backporting samlr vuln fix from zendesk_auth

[swatikri]

This PR is just porting a vulnerability fix into samlr Todo

• [ ] Bump and release this version

[greysteil]

Thanks for this fix, and for samlr.

I work on the GitHub Security Workflows team and we were alerted to this change when it appeared in the NVD feed of CVEs (here). If you've got 5 minutes I'd love some feedback from you on how GitHub can help in situations like this.

In particular, I'd love to know:

• Did you request a CVE for this from MITRE yourself? How was that experience if so? Could GitHub help there?
• Did you consider using a GitHub Security Advisory (the tab here) at any point when working on this? Did you know about GitHub Security Advisories before this message?
• We've added this vulnerability to GitHub's database and sent alerts to users of this gem suggesting they upgrade. How has that experience been for you as a maintainer?

Any feedback you can provide (even if it's just "I had no idea about any of this") would be super valuable. Thanks!