From adfcd572961acc14b2e1e2e2052a6e2e00cf9f79 Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Fri, 14 Aug 2015 17:44:12 -0400
Subject: [PATCH] Bump omniauth-saml to 1.4.1

Updates a vulnerable `ruby-saml` dependency.

- https://github.com/onelogin/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448
- https://github.com/onelogin/ruby-saml/pull/247
---
 Gemfile      |  2 +-
 Gemfile.lock | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index 6933930e253..5941365018d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -24,7 +24,7 @@ gem 'omniauth-shibboleth'
 gem 'omniauth-kerberos', group: :kerberos
 gem 'omniauth-gitlab'
 gem 'omniauth-bitbucket'
-gem 'omniauth-saml'
+gem 'omniauth-saml', '~> 1.4.0'
 gem 'doorkeeper', '2.1.3'
 gem "rack-oauth2", "~> 1.0.5"
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 043364a9689..c9a7e46409e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -426,9 +426,9 @@ GEM
     omniauth-oauth2 (1.1.1)
       oauth2 (~> 0.8.0)
       omniauth (~> 1.0)
-    omniauth-saml (1.3.1)
+    omniauth-saml (1.4.1)
       omniauth (~> 1.1)
-      ruby-saml (~> 0.8.1)
+      ruby-saml (~> 1.0.0)
     omniauth-shibboleth (1.1.1)
       omniauth (>= 1.0.0)
     omniauth-twitter (1.0.1)
@@ -572,8 +572,8 @@ GEM
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.4)
     ruby-progressbar (1.7.1)
-    ruby-saml (0.8.2)
-      nokogiri (>= 1.5.0)
+    ruby-saml (1.0.0)
+      nokogiri (>= 1.5.10)
       uuid (~> 2.3)
     ruby2ruby (2.1.3)
       ruby_parser (~> 3.1)
@@ -713,7 +713,7 @@ GEM
       raindrops (~> 0.7)
     unicorn-worker-killer (0.4.2)
       unicorn (~> 4)
-    uuid (2.3.7)
+    uuid (2.3.8)
       macaddr (~> 1.0)
     version_sorter (2.0.0)
     virtus (1.0.1)
@@ -817,7 +817,7 @@ DEPENDENCIES
   omniauth-gitlab
   omniauth-google-oauth2
   omniauth-kerberos
-  omniauth-saml
+  omniauth-saml (~> 1.4.0)
   omniauth-shibboleth
   omniauth-twitter
   org-ruby (= 0.9.12)