Bump python-saml from 2.1.3 to 2.4.0 in /social/tests

Bumps python-saml from 2.1.3 to 2.4.0.

Release notes

*Sourced from [python-saml's releases](https://github.com/onelogin/python-saml/releases).* > ## OneLogin's SAML Python Toolkit v2.4.0 > Changelog: > * Fix vulnerability [CVE-2017-11427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11427). Process text of nodes properly, ignoring comments > * Improve how fingerprint is calcultated > * Fix issue with LogoutRequest rejected by ADFS due NameID with unspecified format instead no format attribute > * Be able to invalidate a SAMLResponse if it contains InResponseTo value but no RequestId parameter provided at the is_valid method. See rejectUnsolicitedResponsesWithInResponseTo security parameter (By default deactivated) > * Fix signature position in the SP metadata > * Redefine NSMAP constant > > ## OneLogin's SAML Python Toolkit v2.3.0 > * [#205](https://github-redirect.dependabot.com/onelogin/python-saml/pull/205) Improve decrypt method, Add an option to decrypt an element in place or copy it before decryption. > * [#204](https://github-redirect.dependabot.com/onelogin/python-saml/pull/204) On a LogoutRequest if the NameIdFormat is entity, NameQualifier and SPNameQualifier will be ommited. If the NameIdFormat is not entity and a NameQualifier is provided, then the SPNameQualifier will be also added. > * Be able to get at the auth object the last processed ID (response/assertion) and the last generated ID. > * Reset errorReason attribute of the auth object before each Process method > * Fix issue on getting multiple certs when only sign or encryption certs > * Allow empty nameid if setting wantNameId is false. Only raise Exceptions when strict mode is enabled > > ## OneLogin's SAML Python Toolkit v2.2.3 > * Replace some etree.tostring calls, that were introduced recfently, by the sanitized call provided by defusedxml > * Update dm.xmlsec.binding requirement to 1.3.3 version > > ## OneLogin's SAML Python Toolkit v2.2.2 > Changelog: > * Be able to relax SSL Certificate verification when retrieving idp metadata > * [#195](https://github-redirect.dependabot.com/onelogin/python-saml/pull/195) Be able to register future SP x509cert on the settings and publish it on SP metadata > * [#195](https://github-redirect.dependabot.com/onelogin/python-saml/pull/195) Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption > * [#195](https://github-redirect.dependabot.com/onelogin/python-saml/pull/195) Allow metadata to be retrieved from source containing data of multiple entities > * [#195](https://github-redirect.dependabot.com/onelogin/python-saml/pull/195) Adapt IdP XML metadata parser to take care of multiple IdP certtificates and be able to inject the data obtained on the settings. > * [#194](https://github-redirect.dependabot.com/onelogin/python-saml/pull/194) Publish KeyDescriptor[use=encryption] only when required > * [#190](https://github-redirect.dependabot.com/onelogin/python-saml/pull/190) Checking the status of response before assertion count > * Add Pyramid demo example > * Allows underscores in URL hosts > * NameID Format improvements > * [#184](https://github-redirect.dependabot.com/onelogin/python-saml/pull/184) Be able to provide a NameIDFormat to LogoutRequest > * [#180](https://github-redirect.dependabot.com/onelogin/python-saml/pull/180) Add DigestMethod support. (Add sign_algorithm and digest_algorithm parameters to sign_metadata and add_sign) > * Validate serial number as string to work around libxml2 limitation > * Make the Issuer on the Response Optional > > ## OneLogin's SAML Python Toolkit v2.2.1 > This version includes improvements oriented to help the developer to debug. > > Changelog: > - [#175](https://github-redirect.dependabot.com/onelogin/python-saml/pull/175) Optionally raise detailed exceptions vs. returning False. > Implement a more specific exception class for handling some validation errors. Improve/Fix tests > - [#171](https://github-redirect.dependabot.com/onelogin/python-saml/pull/171) Add hooks to retrieve last-sent and last-received requests and responses > - Improved inResponse validation on Responses > - [#173](https://github-redirect.dependabot.com/onelogin/python-saml/pull/173) Fix attributeConsumingService serviceName format in README > > ## OneLogin's SAML Python Toolkit v2.2.0 > This version includes a security patch that contains extra validations that will prevent signature wrapping attacks. > ... (truncated)

