Allow php 8.3, migrate to phpunit 10

[fezfez]

same as https://github.com/laminas/laminas-crypt/pull/31 but with phpunit upgrade.

Some tests requires PHP <= 8.2, i didn't make it work, I'm not a crypt specialist, if anyone can re enable them... :eyes:

[Xerkus]

This component is security only. Since it has no maintainer and it is a security oriented component may be it should be abandoned instead.

@laminas/technical-steering-committee I believe this component should not be provided with php 8.3 support and marked as abandoned instead.

Providing cryptographic solution implies we have the necessary expertise to ensure it is not done in a flawed manner and it is secure against emergent flaws and vulnerabilities discovered since the original implementation. Me discovering that sha1 is completely broken from Ars Technica article hardly spells such expertise.

As a random example of what I mean consider this change from 2015 https://github.com/laminas/laminas-crypt/commit/667fda9fdb506fd7569a75a3511621bb254c47c4 Considering that there are still conditionals around php version 7.0 heavily implies that component had no such attention since at least that long.

[froschdesign]

@Xerkus laminas-filter uses this component and also laminas-mail and laminas-authentication. The upgrade to PHP 8.3 for laminas-filter is blocked by this component.

[gsteel]

@froschdesign

The upgrade to PHP 8.3 for laminas-filter is blocked by this component

laminas-filter can roll with --ignore-platform-reqs here can it not? Given that the related filters are currently deprecated and removed in v3, and, laminas-crypt is only listed in suggest, consumers of laminas-filter should not have a problem unless they also depend on laminas-crypt from a 8.3 support perspective.

I agree that abandoning here feels like the right thing to do.

[froschdesign]

@gsteel Correct, abandoning is the right thing because without a maintainer with knowledge for this package it is a risk.

[fezfez]

Sounds good to me, I close this mr