Certainty Versions Save

What's Changed

• Fix CI
• Prune old files

Full Changelog: https://github.com/paragonie/certainty/compare/v2.8.2...v2.8.3

• No code changes, just includes the latest CACert bundles, including the bundle after LetsEncrypt's intermediate certificate expired.
• Although Certainty will, by design, try to keep the bundles up-to-date, if you're in a Composer-based deployment situation where the Certainty update process isn't being used, pulling the latest version in a staging environment will tell you if the LetsEncrypt intermediate expiration breaks your app.
  • If necessary, rollback to 2.8.1 in your composer.json file until you've resolved the network issue.

• Block vulnerable versions of Composer.

• #32 / #33 -- Add support for Guzzle 7 (thanks @jacques, @ziming)

• Fix compatibility with PHP 7.4
• Updated Psalm in require-dev from ^1|^2 to ^1|^3.

• Expand unit testing coverage to PHP 7.4
• Updated composer.json to allow installing on PHP 8

We had to reinstall the server. Bgcc1QfkP0UNgMZuHzi0hC1hA1SoVAyUrskmSkzRw3E= is the public key of the new default Chronicle server.

Previously, the default behavior of RemoteFetch was to check a Chronicle instance (i.e. the one at php-chronicle.pie-hosted.com), regardless of whether or not the bundle was already fetched and verified.

This was wasteful, and led to an accidental stress test of the Chronicle instance for the PHP community.

Now, the default behavior of RemoteFetch is to only query Chronicle instances on freshly-downloaded bundles, rather than every time getLatestBundle() is invoked.

We've already done a lot of work to ensure our server is stable even under the tremendous load we were seeing previously, but we do ask everyone to update to the latest version to improve the performance of your code that uses Certainty.

• You can now specify an HTTP connection timeout for Chronicle queries and Github fetches.

Updated minimum version of sodium_compat to version 1.11.0