search

magento / magento2

Prior to making any Submission(s), you must sign an Adobe Contributor License Agreement, available here at: https://opensource.adobe.com/cla.html. All Submissions you make to Adobe Inc. and its affiliates, assigns and subsidiaries (collectively “Adobe”) are subject to the terms of the Adobe Contributor License Agreement.
http://www.magento.com
Open Software License 3.0
11.56k stars 9.32k forks source link

[Issue] Bump phpseclib/phpseclib from 3.0.14 to 3.0.19 #37179

Closed m2-assistant[bot] closed 1 year ago

m2-assistant[bot] commented 1 year ago

This issue is automatically created based on existing pull request: magento/magento2#37154: Bump phpseclib/phpseclib from 3.0.14 to 3.0.19

Bumps phpseclib/phpseclib from 3.0.14 to 3.0.19.

Release notes

Sourced from phpseclib/phpseclib's releases.

3.0.19

  • AsymmetricKey: error out on unsupported operations (#1879)
  • Blowfish: fix issues on 32-bit PHP installs
  • BigInteger: fix for hex numbers with new lines in them
  • SFTP: fix "Creating default object from empty value" error (#1876)
  • SSH2: add getTimeout() method (#1889)
  • PrimeField: prevent infinite loop with composite primefields (CVE-2023-27560)

3.0.18

  • fix for PHP 8.2 deprecations (#1869, #1873)
  • SSH2: if logging in with rsa-sha2-256/512 fails, try ssh-rsa (#1865)
  • SSH/Agent: add support for named pipes on windows (for pageant) (#1866)
  • Crypt/Base: add a function to check continuous buffer status (#1870)
  • OpenSSL 3.0.1+ deprecated some algorithms (RC2, RC4, DES, Blowfish)

3.0.17

  • X509: make it so CRLs, CSRs and SPKACs can support PSS keys (#1837)
  • X509: make it so PKCS1 X509 certs can create PSS sigs (#1837)
  • SFTP: fix deprecated implicit float to int on 32-bit PHP 8.1 (#1841)
  • SFTP: restore orig behavior when deleting non-existant folder (#1847)
  • Random: fix fallback on PHP 8.1+

3.0.16

  • SSH2: fix type hinting for keyboard_interactive_process (#1836)

3.0.15

  • PublicKeyLoader: add support for OpenSSH encrypted keys (#1737, #1733, #1531, #1490)
  • PublicKeyLoader: add support for JSON Web Keys (#1817)
  • SSH2: make login method return false under rare situation (#1790)
  • SSH2: fix possibly undefined variable error (#1802)
  • SFTP: fix enableDatePreservation bug w.r.t. mtime (#1670)
  • SFTP: try to delete dir even if it can't be opened (#1791)
  • SFTP: try without path canonicalization if initial realpath() fails (#1796)
  • SFTP: detect if stream metadata has wrapper_type set for put() method (#1792)
  • BigInteger: tweak to the phpinfo checks (#1726)
  • BigInteger: fix behavior on 32-bit PHP installs (#1820)
  • EC/PKCS8: OpenSSL didn't like phpseclib formed Ed25519 public keys (#1819)
  • don't use dynamic properties, which are deprecated in PHP 8.2 (#1808, #1822)
  • fix deprecated implicit float to int on 32-bit PHP 8.1
Changelog

Sourced from phpseclib/phpseclib's changelog.

3.0.19 - 2023-03-05

  • AsymmetricKey: error out on unsupported operations (#1879)
  • Blowfish: fix issues on 32-bit PHP installs
  • BigInteger: fix for hex numbers with new lines in them
  • SFTP: fix "Creating default object from empty value" error (#1876)
  • SSH2: add getTimeout() method (#1889)
  • PrimeField: prevent infinite loop with composite primefields (CVE-2023-27560)

3.0.18 - 2022-12-17

  • fix for PHP 8.2 deprecations (#1869, #1873)
  • SSH2: if logging in with rsa-sha2-256/512 fails, try ssh-rsa (#1865)
  • SSH/Agent: add support for named pipes on windows (for pageant) (#1866)
  • Crypt/Base: add a function to check continuous buffer status (#1870)
  • OpenSSL 3.0.1+ deprecated some algorithms (RC2, RC4, DES, Blowfish)

3.0.17 - 2022-10-24

  • X509: make it so CRLs, CSRs and SPKACs can support PSS keys (#1837)
  • X509: make it so PKCS1 X509 certs can create PSS sigs (#1837)
  • SFTP: fix deprecated implicit float to int on 32-bit PHP 8.1 (#1841)
  • SFTP: restore orig behavior when deleting non-existant folder (#1847)
  • Random: fix fallback on PHP 8.1+

3.0.16 - 2022-09-05

  • SSH2: fix type hinting for keyboard_interactive_process (#1836)

3.0.15 - 2022-09-02

  • PublicKeyLoader: add support for OpenSSH encrypted keys (#1737, #1733, #1531, #1490)
  • PublicKeyLoader: add support for JSON Web Keys (#1817)
  • SSH2: make login method return false under rare situation (#1790)
  • SSH2: fix possibly undefined variable error (#1802)
  • SFTP: fix enableDatePreservation bug w.r.t. mtime (#1670)
  • SFTP: try to delete dir even if it can't be opened (#1791)
  • SFTP: try without path canonicalization if initial realpath() fails (#1796)
  • SFTP: detect if stream metadata has wrapper_type set for put() method (#1792)
  • BigInteger: tweak to the phpinfo checks (#1726)
  • BigInteger: fix behavior on 32-bit PHP installs (#1820)
  • EC/PKCS8: OpenSSL didn't like phpseclib formed Ed25519 public keys (#1819)
  • don't use dynamic properties, which are deprecated in PHP 8.2 (#1808, #1822)
  • fix deprecated implicit float to int on 32-bit PHP 8.1
Commits
  • cc18100 CHANGELOG: add 3.0.19 release
  • cee5587 add unit test for primefield infinite loop
  • 0f6e1c2 PKCS8: fix public private checks for human readable keys
  • aff0e68 Merge branch '2.0' into 3.0
  • 8339322 Tests/SSH2: CS adjustment
  • 7ce104b Merge branch '1.0' into 2.0
  • 34d0086 SSH2: backport getTimeout()
  • cf69b29 Crypt/PKCS8: rm duplicate code and improve detection of public keys
  • b9996fd Tests/EC: add unit test for naked PKCS8 public key
  • 71b9b64 CS adjustments
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/magento/magento2/network/alerts).
github-jira-sync-bot commented 1 year ago

:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/AC-8196 is successfully created for this GitHub issue.

m2-assistant[bot] commented 1 year ago

:white_check_mark: Confirmed by @engcom-Lima. Thank you for verifying the issue.
Issue Available: @engcom-Lima, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

ihor-sviziev commented 1 year ago

The issue was fixed earlier