Update omniauth-saml to 1.10 (#6587)

Fixes CVE-2017-11428

Gemfile

@@ -35,7 +35,7 @@ gem 'devise-two-factor', '~> 3.0'
 gem 'devise_pam_authenticatable2', '~> 8.0', install_if: -> { ENV['PAM_ENABLED'] == 'true' }
 gem 'net-ldap', '~> 0.10', install_if: -> { ENV['LDAP_ENABLED'] == 'true' }
 gem 'omniauth-cas', '~> 1.1', install_if: -> { ENV['CAS_ENABLED'] == 'true' }
-gem 'omniauth-saml', '~> 1.8', install_if: -> { ENV['SAML_ENABLED'] == 'true' }
+gem 'omniauth-saml', '~> 1.10', install_if: -> { ENV['SAML_ENABLED'] == 'true' }
 gem 'omniauth', '~> 1.2'
 
 gem 'doorkeeper', '~> 4.2'

Gemfile.lock

@@ -338,9 +338,9 @@ GEM
       addressable (~> 2.3)
       nokogiri (~> 1.5)
       omniauth (~> 1.2)
-    omniauth-saml (1.9.0)
+    omniauth-saml (1.10.0)
       omniauth (~> 1.3, >= 1.3.2)
-      ruby-saml (~> 1.4, >= 1.4.3)
+      ruby-saml (~> 1.7)
     orm_adapter (0.5.0)
     ostatus2 (2.0.3)
       addressable (~> 2.5)
@@ -496,7 +496,7 @@ GEM
       unicode-display_width (~> 1.0, >= 1.0.1)
     ruby-oembed (0.12.0)
     ruby-progressbar (1.9.0)
-    ruby-saml (1.6.1)
+    ruby-saml (1.7.2)
       nokogiri (>= 1.5.10)
     rufus-scheduler (3.4.2)
       et-orbi (~> 1.0)
@@ -673,7 +673,7 @@ DEPENDENCIES
   oj (~> 3.3)
   omniauth (~> 1.2)
   omniauth-cas (~> 1.1)
-  omniauth-saml (~> 1.8)
+  omniauth-saml (~> 1.10)
   ostatus2 (~> 2.0)
   ox (~> 2.8)
   paperclip (~> 5.1)