Bump the bundler group across 1 directory with 18 updates

[dependabot]

Bumps the bundler group with 15 updates in the / directory:

Package	From	To
rake	0.9.2.2	12.3.3
oauth	0.4.5	0.5.5
nokogiri	1.6.6.4	1.16.5
addressable	2.3.2	2.8.0
net-ldap	0.11	0.16.2
ruby-saml	1.0.0	1.7.0
gibbon	1.1.4	1.2.1
redcarpet	3.3.3	3.5.1
resque	1.25.2	1.27.4
webrick	1.3.1	1.6.1
ffi	1.9.10	1.16.3
i18n	0.7.0	0.9.5
mail	2.5.4	2.5.5
rubyzip	1.2.0	1.3.0
tzinfo	0.3.46	0.3.62

Updates rake from 0.9.2.2 to 12.3.3

Release notes

Sourced from rake's releases.

rake-10.1.1

Full Changelog: ruby/rake@rake-10.1.0.beta.3...rake-10.1.1

rake-10.1.0

Full Changelog: ruby/rake@rake-10.0.4...rake-10.1.0

rake-10.1.0.beta.3

Full Changelog: ruby/rake@rake-10.1.0.beta.2...rake-10.1.0.beta.3

rake-10.1.0.beta.2

Full Changelog: ruby/rake@rake-10.1.0.beta.1...rake-10.1.0.beta.2

rake-10.1.0.beta.1

Full Changelog: ruby/rake@rake-10.0.4...rake-10.1.0.beta.1

rake-10.0.4

Full Changelog: ruby/rake@rake-10.0.3...rake-10.0.4

rake-10.0.3

Full Changelog: ruby/rake@rake-10.0.2...rake-10.0.3

rake-10.0.2

Full Changelog: ruby/rake@rake-10.0.1...rake-10.0.2

rake-10.0.1

Full Changelog: ruby/rake@rake-10.0.0.beta.2...rake-10.0.1

rake-10.0.0

Full Changelog: ruby/rake@rake-0.9.3.beta.3...rake-10.0.0

rake-10.0.0.beta.2

Full Changelog: ruby/rake@rake-0.9.3.beta.3...rake-10.0.0.beta.2

rake-0.9.6

Full Changelog: ruby/rake@rake-0.9.5...rake-0.9.6

rake-0.9.5

Full Changelog: ruby/rake@rake-0.9.4...rake-0.9.5

rake-0.9.4

Full Changelog: ruby/rake@rake-0.9.3.beta.3...rake-0.9.4

rake-0.9.3

Full Changelog: ruby/rake@rake-0.9.2...rake-0.9.3

rake-0.9.3.beta.3

Full Changelog: ruby/rake@rake-0.9.3.beta.2...rake-0.9.3.beta.3

rake-0.9.3.beta.2

Full Changelog: ruby/rake@rake-0.9.3.beta.1...rake-0.9.3.beta.2

... (truncated)

Changelog

Sourced from rake's changelog.

=== 12.3.3

==== Bug fixes

• Use the application's name in error message if a task is not found. Pull Request #303 by tmatilai

==== Enhancements:

• Use File.open explicitly.

=== 12.3.2

==== Bug fixes

• Fixed test fails caused by 2.6 warnings. Pull Request #297 by hsbt

==== Enhancements:

• Rdoc improvements. Pull Request #293 by colby-swandale
• Improve multitask performance. Pull Request #273 by jsm
• Add alias prereqs. Pull Request #268 by take-cheeze

=== 12.3.1

==== Bug fixes

• Support did_you_mean >= v1.2.0 which has a breaking change on formatters. Pull request #262 by FUJI Goro.

==== Enhancements:

• Don't run task if it depends on already invoked but failed task. Pull request #252 by Gonzalo Rodriguez.
• Make space trimming consistent for all task arguments. Pull request #259 by Gonzalo Rodriguez.
• Removes duplicated inclusion of Rake::DSL in tests. Pull request #254 by Gonzalo Rodriguez.
• Re-raise a LoadError that didn't come from require in the test loader. Pull request #250 by Dylan Thacker-Smith.

