search

paragonie / random_compat

PHP 5.x support for random_bytes() and random_int()
https://paragonie.com/projects
MIT License
8.16k stars 145 forks source link

outdated paragonie/random_compat v2.0.19 - how to update? #169

Closed pauLee closed 3 years ago

pauLee commented 3 years ago

Hello,

my composer tells me, that my paragonie/random_compat on v2.0.19 is outdated and should be oin version v9.99.100.

But how can I update this?

My composer.json file does not mention paragonie/random_compat:

"require": {
    "php": ">=5.4.0",
    "pear/pear-core-minimal": "~1.10.1",
    "pear/net_socket": "~1.2.1",
    "pear/auth_sasl": "~1.1.0",
    "pear/net_idna2": "~0.2.0",
    "pear/mail_mime": "~1.10.0",
    "pear/net_smtp": "~1.9.2",
    "pear/crypt_gpg": "~1.6.3",
    "roundcube/plugin-installer": "~0.2.0",
    "endroid/qr-code": "^3.0",
    "johndoh/contextmenu": "^3.0",
    "sblaisot/automatic_addressbook": "^0.4.2",
    "pear/net_sieve": "~1.4.3",
    "kitist/html5_notifier": "^0.6.2",
    "boressoft/ident_switch": "^4.3",
    "masterminds/html5": "^2.0",
    "symfony/console": "^5.0",
    "khanamiryan/qrcode-detector-decoder": "^1.0.2",
    "bacon/bacon-qr-code": "^2.0",
    "sensiolabs/security-checker": "^6.0",
    "pimlie/authres_status": "^0.6.2"
},
"require-dev": {
    "phpunit/phpunit": "^4.8.36 || ^5.7.21 || ^6 || ^7 || ^8 || ^9.5"
},
"suggest": {
    "pear/net_ldap2": "~2.2.0 required for connecting to LDAP",
    "kolab/Net_LDAP3": "dev-master required for connecting to LDAP"

If I run php composer.phar why -t paragonie/random_compat it tells me:

paragonie/random_compat v2.0.19 PHP 5.x polyfill for random_bytes() and random_int() from PHP 7 └──phpseclib/phpseclib 3.0.2 (requires paragonie/random_compat ^1.4|^2.0) └──pimlie/php-dkim 0.2.2 (requires phpseclib/phpseclib >=0.3.6) └──pimlie/authres_status 0.6.2 (requires pimlie/php-dkim >=0.2.2) └──roundcube/roundcubemail (requires pimlie/authres_status ^0.6.2)

paragonie-security commented 3 years ago

Version 9.x is an empty version for PHP 7 projects. If you continue to use 2.x, nothing bad happens.

phpseclib/phpseclib 3.0.2 (requires paragonie/random_compat ^1.4|^2.0)

See https://github.com/paragonie/random_compat#version-99999 for more details. (Although we should probably update that for v9.99.100,)

If this is a problem you really want to solve, talk to the phpseclib developers about releasing a version that depends on paragonie/random_compat >= 2 so 9.x can be installed too.

pauLee commented 3 years ago

Thank you very much for clarification. I will still remain on v2.x.