chore(deps): Bump web-auth/webauthn-lib from 4.8.5 to 4.9.1

composer.json

@@ -59,7 +59,7 @@
 		"symfony/routing": "^5.4.24",
 		"symfony/translation": "^6.4.4",
 		"wapmorgan/mp3info": "^0.1.0",
-		"web-auth/webauthn-lib": "^4.8"
+		"web-auth/webauthn-lib": "^4.9.1"
 	},
 	"scripts": {
 		"lint": "find . -name \\*.php -print0 | xargs -0 -n1 php -l"

composer/autoload_psr4.php

@@ -14,7 +14,6 @@
     'cweagans\\Composer\\' => array($vendorDir . '/cweagans/composer-patches/src'),
     'bantu\\IniGetWrapper\\' => array($vendorDir . '/bantu/ini-get-wrapper/src'),
     'ZipStreamer\\' => array($vendorDir . '/deepdiver/zipstreamer/src'),
-    'Webauthn\\MetadataService\\' => array($vendorDir . '/web-auth/metadata-service/src'),
     'Webauthn\\' => array($vendorDir . '/web-auth/webauthn-lib/src'),
     'Symfony\\Polyfill\\Uuid\\' => array($vendorDir . '/symfony/polyfill-uuid'),
     'Symfony\\Polyfill\\Php80\\' => array($vendorDir . '/symfony/polyfill-php80'),

composer/installed.php

@@ -308,9 +308,9 @@
             'dev_requirement' => false,
         ),
         'paragonie/constant_time_encoding' => array(
-            'pretty_version' => 'v2.6.3',
-            'version' => '2.6.3.0',
-            'reference' => '58c3f47f650c94ec05a151692652a868995d2938',
+            'pretty_version' => 'v2.7.0',
+            'version' => '2.7.0.0',
+            'reference' => '52a0d99e69f56b9ec27ace92ba56897fe6993105',
             'type' => 'library',
             'install_path' => __DIR__ . '/../paragonie/constant_time_encoding',
             'aliases' => array(),
@@ -626,9 +626,9 @@
             'dev_requirement' => false,
         ),
         'spomky-labs/cbor-php' => array(
-            'pretty_version' => '3.0.4',
-            'version' => '3.0.4.0',
-            'reference' => '658ed12a85a6b31fa312b89cd92f3a4ce6df4c6b',
+            'pretty_version' => '3.1.0',
+            'version' => '3.1.0.0',
+            'reference' => '499d9bff0a6d59c4f1b813cc617fc3fd56d6dca4',
             'type' => 'library',
             'install_path' => __DIR__ . '/../spomky-labs/cbor-php',
             'aliases' => array(),
@@ -812,9 +812,9 @@
             'dev_requirement' => false,
         ),
         'symfony/polyfill-uuid' => array(
-            'pretty_version' => 'v1.29.0',
-            'version' => '1.29.0.0',
-            'reference' => '3abdd21b0ceaa3000ee950097bc3cf9efc137853',
+            'pretty_version' => 'v1.31.0',
+            'version' => '1.31.0.0',
+            'reference' => '21533be36c24be3f4b1669c4725c7d1d2bab4ae2',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/polyfill-uuid',
             'aliases' => array(),
@@ -881,9 +881,9 @@
             ),
         ),
         'symfony/uid' => array(
-            'pretty_version' => 'v6.4.3',
-            'version' => '6.4.3.0',
-            'reference' => '1d31267211cc3a2fff32bcfc7c1818dac41b6fc0',
+            'pretty_version' => 'v6.4.12',
+            'version' => '6.4.12.0',
+            'reference' => '2f16054e0a9b194b8ca581d4a64eee3f7d4a9d4d',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/uid',
             'aliases' => array(),
@@ -899,27 +899,18 @@
             'dev_requirement' => false,
         ),
         'web-auth/cose-lib' => array(
-            'pretty_version' => '4.3.0',
-            'version' => '4.3.0.0',
-            'reference' => 'e5c417b3b90e06c84638a18d350e438d760cb955',
+            'pretty_version' => '4.4.0',
+            'version' => '4.4.0.0',
+            'reference' => '2166016e48e0214f4f63320a7758a9386d14c92a',
             'type' => 'library',
             'install_path' => __DIR__ . '/../web-auth/cose-lib',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
-        'web-auth/metadata-service' => array(
-            'pretty_version' => '4.8.5',
-            'version' => '4.8.5.0',
-            'reference' => 'fb7c1f107639285fab90f870aab38360252c82f5',
-            'type' => 'library',
-            'install_path' => __DIR__ . '/../web-auth/metadata-service',
-            'aliases' => array(),
-            'dev_requirement' => false,
-        ),
         'web-auth/webauthn-lib' => array(
-            'pretty_version' => '4.8.5',
-            'version' => '4.8.5.0',
-            'reference' => '925873eb504a1db8a77dc2b4d2b578334736fa16',
+            'pretty_version' => '4.9.1',
+            'version' => '4.9.1.0',
+            'reference' => 'fd7a0943c663b325e92ad562c2bcc943e77beeac',
             'type' => 'library',
             'install_path' => __DIR__ . '/../web-auth/webauthn-lib',
             'aliases' => array(),

