diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2015-08-14 17:44:12 -0400 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2015-08-14 22:24:21 -0400 |
| commit | adfcd572961acc14b2e1e2e2052a6e2e00cf9f79 (patch) | |
| tree | af00a419bc6dd40ff927c56aea1dcfb266ea981b | |
| parent | 87ec6ae3a57b490ccfc9cedb5ad854ac2abd2704 (diff) | |
| download | gitlab-ce-rs-gem-security.tar.gz | |
Bump omniauth-saml to 1.4.1rs-gem-security
Updates a vulnerable `ruby-saml` dependency.
- https://github.com/onelogin/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448
- https://github.com/onelogin/ruby-saml/pull/247
| -rw-r--r-- | Gemfile | 2 | ||||
| -rw-r--r-- | Gemfile.lock | 12 |
2 files changed, 7 insertions, 7 deletions
@@ -24,7 +24,7 @@ gem 'omniauth-shibboleth' gem 'omniauth-kerberos', group: :kerberos gem 'omniauth-gitlab' gem 'omniauth-bitbucket' -gem 'omniauth-saml' +gem 'omniauth-saml', '~> 1.4.0' gem 'doorkeeper', '2.1.3' gem "rack-oauth2", "~> 1.0.5" diff --git a/Gemfile.lock b/Gemfile.lock index 043364a9689..c9a7e46409e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -426,9 +426,9 @@ GEM omniauth-oauth2 (1.1.1) oauth2 (~> 0.8.0) omniauth (~> 1.0) - omniauth-saml (1.3.1) + omniauth-saml (1.4.1) omniauth (~> 1.1) - ruby-saml (~> 0.8.1) + ruby-saml (~> 1.0.0) omniauth-shibboleth (1.1.1) omniauth (>= 1.0.0) omniauth-twitter (1.0.1) @@ -572,8 +572,8 @@ GEM rainbow (>= 1.99.1, < 3.0) ruby-progressbar (~> 1.4) ruby-progressbar (1.7.1) - ruby-saml (0.8.2) - nokogiri (>= 1.5.0) + ruby-saml (1.0.0) + nokogiri (>= 1.5.10) uuid (~> 2.3) ruby2ruby (2.1.3) ruby_parser (~> 3.1) @@ -713,7 +713,7 @@ GEM raindrops (~> 0.7) unicorn-worker-killer (0.4.2) unicorn (~> 4) - uuid (2.3.7) + uuid (2.3.8) macaddr (~> 1.0) version_sorter (2.0.0) virtus (1.0.1) @@ -817,7 +817,7 @@ DEPENDENCIES omniauth-gitlab omniauth-google-oauth2 omniauth-kerberos - omniauth-saml + omniauth-saml (~> 1.4.0) omniauth-shibboleth omniauth-twitter org-ruby (= 0.9.12) |