From f0cb77e7a39f4664aafe2882166a2a348b77372f Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 1 Mar 2021 03:47:07 +0000
Subject: [PATCH] [Security] Update omniauth requirement from ~> 1.2 to >= 1.2,
 < 3.0

Updates the requirements on [omniauth](https://github.com/omniauth/omniauth) to permit the latest version.
- [Release notes](https://github.com/omniauth/omniauth/releases)
- [Commits](https://github.com/omniauth/omniauth/compare/v1.2.2...v2.0.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 Gemfile.lock                      | 44 ++++++++++++++++++-------------
 omniauth-microsoft-oauth2.gemspec |  2 +-
 2 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index b38c17b..0ce0351 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -2,7 +2,8 @@ PATH
   remote: .
   specs:
     omniauth-microsoft-oauth2 (0.0.1)
-      omniauth (~> 1.2)
+      multi_json (~> 1.3)
+      omniauth (>= 1.2, < 3.0)
       omniauth-oauth2 (~> 1.2)
 
 GEM
@@ -12,27 +13,33 @@ GEM
     crack (0.4.2)
       safe_yaml (~> 1.0.0)
     diff-lcs (1.2.5)
-    faraday (0.9.1)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
-    hashie (3.4.2)
+      ruby2_keywords
+    faraday-net_http (1.0.1)
+    hashie (4.1.0)
     json (1.8.2)
-    jwt (1.5.0)
-    multi_json (1.11.0)
-    multi_xml (0.5.5)
-    multipart-post (2.0.0)
-    oauth2 (1.0.0)
-      faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+    jwt (2.2.2)
+    multi_json (1.15.0)
+    multi_xml (0.6.0)
+    multipart-post (2.1.1)
+    oauth2 (1.4.4)
+      faraday (>= 0.8, < 2.0)
+      jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
-      rack (~> 1.2)
-    omniauth (1.2.2)
-      hashie (>= 1.2, < 4)
-      rack (~> 1.0)
-    omniauth-oauth2 (1.3.0)
-      oauth2 (~> 1.0)
-      omniauth (~> 1.2)
-    rack (1.6.1)
+      rack (>= 1.2, < 3)
+    omniauth (2.0.3)
+      hashie (>= 3.4.6)
+      rack (>= 1.6.2, < 3)
+      rack-protection
+    omniauth-oauth2 (1.7.1)
+      oauth2 (~> 1.4)
+      omniauth (>= 1.9, < 3)
+    rack (2.2.3)
+    rack-protection (2.1.0)
+      rack
     rack-test (0.6.3)
       rack (>= 1.0)
     rake (10.4.2)
@@ -44,6 +51,7 @@ GEM
     rspec-expectations (2.99.2)
       diff-lcs (>= 1.1.3, < 2.0)
     rspec-mocks (2.99.3)
+    ruby2_keywords (0.0.4)
     safe_yaml (1.0.4)
     webmock (1.21.0)
       addressable (>= 2.3.6)
diff --git a/omniauth-microsoft-oauth2.gemspec b/omniauth-microsoft-oauth2.gemspec
index 0b5e782..ceafb06 100644
--- a/omniauth-microsoft-oauth2.gemspec
+++ b/omniauth-microsoft-oauth2.gemspec
@@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = OmniAuth::MicrosoftOauth2::VERSION
 
-  gem.add_dependency 'omniauth', '~> 1.2'
+  gem.add_dependency 'omniauth', '>= 1.2', '< 3.0'
   gem.add_dependency 'omniauth-oauth2', '~> 1.2'
   gem.add_runtime_dependency 'multi_json', '~> 1.3'
   gem.add_development_dependency "rspec", "~> 2.7"