Backports a vulnerability fix that was included in Omniauth 2.0 release to the 1.9 channel.
https://nvd.nist.gov/vuln/detail/CVE-2020-36599
Current Omniauth security policy maintains v2.0 and v2.1 channels for security releases, and security patches should not be typically expected for the v1.9 channel.