Merge branch '43806-update-ruby-saml-to-1.7.2' into 'master'

Update ruby-saml to 1.7.2 and omniauth-saml to 1.10.0 (CVE-2017-11428, CVE-2017-11430)

Closes #43806

See merge request gitlab-org/gitlab-ce!17734

1 files changed, 9 insertions, 9 deletions

diff --git a/Gemfile.lock b/Gemfile.lock
index e853f5c618c..8e336803485 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -388,7 +388,7 @@ GEM
       thor
       tilt
     hashdiff (0.3.4)
-    hashie (3.5.6)
+    hashie (3.5.7)
     hashie-forbidden_attributes (0.1.1)
       hashie (>= 3.0)
     health_check (2.6.0)
@@ -527,9 +527,9 @@ GEM
     octokit (4.8.0)
       sawyer (~> 0.8.0, >= 0.5.3)
     oj (2.17.5)
-    omniauth (1.4.2)
+    omniauth (1.4.3)
       hashie (>= 1.2, < 4)
-      rack (>= 1.0, < 3)
+      rack (>= 1.6.2, < 3)
     omniauth-auth0 (1.4.1)
       omniauth-oauth2 (~> 1.1)
     omniauth-authentiq (0.3.1)
@@ -568,9 +568,9 @@ GEM
       omniauth (~> 1.2)
     omniauth-oauth2-generic (0.2.2)
       omniauth-oauth2 (~> 1.0)
-    omniauth-saml (1.7.0)
-      omniauth (~> 1.3)
-      ruby-saml (~> 1.4)
+    omniauth-saml (1.10.0)
+      omniauth (~> 1.3, >= 1.3.2)
+      ruby-saml (~> 1.7)
     omniauth-shibboleth (1.2.1)
       omniauth (>= 1.0.0)
     omniauth-twitter (1.2.1)
@@ -649,7 +649,7 @@ GEM
       pry (>= 0.9.10)
     public_suffix (3.0.2)
     pyu-ruby-sasl (0.0.3.3)
-    rack (1.6.8)
+    rack (1.6.9)
     rack-accept (0.4.5)
       rack (>= 0.4)
     rack-attack (4.4.1)
@@ -804,7 +804,7 @@ GEM
       crack (~> 0.4)
     ruby-prof (0.17.0)
     ruby-progressbar (1.9.0)
-    ruby-saml (1.4.1)
+    ruby-saml (1.7.2)
       nokogiri (>= 1.5.10)
     ruby_parser (3.9.0)
       sexp_processor (~> 4.1)
@@ -1122,7 +1122,7 @@ DEPENDENCIES
   omniauth-google-oauth2 (~> 0.5.2)
   omniauth-kerberos (~> 0.3.0)
   omniauth-oauth2-generic (~> 0.2.2)
-  omniauth-saml (~> 1.7.0)
+  omniauth-saml (~> 1.10.0)
   omniauth-shibboleth (~> 1.2.0)
   omniauth-twitter (~> 1.2.0)
   omniauth_crowd (~> 2.2.0)