Advisories for Gem/Spree_auth package

app/models/spree/user.rb in spree_auth_devise in Spree does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.