From 25b73452a460dff5a82c6b3204ffcd9e192e6346 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 28 Nov 2025 00:14:37 +0000
Subject: [PATCH] fix: Gemfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378928
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378930
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378932
- https://snyk.io/vuln/SNYK-RUBY-RACK-13535097
- https://snyk.io/vuln/SNYK-RUBY-RACK-13524628
- https://snyk.io/vuln/SNYK-RUBY-URI-13506785
---
 Gemfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile b/Gemfile
index b4907fc8c..4de2ed7ee 100644
--- a/Gemfile
+++ b/Gemfile
@@ -59,7 +59,7 @@ gem 'mini_magick'
 gem 'newrelic_rpm'
 gem 'omniauth-github'
 gem 'omniauth_login_dot_gov', git: 'https://github.com/18F/omniauth_login_dot_gov.git', branch: 'main'
-gem 'omniauth-rails_csrf_protection'
+gem 'omniauth-rails_csrf_protection', '>= 2.0.0'
 gem 'rack-attack'
 gem 'rack-cors', '>= 3.0.0', require: 'rack/cors'
 # Use Redis to cache Touchpoints in all envs