fix(deps): update dependency com.hierynomus:sshj to v0.36.0 (#2670)

* fix(deps): update dependency com.hierynomus:sshj to v0.36.0 * refactor(build): drop unnecessary explicit dependency * chore(idea): cruft * fix(app): ensure SLF4J v1 is used * fix(build): disable illegal BindsCanBeExtensionFunction lint * chore: refresh Lint baselines --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Harsh Shandilya <me@msfjarvis.dev>
2023-09-04 18:50:19 +00:00 · 2023-09-04 18:50:19 +00:00 · 1da4c42220
commit 1da4c42220
parent e94f344685
8 changed files with 36 additions and 17 deletions
--- a/.idea/kotlinScripting.xml
+++ b/.idea/kotlinScripting.xml
@ -1,6 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
  <component name="KotlinScriptingSettings">
    <option name="suppressDefinitionsCheck" value="true" />
  </component>
 </project>
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@ -86,9 +86,8 @@ dependencies {
  implementation(libs.thirdparty.logcat)
  implementation(libs.thirdparty.modernAndroidPrefs)
  implementation(libs.thirdparty.plumber)
-  implementation(libs.thirdparty.sshj) { exclude(group = "org.bouncycastle") }
+  implementation(libs.thirdparty.sshj)
  implementation(libs.thirdparty.bouncycastle.bcprov)
  implementation(libs.thirdparty.bouncycastle.bcpkix)
  if (snapshot.snapshot) {
    implementation(libs.thirdparty.whatthestack)
@ -96,6 +95,10 @@ dependencies {
    debugImplementation(libs.thirdparty.whatthestack)
  }
  implementation(libs.thirdparty.slf4j.api) {
    because("SSHJ now uses SLF4J 2.0 which we don't want")
  }
  implementation(libs.thirdparty.leakcanary.core)
  nonFreeImplementation(libs.thirdparty.nonfree.googlePlayAuthApiPhone)
  nonFreeImplementation(libs.thirdparty.nonfree.sentry)
--- a/app/lint-baseline.xml
+++ b/app/lint-baseline.xml
@ -14,16 +14,16 @@
    <issue
        id="InvalidPackage"
-        message="Invalid package reference in org.bouncycastle:bcpkix-jdk18on; not included in Android: `javax.naming.directory`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory`.">
+        message="Invalid package reference in library; not included in Android: `javax.naming.directory`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory`.">
        <location
-            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.76/10c9cf5c1b4d64abeda28ee32fbade3b74373622/bcpkix-jdk18on-1.76.jar"/>
+            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.75/5adfef8a71a0933454739264b56283cc73dd2383/bcpkix-jdk18on-1.75.jar"/>
    </issue>
    <issue
        id="InvalidPackage"
-        message="Invalid package reference in org.bouncycastle:bcpkix-jdk18on; not included in Android: `javax.naming`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1`.">
+        message="Invalid package reference in library; not included in Android: `javax.naming`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1`.">
        <location
-            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.76/10c9cf5c1b4d64abeda28ee32fbade3b74373622/bcpkix-jdk18on-1.76.jar"/>
+            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.75/5adfef8a71a0933454739264b56283cc73dd2383/bcpkix-jdk18on-1.75.jar"/>
    </issue>
    <issue
--- a/app/proguard-rules.pro
+++ b/app/proguard-rules.pro
@ -1,7 +1,6 @@
 -keepattributes SourceFile,LineNumberTable,EnclosingMethod,InnerClasses
 -dontobfuscate
 -keep class com.jcraft.jsch.**
 -keep class org.eclipse.jgit.internal.JGitText { *; }
 -keep class org.bouncycastle.jcajce.provider.** { *; }
 -keep class !org.bouncycastle.jce.provider.X509LDAPCertStoreSpi,org.bouncycastle.jce.provider.** { *; }
--- a/build-logic/src/main/kotlin/app/passwordstore/gradle/LintConfig.kt
+++ b/build-logic/src/main/kotlin/app/passwordstore/gradle/LintConfig.kt
@ -38,6 +38,9 @@ object LintConfig {
      disable += "FragmentFieldInjection"
      // Too pedantic
      disable += "ArgInFormattedQuantityStringRes"
      // Illegal in Dagger v2.48, can be removed after
      // https://github.com/slackhq/slack-lints/pull/133 is released.
