Bump github.com/russellhaering/gosaml2 from 0.10.0 to 0.11.0 in the go_modules group across 1 directory

[dependabot]

Bumps the go_modules group with 1 update in the / directory: github.com/russellhaering/gosaml2.

Updates github.com/russellhaering/gosaml2 from 0.10.0 to 0.11.0

Release notes

Sourced from github.com/russellhaering/gosaml2's releases.

v0.11.0

What's Changed

Security

• Reject unsigned SAML LogoutRequest when signature validation is enabled. Previously, ValidateEncodedLogoutRequestPOST silently accepted unsigned requests even when SkipSignatureValidation was false. (GHSA-pcgw-qcv5-h8ch)
• Security hardening: CBC bounds check to prevent panics from crafted ciphertext, replaced panic() calls with error returns, and assertion signatures within a signed Response envelope are now verified when present (previously they were skipped entirely, which could allow XML wrapping attacks)

Other

• Add oss-fuzz integration
• Bump minimum Go version to 1.25
• Update dependencies: goxmldsig v1.6.0, etree v1.6.0, testify v1.11.1
• Bump all GitHub Actions to latest versions

Full Changelog: russellhaering/gosaml2@v0.10.0...v0.11.0

Commits

• 636e7dd Bump all GitHub Actions to latest versions
• 1e9cc44 Bump minimum Go version to 1.25 and update dependencies
• 7159bbe Reject unsigned LogoutRequest when signature validation is enabled
• 4ddcc82 Security hardening: CBC bounds check, panic removal, assertion signature veri...
• d57d105 Add oss-fuzz integration
• e8596e7 Fix tests broken by expired IDP test certificate
• 5d20d42 Bump github.com/beevik/etree from 1.5.0 to 1.5.1 (#212)
• 115aa21 Bump github/codeql-action from 3.28.12 to 3.28.17
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.