Merge pull request #554 from web-auth/temp-41ef8d

Merge up 4.8.x to 5.0.x

.editorconfig

@@ -20,6 +20,9 @@ indent_size = 2
 [*.md]
 trim_trailing_whitespace = false
 
+[*.neon]
+indent_style = tab
+
 [Makefile]
 indent_style = tab
 

.github/workflows/codeql.yml

@@ -44,7 +44,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -17,4 +17,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4

.github/workflows/infection.yml

@@ -0,0 +1,38 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow
+
+name: "Integrate"
+
+on:
+  push:
+    branches:
+      - "*.*.x"
+
+jobs:
+  mutation_testing:
+    name: "5️⃣ Mutation Testing"
+    needs:
+      - "byte_level"
+      - "syntax_errors"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Set up PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          php-version: "8.2"
+          extensions: "ctype, curl, dom, json, libxml, mbstring, openssl, phar, simplexml, sodium, tokenizer, xml, xmlwriter, zlib"
+          coverage: "xdebug"
+
+      - name: "Checkout code"
+        uses: "actions/checkout@v4"
+
+      - name: "Fetch Git base reference"
+        run: "git fetch --depth=1 origin ${GITHUB_BASE_REF}"
+
+      - name: "Install dependencies"
+        uses: "ramsey/composer-install@v2"
+        with:
+          dependency-versions: "highest"
+          composer-options: "--optimize-autoloader"
+
+      - name: "Execute Infection"
+        run: "make ci-mu"

.github/workflows/integrate.yml

@@ -193,35 +193,6 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
-  mutation_testing:
-    name: "5️⃣ Mutation Testing"
-    needs:
-      - "byte_level"
-      - "syntax_errors"
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: "Set up PHP"
-        uses: "shivammathur/setup-php@v2"
-        with:
-          php-version: "8.2"
-          extensions: "ctype, curl, dom, json, libxml, mbstring, openssl, phar, simplexml, sodium, tokenizer, xml, xmlwriter, zlib"
-          coverage: "xdebug"
-
-      - name: "Checkout code"
-        uses: "actions/checkout@v4"
-
-      - name: "Fetch Git base reference"
-        run: "git fetch --depth=1 origin ${GITHUB_BASE_REF}"
-
-      - name: "Install dependencies"
-        uses: "ramsey/composer-install@v2"
-        with:
-          dependency-versions: "highest"
-          composer-options: "--optimize-autoloader"
-
-      - name: "Execute Infection"
-        run: "make ci-mu"
-
   rector_checkstyle:
     name: "6️⃣ Rector Checkstyle"
     needs:

.github/workflows/lock-closed-issues.yml

@@ -8,7 +8,7 @@ jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@v5
         with:
           github-token: ${{ github.token }}
           issue-inactive-days: '31'

.github/workflows/scorecards.yml

@@ -50,14 +50,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@v3.1.3
+        uses: actions/upload-artifact@v4.3.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v2.3.3
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif

