Update rack to 2.0.6 (for QA environments) for addressing CVE-2018-16471

Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>

3 files changed, 9 insertions, 4 deletions

diff --git a/changelogs/unreleased/54201-update-rack-to-2-0-6.yml b/changelogs/unreleased/54201-update-rack-to-2-0-6.yml
new file mode 100644
index 00000000000..020b2bc0957
--- /dev/null
+++ b/changelogs/unreleased/54201-update-rack-to-2-0-6.yml
@@ -0,0 +1,5 @@
+---
+title: Update rack to 2.0.6 (for QA environments)
+merge_request: 23171
+author: Takuya Noguchi
+type: security
diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock
index 8d28fcacc05..d61ecf8fbb5 100644
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@@ -56,7 +56,7 @@ GEM
       byebug (~> 9.1)
       pry (~> 0.10)
     public_suffix (3.0.1)
-    rack (2.0.3)
+    rack (2.0.6)
     rack-test (0.8.2)
       rack (>= 1.0, < 3)
     rake (12.3.0)
@@ -103,4 +103,4 @@ DEPENDENCIES
   selenium-webdriver (~> 3.8.0)
 
 BUNDLED WITH
-   1.16.4
+   1.17.1
diff --git a/qa/qa/fixtures/auto_devops_rack/Gemfile.lock b/qa/qa/fixtures/auto_devops_rack/Gemfile.lock
index 09cf72c48ac..d44ccbb5e69 100644
--- a/qa/qa/fixtures/auto_devops_rack/Gemfile.lock
+++ b/qa/qa/fixtures/auto_devops_rack/Gemfile.lock
@@ -1,7 +1,7 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    rack (2.0.4)
+    rack (2.0.6)
     rake (12.3.0)
 
 PLATFORMS
@@ -12,4 +12,4 @@ DEPENDENCIES
   rake
 
 BUNDLED WITH
-   1.16.1
+   1.17.1