Changelog

*Sourced from [python-saml's changelog](https://github.com/onelogin/python-saml/blob/master/changelog.md).* > ### 2.4.0 (Feb 27, 2018) > * Fix vulnerability [CVE-2017-11427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11427). Process text of nodes properly, ignoring comments > * Improve how fingerprint is calcultated > * Fix issue with LogoutRequest rejected by ADFS due NameID with unspecified format instead no format attribute > * Be able to invalidate a SAMLResponse if it contains InResponseTo value but no RequestId parameter provided at the is_valid method. See rejectUnsolicitedResponsesWithInResponseTo security parameter (By default deactivated) > * Fix signature position in the SP metadata > * Redefine NSMAP constant > > ### 2.3.0 (Sep 15, 2017) > * [#205](https://github-redirect.dependabot.com/onelogin/python-saml/pull/205) Improve decrypt method, Add an option to decrypt an element in place or copy it before decryption. > * [#204](https://github-redirect.dependabot.com/onelogin/python-saml/pull/204) On a LogoutRequest if the NameIdFormat is entity, NameQualifier and SPNameQualifier will be ommited. If the NameIdFormat is not entity and a NameQualifier is provided, then the SPNameQualifier will be also added. > * Be able to get at the auth object the last processed ID (response/assertion) and the last generated ID. > * Reset errorReason attribute of the auth object before each Process method > * Fix issue on getting multiple certs when only sign or encryption certs > * Allow empty nameid if setting wantNameId is false. Only raise Exceptions when strict mode is enabled > > ### 2.2.3 (Jun 15, 2017) > * Replace some etree.tostring calls, that were introduced recfently, by the sanitized call provided by defusedxml > * Update dm.xmlsec.binding requirement to 1.3.3 version > > ### 2.2.2 (May 18, 2017) > * Be able to relax SSL Certificate verification when retrieving idp metadata > * [#195](https://github-redirect.dependabot.com/onelogin/python-saml/pull/195) Be able to register future SP x509cert on the settings and publish it on SP metadata > * [#195](https://github-redirect.dependabot.com/onelogin/python-saml/pull/195) Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption > * [#195](https://github-redirect.dependabot.com/onelogin/python-saml/pull/195) Allow metadata to be retrieved from source containing data of multiple entities > * [#195](https://github-redirect.dependabot.com/onelogin/python-saml/pull/195) Adapt IdP XML metadata parser to take care of multiple IdP certtificates and be able to inject the data obtained on the settings. > * [#194](https://github-redirect.dependabot.com/onelogin/python-saml/pull/194) Publish KeyDescriptor[use=encryption] only when required > * [#190](https://github-redirect.dependabot.com/onelogin/python-saml/pull/190) Checking the status of response before assertion count > * Add Pyramid demo example > * Allows underscores in URL hosts > * NameID Format improvements > * [#184](https://github-redirect.dependabot.com/onelogin/python-saml/pull/184) Be able to provide a NameIDFormat to LogoutRequest > * [#180](https://github-redirect.dependabot.com/onelogin/python-saml/pull/180) Add DigestMethod support. (Add sign_algorithm and digest_algorithm parameters to sign_metadata and add_sign) > * Validate serial number as string to work around libxml2 limitation > * Make the Issuer on the Response Optional > > > ### 2.2.1 (Jan 11, 2017) > * [#175](https://github-redirect.dependabot.com/onelogin/python-saml/pull/175) Optionally raise detailed exceptions vs. returning False. > Implement a more specific exception class for handling some validation errors. Improve/Fix tests > * [#171](https://github-redirect.dependabot.com/onelogin/python-saml/pull/171) Add hooks to retrieve last-sent and last-received requests and responses > * Improved inResponse validation on Responses > * [#173](https://github-redirect.dependabot.com/onelogin/python-saml/pull/173) Fix attributeConsumingService serviceName format in README > > > ### 2.2.0 (Oct 14, 2016) > * Several security improvements: > * Conditions element required and unique. > * AuthnStatement element required and unique. > * SPNameQualifier must math the SP EntityID > ... (truncated)

Commits

- [`27bce00`](https://github.com/onelogin/python-saml/commit/27bce0081b180f90ac094ceefaa38183bfc47212) Release 2.4.0 - [`826f4f5`](https://github.com/onelogin/python-saml/commit/826f4f53812e87d953ed424fb972223c0edc4a45) Improve how fingerprint is calcultated - [`fad881b`](https://github.com/onelogin/python-saml/commit/fad881b4432febea69d70691dfed51c93f0de10f) Fix vulnerability CVE-2017-11427. Process text of nodes properly, ignoring co... - [`4081893`](https://github.com/onelogin/python-saml/commit/4081893698abc46c41e2a5c4b91bcdd37d401a19) Be able to invalidate a SAMLResponse if it contains InResponseTo value but no... - [`6b9faf5`](https://github.com/onelogin/python-saml/commit/6b9faf5c6d140635d3fefcadd5319ee128abc529) Redefine NSMAP constant - [`c8717ff`](https://github.com/onelogin/python-saml/commit/c8717ff5014ab73dfe7cf7617c49925d9d1e12bd) Add more tests to cover IdPMetadataParser - [`032a2c7`](https://github.com/onelogin/python-saml/commit/032a2c7339c27788e795814512607c78482dd2ff) Fix signature position in the SP metadata - [`265d019`](https://github.com/onelogin/python-saml/commit/265d019451adac073ca8f470c757a05e9b447867) Fix issue with LogoutRequest rejected by ADFS due NameID with unspecified for... - [`b089e78`](https://github.com/onelogin/python-saml/commit/b089e782ca954eedd2157dc5d5d7115ab1ed2fac) Release 2.3.0 - [`ef91db1`](https://github.com/onelogin/python-saml/commit/ef91db1fb7c5b80555fe8365908a28e3838d5d4e) Improve previous commited tests - Additional commits viewable in [compare view](https://github.com/onelogin/python-saml/compare/v2.1.3...v2.4.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/omab/python-social-auth/network/alerts).

omab / python-social-auth

Bump python-saml from 2.1.3 to 2.4.0 in /social/tests #1122