Merge branch 'rs-gem-security' into 'master'

Bump omniauth-saml to 1.4.1 Updates a vulnerable `ruby-saml` dependency. - https://github.com/onelogin/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448 - https://github.com/onelogin/ruby-saml/pull/247 See merge request !1162
author: Robert Speicher <robert@gitlab.com> 2015-08-15 03:30:15 +0000
committer: Robert Speicher <robert@gitlab.com> 2015-08-15 03:30:15 +0000
commit: 0b5dc5cd5202a9ac802b32b8cff52c217a24c7f6 (patch)
tree: af00a419bc6dd40ff927c56aea1dcfb266ea981b
parent: 87ec6ae3a57b490ccfc9cedb5ad854ac2abd2704 (diff)
parent: adfcd572961acc14b2e1e2e2052a6e2e00cf9f79 (diff)
download: gitlab-ce-0b5dc5cd5202a9ac802b32b8cff52c217a24c7f6.tar.gz
2 files changed, 7 insertions, 7 deletions
diff --git a/Gemfile b/Gemfile
index 6933930e253..5941365018d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -24,7 +24,7 @@ gem 'omniauth-shibboleth'
 gem 'omniauth-kerberos', group: :kerberos
 gem 'omniauth-gitlab'
 gem 'omniauth-bitbucket'
-gem 'omniauth-saml'
+gem 'omniauth-saml', '~> 1.4.0'
 gem 'doorkeeper', '2.1.3'
 gem "rack-oauth2", "~> 1.0.5"
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 043364a9689..c9a7e46409e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -426,9 +426,9 @@ GEM
     omniauth-oauth2 (1.1.1)
       oauth2 (~> 0.8.0)
       omniauth (~> 1.0)
-    omniauth-saml (1.3.1)
+    omniauth-saml (1.4.1)
       omniauth (~> 1.1)
-      ruby-saml (~> 0.8.1)
+      ruby-saml (~> 1.0.0)
     omniauth-shibboleth (1.1.1)
       omniauth (>= 1.0.0)
     omniauth-twitter (1.0.1)
@@ -572,8 +572,8 @@ GEM
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.4)
     ruby-progressbar (1.7.1)
-    ruby-saml (0.8.2)
-      nokogiri (>= 1.5.0)
+    ruby-saml (1.0.0)
+      nokogiri (>= 1.5.10)
       uuid (~> 2.3)
     ruby2ruby (2.1.3)
       ruby_parser (~> 3.1)
@@ -713,7 +713,7 @@ GEM
       raindrops (~> 0.7)
     unicorn-worker-killer (0.4.2)
       unicorn (~> 4)
-    uuid (2.3.7)
+    uuid (2.3.8)
       macaddr (~> 1.0)
     version_sorter (2.0.0)
     virtus (1.0.1)
@@ -817,7 +817,7 @@ DEPENDENCIES
   omniauth-gitlab
   omniauth-google-oauth2
   omniauth-kerberos
-  omniauth-saml
+  omniauth-saml (~> 1.4.0)
   omniauth-shibboleth
   omniauth-twitter
   org-ruby (= 0.9.12)
author	Robert Speicher <robert@gitlab.com>	2015-08-15 03:30:15 +0000
committer	Robert Speicher <robert@gitlab.com>	2015-08-15 03:30:15 +0000
commit	0b5dc5cd5202a9ac802b32b8cff52c217a24c7f6 (patch)
tree	af00a419bc6dd40ff927c56aea1dcfb266ea981b
parent	87ec6ae3a57b490ccfc9cedb5ad854ac2abd2704 (diff)
parent	adfcd572961acc14b2e1e2e2052a6e2e00cf9f79 (diff)
download	gitlab-ce-0b5dc5cd5202a9ac802b32b8cff52c217a24c7f6.tar.gz