Bump laminas/automatic-releases from 1.16.0 to 1.17.0 (#279)

* Upgrade dependencies and remove custom method for B64URLSafe encoding (#259)

* Upgrade dependencies
* Direct call to ParagonIE\ConstantTime\Base64::decodeNoPadding().

* Bump laminas/automatic-releases from 1.16.0 to 1.17.0

Bumps [laminas/automatic-releases](https://github.com/laminas/automatic-releases) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/laminas/automatic-releases/releases)
- [Commits](laminas/automatic-releases@1.16.0...1.17.0)

---
updated-dependencies:
- dependency-name: laminas/automatic-releases
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Florent Morselli <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/release-on-milestone-closed.yml

@@ -17,7 +17,7 @@ jobs:
         uses: "actions/checkout@v3"
 
       - name: "Release"
-        uses: "laminas/automatic-releases@1.16.0"
+        uses: "laminas/automatic-releases@1.17.0"
         with:
           command-name: "laminas:automatic-releases:release"
         env:
@@ -28,7 +28,7 @@ jobs:
           "GIT_AUTHOR_EMAIL": ${{ secrets.GIT_AUTHOR_EMAIL }}
 
       - name: "Create Merge-Up Pull Request"
-        uses: "laminas/automatic-releases@1.16.0"
+        uses: "laminas/automatic-releases@1.17.0"
         with:
           command-name: "laminas:automatic-releases:create-merge-up-pull-request"
         env:
@@ -39,7 +39,7 @@ jobs:
           "GIT_AUTHOR_EMAIL": ${{ secrets.GIT_AUTHOR_EMAIL }}
 
       - name: "Create and/or Switch to new Release Branch"
-        uses: "laminas/automatic-releases@1.16.0"
+        uses: "laminas/automatic-releases@1.17.0"
         with:
           command-name: "laminas:automatic-releases:switch-default-branch-to-next-minor"
         env:
@@ -50,7 +50,7 @@ jobs:
           "GIT_AUTHOR_EMAIL": ${{ secrets.GIT_AUTHOR_EMAIL }}
 
       - name: "Bump Changelog Version On Originating Release Branch"
-        uses: "laminas/automatic-releases@1.16.0"
+        uses: "laminas/automatic-releases@1.17.0"
         with:
           command-name: "laminas:automatic-releases:bump-changelog"
         env:
@@ -61,7 +61,7 @@ jobs:
           "GIT_AUTHOR_EMAIL": ${{ secrets.GIT_AUTHOR_EMAIL }}
 
       - name: "Create new milestones"
-        uses: "laminas/automatic-releases@1.16.0"
+        uses: "laminas/automatic-releases@1.17.0"
         with:
           command-name: "laminas:automatic-releases:create-milestones"
         env:

