Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump robthree/twofactorauth from 1.8.2 to 3.0.2 in /uploady #30

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump robthree/twofactorauth from 1.8.2 to 3.0.2 in /uploady #30

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 13, 2025

Bumps robthree/twofactorauth from 1.8.2 to 3.0.2.

Release notes

Sourced from robthree/twofactorauth's releases.

v3.0.2

A small fix to further support the latest version of Endroid QR Code.

What's Changed

New Contributors

Full Changelog: RobThree/TwoFactorAuth@v3.0.1...v3.0.2

v3.0.1

A small fix to support the latest version of Endroid QR Code.

What's Changed

New Contributors

Full Changelog: RobThree/TwoFactorAuth@v3.0.0...v3.0.1

v3.0.0

A lot of cleaning up and improvements across the board.

For a full breakdown of the key changes, including all the backwards incompatible changes, have a read of the official changelog

What's Changed

Full Changelog: RobThree/TwoFactorAuth@v2.1.0...v3.0.0

v2.1.0

tl;dr Cleaned up code and support for Endroid QR Code 5

... (truncated)

Changelog

Sourced from robthree/twofactorauth's changelog.

RobThree\TwoFactorAuth changelog

Version 3.x

Breaking changes

PHP Version

Version 3.x requires at least PHP 8.2.

Constructor signature change

In order to ensure users of this library make a conscious choice of QR Code Provider, the QR Code Provider is now a mandatory argument, in first place.

If you didn't provide one explicitly before, you can get the old behavior with:

use RobThree\Auth\TwoFactorAuth;
use RobThree\Auth\Providers\Qr\QRServerProvider;
$tfa = new TwoFactorAuth(new QRServerProvider());

If you provided one before, the order of the parameters have been changed, so simply move the QRCodeProvider argument to the first place or use named arguments.

Documentation on selecting a QR Code Provider is available here: QR Code Provider documentation.

Default secret length

The default secret length has been increased from 80 bits to 160 bits (RFC4226) PR #117. This might cause an issue in your application if you were previously storing secrets in a column with restricted size. This change doesn't impact existing secrets, only new ones will get longer.

Previously a secret was 16 characters, now it needs to be stored in a 32 characters width column.

You can keep the old behavior by setting 80 as argument to createSecret() (not recommended, see #117 for further discussion).

Other changes

  • The new PHP attribute SensitiveParameter was added to the code, to prevent accidental leak of secrets in stack traces.
  • Likely not breaking anything, but now all external QR Code providers use HTTPS with a verified certificate. PR #126.
  • The CSPRNG is now exclusively using random_bytes() PHP function. Previously a fallback to openssl or non cryptographically secure PRNG existed, they have been removed. PR #122.
  • If an external QR code provider is used and the HTTP request results in an error, it will throw a QRException. Previously the error was ignored. PR #130, fixes #129.

Version 2.x

Breaking changes

PHP Version

Version 2.x requires at least PHP 8.1.

Constructor signature

... (truncated)

Commits
  • 6d70f9c add support for endroid/qr-code (with logo) version 6 (#143)
  • 92487ac add support for endroid/qr-code version 6 (#140)
  • ab4c330 remove warning about default external qr code provider in README.md
  • 0ab012b remove warning about default external qr code provider in README.md
  • ec82d39 📚 consistent changelog links to github (#135)
  • fc3adc7 mention #130 in changelog
  • 337e96b Merge pull request #134 from RobThree/nico-coc
  • 91c091c add a code of conduct
  • 9e8b31e mention #130 in changelog
  • df43660 handle curl errors. fix #129
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump robthree/twofactorauth from 1.8.2 to 3.0.2 in /uploady
2c28131 
Bumps [robthree/twofactorauth](https://github.com/RobThree/TwoFactorAuth) from 1.8.2 to 3.0.2.
- [Release notes](https://github.com/RobThree/TwoFactorAuth/releases)
- [Changelog](https://github.com/RobThree/TwoFactorAuth/blob/master/CHANGELOG.md)
- [Commits](RobThree/TwoFactorAuth@1.8.2...v3.0.2)

---
updated-dependencies:
- dependency-name: robthree/twofactorauth
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants