chore(deps): update dependency phpseclib/phpseclib to v3.0.36 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
phpseclib/phpseclib (source)	3.0.34 -> 3.0.36

GitHub Vulnerability Alerts

CVE-2024-27354

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.

CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).

---

Release Notes

phpseclib/phpseclib (phpseclib/phpseclib)

v3.0.36

Compare Source

• BigInteger: put guardrails on isPrime() and randomPrime() (CVE-2024-27354)
• ASN1: limit OID length (CVE-2024-27355)
• EC: when using openssl to do signing use unencrypted key (#​1979)
• SSH2: add different options to isConnected() (#​1983)

v3.0.35

Compare Source

• SSH2: implement terrapin attack countermeasures (#​1972)
• SSH2: only capture login info once (#​1970)
• Crypt/AsymmetricKey: loading hidden custom key plugins didn't work (#​1971)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.