=== 12.3.0

==== Compatibility Changes

• Bump required_ruby_version to Ruby 2.0.0. Rake has already

... (truncated)

Commits

• 5c87c46 Bump version to 12.3.3.
• 5b8f8fc Use File.open explicitly.
• 6497ba4 Merge pull request #317 from ruby/ignore-gitignore
• be62efb Removed gitignore from gemspec files.
• 1c22b49 Merge pull request #309 from RDIL/patch-1
• 496944a Remove deprecated travis ci option
• 489c7d8 Merge pull request #307 from ruby/azure-pipelines
• 77eb6d8 Only enabled macOS environment
• 72ffa2e use realpath
• 7744872 Do not specify ruby version of macOS
• Additional commits viewable in compare view

Updates oauth from 0.4.5 to 0.5.5

Release notes

Sourced from oauth's releases.

Version 0.5.5

Fixed security issue and cleaned up codebase.

v0.5.4

Version 0.5.4

Changelog

Sourced from oauth's changelog.

[0.5.5] 2020-01-19

Added

• Add :allow_empty_params option (#155)

Changed

• Allow redirect to different host but same path
• Various cleanups

Fixed

• Fixes ssl-noverify
• Fixed README example (#158, #159, by @​pboling)

[0.5.4] 2017-12-08

Changed

• Various cleanups (charliesome)

Fixed

• Fixes UnknownRequestType on Rails 5.1 for ActionDispatch::Request (xprazak2)

[0.5.3] 2017-05-24

Fixed

• Fix #145 - broken CLI required loading active_support (James Pinto)

Changed

• Removing legacy scripts (James Pinto)

[0.5.2] 2017-05-17

Added

• Adding a development dependency that had not been mentioned (James Pinto)
• Adding CodeClimate (James Pinto)
• Adding support to Ruby 2.4 and head (James Pinto)

Changed

• Use assert_nil so as to silence a Minitest 6 deprecation warning (James Pinto)
• Stop bundling tests files in the gem (Michal Papis)
• Minor cleanup on tests (James Pinto)
• TravisCI no longer needs libcurl-dev (James Pinto)
• Nokogiri 1.7 does not accept Ruby 2.0 (James Pinto)
• Upgrading to CodeClimate 1.0 (James Pinto)
• Locking gemspec to Rails 4 so as to allow our next version for Rails 5 (James Pinto)
• moving development dependency to gemspec (James Pinto)
• Silencing 'Net::HTTPResponse#header is obsolete' (James Pinto)
• Silencing some test warnings (James Pinto)
• Silencing 'loading in progress, circular require considered harmful' (James Pinto)
• Silence 'URI.escape obsolete' (James Pinto)
• Refactored CLI (James Pinto)
• Moving test files into test/units/ (James Pinto)
• Reimplementing #82 - Debug Output Option (James Pinto)

Fixed

... (truncated)

Commits

• d453cee Update HISTORY
• 9919f7f Merge pull request #153 from moneybird/master
• 952cea5 Update HISTORY
• b5d8055 Merge pull request #155 from shotgunsoftware/master
• 6385e03 Merge pull request #171 from galois17/feature-add-examples
• 048c121 Merge pull request #170 from galois17/feature-update-history-0.5.5
• 783e34d Add another example
• 7442595 Update history for 0.5.5 release
• 93602bc Merge pull request #168 from galois17/fix-ssl-noverify
• 87064ce Merge branch 'fix-mocha-version' of github.com:galois17/oauth-ruby into fix-s...
• Additional commits viewable in compare view

Updates nokogiri from 1.6.6.4 to 1.16.5

Release notes

Sourced from nokogiri's releases.

v1.16.5 / 2024-05-13

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

---

sha256 checksums:

af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874  nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec  nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214  nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989  nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e  nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107  nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4  nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4  nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279  nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97  nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2  nokogiri-1.16.5.gem

