Merge branch 'update-omniauth-saml' into 'master'

Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml

Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)

Fixes #19206

See merge request !4951
(cherry picked from commit c3a8b252cdf569729e5e1e8e0614b4d2e5226371)

3 files changed, 9 insertions, 12 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 06b1afe673a..558ddbc2884 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
+v 8.8.6
+  - Update omniauth-saml to 1.6.0 !4951
+
 v 8.8.5
   - Import GitHub repositories respecting the API rate limit !4166
   - Fix todos page throwing errors when you have a project pending deletion !4300
diff --git a/Gemfile b/Gemfile
index 91ad1706a07..7733886ef25 100644
--- a/Gemfile
+++ b/Gemfile
@@ -31,7 +31,7 @@ gem 'omniauth-github',        '~> 1.1.1'
 gem 'omniauth-gitlab',        '~> 1.0.0'
 gem 'omniauth-google-oauth2', '~> 0.2.0'
 gem 'omniauth-kerberos',      '~> 0.3.0', group: :kerberos
-gem 'omniauth-saml',          '~> 1.5.0'
+gem 'omniauth-saml',          '~> 1.6.0'
 gem 'omniauth-shibboleth',    '~> 1.2.0'
 gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index b55764504c6..77f8532b374 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -460,8 +460,6 @@ GEM
       rb-inotify (>= 0.9)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
-    macaddr (1.7.1)
-      systemu (~> 2.6.2)
     mail (2.6.4)
       mime-types (>= 1.16, < 4)
     mail_room (0.7.0)
@@ -532,9 +530,9 @@ GEM
     omniauth-oauth2 (1.3.1)
       oauth2 (~> 1.0)
       omniauth (~> 1.2)
-    omniauth-saml (1.5.0)
+    omniauth-saml (1.6.0)
       omniauth (~> 1.3)
-      ruby-saml (~> 1.1, >= 1.1.1)
+      ruby-saml (~> 1.3)
     omniauth-shibboleth (1.2.1)
       omniauth (>= 1.0.0)
     omniauth-twitter (1.2.1)
@@ -693,9 +691,8 @@ GEM
     ruby-fogbugz (0.2.1)
       crack (~> 0.4)
     ruby-progressbar (1.7.5)
-    ruby-saml (1.1.2)
+    ruby-saml (1.3.0)
       nokogiri (>= 1.5.10)
-      uuid (~> 2.3)
     ruby2ruby (2.3.0)
       ruby_parser (~> 3.1)
       sexp_processor (~> 4.0)
@@ -793,7 +790,6 @@ GEM
       activerecord (~> 4.1)
       state_machines-activemodel (>= 0.3.0)
     stringex (2.5.2)
-    systemu (2.6.5)
     task_list (1.0.2)
       html-pipeline
     teaspoon (1.1.5)
@@ -848,8 +844,6 @@ GEM
       get_process_mem (~> 0)
       unicorn (>= 4, < 6)
     uniform_notifier (1.9.0)
-    uuid (2.3.8)
-      macaddr (~> 1.0)
     version_sorter (2.0.0)
     virtus (1.0.5)
       axiom-types (~> 0.1)
@@ -982,7 +976,7 @@ DEPENDENCIES
   omniauth-gitlab (~> 1.0.0)
   omniauth-google-oauth2 (~> 0.2.0)
   omniauth-kerberos (~> 0.3.0)
-  omniauth-saml (~> 1.5.0)
+  omniauth-saml (~> 1.6.0)
   omniauth-shibboleth (~> 1.2.0)
   omniauth-twitter (~> 1.2.0)
   omniauth_crowd (~> 2.2.0)
@@ -1058,4 +1052,4 @@ DEPENDENCIES
   wikicloth (= 0.8.1)
 
 BUNDLED WITH
-   1.12.3
+   1.12.5