chore(deps): bump rack to 2.2.22

[justin808]

Summary

• Recreate Dependabots rack 2.2.22 lockfile update on top of current main
• Replace the conflicted original PR with a clean one-line Gemfile.lock change

Supersedes

• chore(deps): bump rack from 2.2.6.4 to 2.2.22 #1387

Validation

• env PACKAGE_JSON_FALLBACK_MANAGER=yarn_classic mise x ruby@2.7.8 node@20.19.0 -- bundle _2.4.9_ exec rake test

[claude]

PR Review: bump rack to 2.2.22

Overall: Clean, well-scoped dependency update.

Change Summary

Single-line Gemfile.lock bump: rack 2.2.6.4 -> 2.2.22. No Gemfile constraint changes needed -- the existing ~> 2.0, >= 2.2.4 range accommodates this version.

Code Quality

• Minimal and correct. Only Gemfile.lock is changed, as expected for a patch-level dependency update.
• Superseding the conflicted Dependabot PR (chore(deps): bump rack from 2.2.6.4 to 2.2.22 #1387) with a clean rebase is the right approach.

Security

rack 2.2.x has had several CVE fixes between 2.2.6.4 and 2.2.22 (including issues around header parsing, path traversal, and DoS). This bump is a positive security improvement.

Test Coverage

The PR description notes the full test suite was run manually (bundle exec rake test) -- good practice for a dependency bump. No new tests are needed for a lockfile-only change.

No concerns

This is a straightforward, low-risk security maintenance update. Nothing to flag.

---

Review generated by Claude (claude-sonnet-4-6)