Bump onelogin/php-saml from 4.0.0 to 4.2.0

[dependabot]

Bumps onelogin/php-saml from 4.0.0 to 4.2.0.

Release notes

Sourced from onelogin/php-saml's releases.

OneLogin's SAML PHP Toolkit v4.2.0

• #586 IdPMetadataParser::parseRemoteXML - Add argument for setting whether to validate peer SSL certificate
• #585 Declare conditional return types
• #577 Allow empty NameID value when no strict or wantNameId is false
• #570 Support X509 cert comments
• #569 Add parameter to exclude validUntil on SP Metadata XML
• #551 Fix compatibility with proxies that extends HTTP_X_FORWARDED_HOST
• LogoutRequest and the LogoutResponse object to separate functions
• Make Saml2\Auth can accept a param $spValidationOnly
• Fix typos on readme.
• #480 Fix typo on SPNameQualifier mismatch error message
• Remove unbound version constraints on xmlseclibs
• Update dependencies
• Fix test payloads
• Remove references to OneLogin.

OneLogin's SAML PHP Toolkit v4.1.0

• Add pipe through for the $spValidationOnly setting in the Auth class.

OneLogin's SAML PHP Toolkit v4.0.1

• Add compatibility with PHP 8.1
  • If null param are provided to trim or preg_match, when PHP 8.1 has deprecation errors enabled, php-saml will raise errors.

Changelog

Sourced from onelogin/php-saml's changelog.

v4.2.0

• #586 IdPMetadataParser::parseRemoteXML - Add argument for setting whether to validate peer SSL certificate
• #585 Declare conditional return types
• #577 Allow empty NameID value when no strict or wantNameId is false
• #570 Support X509 cert comments
• #569 Add parameter to exclude validUntil on SP Metadata XML
• #551 Fix compatibility with proxies that extends HTTP_X_FORWARDED_HOST
• LogoutRequest and the LogoutResponse object to separate functions
• Make Saml2\Auth can accept a param $spValidationOnly
• Fix typos on readme.
• #480 Fix typo on SPNameQualifier mismatch error message
• Remove unbound version constraints on xmlseclibs
• Update dependencies
• Fix test payloads
• Remove references to OneLogin.

v4.1.0

• Add pipe through for the $spValidationOnly setting in the Auth class.

v4.0.1

• Add compatibility with PHP 8.1
• #487 Enable strict check on in_array method
• Add warning about Open Redirect and Reply attacks
• Add warning about the use of IdpMetadataParser class. If Metadata URLs are provided by 3rd parties, the URL inputs MUST be validated to avoid issues like SSRF

Commits

• d3b5172 Prepare release 4.2.0
• e15e32e Move the creation of the LogoutRequest and the LogoutResponse object to separ...
• 6d023e0 Fix typo on SPNameQualifier mismatch error message
• c43d61b Add more tests to cover spValidationOnly param
• 4bf537c Add parameter to exclude validUntil (#569)
• 92a9e2d X509 cert comments (#570)
• d3884fb Merge pull request #588 from SAML-Toolkits/no_value_nameid
• 385219f Allow empty NameID value when no strict or wantNameId is false
• d040880 #586 IdPMetadataParser::parseRemoteXML - Add argument for setting whether to ...
• dd4b27a Declare conditional return types
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)