paragonie/constant_time_encoding/src/Base32.php

@@ -44,8 +44,11 @@ abstract class Base32 implements EncoderInterface
      * @param bool $strictPadding
      * @return string
      */
-    public static function decode(string $encodedString, bool $strictPadding = false): string
-    {
+    public static function decode(
+        #[\SensitiveParameter]
+        string $encodedString,
+        bool $strictPadding = false
+    ): string {
         return static::doDecode($encodedString, false, $strictPadding);
     }
 
@@ -56,8 +59,11 @@ public static function decode(string $encodedString, bool $strictPadding = false
      * @param bool $strictPadding
      * @return string
      */
-    public static function decodeUpper(string $src, bool $strictPadding = false): string
-    {
+    public static function decodeUpper(
+        #[\SensitiveParameter]
+        string $src,
+        bool $strictPadding = false
+    ): string {
         return static::doDecode($src, true, $strictPadding);
     }
 
@@ -68,19 +74,24 @@ public static function decodeUpper(string $src, bool $strictPadding = false): st
      * @return string
      * @throws TypeError
      */
-    public static function encode(string $binString): string
-    {
+    public static function encode(
+        #[\SensitiveParameter]
+        string $binString
+    ): string {
         return static::doEncode($binString, false, true);
     }
+
     /**
      * Encode into Base32 (RFC 4648)
      *
      * @param string $src
      * @return string
      * @throws TypeError
      */
-    public static function encodeUnpadded(string $src): string
-    {
+    public static function encodeUnpadded(
+        #[\SensitiveParameter]
+        string $src
+    ): string {
         return static::doEncode($src, false, false);
     }
 
@@ -91,8 +102,10 @@ public static function encodeUnpadded(string $src): string
      * @return string
      * @throws TypeError
      */
-    public static function encodeUpper(string $src): string
-    {
+    public static function encodeUpper(
+        #[\SensitiveParameter]
+        string $src
+    ): string {
         return static::doEncode($src, true, true);
     }
 
@@ -103,8 +116,10 @@ public static function encodeUpper(string $src): string
      * @return string
      * @throws TypeError
      */
-    public static function encodeUpperUnpadded(string $src): string
-    {
+    public static function encodeUpperUnpadded(
+        #[\SensitiveParameter]
+        string $src
+    ): string {
         return static::doEncode($src, true, false);
     }
 
@@ -191,8 +206,11 @@ protected static function encode5BitsUpper(int $src): string
      * @param bool $upper
      * @return string
      */
-    public static function decodeNoPadding(string $encodedString, bool $upper = false): string
-    {
+    public static function decodeNoPadding(
+        #[\SensitiveParameter]
+        string $encodedString,
+        bool $upper = false
+    ): string {
         $srcLen = Binary::safeStrlen($encodedString);
         if ($srcLen === 0) {
             return '';
@@ -222,9 +240,9 @@ public static function decodeNoPadding(string $encodedString, bool $upper = fals
      * @return string
      *
      * @throws TypeError
-     * @psalm-suppress RedundantCondition
      */
     protected static function doDecode(
+        #[\SensitiveParameter]
         string $src,
         bool $upper = false,
         bool $strictPadding = false
@@ -434,8 +452,12 @@ protected static function doDecode(
      * @return string
      * @throws TypeError
      */
-    protected static function doEncode(string $src, bool $upper = false, $pad = true): string
-    {
+    protected static function doEncode(
+        #[\SensitiveParameter]
+        string $src,
+        bool $upper = false,
+        $pad = true
+    ): string {
         // We do this to reduce code duplication:
         $method = $upper
             ? 'encode5BitsUpper'

