.22",          :require => false
 gem "rack-attack",                      "~>6.8.0",           :require => false
 gem "rails",                            "~>8.0.4"
 gem "rails-i18n",                       "~>8.0.2"