chore(deps): bump pysaml2 from 4.5.0 to 5.0.0

[dependabot[bot]]

Bumps pysaml2 from 4.5.0 to 5.0.0.

Release notes

Sourced from pysaml2's releases.

Version 5.0.0

5.0.0 (2020-01-13)

• Fix XML Signature Wrapping (XSW) vulnerabilities - CVE-2020-5390
• Add freshness period feature for MetaDataMDX
• Fix bug in duration calculation in time_util library
• Fix ipv6 validation to accommodate for addresses with brackets
• Fix xmlsec temporary files deletions
• Add method to get supported algorithms from metadata
• Add mdstore method to extract assurance certifications
• Add mdstore method to extract contact_person data
• Add attribute mappings from the Swiss eduPerson Schema
• Make AESCipher and Fernet interfaces compatible
• Remove deprecated saml2.aes module
• Remove deprecated saml2.extensions.ui module
• Replace deprecated mongodb operations
• Rename ToOld error to TooOld
• Fix pytest warnings
• Mock tests that need a network connection
• Start dropping python2 support

Version 4.9.0

4.9.0 (2019-11-03)

• Add mdstore methods to extract mdui uiinfo elements
• Add attribute mapping for umbrellaID attributes
• Fix logic error in pick_binding method for Entity class
• Validate the audience of assertions regardless of a response being unsolicited
• Fix PKCS_9 saml_url prefix
• docs: Fix warnings from docs generation
• docs: Update release instructions regarding branch releases
• docs: Fix list formatting on IdP example page
• docs: Update pysaml2 options doc with name_id_format_allow_create
• misc: fix various typos

Version 4.8.0

4.8.0 (2019-07-08)

• Refactor the way ForceAuthn is set: check for "true" and "1"
• Allow to set NameQualifier and SPNameQualifier attributes for ePTID
• Parse assertions with Holder-of-Key profile
• Add created_at timestamps to all mongodb documents
• Look for existing persistent id's before creating new ones
• Do not add AllowCreate property for default transient NameID
• Enable entity category import from module search path
• Add SAML subject identifier attributes to saml2_uri attributemap
• Fix deprecation warning regarding the cgi module - use the html module when available
• Misc minor improvements
• tests: Be compatible with latest pytest
• tests: Make tests pass after 2024

... (truncated)

Changelog

Sourced from pysaml2's changelog.

5.0.0 (2020-01-13)

• Fix XML Signature Wrapping (XSW) vulnerabilities - CVE-2020-5390
• Add freshness period feature for MetaDataMDX
• Fix bug in duration calculation in time_util library
• Fix ipv6 validation to accommodate for addresses with brackets
• Fix xmlsec temporary files deletions
• Add method to get supported algorithms from metadata
• Add mdstore method to extract assurance certifications
• Add mdstore method to extract contact_person data
• Add attribute mappings from the Swiss eduPerson Schema
• Make AESCipher and Fernet interfaces compatible
• Remove deprecated saml2.aes module
• Remove deprecated saml2.extensions.ui module
• Replace deprecated mongodb operations
• Rename ToOld error to TooOld
• Fix pytest warnings
• Mock tests that need a network connection
• Start dropping python2 support

4.9.0 (2019-11-03)

• Add mdstore methods to extract mdui uiinfo elements
• Add attribute mapping for umbrellaID attributes
• Fix logic error in pick_binding method for Entity class
• Validate the audience of assertions regardless of a response being unsolicited
• Fix PKCS_9 saml_url prefix
• docs: Fix warnings from docs generation
• docs: Update release instructions regarding branch releases
• docs: Fix list formatting on IdP example page
• docs: Update pysaml2 options doc with name_id_format_allow_create
• misc: fix various typos

4.8.0 (2019-07-08)

• Refactor the way ForceAuthn is set: check for "true" and "1"
• Allow to set NameQualifier and SPNameQualifier attributes for ePTID
• Parse assertions with Holder-of-Key profile
• Add created_at timestamps to all mongodb documents
• Look for existing persistent id's before creating new ones
• Do not add AllowCreate property for default transient NameID
• Enable entity category import from module search path
• Add SAML subject identifier attributes to saml2_uri attributemap
• Fix deprecation warning regarding the cgi module - use the html module when available
• Misc minor improvements
• tests: Be compatible with latest pytest
• tests: Make tests pass after 2024
• tests: Add py37 as a test target

... (truncated)

Commits

• f27c7e7 Release version 5.0.0
• 5e9d5ac Fix XML Signature Wrapping (XSW) vulnerabilities
• 324656e Merge branch 'feature-add-metadata-freshness'
• 9030d03 Format configuration examples
• 55be003 Reformat and rearrange code
• 7fd1719 Update documentation with mdq freshness_period
• 08a071d Remove unused default value
• 3525c60 Add freshness period feature for MetaDataMDX
• c569598 Fix bug in time_util library
• b3635ec Remove deprecated saml2.aes module
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/USStateDept/State-TalentMAP-API/network/alerts).

[dependabot[bot]]

Superseded by #529.