composer.json

@@ -37,32 +37,32 @@
         "ext-json": "*",
         "ext-mbstring": "*",
         "ext-openssl": "*",
-        "beberlei/assert": "^3.2",
-        "fgrosse/phpasn1": "^2.1",
+        "beberlei/assert": "^3.3",
+        "fgrosse/phpasn1": "^2.4",
         "lcobucci/clock": "^2.2",
-        "nyholm/psr7": "^1.1",
-        "paragonie/constant_time_encoding": "^2.4",
+        "nyholm/psr7": "^1.5",
+        "paragonie/constant_time_encoding": "^2.6",
         "psr/http-client": "^1.0",
         "psr/http-factory": "^1.0",
         "psr/http-message": "^1.0",
-        "psr/log": "^2.0|^3.0",
+        "psr/log": "^3.0",
         "spomky-labs/cbor-bundle": "^3.0",
         "spomky-labs/cbor-php": "^3.0",
         "spomky-labs/pki-framework": "^1.0",
-        "symfony/config": "^6.0",
-        "symfony/dependency-injection": "^6.0",
-        "symfony/framework-bundle": "^6.0",
-        "symfony/http-client": "^6.0",
-        "symfony/psr-http-message-bridge": "^2.0",
-        "symfony/security-bundle": "^6.0",
-        "symfony/security-core": "^6.0",
-        "symfony/security-http": "^6.0",
-        "symfony/serializer": "^6.0",
-        "symfony/validator": "^6.0",
-        "symfony/uid": "^6.0",
-        "thecodingmachine/safe": "^2.0",
+        "symfony/config": "^6.1",
+        "symfony/dependency-injection": "^6.1",
+        "symfony/framework-bundle": "^6.1",
+        "symfony/http-client": "^6.1",
+        "symfony/psr-http-message-bridge": "^2.1",
+        "symfony/security-bundle": "^6.1",
+        "symfony/security-core": "^6.1",
+        "symfony/security-http": "^6.1",
+        "symfony/serializer": "^6.1",
+        "symfony/validator": "^6.1",
+        "symfony/uid": "^6.1",
+        "thecodingmachine/safe": "^2.2",
         "web-auth/cose-lib": "^4.0.6",
-        "web-token/jwt-signature": "^3.0"
+        "web-token/jwt-signature": "^3.1"
     },
     "replace": {
         "web-auth/webauthn-lib": "self.version",
@@ -86,36 +86,36 @@
         "web-token/jwt-signature-algorithm-eddsa": "Recommended for the AndroidSafetyNet Attestation Statement support"
     },
     "require-dev": {
-        "doctrine/annotations": "^1.7",
-        "doctrine/dbal": "^3.0",
-        "doctrine/doctrine-bundle": "^2.0",
-        "doctrine/orm": "^2.6",
+        "doctrine/annotations": "^1.13",
+        "doctrine/dbal": "^3.4",
+        "doctrine/doctrine-bundle": "^2.7",
+        "doctrine/orm": "^2.13",
         "ekino/phpstan-banned-code": "^1.0",
         "infection/infection": "^0.26",
         "matthiasnoback/symfony-dependency-injection-test": "^4.3",
-        "php-http/curl-client": "^2.0",
-        "php-http/mock-client": "^1.3",
+        "php-http/curl-client": "^2.2",
+        "php-http/mock-client": "^1.5",
         "php-parallel-lint/php-parallel-lint": "^1.3",
-        "phpstan/phpstan": "^1.0",
+        "phpstan/phpstan": "^1.8",
         "phpstan/phpstan-beberlei-assert": "^1.0",
         "phpstan/phpstan-deprecation-rules": "^1.0",
-        "phpstan/phpstan-phpunit": "^1.0",
-        "phpstan/phpstan-strict-rules": "^1.0",
-        "phpunit/phpunit": "^9.5.5",
+        "phpstan/phpstan-phpunit": "^1.1",
+        "phpstan/phpstan-strict-rules": "^1.4",
+        "phpunit/phpunit": "^9.5.24",
         "qossmic/deptrac-shim": "^0.24",
         "rector/rector": "^0.14",
         "roave/security-advisories": "dev-latest",
-        "symfony/browser-kit": "^6.0",
-        "symfony/finder": "^6.0",
-        "symfony/monolog-bundle": "^3.5",
-        "symfony/phpunit-bridge": "^6.0",
-        "symfony/var-dumper": "^6.0",
-        "symfony/yaml": "^6.0",
-        "symplify/easy-coding-standard": "^11.0",
+        "symfony/browser-kit": "^6.1",
+        "symfony/finder": "^6.1",
+        "symfony/monolog-bundle": "^3.8",
+        "symfony/phpunit-bridge": "^6.1",
+        "symfony/var-dumper": "^6.1",
+        "symfony/yaml": "^6.1",
+        "symplify/easy-coding-standard": "^11.1",
         "thecodingmachine/phpstan-safe-rule": "^1.2",
-        "web-token/jwt-key-mgmt": "^3.0",
-        "web-token/jwt-signature-algorithm-ecdsa": "^3.0",
-        "web-token/jwt-signature-algorithm-eddsa": "^3.0",
-        "web-token/jwt-signature-algorithm-rsa": "^3.0"
+        "web-token/jwt-key-mgmt": "^3.1",
+        "web-token/jwt-signature-algorithm-ecdsa": "^3.1",
+        "web-token/jwt-signature-algorithm-eddsa": "^3.1",
+        "web-token/jwt-signature-algorithm-rsa": "^3.1"
     }
 }

src/metadata-service/composer.json

@@ -22,14 +22,14 @@
     "require": {
         "php": ">=8.1",
         "ext-json": "*",
-        "beberlei/assert": "^3.2",
+        "beberlei/assert": "^3.3",
         "lcobucci/clock": "^2.2",
-        "paragonie/constant_time_encoding": "^2.4",
+        "paragonie/constant_time_encoding": "^2.6",
         "psr/http-client": "^1.0",
         "psr/http-factory": "^1.0",
-        "psr/log": "^2.0|^3.0",
+        "psr/log": "^3.0",
         "spomky-labs/pki-framework": "^1.0",
-        "thecodingmachine/safe": "^2.0"
+        "thecodingmachine/safe": "^2.2"
     },
     "autoload": {
         "psr-4": {

