Merge branch 'update-omniauth-saml' into 'master'

Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml ## What does this MR do? Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) Fixes #19206 See merge request !4951

Merge branch 'update-omniauth-saml' into 'master'
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml ## What does this MR do? Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) Fixes #19206 See merge request !4951
c3a8b252 · Stan Hu · 21842cf9 · 6963dcb5 · c3a8b252 · c3a8b252
Commit c3a8b252 authored Jun 27, 2016 by Stan Hu
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 6 deletions

CHANGELOG CHANGELOG +3 -0

Gemfile Gemfile +1 -1

Gemfile.lock Gemfile.lock +4 -5

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -14,6 +14,9 @@ v 8.10.0 (unreleased)
  - Add API endpoint for a group issues !4520 (mahcsig)
  - Allow [ci skip] to be in any case and allow [skip ci]. !4785 (simon_w)

+v 8.9.2
+  - Update omniauth-saml to 1.6.0 !4951
+
 v 8.9.1
  - Refactor labels documentation. !3347
  - Eager load award emoji on notes. !4628

--- a/Gemfile
+++ b/Gemfile
@@ -30,7 +30,7 @@ gem 'omniauth-github',        '~> 1.1.1'
 gem 'omniauth-gitlab',        '~> 1.0.0'
 gem 'omniauth-google-oauth2', '~> 0.2.0'
 gem 'omniauth-kerberos',      '~> 0.3.0', group: :kerberos
-gem 'omniauth-saml',          '~> 1.5.0'
+gem 'omniauth-saml',          '~> 1.6.0'
 gem 'omniauth-shibboleth',    '~> 1.2.0'
 gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -459,9 +459,9 @@ GEM
    omniauth-oauth2 (1.3.1)
      oauth2 (~> 1.0)
      omniauth (~> 1.2)
-    omniauth-saml (1.5.0)
+    omniauth-saml (1.6.0)
      omniauth (~> 1.3)
-      ruby-saml (~> 1.1, >= 1.1.1)
+      ruby-saml (~> 1.3)
    omniauth-shibboleth (1.2.1)
      omniauth (>= 1.0.0)
    omniauth-twitter (1.2.1)
@@ -622,9 +622,8 @@ GEM
    ruby-fogbugz (0.2.1)
      crack (~> 0.4)
    ruby-progressbar (1.8.1)
-    ruby-saml (1.1.2)
+    ruby-saml (1.3.0)
      nokogiri (>= 1.5.10)
-      uuid (~> 2.3)
    ruby_parser (3.8.2)
      sexp_processor (~> 4.1)
    rubyntlm (0.5.2)
@@ -912,7 +911,7 @@ DEPENDENCIES
  omniauth-gitlab (~> 1.0.0)
  omniauth-google-oauth2 (~> 0.2.0)
  omniauth-kerberos (~> 0.3.0)
-  omniauth-saml (~> 1.5.0)
+  omniauth-saml (~> 1.6.0)
  omniauth-shibboleth (~> 1.2.0)
  omniauth-twitter (~> 1.2.0)
  omniauth_crowd (~> 2.2.0)