Update rack to 2.2.3

This fixes CVE-2020-8184.
4 jobs for debian/buster/0.0.3 in 4 minutes and 45 seconds (queued for 1 second)
latest
Status Name Job ID Coverage
  Static
passed codespell #150359

00:00:16

 
  Test
passed ruby:2.4 #150360

00:04:24

passed ruby:2.5 #150361

00:04:28

passed ruby:2.6 #150362

00:01:14