paragonie/constant_time_encoding/src/Base64.php

@@ -47,8 +47,10 @@ abstract class Base64 implements EncoderInterface
      *
      * @throws TypeError
      */
-    public static function encode(string $binString): string
-    {
+    public static function encode(
+        #[\SensitiveParameter]
+        string $binString
+    ): string {
         return static::doEncode($binString, true);
     }
 
@@ -62,8 +64,10 @@ public static function encode(string $binString): string
      *
      * @throws TypeError
      */
-    public static function encodeUnpadded(string $src): string
-    {
+    public static function encodeUnpadded(
+        #[\SensitiveParameter]
+        string $src
+    ): string {
         return static::doEncode($src, false);
     }
 
@@ -74,8 +78,11 @@ public static function encodeUnpadded(string $src): string
      *
      * @throws TypeError
      */
-    protected static function doEncode(string $src, bool $pad = true): string
-    {
+    protected static function doEncode(
+        #[\SensitiveParameter]
+        string $src,
+        bool $pad = true
+    ): string {
         $dest = '';
         $srcLen = Binary::safeStrlen($src);
         // Main loop (no padding):
@@ -129,10 +136,12 @@ protected static function doEncode(string $src, bool $pad = true): string
      *
      * @throws RangeException
      * @throws TypeError
-     * @psalm-suppress RedundantCondition
      */
-    public static function decode(string $encodedString, bool $strictPadding = false): string
-    {
+    public static function decode(
+        #[\SensitiveParameter]
+        string $encodedString,
+        bool $strictPadding = false
+    ): string {
         // Remove padding
         $srcLen = Binary::safeStrlen($encodedString);
         if ($srcLen === 0) {
@@ -227,25 +236,21 @@ public static function decode(string $encodedString, bool $strictPadding = false
      * @param string $encodedString
      * @return string
      */
-    public static function decodeNoPadding(string $encodedString): string
-    {
+    public static function decodeNoPadding(
+        #[\SensitiveParameter]
+        string $encodedString
+    ): string {
         $srcLen = Binary::safeStrlen($encodedString);
         if ($srcLen === 0) {
             return '';
         }
         if (($srcLen & 3) === 0) {
-            if ($encodedString[$srcLen - 1] === '=') {
+            // If $strLen is not zero, and it is divisible by 4, then it's at least 4.
+            if ($encodedString[$srcLen - 1] === '=' || $encodedString[$srcLen - 2] === '=') {
                 throw new InvalidArgumentException(
                     "decodeNoPadding() doesn't tolerate padding"
                 );
             }
-            if (($srcLen & 3) > 1) {
-                if ($encodedString[$srcLen - 2] === '=') {
-                    throw new InvalidArgumentException(
-                        "decodeNoPadding() doesn't tolerate padding"
-                    );
-                }
-            }
         }
         return static::decode(
             $encodedString,

paragonie/constant_time_encoding/src/Binary.php

@@ -45,8 +45,10 @@ abstract class Binary
      * @param string $str
      * @return int
      */
-    public static function safeStrlen(string $str): int
-    {
+    public static function safeStrlen(
+        #[\SensitiveParameter]
+        string $str
+    ): int {
         if (\function_exists('mb_strlen')) {
             // mb_strlen in PHP 7.x can return false.
             /** @psalm-suppress RedundantCast */
@@ -70,6 +72,7 @@ public static function safeStrlen(string $str): int
      * @throws TypeError
      */
     public static function safeSubstr(
+        #[\SensitiveParameter]
         string $str,
         int $start = 0,
         $length = null