composer.json

@@ -56,20 +56,20 @@
         "psr/log": "^1.0|^2.0|^3.0",
         "spomky-labs/cbor-php": "^3.0",
         "spomky-labs/pki-framework": "^1.0",
-        "symfony/config": "^6.1",
-        "symfony/dependency-injection": "^6.1",
+        "symfony/config": "^6.1|^7.0",
+        "symfony/dependency-injection": "^6.1|^7.0",
         "symfony/deprecation-contracts": "^3.2",
-        "symfony/framework-bundle": "^6.1",
-        "symfony/http-client": "^6.1",
-        "symfony/psr-http-message-bridge": "^2.1",
-        "symfony/security-bundle": "^6.1",
-        "symfony/security-core": "^6.1",
-        "symfony/security-http": "^6.1",
-        "symfony/serializer": "^6.1",
-        "symfony/uid": "^6.1",
-        "symfony/validator": "^6.1",
+        "symfony/framework-bundle": "^6.1|^7.0",
+        "symfony/http-client": "^6.1|^7.0",
+        "symfony/psr-http-message-bridge": "^2.1|^6.1|^7.0",
+        "symfony/security-bundle": "^6.1|^7.0",
+        "symfony/security-core": "^6.1|^7.0",
+        "symfony/security-http": "^6.1|^7.0",
+        "symfony/serializer": "^6.1|^7.0",
+        "symfony/uid": "^6.1|^7.0",
+        "symfony/validator": "^6.1|^7.0",
         "web-auth/cose-lib": "^4.2.3",
-        "web-token/jwt-signature": "^3.1"
+        "web-token/jwt-library": "^3.3"
     },
     "replace": {
         "web-auth/webauthn-lib": "self.version",
@@ -88,16 +88,13 @@
     "suggest": {
         "psr/clock-implementation": "As of 4.5.x, the PSR Clock implementation will replace lcobucci/clock",
         "psr/log-implementation": "Recommended to receive logs from the library",
-        "symfony/security-bundle": "Symfony firewall using a JSON API (perfect for script applications)",
-        "web-token/jwt-key-mgmt": "Mandatory for fetching Metadata Statement from distant sources",
-        "web-token/jwt-signature-algorithm-rsa": "Mandatory for the AndroidSafetyNet Attestation Statement support",
-        "web-token/jwt-signature-algorithm-ecdsa": "Mandatory for fetching Metadata Statement from distant sources",
-        "web-token/jwt-signature-algorithm-eddsa": "Recommended for the AndroidSafetyNet Attestation Statement support"
+        "symfony/security-bundle": "Symfony firewall using a JSON API (perfect for script applications)"
     },
     "require-dev": {
-        "doctrine/dbal": "^3.4",
-        "doctrine/doctrine-bundle": "^2.7",
-        "doctrine/orm": "^2.13",
+        "doctrine/dbal": "^3.8|4.0",
+        "doctrine/doctrine-bundle": "^2.11",
+        "doctrine/orm": "^2.14|^3.0",
+        "doctrine/persistence": "^3.1",
         "ekino/phpstan-banned-code": "^1.0",
         "infection/infection": "^0.27",
         "matthiasnoback/symfony-dependency-injection-test": "^4.3|^5.0",
@@ -112,22 +109,18 @@
         "phpstan/phpstan-strict-rules": "^1.4",
         "phpunit/phpunit": "^10.1",
         "qossmic/deptrac-shim": "^1.0",
-        "rector/rector": "^0.18",
+        "rector/rector": "^1.0",
         "roave/security-advisories": "dev-latest",
-        "symfony/asset": "^6.3",
-        "symfony/asset-mapper": "^6.3",
-        "symfony/browser-kit": "^6.1",
-        "symfony/filesystem": "^6.1",
-        "symfony/finder": "^6.1",
+        "symfony/asset": "^6.4|^7.0",
+        "symfony/asset-mapper": "^6.4|^7.0",
+        "symfony/browser-kit": "^6.4|^7.0",
+        "symfony/filesystem": "^6.4|^7.0",
+        "symfony/finder": "^6.4|^7.0",
         "symfony/monolog-bundle": "^3.8",
-        "symfony/phpunit-bridge": "^6.3",
-        "symfony/var-dumper": "^6.1",
-        "symfony/yaml": "^6.1",
-        "symplify/easy-coding-standard": "^12.0",
-        "web-token/jwt-key-mgmt": "^3.1",
-        "web-token/jwt-signature-algorithm-ecdsa": "^3.1",
-        "web-token/jwt-signature-algorithm-eddsa": "^3.1",
-        "web-token/jwt-signature-algorithm-rsa": "^3.1"
+        "symfony/phpunit-bridge": "^6.4|^7.0",
+        "symfony/var-dumper": "^6.4|^7.0",
+        "symfony/yaml": "^6.4|^7.0",
+        "symplify/easy-coding-standard": "^12.0"
     },
     "extra": {
         "thanks": {