Update omniauth dependency

[lafeber]

See omniauth/omniauth#809 - about a CSRF vulnerability which affects OmniAuth (designated CVE-2015-9284)

What to do?

[kriom]

I have the same problem

Dependabot cannot update omniauth to a non-vulnerable version
The latest possible version that can be installed is 1.9.2 because of the following conflicting dependencies:

omniauth-google-oauth2 (0.8.2) requires omniauth (~> 1.1)
omniauth-salesforce (1.1.0) requires omniauth (~> 1.0)
omniauth-saml (1.10.3) requires omniauth (~> 1.3, >= 1.3.2) <================

I'm surprised that it also affects 2 other gems that I use, the upgrade can't be easy I suppose.

[bufferoverflow]

we bumped omniauth with c6fc2db and created a new release