The omniauth-ldap gem is depending on the old version. I don't think we're affected, but Github lists omniauth 1.8.1 as vulnerable to CSRF: GHSA-ww4x-rwq6-qpgf

@eladeyal-intel any ideas?