      disable += "BindsCanBeExtensionFunction"
    }
    baseline = project.file("lint-baseline.xml")
  }
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@ -72,7 +72,6 @@ testing-robolectric = "org.robolectric:robolectric:4.10.3"
 testing-sharedPrefsMock = "com.github.android-password-store:shared-preferences-fake:2.0.0"
 testing-testparameterinjector = "com.google.testparameterinjector:test-parameter-injector:1.12"
 testing-turbine = "app.cash.turbine:turbine:1.0.0"
 thirdparty-bouncycastle-bcpkix = { module = "org.bouncycastle:bcpkix-jdk18on", version.ref = "bouncycastle" }
 thirdparty-bouncycastle-bcprov = { module = "org.bouncycastle:bcprov-jdk18on", version.ref = "bouncycastle" }
 thirdparty-commons_codec = "commons-codec:commons-codec:1.14"
 thirdparty-compose-lints = "com.slack.lint.compose:compose-lint-checks:1.2.0"
@ -91,8 +90,8 @@ thirdparty-nonfree-sentry = "io.sentry:sentry-android:6.28.0"
 thirdparty-pgpainless = "org.pgpainless:pgpainless-core:1.6.2"
 thirdparty-plumber = { module = "com.squareup.leakcanary:plumber-android-startup", version.ref = "leakcanary" }
 thirdparty-slack-lints = "com.slack.lint:slack-lint-checks:0.4.0"
-# TODO: Remove the explicit bcpkix dependency when upgrading this to a BC 1.71 compatible version
+thirdparty-slf4j-api = { module = "org.slf4j:slf4j-api", version = { strictly = "[1.7, 1.8[", prefer = "1.7.36" } }
-thirdparty-sshj = "com.hierynomus:sshj:0.35.0"
+thirdparty-sshj = "com.hierynomus:sshj:0.36.0"
 thirdparty-uri = "com.eygraber:uri-kmp:0.0.14"
 thirdparty-whatthestack = "com.github.haroldadmin:WhatTheStack:1.0.0-alpha04"
--- a/ssh/build.gradle.kts
+++ b/ssh/build.gradle.kts
@ -19,7 +19,7 @@ dependencies {
  implementation(libs.androidx.core.ktx)
  implementation(libs.kotlinx.coroutines.android)
  implementation(libs.kotlinx.coroutines.core)
-  implementation(libs.thirdparty.sshj) { exclude(group = "org.bouncycastle") }
+  implementation(libs.thirdparty.sshj)
  implementation(libs.thirdparty.logcat)
  implementation(libs.androidx.security)
  implementation(libs.thirdparty.eddsa)
--- a/ssh/lint-baseline.xml
+++ b/ssh/lint-baseline.xml
@ -1,4 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <issues format="6" by="lint 8.3.0-alpha01" type="baseline" client="gradle" dependencies="false" name="AGP (8.3.0-alpha01)" variant="all" version="8.3.0-alpha01">
    <issue
        id="InvalidPackage"
        message="Invalid package reference in library; not included in Android: `javax.naming.directory`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory`.">
        <location
            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.75/5adfef8a71a0933454739264b56283cc73dd2383/bcpkix-jdk18on-1.75.jar"/>
    </issue>
    <issue
        id="InvalidPackage"
        message="Invalid package reference in library; not included in Android: `javax.naming`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1`.">
        <location
            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.75/5adfef8a71a0933454739264b56283cc73dd2383/bcpkix-jdk18on-1.75.jar"/>
    </issue>
    <issue
        id="TrustAllX509TrustManager"
        message="`checkServerTrusted` is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers">
        <location
            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.75/5adfef8a71a0933454739264b56283cc73dd2383/bcpkix-jdk18on-1.75.jar"/>
    </issue>
 </issues>