diff options
author | Stan Hu <stanhu@gmail.com> | 2016-06-27 20:50:24 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-06-27 22:14:51 +0300 |
commit | 7cf41bf5e692201b17e8300afcea44142ac8a993 (patch) | |
tree | adfe5d78b8c46a096cedaa5c7a673c952e873ec8 /Gemfile.lock | |
parent | a61b40136b3941b5cd23d80e0cbad2eedaf06b97 (diff) |
Merge branch 'update-omniauth-saml' into 'master'
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml
## What does this MR do?
Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)
Fixes #19206
See merge request !4951
Diffstat (limited to 'Gemfile.lock')
-rw-r--r-- | Gemfile.lock | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index ce52985bd4a..76e84756bb8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -468,9 +468,9 @@ GEM omniauth-oauth2 (1.3.1) oauth2 (~> 1.0) omniauth (~> 1.2) - omniauth-saml (1.5.0) + omniauth-saml (1.6.0) omniauth (~> 1.3) - ruby-saml (~> 1.1, >= 1.1.1) + ruby-saml (~> 1.3) omniauth-shibboleth (1.2.1) omniauth (>= 1.0.0) omniauth-twitter (1.2.1) @@ -631,9 +631,8 @@ GEM ruby-fogbugz (0.2.1) crack (~> 0.4) ruby-progressbar (1.8.1) - ruby-saml (1.1.2) + ruby-saml (1.3.0) nokogiri (>= 1.5.10) - uuid (~> 2.3) ruby_parser (3.8.2) sexp_processor (~> 4.1) rubyntlm (0.5.2) @@ -920,7 +919,7 @@ DEPENDENCIES omniauth-gitlab (~> 1.0.0) omniauth-google-oauth2 (~> 0.2.0) omniauth-kerberos (~> 0.3.0) - omniauth-saml (~> 1.5.0) + omniauth-saml (~> 1.6.0) omniauth-shibboleth (~> 1.2.0) omniauth-twitter (~> 1.2.0) omniauth_crowd (~> 2.2.0) |