Merge branch 'rs-gem-security' into 'master'

Bump omniauth-saml to 1.4.1

Updates a vulnerable `ruby-saml` dependency.

- https://github.com/onelogin/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448
- https://github.com/onelogin/ruby-saml/pull/247

See merge request !1162

Gemfile

@@ -24,7 +24,7 @@ gem 'omniauth-shibboleth'
 gem 'omniauth-kerberos', group: :kerberos
 gem 'omniauth-gitlab'
 gem 'omniauth-bitbucket'
-gem 'omniauth-saml'
+gem 'omniauth-saml', '~> 1.4.0'
 gem 'doorkeeper', '2.1.3'
 gem "rack-oauth2", "~> 1.0.5"
 

Gemfile.lock

@@ -426,9 +426,9 @@ GEM
     omniauth-oauth2 (1.1.1)
       oauth2 (~> 0.8.0)
       omniauth (~> 1.0)
-    omniauth-saml (1.3.1)
+    omniauth-saml (1.4.1)
       omniauth (~> 1.1)
-      ruby-saml (~> 0.8.1)
+      ruby-saml (~> 1.0.0)
     omniauth-shibboleth (1.1.1)
       omniauth (>= 1.0.0)
     omniauth-twitter (1.0.1)
@@ -572,8 +572,8 @@ GEM
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.4)
     ruby-progressbar (1.7.1)
-    ruby-saml (0.8.2)
-      nokogiri (>= 1.5.0)
+    ruby-saml (1.0.0)
+      nokogiri (>= 1.5.10)
       uuid (~> 2.3)
     ruby2ruby (2.1.3)
       ruby_parser (~> 3.1)
@@ -713,7 +713,7 @@ GEM
       raindrops (~> 0.7)
     unicorn-worker-killer (0.4.2)
       unicorn (~> 4)
-    uuid (2.3.7)
+    uuid (2.3.8)
       macaddr (~> 1.0)
     version_sorter (2.0.0)
     virtus (1.0.1)
@@ -817,7 +817,7 @@ DEPENDENCIES
   omniauth-gitlab
   omniauth-google-oauth2
   omniauth-kerberos
-  omniauth-saml
+  omniauth-saml (~> 1.4.0)
   omniauth-shibboleth
   omniauth-twitter
   org-ruby (= 0.9.12)