Fixing ReDoS in header parsing

Thanks svalkanov

[CVE-2024-26146]

Author: tenderlove

lib/rack/utils.rb

@@ -140,8 +140,8 @@ def build_nested_query(value, prefix = nil)
     module_function :build_nested_query
 
     def q_values(q_value_header)
-      q_value_header.to_s.split(/\s*,\s*/).map do |part|
-        value, parameters = part.split(/\s*;\s*/, 2)
+      q_value_header.to_s.split(',').map do |part|
+        value, parameters = part.split(';', 2).map(&:strip)
         quality = 1.0
         if md = /\Aq=([\d.]+)/.match(parameters)
           quality = md[1].to_f