Update warden which fixes a security issue.

Rakefile

@@ -44,7 +44,7 @@ begin
     s.description = "Flexible authentication solution for Rails with Warden"
     s.authors = ['José Valim', 'Carlos Antônio']
     s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "rails/init.rb"]
-    s.add_dependency("warden", "~> 0.9.3")
+    s.add_dependency("warden", "~> 0.9.4")
   end
 
   Jeweler::GemcutterTasks.new

devise.gemspec

@@ -168,12 +168,12 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<warden>, ["~> 0.9.3"])
+      s.add_runtime_dependency(%q<warden>, ["~> 0.9.4"])
     else
-      s.add_dependency(%q<warden>, ["~> 0.9.3"])
+      s.add_dependency(%q<warden>, ["~> 0.9.4"])
     end
   else
-    s.add_dependency(%q<warden>, ["~> 0.9.3"])
+    s.add_dependency(%q<warden>, ["~> 0.9.4"])
   end
 end
 

test/integration/rememberable_test.rb

@@ -28,6 +28,14 @@ class RememberMeTest < ActionController::IntegrationTest
     assert warden.user(:user) == user
   end
 
+  test 'does not remember other scopes' do
+    user = create_user_and_remember
+    get root_path
+    assert_response :success
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+
   test 'do not remember with invalid token' do
     user = create_user_and_remember('add')
     get users_path