update ruby-saml/omniauth-saml to avoid CVE-2024-45409

Ithanil · Sep 19, 2024 · 8eb2638 · 8eb2638
1 parent 83ee972
commit 8eb2638
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/Gemfile b/Gemfile
@@ -27,7 +27,7 @@ gem 'mini_magick', '>= 4.9.5'
 gem 'omniauth', '~> 2.1.2'
 gem 'omniauth_openid_connect', '>= 0.6.1'
 gem 'omniauth-rails_csrf_protection', '~> 1.0.2'
-gem 'omniauth-saml'
+gem 'omniauth-saml', '>= 2.2.1'
 gem 'pagy', '~> 6.0', '>= 6.0.0'
 gem 'pg'
 gem 'puma', '~> 5.6'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -289,9 +289,9 @@ GEM
     omniauth-rails_csrf_protection (1.0.2)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
-    omniauth-saml (2.1.0)
-      omniauth (~> 2.0)
-      ruby-saml (~> 1.12)
+    omniauth-saml (2.2.1)
+      omniauth (~> 2.1)
+      ruby-saml (~> 1.17)
     omniauth_openid_connect (0.7.1)
       omniauth (>= 1.9, < 3)
       openid_connect (~> 2.2)
@@ -431,7 +431,7 @@ GEM
     rubocop-rspec (2.9.0)
       rubocop (~> 1.19)
     ruby-progressbar (1.13.0)
-    ruby-saml (1.15.0)
+    ruby-saml (1.17.0)
       nokogiri (>= 1.13.10)
       rexml
     ruby-vips (2.1.4)
@@ -536,7 +536,7 @@ DEPENDENCIES
   mini_magick (>= 4.9.5)
   omniauth (~> 2.1.2)
   omniauth-rails_csrf_protection (~> 1.0.2)
-  omniauth-saml
+  omniauth-saml (>= 2.2.1)
   omniauth_openid_connect (>= 0.6.1)
   pagy (~> 6.0, >= 6.0.0)
   pg