fix(deps): update dependency com.hierynomus:sshj to v0.36.0 (#2670)

* fix(deps): update dependency com.hierynomus:sshj to v0.36.0 * refactor(build): drop unnecessary explicit dependency * chore(idea): cruft * fix(app): ensure SLF4J v1 is used * fix(build): disable illegal BindsCanBeExtensionFunction lint * chore: refresh Lint baselines --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Harsh Shandilya <me@msfjarvis.dev>
author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> 2023-09-04 18:50:19 +0000
committer: GitHub <noreply@github.com> 2023-09-04 18:50:19 +0000
commit: 1da4c42220e88b54211ab891efbb2c5bf20477f7 (patch)
tree: 3af7161d79162a9f7f729fd3d3537110652cf9be
parent: e94f3446855b7b2dac4aa4a9bee974734d05912a (diff)
8 files changed, 36 insertions, 17 deletions
diff --git a/.idea/kotlinScripting.xml b/.idea/kotlinScripting.xml
deleted file mode 100644
index 78aa73da..00000000
--- a/.idea/kotlinScripting.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="KotlinScriptingSettings">
-    <option name="suppressDefinitionsCheck" value="true" />
-  </component>
-</project>
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
index 4f825aad..9a469213 100644
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -86,9 +86,8 @@ dependencies {
   implementation(libs.thirdparty.logcat)
   implementation(libs.thirdparty.modernAndroidPrefs)
   implementation(libs.thirdparty.plumber)
-  implementation(libs.thirdparty.sshj) { exclude(group = "org.bouncycastle") }
+  implementation(libs.thirdparty.sshj)
   implementation(libs.thirdparty.bouncycastle.bcprov)
-  implementation(libs.thirdparty.bouncycastle.bcpkix)
 
   if (snapshot.snapshot) {
     implementation(libs.thirdparty.whatthestack)
@@ -96,6 +95,10 @@ dependencies {
     debugImplementation(libs.thirdparty.whatthestack)
   }
 
+  implementation(libs.thirdparty.slf4j.api) {
+    because("SSHJ now uses SLF4J 2.0 which we don't want")
+  }
+
   implementation(libs.thirdparty.leakcanary.core)
   nonFreeImplementation(libs.thirdparty.nonfree.googlePlayAuthApiPhone)
   nonFreeImplementation(libs.thirdparty.nonfree.sentry)
diff --git a/app/lint-baseline.xml b/app/lint-baseline.xml
index 8450381e..137d61d6 100644
--- a/app/lint-baseline.xml
+++ b/app/lint-baseline.xml
@@ -14,16 +14,16 @@
 
     <issue
         id="InvalidPackage"
-        message="Invalid package reference in org.bouncycastle:bcpkix-jdk18on; not included in Android: `javax.naming.directory`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory`.">
+        message="Invalid package reference in library; not included in Android: `javax.naming.directory`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory`.">
         <location
-            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.76/10c9cf5c1b4d64abeda28ee32fbade3b74373622/bcpkix-jdk18on-1.76.jar"/>
+            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.75/5adfef8a71a0933454739264b56283cc73dd2383/bcpkix-jdk18on-1.75.jar"/>
     </issue>
 
     <issue
         id="InvalidPackage"
-        message="Invalid package reference in org.bouncycastle:bcpkix-jdk18on; not included in Android: `javax.naming`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1`.">
+        message="Invalid package reference in library; not included in Android: `javax.naming`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1`.">
         <location
-            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.76/10c9cf5c1b4d64abeda28ee32fbade3b74373622/bcpkix-jdk18on-1.76.jar"/>
+            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.75/5adfef8a71a0933454739264b56283cc73dd2383/bcpkix-jdk18on-1.75.jar"/>
     </issue>
 
     <issue
diff --git a/app/proguard-rules.pro b/app/proguard-rules.pro
index 9bd2a665..6dd3b79e 100644
--- a/app/proguard-rules.pro
+++ b/app/proguard-rules.pro
@@ -1,7 +1,6 @@
 -keepattributes SourceFile,LineNumberTable,EnclosingMethod,InnerClasses
 -dontobfuscate
 