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

---

sha256 checksums:

bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5  nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a  nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196  nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc  nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae  nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468  nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5  nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168  nokogiri-1.16.4-x86-mingw32.gem
a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628  nokogiri-1.16.4-x86_64-darwin.gem
92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31  nokogiri-1.16.4-x86_64-linux.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.5

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

v1.16.3 / 2024-03-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.6 from v2.12.5. (@​flavorjones)

Changed

• [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.5 from v2.12.4. (@​flavorjones)

v1.16.1 / 2024-02-03

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.4 from v2.12.3. (@​flavorjones)

... (truncated)

Commits

• cd70bd3 version bump to v1.16.5
• afc36de dep: update vendored libxml2 to v2.12.7 (#3191)
• 41b4f08 ci: add arm64-darwin coverage using macos-14
• 67b9e86 dep: update libxml2 to v2.12.7
• 17c0362 version bump to v1.16.4
• 1c329e9 dep: update to zlib 1.3.1 (v1.16.x) (#3175)
• edeac07 dep: update to zlib 1.3.1
• 80fb608 version bump to v1.16.3
• 710bd96 dep: update libxml 2.12.6 (branch v1.16.x) (#3151)
• 461a96e fix: Reader#read sets @​encoding if it is unset
• Additional commits viewable in compare view

Updates addressable from 2.3.2 to 2.8.0

Changelog

Sourced from addressable's changelog.

Addressable 2.8.0

• fixes ReDoS vulnerability in Addressable::Template#match
• no longer replaces + with spaces in queries for non-http(s) schemes
• fixed encoding ipv6 literals
• the :compacted flag for normalized_query now dedupes parameters
• fix broken escape_component alias
• dropping support for Ruby 2.0 and 2.1
• adding Ruby 3.0 compatibility for development tasks
• drop support for rack-mount and remove Addressable::Template#generate
• performance improvements
• switch CI/CD to GitHub Actions

Addressable 2.7.0

• added :compacted flag to normalized_query
• heuristic_parse handles mailto: more intuitively
• dropped explicit support for JRuby 9.0.5.0
• compatibility w/ public_suffix 4.x
• performance improvements

Addressable 2.6.0

• added tld= method to allow assignment to the public suffix
• most heuristic_parse patterns are now case-insensitive
• heuristic_parse handles more file:// URI variations
• fixes bug in heuristic_parse when uri starts with digit
• fixes bug in request_uri= with query strings
• fixes template issues with nil and ? operator
• frozen_string_literal pragmas added
• minor performance improvements in regexps
• fixes to eliminate warnings

Addressable 2.5.2

• better support for frozen string literals
• fixed bug w/ uppercase characters in scheme
• IDNA errors w/ emoji URLs
• compatibility w/ public_suffix 3.x

Addressable 2.5.1

• allow unicode normalization to be disabled for URI Template expansion
• removed duplicate test

Addressable 2.5.0

• dropping support for Ruby 1.9
• adding support for Ruby 2.4 preview
• add support for public suffixes and tld; first runtime dependency
• hostname escaping should match RFC; underscores in hostnames no longer escaped
• paths beginning with // and missing an authority are now considered invalid
• validation now also takes place after setting a path
• handle backslashes in authority more like a browser for heuristic_parse
• unescaped backslashes in host now raise an InvalidURIError
• merge!, join!, omit! and normalize! don't disable deferred validation

... (truncated)

Commits

• 6469a23 Updating gemspec again
• 2433638 Merge branch 'main' of github.com:sporkmonger/addressable into main
• e9c76b8 Merge pull request #378 from ashmaroli/flat-map
• 56c5cf7 Update the gemspec
• c1fed1c Require a non-vulnerable rake
• 0d8a312 Adding note about ReDoS vulnerability
• 89c7613 Merge branch 'template-regexp' into main
• cf8884f Note about alias fix
• bb03f71 Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry
• 6d1d809 Adding note about :compacted normalization
• Additional commits viewable in compare view

Updates net-ldap from 0.11 to 0.16.2

Release notes

Sourced from net-ldap's releases.

v0.16.2

• Net::LDAP#open does not cache bind result #334
• Fix CI build #333
• Fix to “undefined method 'result_code'” #308
• Fixed Exception: incompatible character encodings: ASCII-8BIT and UTF-8 in filter.rb #285

Changelog

Sourced from net-ldap's changelog.

