From c9a4c4bee34ce999a2158e2811c9217a9ea5585b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 3 Aug 2025 09:33:08 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RUBYSAML-11342367 --- Gemfile | 2 +- Gemfile.lock | 24 ++++++++++++------------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/Gemfile b/Gemfile index 35b9ee91db3d8b..bf3f4eaef8034d 100644 --- a/Gemfile +++ b/Gemfile @@ -40,7 +40,7 @@ end gem 'net-ldap', '~> 0.18' gem 'omniauth-cas', '~> 3.0.0.beta.1' -gem 'omniauth-saml', '~> 2.0' +gem 'omniauth-saml', '~> 2.1', '>= 2.1.1' gem 'omniauth_openid_connect', '~> 0.6.1' gem 'omniauth', '~> 2.0' gem 'omniauth-rails_csrf_protection', '~> 1.0' diff --git a/Gemfile.lock b/Gemfile.lock index 5464dbef705eff..274e01c625bee7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -125,7 +125,7 @@ GEM faraday_middleware (~> 1.0, >= 1.0.0.rc1) net-http-persistent (~> 4.0) nokogiri (~> 1, >= 1.10.8) - base64 (0.2.0) + base64 (0.3.0) bcp47_spec (0.2.1) bcrypt (3.1.20) better_errors (2.10.1) @@ -435,7 +435,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2024.0305) mini_mime (1.1.5) - mini_portile2 (2.8.5) + mini_portile2 (2.8.9) minitest (5.22.3) msgpack (1.7.2) multi_json (1.15.0) @@ -456,7 +456,7 @@ GEM net-smtp (0.4.0.1) net-protocol nio4r (2.7.1) - nokogiri (1.16.3) + nokogiri (1.17.2) mini_portile2 (~> 2.8.2) racc (~> 1.4) nsa (0.3.0) @@ -466,7 +466,7 @@ GEM statsd-ruby (~> 1.4, >= 1.4.0) oj (3.16.3) bigdecimal (>= 3.0) - omniauth (2.1.2) + omniauth (2.1.3) hashie (>= 3.4.6) rack (>= 2.2.3) rack-protection @@ -477,9 +477,9 @@ GEM omniauth-rails_csrf_protection (1.0.1) actionpack (>= 4.2) omniauth (~> 2.0) - omniauth-saml (2.1.0) - omniauth (~> 2.0) - ruby-saml (~> 1.12) + omniauth-saml (2.1.3) + omniauth (~> 2.1) + ruby-saml (~> 1.18) omniauth_openid_connect (0.6.1) omniauth (>= 1.9, < 3) openid_connect (~> 1.1) @@ -532,8 +532,8 @@ GEM pundit (2.3.1) activesupport (>= 3.0.0) raabro (1.4.0) - racc (1.7.3) - rack (2.2.9) + racc (1.8.1) + rack (2.2.17) rack-attack (6.7.0) rack (>= 1.0, < 4) rack-cors (2.0.2) @@ -615,7 +615,7 @@ GEM responders (3.1.1) actionpack (>= 5.2) railties (>= 5.2) - rexml (3.2.6) + rexml (3.4.1) rotp (6.3.0) rouge (4.2.1) rpam2 (4.0.2) @@ -678,7 +678,7 @@ GEM rubocop-factory_bot (~> 2.22) ruby-prof (1.7.0) ruby-progressbar (1.13.0) - ruby-saml (1.15.0) + ruby-saml (1.18.1) nokogiri (>= 1.13.10) rexml ruby2_keywords (0.0.5) @@ -890,7 +890,7 @@ DEPENDENCIES omniauth (~> 2.0) omniauth-cas (~> 3.0.0.beta.1) omniauth-rails_csrf_protection (~> 1.0) - omniauth-saml (~> 2.0) + omniauth-saml (~> 2.1, >= 2.1.1) omniauth_openid_connect (~> 0.6.1) ox (~> 2.14) parslet