Merge pull request #872 from lcobucci/remove-deprecated-items

Remove deprecated components

.github/workflows/composer-json-lint.yml

@@ -63,5 +63,5 @@ jobs:
       - name: "Check composer.json explicit dependencies"
         run: "composer-require-checker check"
 
-      - name: "Check composer.json unused dependencies"
-        run: "composer-unused"
+#      - name: "Check composer.json unused dependencies"
+#        run: "composer-unused"

docs/supported-algorithms.md

@@ -21,18 +21,6 @@ They're usually recommended for scenarios where these operations are handled by
 !!! Warning
     Although `BLAKE2B` is fantastic due to its performance, it's not [JWT standard] and won't necessarily be offered by other libraries.
 
-### Deprecated items
-
-In `v4.2.0`, we introduced key length validation and added a way for users to still use non-recommended keys.
-The following implementations will be **removed** in `v5.0.0` (use them carefully):
-
-| Name    | Description        | Class                                    | Key length req. |
-|---------|--------------------|------------------------------------------|-----------------|
-| `HS256` | HMAC using SHA-256 | `\Lcobucci\JWT\Signer\Hmac\UnsafeSha256` | `>= 1 bit`      |
-| `HS384` | HMAC using SHA-384 | `\Lcobucci\JWT\Signer\Hmac\UnsafeSha384` | `>= 1 bit`      |
-| `HS512` | HMAC using SHA-512 | `\Lcobucci\JWT\Signer\Hmac\UnsafeSha512` | `>= 1 bit`      |
-
-
 ## Asymmetric algorithms
 
 Asymmetric algorithms perform signature creation with private/secret keys and verification with public keys.
@@ -48,18 +36,4 @@ They're usually recommended for scenarios where creation is handled by a compone
 | `RS512` | RSASSA-PKCS1-v1_5 using SHA-512 | `\Lcobucci\JWT\Signer\Rsa\Sha512`   | `>= 2048 bits`  |
 | `EdDSA` | EdDSA signature algorithms      | `\Lcobucci\JWT\Signer\Eddsa`        | `>= 256 bits`   |
 
-### Deprecated items
-
-In `v4.2.0`, we introduced key length validation and added a way for users to still use non-recommended keys.
-The following implementations will be **removed** in `v5.0.0` (use them carefully):
-
-| Name    | Description                     | Class                                     | Key length req. |
-|---------|---------------------------------|-------------------------------------------|-----------------|
-| `ES256` | ECDSA using P-256 and SHA-256   | `\Lcobucci\JWT\Signer\Ecdsa\UnsafeSha256` | `>= 1 bit`      |
-| `ES384` | ECDSA using P-384 and SHA-384   | `\Lcobucci\JWT\Signer\Ecdsa\UnsafeSha384` | `>= 1 bit`      |
-| `ES512` | ECDSA using P-521 and SHA-512   | `\Lcobucci\JWT\Signer\Ecdsa\UnsafeSha512` | `>= 1 bit`      |
-| `RS256` | RSASSA-PKCS1-v1_5 using SHA-256 | `\Lcobucci\JWT\Signer\Rsa\UnsafeSha256`   | `>= 1 bit`      |
-| `RS384` | RSASSA-PKCS1-v1_5 using SHA-384 | `\Lcobucci\JWT\Signer\Rsa\UnsafeSha384`   | `>= 1 bit`      |
-| `RS512` | RSASSA-PKCS1-v1_5 using SHA-512 | `\Lcobucci\JWT\Signer\Rsa\UnsafeSha512`   | `>= 1 bit`      |
-
 [JWT standard]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms

phpstan.neon.dist

@@ -3,10 +3,3 @@ parameters:
     paths:
         - src
         - test
-
-    ignoreErrors:
-        - '#Call to method .* of deprecated class Lcobucci\\JWT\\Signer\\Key\\LocalFileReference#'
-        - """
-            #^.+ deprecated class Lcobucci\\\\JWT\\\\Signer\\\\.+:
-            Deprecated since v4\\.2$#
-        """