=== Net::LDAP 0.16.2

• Net::LDAP#open does not cache bind result {#334}[https://redirect.github.com/Net::LDAP#open does not cache bind result ruby-ldap/ruby-net-ldap#334]
• Fix CI build {#333}[https://redirect.github.com/Fix CI build ruby-ldap/ruby-net-ldap#333]
• Fix to "undefined method 'result_code'" {#308}[https://redirect.github.com/Fix to "undefined method 'result_code'" ruby-ldap/ruby-net-ldap#308]
• Fixed Exception: incompatible character encodings: ASCII-8BIT and UTF-8 in filter.rb {#285}[https://redirect.github.com/Fixed Exception: incompatible character encodings: ASCII-8BIT and UTF-8 in filter.rb ruby-ldap/ruby-net-ldap#285]

=== Net::LDAP 0.16.1

• Send DN and newPassword with password_modify request {#271}[https://redirect.github.com/Send DN and newPassword with password_modify request ruby-ldap/ruby-net-ldap#271]

=== Net::LDAP 0.16.0

• Sasl fix {#281}[https://redirect.github.com/Sasl fix ruby-ldap/ruby-net-ldap#281]
• enable TLS hostname validation {#279}[https://redirect.github.com/enable TLS hostname validation ruby-ldap/ruby-net-ldap#279]
• update rubocop to 0.42.0 {#278}[https://redirect.github.com/update rubocop to 0.42.0 ruby-ldap/ruby-net-ldap#278]

=== Net::LDAP 0.15.0

• Respect connect_timeout when establishing SSL connections {#273}[https://redirect.github.com/Respect connect_timeout when establishing SSL connections ruby-ldap/ruby-net-ldap#273]

=== Net::LDAP 0.14.0

• Normalize the encryption parameter passed to the LDAP constructor {#264}[https://redirect.github.com/Normalize the encryption parameter passed to the LDAP constructor ruby-ldap/ruby-net-ldap#264]
• Update Docs: Net::LDAP now requires ruby >= 2 {#261}[https://redirect.github.com/Update Docs: Net::LDAP now requires ruby >= 2 ruby-ldap/ruby-net-ldap#261]
• fix symbol proc {#255}[https://redirect.github.com/fix symbol proc ruby-ldap/ruby-net-ldap#255]
• fix trailing commas {#256}[https://redirect.github.com/fix trailing commas ruby-ldap/ruby-net-ldap#256]
• fix deprecated hash methods {#254}[https://redirect.github.com/fix deprecated hash methods ruby-ldap/ruby-net-ldap#254]
• fix space after comma {#253}[https://redirect.github.com/fix space after comma ruby-ldap/ruby-net-ldap#253]
• fix space inside brackets {#252}[https://redirect.github.com/fix space inside brackets ruby-ldap/ruby-net-ldap#252]
• Rubocop style fixes {#249}[https://redirect.github.com/Rubocop style fixes ruby-ldap/ruby-net-ldap#249]
• Lazy initialize Net::LDAP::Connection's internal socket {#235}[https://redirect.github.com/Lazy initialize Net::LDAP::Connection's internal socket ruby-ldap/ruby-net-ldap#235]
• Support for rfc3062 Password Modify, closes #163 {#178}[https://redirect.github.com/Support for rfc3062 Password Modify, closes #163 ruby-ldap/ruby-net-ldap#178]

=== Net::LDAP 0.13.0

Avoid this release for because of an backwards incompatibility in how encryption is initialized ruby-ldap/ruby-net-ldap#264. We did not yank it because people have already worked around it.

