Merge upstream

[orgads]

Fixes critical vulnerability CVE-2022-41912.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 3 committers have signed the CLA.

✅ orgads
❌ crewjam
❌ davidv1992
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[orgads]

@Jguer There were conflicts in service_provider.go. Please review this file carefully.

Regarding the CLA, I think it should not be applied to merged commits. Otherwise, you should have required all the authors of the original repository to sign it, right?

[Jguer]

Hi @orgads, this patch is already included in the main branch.

The preview branch is not used anymore. Thanks for taking the time to open the PR

[orgads]

Well, grafana has this in go.mod, and this commit (61cd9c9) is from the preview branch:

// Use fork of crewjam/saml with fixes for some issues until changes get merged into upstream
replace github.com/crewjam/saml => github.com/grafana/saml v0.4.9-0.20220727151557-61cd9c9353fc

So do you plan to update it?