Anyone at @github's GHSA team care to look into this PR that got closed? I believe I've found an omniauth-saml advisory that simply references three other GHSA advisories that affect one of it's dependencies, ruby-saml. I see no evidence why a separate advisory needs to exist for omniauth-saml, when the security issues exist in ruby-saml, and can easily be upgraded independently of omniauth-saml (ex: gem upgrade ruby-saml / bundle update ruby-saml). This seems like a maintainer created yet another advisory simply to notify their users about other advisories affecting their dependencies, which seems like overkill and creates duplicate security advisory data. I think this GHSA advisory should be withdrawn/removed.
https://github.com/github/advisory-database/pull/5625

#ghsa #omniauth #saml

[個人開発]Ruby on Railsで阪神ファンのためのアプリ作ってみた
https://qiita.com/CarBoss1996/items/63c14260fc7fe65da78e?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #OmniAuth #位置情報 #Simplecalendar #阪神タイガース #RubyonRails7_0

Un #bogue #mastodon rend l’utilisation d’applications ordiphones comme #tusky ou autre (utilisant #webView semble-t-il) quasiment ou totalement inutilisable lorsque le serveur est configuré avec une authentification #openID ou #SAML (#omniauth) :

https://github.com/mastodon/mastodon/issues/18481

Le seul contournement qui nous semblent « utilisable » :

1. forcer l’application à utiliser un navigateur externe
2. se connecter avec le navigateur externe
3. procéder à l’authentification via l’application