• Set a connect_timeout for the creation of a socket {#243}[https://redirect.github.com/Set a connect_timeout for the creation of a socket ruby-ldap/ruby-net-ldap#243]
• Update bundler before installing gems with bundler {#245}[https://redirect.github.com/Update bundler before installing gems with bundler ruby-ldap/ruby-net-ldap#245]
• Net::LDAP#encryption accepts string {#239}[https://redirect.github.com/Net::LDAP#encryption accepts string ruby-ldap/ruby-net-ldap#239]
• Adds correct UTF-8 encoding to Net::BER::BerIdentifiedString {#242}[https://redirect.github.com/Adds correct UTF-8 encoding to Net::BER::BerIdentifiedString ruby-ldap/ruby-net-ldap#242]
• Remove 2.3.0-preview since ruby-head already is included {#241}[https://redirect.github.com/Remove 2.3.0-preview since ruby-head already is included ruby-ldap/ruby-net-ldap#241]
• Drop support for ruby 1.9.3 {#240}[https://redirect.github.com/Drop support for ruby 1.9.3 ruby-ldap/ruby-net-ldap#240]
• Fixed capitalization of StartTLSError {#234}[https://redirect.github.com/Fixed capitalization of StartTLSError ruby-ldap/ruby-net-ldap#234]

=== Net::LDAP 0.12.1

... (truncated)

Commits

• ffdfb54 Release 0.16.2
• a199360 Merge pull request #335 from ruby-ldap/release-0.16.2
• d9c44d4 Update changelog
• 8935eed Merge pull request #334 from vroldanbet/ldap-open-connection-bug
• c7d7d15 Merge branch 'master' of https://github.com/ruby-ldap/ruby-net-ldap into ldap...
• 585ec7a Merge pull request #333 from vroldanbet/fix-ci-build
• dc99286 bump gem version, assuming semver
• 92be710 Revert "Revert "caches bind result", to see if failing in CI"
• ab18e5b the test environment expects a valid DNS as username
• 3455b30 Revert "caches bind result", to see if failing in CI
• Additional commits viewable in compare view

Updates ruby-saml from 1.0.0 to 1.7.0

Release notes

Sourced from ruby-saml's releases.

1.7.0 (Feb 27, 2018)

1.7.0

• Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments

1.6.2 (Feb 28, 2018)

• Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments

1.6.1 (January 15, 2018)

• #428 Fix a bug on IdPMetadataParser when parsing certificates
• #426 Ensure Rails responds to logger

1.6.0 (November 27, 2017)

• #418 Improve SAML message signature validation using original encoded parameters instead decoded in order to avoid conflicts (URL-encoding is not canonical, reported issues with ADFS)
• #420 Expose NameID Format on SloLogoutrequest
• #423 Allow format_cert to work with chained certificates
• #422 Use to_s for requested attribute value

1.5.0 (August 31, 2017)

• #400 When validating Signature use stored IdP certficate if Signature contains no info about Certificate
• #402 Fix validate_response_state method that rejected SAMLResponses when using idp_cert_multi and idp_cert and idp_cert_fingerprint were not provided.
• #411 Allow space in Base64 string
• #407 Improve IdpMetadataParser raising an ArgumentError when parser method receive a metadata string with no IDPSSODescriptor element.
• #374 Support more than one level of StatusCode
• #405 Support ADFS encrypted key (Accept KeyInfo nodes with no ds namespace)

1.4.3 (May 18, 2017)

• Added SubjectConfirmation Recipient validation
• #393 Implement IdpMetadataParser#parse_to_hash
• Adapt IdP XML metadata parser to take care of multiple IdP certificates and be able to inject the data obtained on the settings.
• Improve binding detection on idp metadata parser
• #373 Allow metadata to be retrieved from source containing data for multiple entities
• Be able to register future SP x509cert on the settings and publish it on SP metadata
• Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption.
• Improve regex to detect base64 encoded messages
• Fix binding configuration example in README.md
• Add Fix SLO request. Correct NameQualifier/SPNameQualifier values.
• Validate serial number as string to work around libxml2 limitation
• Propagate isRequired on md:RequestedAttribute when generating SP metadata

