mayankmetha / Rucky

A simple to use USB HID Rubber Ducky Launch Pad for Android.
https://mayankmetha.github.io/Rucky
GNU General Public License v3.0
546 stars 65 forks source link

Bump com.appmattus.certificatetransparency:certificatetransparency-android from 1.1.1 to 2.4.0 in /app #138

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps com.appmattus.certificatetransparency:certificatetransparency-android from 1.1.1 to 2.4.0.

Release notes

Sourced from com.appmattus.certificatetransparency:certificatetransparency-android's releases.

v2.4.0

⚠️ Breaking Changes

Dependency updates including:

Kotlin 1.8.20

v2.3.0

Fixes crash on Android 6 when retrieving host name using the certificates subject common name. See #87

v2.2.1

Automatic release updating embedded log_list.json and log_list.sig

v.2.2.0

  • Fixes to ASN.1 parser which was previously crashing for some certificates.
  • Fixes distinct operator rules to only need 2

v2.1.3

Automatic release updating embedded log_list.json and log_list.sig

v2.1.2

Automatic release updating embedded log_list.json and log_list.sig

v2.1.1

Automatic release updating embedded log_list.json and log_list.sig

v2.1.0

Bug fix to ensure the backup resources cache is actually used. Thanks to @​HylkeB for the original bug report and fix code.

v2.0.1

Automatic release updating embedded log_list.json and log_list.sig

v2.0.0

What's Changed

  • Library now uses the v3 schema for the Certificate Transparency log list. This has allowed caching to be re-worked and made more robust. A failover copy of the log list is now embedded in the library so is always available. The new schema also helps reduce the risk of replay attacks.
  • The certificate transparency policy has been updated to match the latest Chrome policy which generally requires fewer SCT entries.
  • BouncyCastle has been removed from the library which removes perceived security vulnerabilities in code within BC that we don't use.
  • While not generally recommended the library has been updated to allow installation of CT checks by multiple libraries using Java Security Providers. Specific guidance of this use case has been added for SDK developers.

⚠️ Breaking Changes

Dependency updates including:

Kotlin 1.8.10

Requires desugaring to be enabled to work on Android 7 (API 25) or lower.

Thanks to @​ccodega, @​dustinsummers and @​alexandru-lachimov for their contributions.

Full Changelog: https://github.com/appmattus/certificatetransparency/compare/1.1.1...2.0.0

Commits
  • 9e397b2 Update to Kotlin 1.8.20 (#89)
  • 2fd7a02 Extract commonName from certificate using ASN.1 (#88)
  • b183004 Auto update log_list.json and log_list.sig
  • 34eb201 Auto update log_list.json and log_list.sig
  • 4d4853e Auto update log_list.json and log_list.sig
  • b8fb7b1 Auto update log_list.json and log_list.sig
  • eae649e Update documentation to include note about desugaring.
  • 30ef24c Auto update log_list.json and log_list.sig
  • bd567f3 Auto update log_list.json and log_list.sig
  • 400b2b6 Auto update log_list.json and log_list.sig
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #139.