From 8eb2638bed615706171cef86a3527cd5a676029d Mon Sep 17 00:00:00 2001
From: Jan Kessler <jakessle@uni-mainz.de>
Date: Thu, 19 Sep 2024 11:37:17 +0200
Subject: [PATCH] update ruby-saml/omniauth-saml to avoid CVE-2024-45409

---
 Gemfile      |  2 +-
 Gemfile.lock | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index a86cfc4fc1..15acdaadda 100644
--- a/Gemfile
+++ b/Gemfile
@@ -27,7 +27,7 @@ gem 'mini_magick', '>= 4.9.5'
 gem 'omniauth', '~> 2.1.2'
 gem 'omniauth_openid_connect', '>= 0.6.1'
 gem 'omniauth-rails_csrf_protection', '~> 1.0.2'
-gem 'omniauth-saml'
+gem 'omniauth-saml', '>= 2.2.1'
 gem 'pagy', '~> 6.0', '>= 6.0.0'
 gem 'pg'
 gem 'puma', '~> 5.6'
diff --git a/Gemfile.lock b/Gemfile.lock
index b522492679..c129efab83 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -289,9 +289,9 @@ GEM
     omniauth-rails_csrf_protection (1.0.2)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
-    omniauth-saml (2.1.0)
-      omniauth (~> 2.0)
-      ruby-saml (~> 1.12)
+    omniauth-saml (2.2.1)
+      omniauth (~> 2.1)
+      ruby-saml (~> 1.17)
     omniauth_openid_connect (0.7.1)
       omniauth (>= 1.9, < 3)
       openid_connect (~> 2.2)
@@ -431,7 +431,7 @@ GEM
     rubocop-rspec (2.9.0)
       rubocop (~> 1.19)
     ruby-progressbar (1.13.0)
-    ruby-saml (1.15.0)
+    ruby-saml (1.17.0)
       nokogiri (>= 1.13.10)
       rexml
     ruby-vips (2.1.4)
@@ -536,7 +536,7 @@ DEPENDENCIES
   mini_magick (>= 4.9.5)
   omniauth (~> 2.1.2)
   omniauth-rails_csrf_protection (~> 1.0.2)
-  omniauth-saml
+  omniauth-saml (>= 2.2.1)
   omniauth_openid_connect (>= 0.6.1)
   pagy (~> 6.0, >= 6.0.0)
   pg