1.4.2 (January 11, 2017)

• Improve tests format
• Fix nokogiri requirements based on ruby version
• Only publish KeyDescriptor[use="encryption"] at SP metadata if security[:want_assertions_encrypted] is true
• Be able to skip destination validation
• Improved inResponse validation on SAMLResponses and LogoutResponses
• #354 Allow scheme and domain to match ignoring case
• #363 Add support for multiple requested attributes

1.4.1 (October 19, 2016)

• #357 Add EncryptedAttribute support. Improve decrypt method

... (truncated)

Changelog

Sourced from ruby-saml's changelog.

1.7.0 (Feb 27, 2018)

• Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments

1.6.1 (January 15, 2018)

• #428 Fix a bug on IdPMetadataParser when parsing certificates
• #426 Ensure Rails responds to logger

1.6.0 (November 27, 2017)

• #418 Improve SAML message signature validation using original encoded parameters instead decoded in order to avoid conflicts (URL-encoding is not canonical, reported issues with ADFS)
• #420 Expose NameID Format on SloLogoutrequest
• #423 Allow format_cert to work with chained certificates
• #422 Use to_s for requested attribute value

1.5.0 (August 31, 2017)

• #400 When validating Signature use stored IdP certficate if Signature contains no info about Certificate
• #402 Fix validate_response_state method that rejected SAMLResponses when using idp_cert_multi and idp_cert and idp_cert_fingerprint were not provided.
• #411 Allow space in Base64 string
• #407 Improve IdpMetadataParser raising an ArgumentError when parser method receive a metadata string with no IDPSSODescriptor element.
• #374 Support more than one level of StatusCode
• #405 Support ADFS encrypted key (Accept KeyInfo nodes with no ds namespace)

1.4.3 (May 18, 2017)

• Added SubjectConfirmation Recipient validation
• #393 Implement IdpMetadataParser#parse_to_hash
• Adapt IdP XML metadata parser to take care of multiple IdP certificates and be able to inject the data obtained on the settings.
• Improve binding detection on idp metadata parser
• #373 Allow metadata to be retrieved from source containing data for multiple entities
• Be able to register future SP x509cert on the settings and publish it on SP metadata
• Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption.
• Improve regex to detect base64 encoded messages
• Fix binding configuration example in README.md
• Add Fix SLO request. Correct NameQualifier/SPNameQualifier values.
• Validate serial number as string to work around libxml2 limitation
• Propagate isRequired on md:RequestedAttribute when generating SP metadata

1.4.2 (January 11, 2017)

• Improve tests format
• Fix nokogiri requirements based on ruby version
• Only publish KeyDescriptor[use="encryption"] at SP metadata if security[:want_assertions_encrypted] is true
• Be able to skip destination validation
• Improved inResponse validation on SAMLResponses and LogoutResponses
• #354 Allow scheme and domain to match ignoring case
• #363 Add support for multiple requested attributes

1.4.1 (October 19, 2016)

• #357 Add EncryptedAttribute support. Improve decrypt method
• Allow multiple authn_context_decl_ref in settings
• Allow options[:settings] to be an hash for Settings overrides in IdpMetadataParser#parse

... (truncated)

Commits

• 082249e Release 1.7.0
• 048a544 Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring co...
• 414d144 Release 1.6.1
• 259af92 Fix #428 IdPMetadataParser had a bug when parsing certificates
• 8bca922 Merge pull request #426 from tily/fix/ensure_rails_responds_to_logger
• 53cae02 ensure Rails responds to logger
• 459a53c Fix #424 Ruby 2.3.X and 2.4.X now listed as supported versions.
• c80e5b9 Add new ruby versions to travis #424
• 851ce2d Fix changlog format
• 5bb3a73 Release 1.6.0
• Additional commits viewable in compare view

Updates gibbon from 1.1.4 to 1.2.1

Changelog

Sourced from gibbon's changelog.

