Bump ruby-saml from 1.0.0 to 1.7.0

[dependabot]

Bumps ruby-saml from 1.0.0 to 1.7.0.

Release notes

Sourced from ruby-saml's releases.

1.7.0 (Feb 27, 2018)

1.7.0

• Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments

1.6.2 (Feb 28, 2018)

• Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments

1.6.1 (January 15, 2018)

• #428 Fix a bug on IdPMetadataParser when parsing certificates
• #426 Ensure Rails responds to logger

1.6.0 (November 27, 2017)

• #418 Improve SAML message signature validation using original encoded parameters instead decoded in order to avoid conflicts (URL-encoding is not canonical, reported issues with ADFS)
• #420 Expose NameID Format on SloLogoutrequest
• #423 Allow format_cert to work with chained certificates
• #422 Use to_s for requested attribute value

1.5.0 (August 31, 2017)

• #400 When validating Signature use stored IdP certficate if Signature contains no info about Certificate
• #402 Fix validate_response_state method that rejected SAMLResponses when using idp_cert_multi and idp_cert and idp_cert_fingerprint were not provided.
• #411 Allow space in Base64 string
• #407 Improve IdpMetadataParser raising an ArgumentError when parser method receive a metadata string with no IDPSSODescriptor element.
• #374 Support more than one level of StatusCode
• #405 Support ADFS encrypted key (Accept KeyInfo nodes with no ds namespace)

1.4.3 (May 18, 2017)

• Added SubjectConfirmation Recipient validation
• #393 Implement IdpMetadataParser#parse_to_hash
• Adapt IdP XML metadata parser to take care of multiple IdP certificates and be able to inject the data obtained on the settings.
• Improve binding detection on idp metadata parser
• #373 Allow metadata to be retrieved from source containing data for multiple entities
• Be able to register future SP x509cert on the settings and publish it on SP metadata
• Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption.
• Improve regex to detect base64 encoded messages
• Fix binding configuration example in README.md
• Add Fix SLO request. Correct NameQualifier/SPNameQualifier values.
• Validate serial number as string to work around libxml2 limitation
• Propagate isRequired on md:RequestedAttribute when generating SP metadata

1.4.2 (January 11, 2017)

• Improve tests format
• Fix nokogiri requirements based on ruby version
• Only publish KeyDescriptor[use="encryption"] at SP metadata if security[:want_assertions_encrypted] is true
• Be able to skip destination validation
• Improved inResponse validation on SAMLResponses and LogoutResponses
• #354 Allow scheme and domain to match ignoring case
• #363 Add support for multiple requested attributes

1.4.1 (October 19, 2016)

• #357 Add EncryptedAttribute support. Improve decrypt method

... (truncated)

Changelog

Sourced from ruby-saml's changelog.

1.7.0 (Feb 27, 2018)

• Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments

1.6.1 (January 15, 2018)

• #428 Fix a bug on IdPMetadataParser when parsing certificates
• #426 Ensure Rails responds to logger

1.6.0 (November 27, 2017)

• #418 Improve SAML message signature validation using original encoded parameters instead decoded in order to avoid conflicts (URL-encoding is not canonical, reported issues with ADFS)
• #420 Expose NameID Format on SloLogoutrequest
• #423 Allow format_cert to work with chained certificates
• #422 Use to_s for requested attribute value

1.5.0 (August 31, 2017)

• #400 When validating Signature use stored IdP certficate if Signature contains no info about Certificate
• #402 Fix validate_response_state method that rejected SAMLResponses when using idp_cert_multi and idp_cert and idp_cert_fingerprint were not provided.
• #411 Allow space in Base64 string
• #407 Improve IdpMetadataParser raising an ArgumentError when parser method receive a metadata string with no IDPSSODescriptor element.
• #374 Support more than one level of StatusCode
• #405 Support ADFS encrypted key (Accept KeyInfo nodes with no ds namespace)

1.4.3 (May 18, 2017)

• Added SubjectConfirmation Recipient validation
• #393 Implement IdpMetadataParser#parse_to_hash
• Adapt IdP XML metadata parser to take care of multiple IdP certificates and be able to inject the data obtained on the settings.
• Improve binding detection on idp metadata parser
• #373 Allow metadata to be retrieved from source containing data for multiple entities
• Be able to register future SP x509cert on the settings and publish it on SP metadata
• Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption.
• Improve regex to detect base64 encoded messages
• Fix binding configuration example in README.md
• Add Fix SLO request. Correct NameQualifier/SPNameQualifier values.
• Validate serial number as string to work around libxml2 limitation
• Propagate isRequired on md:RequestedAttribute when generating SP metadata

1.4.2 (January 11, 2017)

• Improve tests format
• Fix nokogiri requirements based on ruby version
• Only publish KeyDescriptor[use="encryption"] at SP metadata if security[:want_assertions_encrypted] is true
• Be able to skip destination validation
• Improved inResponse validation on SAMLResponses and LogoutResponses
• #354 Allow scheme and domain to match ignoring case
• #363 Add support for multiple requested attributes

1.4.1 (October 19, 2016)

• #357 Add EncryptedAttribute support. Improve decrypt method
• Allow multiple authn_context_decl_ref in settings
• Allow options[:settings] to be an hash for Settings overrides in IdpMetadataParser#parse

... (truncated)

Commits

• 082249e Release 1.7.0
• 048a544 Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring co...
• 414d144 Release 1.6.1
• 259af92 Fix #428 IdPMetadataParser had a bug when parsing certificates
• 8bca922 Merge pull request #426 from tily/fix/ensure_rails_responds_to_logger
• 53cae02 ensure Rails responds to logger
• 459a53c Fix #424 Ruby 2.3.X and 2.4.X now listed as supported versions.
• c80e5b9 Add new ruby versions to travis #424
• 851ce2d Fix changlog format
• 5bb3a73 Release 1.6.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.