omniauth-saml icon indicating copy to clipboard operation
omniauth-saml copied to clipboard

Published 20 hours ago verified publisher icon omniauth

Update omniauth dependency

Open lafeber opened this issue 5 years ago • 1 comments

See https://github.com/omniauth/omniauth/pull/809 - about a CSRF vulnerability which affects OmniAuth (designated CVE-2015-9284)

What to do?

lafeber avatar Jun 29 '20 10:06 lafeber

I have the same problem

Dependabot cannot update omniauth to a non-vulnerable version The latest possible version that can be installed is 1.9.2 because of the following conflicting dependencies:

omniauth-google-oauth2 (0.8.2) requires omniauth (~> 1.1) omniauth-salesforce (1.1.0) requires omniauth (~> 1.0) omniauth-saml (1.10.3) requires omniauth (~> 1.3, >= 1.3.2) <================

I'm surprised that it also affects 2 other gems that I use, the upgrade can't be easy I suppose.

kriom avatar Aug 02 '23 20:08 kriom