[1.2.1] - 2015-07-30

• Fix lack of newline issue (contributed by @​michaeldawson)

[1.2.0] - 2015-07-16

• Same as 1.1.6 but rereleased because it's a breaking change
• Support for Ruby 2 streaming with Export API. Now returns an Array of Array of Strings instead of an Array of Strings.
• Fix a bug that caused calling methods statically on Gibbon::Export to fail

[1.1.6] - 2015-06-04 (Yanked)

• Support for Ruby 2 streaming with Export API

[1.1.5] - 2015-02-19

• Update MultiJSON dependency to 1.9.0
• Handle single empty space in Export API response

Commits

• fd67129 fix changelog release date
• b2bd16d fix lack of newline causing parse error when streaming from export API
• b06515b update changelog
• bb294c9 Merge pull request #123 from dantethegrey/master
• ad02cd1 Bump to v1.2.0
• f395495 Expand args for send at ApiCategory#send
• be224d5 update copyright year
• 2086e22 clean up notes at top of README
• 6e171f8 Merge pull request #120 from fsluis/master
• b8cf251 Gibbon/version import error
• Additional commits viewable in compare view

Updates redcarpet from 3.3.3 to 3.5.1

Release notes

Sourced from redcarpet's releases.

Redcarpet v3.5.1

Fix a security vulnerability using :quote in combination with the :escape_html option.

Reported by Johan Smits.

v3.5.0

This release mostly ships with bug fixes and tiny improvements.

Improvements

• Avoid mutating the options hash passed to a render object (See #663).

• Automatically enable the fenced_code_blocks option passing a HTML_TOC object to the Markdown object's constructor since some languages rely on the sharp to comment code (See #451).

• Remove the rel and rev attributes from the output generated for footnotes as they don't pass the HTML 5 validation (See #536).

• Allow passing Range objects to the nesting_level option to have a higher level of customization for table of contents (See #519):

  Redcarpet::Render::HTML_TOC.new(nesting_level: 2..5)

Bug fixes

• Fix a segfault rendering quotes using StripDown and the :quote option.

• Fix SmartyPants single quotes right after a link. For example:

  [John](http://john.doe)'s cat

  Will now properly converts ' to a right single quote (i.e. ’).

v3.4.0

Redcarpet v3.4.0

This new release ships with a bunch of bug fixes especially regarding anchor generation.

Improvements to anchor generation

The anchor generation now relies on a djb2 hashing algorithm whenever the generated anchor is empty as non alpha-numeric chars. This is specifically interesting for CJK contents as Redcarpet used to generate empty anchors dealing with titles in these locales.

Special thanks to Alexey Kopytko and namusyaka for their work on that !

Also now, the html-escaped entities are removed from anchors generated with the HTML render in order to be consistent with the HTML_TOC render and as it is more expected.

Other improvements

• Table headers don't require a minimum of three dashes anymore; a single one can be used for each row.
• The Markdown and rendering options are now exposed through a Hash inside the @options instance variable inside your custom render objects.

Bug fixes

... (truncated)

Changelog

Sourced from redcarpet's changelog.

Version 3.5.1 (Security)

• Fix a security vulnerability using :quote in combination with the :escape_html option.

  Reported by Johan Smits.

Version 3.5.0

• Avoid mutating the options hash passed to a render object.

  Refs #663.

  Max Schwenk

• Fix a segfault rendering quotes using StripDown and the :quote option.

  Fixes #639.

• Fix warning: instance variable @options not initialized when running under verbose mode (-w, $VERBOSE = true).

• Fix SmartyPants single quotes right after a link. For example:

  [John](http://john.doe)'s cat

  Will now properly converts ' to a right single quote (i.e. ’).

  Fixes #624.

• Remove the rel and rev attributes from the output generated for footnotes as they don't pass the HTML 5 validation.

  Fixes #536.

• Automatically enable the fenced_code_blocks option passing a HTML_TOC object to the Markdown object's constructor since some languages rely on the sharp to comment code.

  Fixes #451.

