Bump phpseclib/phpseclib from 2.0.13 to 2.0.14

[dependabot-preview]

Bumps phpseclib/phpseclib from 2.0.13 to 2.0.14.

Release notes

Sourced from phpseclib/phpseclib's releases.

2.0.14

• SSH2: ssh-rsa is sometimes incorrectly used instead of rsa-sha2-256 (#1331)
• SSH2: more strictly adhere to RFC8332 for rsa-sha2-256/512 (#1332)

Changelog

Sourced from phpseclib/phpseclib's changelog.

2.0.14 - 2019-01-27

• SSH2: ssh-rsa is sometimes incorrectly used instead of rsa-sha2-256 (#1331)
• SSH2: more strictly adhere to RFC8332 for rsa-sha2-256/512 (#1332)

Commits

• 8ebfcad Merge branch '1.0' into 2.0
• 7432a69 1.0.14 release
• 5c5a8a5 Merge branch '1.0' into 2.0
• 0f87a0e SSH2: CS adjustment
• 004a71c Merge branch '1.0' into 2.0
• e5ff894 SSH2: add missing constant
• f8ff1aa Merge branch '1.0' into 2.0
• b0d63fb SSH2: ssh-rsa is sometimes incorrectly used instead of rsa-sha2-256
• 31fbdb9 Merge branch '1.0' into 2.0
• 055d609 SSH2: more strictly adhere to RFC8332 for rsa-sha2-256/512
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[codecov]

Codecov Report

Merging #34284 into master will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master   #34284   +/-   ##
=========================================
  Coverage     64.76%   64.76%           
  Complexity    18368    18368           
=========================================
  Files          1199     1199           
  Lines         69550    69550           
  Branches       1281     1281           
=========================================
  Hits          45044    45044           
  Misses        24133    24133           
  Partials        373      373

Flag	Coverage Δ	Complexity Δ
#javascript	53.09% <ø> (ø)	0 <ø> (ø)	⬇️
#phpunit	66.11% <ø> (ø)	18368 <ø> (ø)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a7048a4...a745d34. Read the comment docs.

[codecov]

Codecov Report

Merging #34284 into master will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master   #34284   +/-   ##
=========================================
  Coverage     64.78%   64.78%           
  Complexity    18372    18372           
=========================================
  Files          1199     1199           
  Lines         69565    69565           
  Branches       1281     1281           
=========================================
  Hits          45065    45065           
  Misses        24127    24127           
  Partials        373      373

Flag	Coverage Δ	Complexity Δ
#javascript	53.09% <ø> (ø)	0 <ø> (ø)	⬇️
#phpunit	66.13% <ø> (ø)	18372 <ø> (ø)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 46255e2...862aa4b. Read the comment docs.

[phil-davis]

Note: see #34265 (comment) by @PVince81

[phil-davis]

@dependabot recreate

[PVince81]

@phil-davis please confirm that SFTP tests ran and passed

[phil-davis]

@PVince81 I got files_external_ftp unit tests passing again. See owncloud/files_external_ftp#33 and my comments on that.
That runs some SFTP stuff.
And core tests that use tests/lib/Files/External/Service/StoragesServiceTest class pass for me locally. That class has SFTP stuff in it.

What else should be run?

[PVince81]

@phil-davis actually it's https://github.com/owncloud/core/blob/master/apps/files_external/tests/Storage/SftpTest.php

I wasn't sure whether you were familiar how we ran the tests. Let's have a chat, I need to search for old info.

[PVince81]

seems not all external tests got ported to Drone.

here we have SMB: https://github.com/owncloud/core/blob/stable10/tests/drone/configs/config.files_external.smb-windows.php#L2

you can run SFTP locally with: make test-external TEST_EXTERNAL_ENV=sftp-atmoz

the latter refers to the files in https://github.com/owncloud/core/tree/master/apps/files_external/tests/env where you remove "start-" from "start-sftp-atmoz" so it becomes "sftp-atmoz".

I think we should bring back those tests in some form, maybe run them daily only on stable10.

Thoughts ? @phil-davis @individual-it

[PVince81]

raised #34522 for automation.

for now we should run these tests locally

[PVince81]

% make test-external TEST_EXTERNAL_ENV=sftp-atmoz
PHPUNIT="/srv/www/htdocs/owncloud/lib/composer/phpunit/phpunit/phpunit" build/autotest-external.sh sqlite sftp-atmoz 
Using database oc_autotest
Setup environment for sqlite testing ...
cp: cannot stat '/srv/www/htdocs/owncloud/tests/autoconfig-sqlite.php': No such file or directory
Installing ....
creating sqlite db
ownCloud was successfully installed
Testing with sqlite ...
Run only sftp-atmoz ...
files_external enabled
No coverage
PHPUnit 5.7.27 by Sebastian Bergmann and contributors.

Runtime:       PHP 7.2.14
Configuration: /srv/www/htdocs/owncloud/tests/phpunit-autotest-external.xml

...............................................................   63 / 63 (100%)

Time: 297 ms, Memory: 18.00MB

OK (63 tests, 128 assertions)
start: start-sftp-atmoz.sh
name: sftp-atmoz
Docker executable found - setup docker
Fetch recent atmoz/sftp docker image
Using default tag: latest
latest: Pulling from atmoz/sftp
Digest: sha256:fb2645743918a40991475c6a079aab180218e233b9f968e52b7693294a42626a
Status: Image is up to date for atmoz/sftp:latest
sftp container: 2d89604c96ab02ab15a6c7261ce841662a4bce91f6980c57daee1fa1a8d755a9
Waiting for sftp initialization.....