Turnout is using an outdated Rack version

[skreib]

As for now turnout.gemspec contains the following Rack dependency:

s.add_dependency('rack', '>= 1.3', '< 3')

However, according to Snyk, Rack version 2.* has known security vulnerabilities, such as Web Cache Poisoning.

Is it possible to update this Rack dependency to use version 3.0 and above?

[gguerini]

Hey @adamcrown, would you be open to reviewing and approving a PR that updates rack to v3 and assisting with the release process? I’ve been using turnout for a long time (thank you for creating it!), but I’d feel more comfortable using the latest version of rack.

If you’re busy or no longer interested in maintaining the project, I’m happy to either fork it or, if you’re open to it, take over maintenance. Let me know what works best for you. Thanks!