Constant Time Encoding Laravel Package

Backported fix from https://github.com/paragonie/constant_time_encoding/releases/tag/v3.1.3

What's Changed

• Backport fix from v3 by @paragonie-security in https://github.com/paragonie/constant_time_encoding/pull/71

Full Changelog: https://github.com/paragonie/constant_time_encoding/compare/v2.8.1...v2.8.2

This release fixes a bug with base64 codecs when ext-sodium installed.

What's Changed

• FIX: Trim padding characters from encoded string before calling sodium decode by @peldax in https://github.com/paragonie/constant_time_encoding/pull/67
• Update .gitattributes for psalm files by @erikn69 in https://github.com/paragonie/constant_time_encoding/pull/68
• Revert #67 and fix padding stripping by @paragonie-security in https://github.com/paragonie/constant_time_encoding/pull/69
• Add test case to prevent regressions by @paragonie-security in https://github.com/paragonie/constant_time_encoding/pull/70

New Contributors

• @peldax made their first contribution in https://github.com/paragonie/constant_time_encoding/pull/67
• @erikn69 made their first contribution in https://github.com/paragonie/constant_time_encoding/pull/68

Full Changelog: https://github.com/paragonie/constant_time_encoding/compare/v3.1.2...v3.1.3

I'm going to continue backporting important fixes to v2.x for PHP 7 support while there is still significant v2 usage.

What's Changed

• Backport sodium perf enhancements to v2.x by @paragonie-security in https://github.com/paragonie/constant_time_encoding/pull/66

Full Changelog: https://github.com/paragonie/constant_time_encoding/compare/v2.8.0...v2.8.1

Thanks @TimWolla for identifying a performance hit caused by attempting to find global functions such as strlen() in the current namespace before the global namespace.

What's Changed

• Improve sodium implementation performance by @TimWolla in https://github.com/paragonie/constant_time_encoding/pull/64
• Replace qualifiers with imports by @paragonie-security in https://github.com/paragonie/constant_time_encoding/pull/65

Full Changelog: https://github.com/paragonie/constant_time_encoding/compare/v3.1.1...v3.1.2

What's Changed

• Remove mbstring.func_overload compatibility layer by @TimWolla in https://github.com/paragonie/constant_time_encoding/pull/58
• Fixed #27 by making the test less redundant.

Full Changelog: https://github.com/paragonie/constant_time_encoding/compare/v3.1.0...v3.1.1

This release backports the ext-sodium performance enhancement from v3.1.0.

What's Changed

• Backport ext-sodium enhancement to v2.x by @paragonie-security in https://github.com/paragonie/constant_time_encoding/pull/63

Full Changelog: https://github.com/paragonie/constant_time_encoding/compare/v2.7.0...v2.8.0

Important: If you enable ext-sodium, some codecs will now be faster with our library: hex, base64, base64url. This requires the actual extension be installed; sodium_compat will not provide these implementations.

As with the recent sodium_compat release, this library now incorporates fuzz-testing and mutation testing as part of our development strategy. Fuzz testing is enabled on pull requests; mutation tests on releases.

The current metrics for a mutation test run (using the latest version of Infection):

 1782 mutations were generated:
    1470 mutants were killed by Test Framework
     296 covered mutants were not detected
       5 errors were encountered
      11 time outs were encountered
Metrics:
         Mutation Code Coverage: 100%
         Covered Code MSI: 83%

We set the minimum MSI for covered code to 80% by policy, but will slowly be increasing it in future releases.

What's Changed

• Add parameter type to Base32::doEncode()’s $pad parameter by @TimWolla in https://github.com/paragonie/constant_time_encoding/pull/60
• Re-enable CI for Pull Requests by @TimWolla in https://github.com/paragonie/constant_time_encoding/pull/59
• Use ext-sodium (if available) to accelerate performance. by @paragonie-security in https://github.com/paragonie/constant_time_encoding/pull/61
• Test improvements (+PHP 8.5) by @paragonie-security in https://github.com/paragonie/constant_time_encoding/pull/62

Full Changelog: https://github.com/paragonie/constant_time_encoding/compare/v3.0.0...v3.1.0

• New major bump due to increased minimum PHP requirements (from PHP 7 to PHP 8)
• Supports PHP 8.4 without deprecation warnings for implicit null

What's Changed

• Apply PHP 8.2's SensitiveParameter attribute to all string parameters by @TimWolla in https://github.com/paragonie/constant_time_encoding/pull/48
• Remove obsolete psalm suppressions by @TimWolla in https://github.com/paragonie/constant_time_encoding/pull/47
• Fix typo by @krsriq in https://github.com/paragonie/constant_time_encoding/pull/51
• Add PHP 8.2 to ci.yml by @TimWolla in https://github.com/paragonie/constant_time_encoding/pull/49
• Make CanonicalTrait::getNextChar() an abstract method instead a `@m… by @TimWolla in https://github.com/paragonie/constant_time_encoding/pull/54
• Make PHPUnit data providers static by @TimWolla in https://github.com/paragonie/constant_time_encoding/pull/53
• Add PHP 8.3 to ci.yml by @TimWolla in https://github.com/paragonie/constant_time_encoding/pull/52
• chore: fix ci deprecations by @Chris53897 in https://github.com/paragonie/constant_time_encoding/pull/57
• Fix: unreachable code typo by @Grundik in https://github.com/paragonie/constant_time_encoding/pull/56

New Contributors

• @krsriq made their first contribution in https://github.com/paragonie/constant_time_encoding/pull/51
• @Chris53897 made their first contribution in https://github.com/paragonie/constant_time_encoding/pull/57
• @Grundik made their first contribution in https://github.com/paragonie/constant_time_encoding/pull/56

Full Changelog: https://github.com/paragonie/constant_time_encoding/compare/v2.6.3...v2.7.0

• #40 - Improved performance of Hex
• #43 / #46 - Add .gitattributes to .gitattributes
• #41 - Consistent use of \ global namespace qualifiers

• #45 Fix regression from 2.6.1

• Fix #44 - Thanks @HacKanCuBa!

• Resolved #22 by fixing the behavior of strict mode (decode($str, true)).
• Added decodeNoPadding() to Base32, Base64, and its child classes.
  • This is a strict variant of the encoding that doesn't accept = padding at all.

• Switched from Travis CI to GitHub Actions
• Fix parameter names for PHP 8
• Cover PHP 8.1+ in unit testing

• Support PHP 8
• Migrate to GitHub Actions

• #25 - Fixed exception message
• Support PHP 8

Supports PHP 7.3, 7.4, and 8.x (currently only for testing against the master branch in Travis CI)

• Adds Base32::encodeUnpadded() from v1.x branch.

• #15 -- encodeUnpadded() added to Base64.

• This library now has 100% type-safety.
• Added unit tests to detect string truncation bugs that were (mistakenly?) reported.

• Backport of fixes from v2 branch. See #14.
• Type safety.

• Fix a pasto reported by Ed Barnard on Twitter.

• Adds encodeUnpadded() to Base32 and Base64 (and their derived classes). Satisfies #9.

Fix composer.json typo.

Previous tag was a false alarm. This is the real deal.

This library is now type-safe. Encoding functions (e.g. Base64::decode()) will always return a string or throw a RangeException. They will never return false.

Furthermore, type safety is assured with Psalm.

Throw a RangeException instead of returning false in a function with a return type of string.

Handle an edge-case reported in #4

Handle edge-case reported in #4

• Added scalar type declarations to Binary.

Version 2 will require PHP 7 and use scalar type declarations.