src/symfony/composer.json

@@ -21,20 +21,20 @@
     ],
     "require": {
         "php": ">=8.1",
-        "nyholm/psr7": "^1.1",
+        "nyholm/psr7": "^1.5",
         "spomky-labs/cbor-bundle": "^3.0",
-        "symfony/config": "^6.0",
-        "symfony/dependency-injection": "^6.0",
-        "symfony/framework-bundle": "^6.0",
-        "symfony/http-client": "^6.0",
-        "symfony/psr-http-message-bridge": "^2.0",
-        "symfony/security-bundle": "^6.0",
-        "symfony/security-core": "^6.0",
-        "symfony/security-http": "^6.0",
-        "symfony/serializer": "^6.0",
-        "symfony/validator": "^6.0",
+        "symfony/config": "^6.1",
+        "symfony/dependency-injection": "^6.1",
+        "symfony/framework-bundle": "^6.1",
+        "symfony/http-client": "^6.1",
+        "symfony/psr-http-message-bridge": "^2.1",
+        "symfony/security-bundle": "^6.1",
+        "symfony/security-core": "^6.1",
+        "symfony/security-http": "^6.1",
+        "symfony/serializer": "^6.1",
+        "symfony/validator": "^6.1",
         "web-auth/webauthn-lib": "self.version",
-        "web-token/jwt-signature": "^3.0"
+        "web-token/jwt-signature": "^3.1"
     },
     "autoload": {
         "psr-4": {

src/webauthn/composer.json

@@ -24,16 +24,16 @@
         "ext-json": "*",
         "ext-openssl": "*",
         "ext-mbstring": "*",
-        "beberlei/assert": "^3.2",
-        "fgrosse/phpasn1": "^2.1",
-        "paragonie/constant_time_encoding": "^2.4",
+        "beberlei/assert": "^3.3",
+        "fgrosse/phpasn1": "^2.4",
+        "paragonie/constant_time_encoding": "^2.6",
         "psr/http-client": "^1.0",
         "psr/http-factory": "^1.0",
         "psr/http-message": "^1.0",
-        "psr/log": "^2.0|^3.0",
+        "psr/log": "^3.0",
         "spomky-labs/cbor-php": "^3.0",
-        "symfony/uid": "^6.0",
-        "thecodingmachine/safe": "^2.0",
+        "symfony/uid": "^6.1",
+        "thecodingmachine/safe": "^2.2",
         "web-auth/cose-lib": "^4.0.6",
         "web-auth/metadata-service": "self.version"
     },

src/webauthn/src/AttestationStatement/TPMAttestationStatementSupport.php

@@ -19,6 +19,7 @@
 use function is_array;
 use Lcobucci\Clock\Clock;
 use Lcobucci\Clock\SystemClock;
+use ParagonIE\ConstantTime\Base64UrlSafe;
 use RuntimeException;
 use Safe\DateTimeImmutable;
 use function Safe\openssl_verify;
@@ -28,7 +29,6 @@
 use Webauthn\StringStream;
 use Webauthn\TrustPath\CertificateTrustPath;
 use Webauthn\TrustPath\EcdaaKeyIdTrustPath;
-use Webauthn\Util\Base64;
 
 final class TPMAttestationStatementSupport implements AttestationStatementSupport
 {
@@ -268,7 +268,7 @@ private function getUnique(string $type, StringStream $stream): string
 
     private function getExponent(string $exponent): string
     {
-        return bin2hex($exponent) === '00000000' ? Base64::decodeUrlSafe('AQAB') : $exponent;
+        return bin2hex($exponent) === '00000000' ? Base64UrlSafe::decodeNoPadding('AQAB') : $exponent;
     }
 
     private function getTPMHash(string $nameAlg): string

src/webauthn/src/CollectedClientData.php

@@ -8,8 +8,8 @@
 use Assert\Assertion;
 use InvalidArgumentException;
 use const JSON_THROW_ON_ERROR;
+use ParagonIE\ConstantTime\Base64UrlSafe;
 use Webauthn\TokenBinding\TokenBinding;
-use Webauthn\Util\Base64;
 
 class CollectedClientData
 {
@@ -43,7 +43,7 @@ public function __construct(
 
         $challenge = $data['challenge'] ?? '';
         Assertion::string($challenge, 'Invalid parameter "challenge". Shall be a string.');
-        $challenge = Base64::decodeUrlSafe($challenge);
+        $challenge = Base64UrlSafe::decodeNoPadding($challenge);
         $this->challenge = $challenge;
         Assertion::notEmpty($challenge, 'Invalid parameter "challenge". Shall not be empty.');
 