--keep class com.jcraft.jsch.**
 -keep class org.eclipse.jgit.internal.JGitText { *; }
 -keep class org.bouncycastle.jcajce.provider.** { *; }
 -keep class !org.bouncycastle.jce.provider.X509LDAPCertStoreSpi,org.bouncycastle.jce.provider.** { *; }
diff --git a/build-logic/src/main/kotlin/app/passwordstore/gradle/LintConfig.kt b/build-logic/src/main/kotlin/app/passwordstore/gradle/LintConfig.kt
index 361b92cd..48c6bba2 100644
--- a/build-logic/src/main/kotlin/app/passwordstore/gradle/LintConfig.kt
+++ b/build-logic/src/main/kotlin/app/passwordstore/gradle/LintConfig.kt
@@ -38,6 +38,9 @@ object LintConfig {
       disable += "FragmentFieldInjection"
       // Too pedantic
       disable += "ArgInFormattedQuantityStringRes"
+      // Illegal in Dagger v2.48, can be removed after
+      // https://github.com/slackhq/slack-lints/pull/133 is released.
+      disable += "BindsCanBeExtensionFunction"
     }
     baseline = project.file("lint-baseline.xml")
   }
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index d5c2bbef..786ddca2 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -72,7 +72,6 @@ testing-robolectric = "org.robolectric:robolectric:4.10.3"
 testing-sharedPrefsMock = "com.github.android-password-store:shared-preferences-fake:2.0.0"
 testing-testparameterinjector = "com.google.testparameterinjector:test-parameter-injector:1.12"
 testing-turbine = "app.cash.turbine:turbine:1.0.0"
-thirdparty-bouncycastle-bcpkix = { module = "org.bouncycastle:bcpkix-jdk18on", version.ref = "bouncycastle" }
 thirdparty-bouncycastle-bcprov = { module = "org.bouncycastle:bcprov-jdk18on", version.ref = "bouncycastle" }
 thirdparty-commons_codec = "commons-codec:commons-codec:1.14"
 thirdparty-compose-lints = "com.slack.lint.compose:compose-lint-checks:1.2.0"
@@ -91,8 +90,8 @@ thirdparty-nonfree-sentry = "io.sentry:sentry-android:6.28.0"
 thirdparty-pgpainless = "org.pgpainless:pgpainless-core:1.6.2"
 thirdparty-plumber = { module = "com.squareup.leakcanary:plumber-android-startup", version.ref = "leakcanary" }
 thirdparty-slack-lints = "com.slack.lint:slack-lint-checks:0.4.0"
-# TODO: Remove the explicit bcpkix dependency when upgrading this to a BC 1.71 compatible version
-thirdparty-sshj = "com.hierynomus:sshj:0.35.0"
+thirdparty-slf4j-api = { module = "org.slf4j:slf4j-api", version = { strictly = "[1.7, 1.8[", prefer = "1.7.36" } }
+thirdparty-sshj = "com.hierynomus:sshj:0.36.0"
 thirdparty-uri = "com.eygraber:uri-kmp:0.0.14"
 thirdparty-whatthestack = "com.github.haroldadmin:WhatTheStack:1.0.0-alpha04"
 
diff --git a/ssh/build.gradle.kts b/ssh/build.gradle.kts
index 998d5735..a975efab 100644
--- a/ssh/build.gradle.kts
+++ b/ssh/build.gradle.kts
@@ -19,7 +19,7 @@ dependencies {
   implementation(libs.androidx.core.ktx)
   implementation(libs.kotlinx.coroutines.android)
   implementation(libs.kotlinx.coroutines.core)
-  implementation(libs.thirdparty.sshj) { exclude(group = "org.bouncycastle") }
+  implementation(libs.thirdparty.sshj)
   implementation(libs.thirdparty.logcat)
   implementation(libs.androidx.security)
   implementation(libs.thirdparty.eddsa)
diff --git a/ssh/lint-baseline.xml b/ssh/lint-baseline.xml
index 8d55468b..dae997eb 100644
--- a/ssh/lint-baseline.xml
+++ b/ssh/lint-baseline.xml
@@ -1,4 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <issues format="6" by="lint 8.3.0-alpha01" type="baseline" client="gradle" dependencies="false" name="AGP (8.3.0-alpha01)" variant="all" version="8.3.0-alpha01">
 
+    <issue
+        id="InvalidPackage"
+        message="Invalid package reference in library; not included in Android: `javax.naming.directory`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory`.">
+        <location
+            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.75/5adfef8a71a0933454739264b56283cc73dd2383/bcpkix-jdk18on-1.75.jar"/>
+    </issue>
+
+    <issue
+        id="InvalidPackage"
+        message="Invalid package reference in library; not included in Android: `javax.naming`. Referenced from `org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1`.">
+        <location
+            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.75/5adfef8a71a0933454739264b56283cc73dd2383/bcpkix-jdk18on-1.75.jar"/>
+    </issue>
+
+    <issue
+        id="TrustAllX509TrustManager"
+        message="`checkServerTrusted` is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers">
+        <location
+            file="$GRADLE_USER_HOME/caches/modules-2/files-2.1/org.bouncycastle/bcpkix-jdk18on/1.75/5adfef8a71a0933454739264b56283cc73dd2383/bcpkix-jdk18on-1.75.jar"/>
+    </issue>
+
 </issues>
author	renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-09-04 18:50:19 +0000
committer	GitHub <noreply@github.com>	2023-09-04 18:50:19 +0000
commit	1da4c42220e88b54211ab891efbb2c5bf20477f7 (patch)
tree	3af7161d79162a9f7f729fd3d3537110652cf9be
parent	e94f3446855b7b2dac4aa4a9bee974734d05912a (diff)