• Allow passing Range objects to the nesting_level option to have a higher level of customization for table of contents:

  Redcarpet::Render::HTML_TOC.new(nesting_level: 2..5)

... (truncated)

Commits

• a699c82 Fix a security issue using :quote with :escape_html
• 6270d6b Redcarpet v3.5.0
• 94f6e27 Tiny follow-up to #663
• 3100f65 Merge pull request #663 from maschwenk/dont-mutate-options
• fc52d9c Add regression test
• 03e7997 Don't mutated passed options
• 92a7b3a Fix a segfault with StripDown and the :quote option
• 7352162 Merge pull request #649 from rbalint/master
• e23383e Merge pull request #650 from kolen/fix-warning-options-not-initialized
• 6b86656 Fix "instance variable @​options not initialized" warning
• Additional commits viewable in compare view

Updates resque from 1.25.2 to 1.27.4

Changelog

Sourced from resque's changelog.

1.27.4 (2017-04-15)

Fixed

• Fix issue where removing a failure from Resque web didn't work when using RedisMultiQueue backend.

1.27.3 (2017-04-10)

Fixed

• Fix issue where initializing a data store would attempt to hit Redis, even when Resque.inline = true

1.27.2 (2017-02-20)

Fixed

• Require "redis/distributed" in worker.rb to allow proper rescuing
• Fallback to server time if Redis time won't work (restores Redis 2.4 support)

1.27.1 (2017-02-13)

Fixed

• Show actual jobs names in web view using ActiveJob (@​martnst)

1.27.0 (2017-02-08)

Fixed

• Fix issue where calling Worker.find, Worker.all, or Worker.working from withing a running job would rewrite the PID file with the PID of the forked worker. This causes a change to the Worker#new API that may affect plugin implementations. See Worker#new and Worker#prepare for details. (@​jeremywadsack)
• Workers queried out now have the correct hostname (@​crazymykl)
• Fix race condition on worker startup (@​stevedomin)
• No longer triggers verbose logging if env variables are not set (@​ldnunes)
• resque/failed/requeue/all when using Redis::Failure::Multiple no longer raises an exception (@​ale7714)
• Improve forking to avoid having a child process escape its code (@​dylanahsmith)
• Workers now use server time rather than their own time to maintain heartbeats (@​fw42)
• Run eager load hooks for Rails applications versioned 4.x and up (@​abhi-patel)
• Fix bug when encountering an error while pruning workers (Joakim Kolsjö and Tomas Skogberg)
• Children write to PIDFILE immediately after forking, fixing issues when reconnecting to Redis is slow (@​fimmtiu)

Changed

• Update jQuery from 1.3.2 to 1.12.4 (@​chrisccerami)
• No longer user Thread.kill to stop heartbeat (@​Sinjo)

Added

• Resque Web UI now prompts for confirmation on clearing failed jobs (Markus Olsen)
• Adds process status to DirtyExit exception when job is killed via signal (@​MishaConway)

1.26.0 (2016-03-10)

This changelog is a bit incomplete. We will be much stricter about the changelog for the next release.

... (truncated)

Commits

• f98cf43 Release v1.27.4
• 5aa672c Merge pull request #1558 from jakewilkins/resque-web-remove-failure
• 7735cb3 add fix to HISTORY.md
• 8ebcad2 use remove_from_failed_queue to remove multi queue failures
• c70a023 Update version to 1.27.3
• 69ae64c Merge pull request #1545 from chrisccerami/resque_inline_skating
• 8a94e8c Merge pull request #1556 from chrisccerami/update_readme_mailing_list
• 625c8d8 Remove outdated mailing list info from README
• 30681ea Clarify the need for DataStore#redis_time_available?
• 7a52087 Resque.inline should prevent hitting Redis
• Additional commits viewable in compare view

Updates webrick from 1.3.1 to 1.6.1

Release notes

Sourced from webrick's releases.

v1.6.1

Full Changelog: ruby/webrick@v1.6.0...v1.6.1

v1.6.0

What's Changed

• Remove the squishing of whitespace in header values by @​jeremyevans<...

  Description has been truncated