@@ -61,7 +61,7 @@ public function __construct(
 
     public static function createFormJson(string $data): self
     {
-        $rawData = Base64::decodeUrlSafe($data);
+        $rawData = Base64UrlSafe::decodeNoPadding($data);
         $json = json_decode($rawData, true, 512, JSON_THROW_ON_ERROR);
         Assertion::isArray($json, 'Invalid collected client data');
 

src/webauthn/src/PublicKeyCredentialDescriptor.php

@@ -9,7 +9,6 @@
 use const JSON_THROW_ON_ERROR;
 use JsonSerializable;
 use ParagonIE\ConstantTime\Base64UrlSafe;
-use Webauthn\Util\Base64;
 
 class PublicKeyCredentialDescriptor implements JsonSerializable
 {
@@ -77,7 +76,7 @@ public static function createFromArray(array $json): self
         Assertion::keyExists($json, 'type', 'Invalid input. "type" is missing.');
         Assertion::keyExists($json, 'id', 'Invalid input. "id" is missing.');
 
-        $id = Base64::decodeUrlSafe($json['id']);
+        $id = Base64UrlSafe::decodeNoPadding($json['id']);
 
         return new self($json['type'], $id, $json['transports'] ?? []);
     }

src/webauthn/src/PublicKeyCredentialLoader.php

@@ -11,6 +11,7 @@
 use InvalidArgumentException;
 use const JSON_THROW_ON_ERROR;
 use function ord;
+use ParagonIE\ConstantTime\Base64UrlSafe;
 use Psr\Log\LoggerInterface;
 use Psr\Log\NullLogger;
 use function Safe\unpack;
@@ -66,7 +67,7 @@ public function loadArray(array $json): PublicKeyCredential
             Assertion::isArray($json['response'], 'The parameter "response" shall be an array');
             Assertion::eq($json['type'], 'public-key', sprintf('Unsupported type "%s"', $json['type']));
 
-            $id = Base64::decodeUrlSafe($json['id']);
+            $id = Base64UrlSafe::decodeNoPadding($json['id']);
             $rawId = Base64::decode($json['rawId']);
             Assertion::true(hash_equals($id, $rawId));
 
@@ -128,7 +129,7 @@ private function createResponse(array $response): AuthenticatorResponse
                     $response['clientDataJSON']
                 ), $attestationObject);
             case array_key_exists('authenticatorData', $response) && array_key_exists('signature', $response):
-                $authData = Base64::decodeUrlSafe($response['authenticatorData']);
+                $authData = Base64UrlSafe::decodeNoPadding($response['authenticatorData']);
 
                 $authDataStream = new StringStream($authData);
                 $rp_id_hash = $authDataStream->read(32);

src/webauthn/src/PublicKeyCredentialSource.php

@@ -13,7 +13,6 @@
 use Throwable;
 use Webauthn\TrustPath\TrustPath;
 use Webauthn\TrustPath\TrustPathLoader;
-use Webauthn\Util\Base64;
 
 /**
  * @see https://www.w3.org/TR/webauthn/#iface-pkcredential
@@ -166,14 +165,14 @@ public static function createFromArray(array $data): self
 
         try {
             return new self(
-                Base64::decodeUrlSafe($data['publicKeyCredentialId']),
+                Base64UrlSafe::decodeNoPadding($data['publicKeyCredentialId']),
                 $data['type'],
                 $data['transports'],
                 $data['attestationType'],
                 TrustPathLoader::loadTrustPath($data['trustPath']),
                 $uuid,
-                Base64::decodeUrlSafe($data['credentialPublicKey']),
-                Base64::decodeUrlSafe($data['userHandle']),
+                Base64UrlSafe::decodeNoPadding($data['credentialPublicKey']),
+                Base64UrlSafe::decodeNoPadding($data['userHandle']),
                 $data['counter'],
                 $data['otherUI'] ?? null
             );

src/webauthn/src/TokenBinding/TokenBinding.php

@@ -6,7 +6,7 @@
 
 use function array_key_exists;
 use Assert\Assertion;
-use Webauthn\Util\Base64;
+use ParagonIE\ConstantTime\Base64UrlSafe;
 
 class TokenBinding
 {
@@ -45,7 +45,7 @@ public static function createFormArray(array $json): self
                 implode(', ', self::getSupportedStatus())
             )
         );
-        $id = array_key_exists('id', $json) ? Base64::decodeUrlSafe($json['id']) : null;
+        $id = array_key_exists('id', $json) ? Base64UrlSafe::decodeNoPadding($json['id']) : null;
 
         return new self($status, $id);
     }

src/webauthn/src/Util/Base64.php

@@ -4,20 +4,12 @@
 
 namespace Webauthn\Util;
 
-use Assert\Assertion;
 use InvalidArgumentException;
 use ParagonIE\ConstantTime\Base64UrlSafe;
 use Throwable;
 
 abstract class Base64
 {
-    public static function decodeUrlSafe(string $data): string
-    {
-        Assertion::regex($data, '/^[A-Za-z0-9\-_]*$/', 'Invalid Base 64 Url Safe character.');
-
-        return Base64UrlSafe::decode($data);
-    }
-
     public static function decode(string $data): string
     {
         try {