From b6bb425ab8f639c63c85cf5beb7d5bb2a79f50c6 Mon Sep 17 00:00:00 2001
From: Lowell Wood <32683958+lowellrex@users.noreply.github.com>
Date: Mon, 29 Jan 2018 11:42:23 -0500
Subject: [PATCH] fix: Update omniauth gem to 1.3.2 or later 1.3.x

CVE-2017-18076 describes a bug in omniauth prior to version 1.3.2 (https://nvd.nist.gov/vuln/detail/CVE-2017-18076). This pull request upgrades the version of omniauth to 1.3.2 or later.
---
 omniauth-saml.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omniauth-saml.gemspec b/omniauth-saml.gemspec
index 78aaa09..fc013c3 100644
--- a/omniauth-saml.gemspec
+++ b/omniauth-saml.gemspec
@@ -13,7 +13,7 @@ Gem::Specification.new do |gem|
 
   gem.required_ruby_version = '>= 2.1'
 
-  gem.add_runtime_dependency 'omniauth', '~> 1.3'
+  gem.add_runtime_dependency 'omniauth', '~> 1.3', '>= 1.3.2'
   gem.add_runtime_dependency 'ruby-saml', '~> 1.4', '>= 1.4.3'
 
   gem.add_development_dependency 'rake', '>= 10', '< 12'