composer update macgirvin/http-message-signer to version 0.2.6

4 files changed, 58 insertions, 20 deletions

diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index 2728b340b..89f5202c3 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -1112,17 +1112,17 @@
         },
         {
             "name": "macgirvin/http-message-signer",
-            "version": "v0.2.3",
-            "version_normalized": "0.2.3.0",
+            "version": "v0.2.6",
+            "version_normalized": "0.2.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/macgirvin/HTTP-Message-Signer.git",
-                "reference": "35b42f0a2b84b3a300badeaa437128f5897b57fe"
+                "reference": "f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/35b42f0a2b84b3a300badeaa437128f5897b57fe",
-                "reference": "35b42f0a2b84b3a300badeaa437128f5897b57fe",
+                "url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13",
+                "reference": "f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13",
                 "shasum": ""
             },
             "require": {
@@ -1137,7 +1137,7 @@
             "require-dev": {
                 "phpunit/phpunit": "^10.0"
             },
-            "time": "2025-07-13T20:25:22+00:00",
+            "time": "2025-09-27T20:20:56+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -1152,7 +1152,7 @@
             "description": "RFC 9421 HTTP Message Signer and Verifier for PSR-7 requests",
             "support": {
                 "issues": "https://github.com/macgirvin/HTTP-Message-Signer/issues",
-                "source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.3"
+                "source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.6"
             },
             "install-path": "../macgirvin/http-message-signer"
         },
diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
index 8a7936650..46370b032 100644
--- a/vendor/composer/installed.php
+++ b/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => 'zotlabs/hubzilla',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '48433c9479a5de3837e9cf85e8644d7407ad635e',
+        'reference' => '4ba414fb8d9a21ba45ff298e487caf421eb3f855',
         'type' => 'application',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -146,9 +146,9 @@
             'dev_requirement' => false,
         ),
         'macgirvin/http-message-signer' => array(
-            'pretty_version' => 'v0.2.3',
-            'version' => '0.2.3.0',
-            'reference' => '35b42f0a2b84b3a300badeaa437128f5897b57fe',
+            'pretty_version' => 'v0.2.6',
+            'version' => '0.2.6.0',
+            'reference' => 'f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13',
             'type' => 'library',
             'install_path' => __DIR__ . '/../macgirvin/http-message-signer',
             'aliases' => array(),
@@ -499,7 +499,7 @@
         'zotlabs/hubzilla' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '48433c9479a5de3837e9cf85e8644d7407ad635e',
+            'reference' => '4ba414fb8d9a21ba45ff298e487caf421eb3f855',
             'type' => 'application',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
diff --git a/vendor/macgirvin/http-message-signer/README.md b/vendor/macgirvin/http-message-signer/README.md
index 7501f77d1..1033a0e27 100644
--- a/vendor/macgirvin/http-message-signer/README.md
+++ b/vendor/macgirvin/http-message-signer/README.md
@@ -6,21 +6,21 @@ A PHP 8.1+ library for signing and verifying HTTP messages (requests or response
 This is a fork of quantificant/http-message-signer
 
 Supports:
-- RSA-SHA256
+- RSA-v1.5-SHA256
 - Ed25519
 - HMAC-SHA256
+- RSA-PSS-SHA512
 - PSR-7 requests (e.g., Guzzle)
-- Optionally (recommended) calculate and verify body digest (content-digest header)
+- Automatically verify body digest (content-digest header) -- if present
 
 Requirements:
 - bakame/http-structured-fields
+- phpseclib/phpseclib
 - psr/http-message
 
 ## Note
 
-This is Alpha version please report issues. Thanks. Tested on PHP 8.4, should run fine on 8.1+
-
-2025-05-28: Partially reversed the constructor change. 
+Please report issues. Thanks. Tested on PHP 8.4, should run fine on 8.1+
 
 
 ## Installation
@@ -40,7 +40,45 @@ use GuzzleHttp\Psr7\ServerRequest;
 $request = ServerRequest::fromGlobals();
 ```
 
-This would typically be used to verify a message. 
+This would typically be used to verify a message.
+
+If your project uses URL rewriting (such as Apache's 'mod_rewrite'), you may have difficulties verifying some request parameters using a PSR7 request generated using ServerRequest::fromGlobals(). In that case, you might wish instead to generate a minimal PSR7 Request Message which is populated from the original request URI and which is not affected by URL re-writing:
+
+```
+use GuzzleHttp\Psr7\Request;
+
+function createRequest(string $baseurl)
+{
+    /**
+    * $baseurl for your site e.g. 'https://example.com'
+    */
+    
+    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+        $input = file_get_contents('php://input');
+    }
+    
+    $headers = [];
+    if (isset($_SERVER['CONTENT_TYPE'])) {
+      $headers['content-type'] = $_SERVER['CONTENT_TYPE'];
+    }
+    if (isset($_SERVER['CONTENT_LENGTH'])) {
+      $headers['content-length'] = $_SERVER['CONTENT_LENGTH'];
+    }
+    foreach ($_SERVER as $k => $v) {
+      if (str_starts_with($k, 'HTTP_')) {
+          $field = str_replace('_', '-', strtolower(substr($k, 5)));
+          $headers[$field] = $v;
+      }
+    }
+    
+    return new Request(
+      $_SERVER['REQUEST_METHOD'],
+        $baseurl . $_SERVER['REQUEST_URI']),
+        $headers,
+        $input ?? null
+      );
+ }
+```
 
 To sign a message, install the composer package guzzlehttp/psr7 and create an instance of `Request`.
 
diff --git a/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php b/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php
index 6aba8f7d6..9378dbe98 100644
--- a/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php
+++ b/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php
@@ -368,7 +368,7 @@ class HttpMessageSigner
             // The $interface has no single method to extract the target-uri, so build it from
             // the available components.
             $targetUri = $interface->getUri()->getScheme() . '://' . $this->getAuthority($interface)
-                . $interface->getUri()->getPath() . $interface->getUri()->getQuery();
+                . $interface->getUri()->getPath() . (($interface->getUri()->getQuery()) ? '?' . $interface->getUri()->getQuery() : '');
 
             $value = match ($fieldName) {
                 '@signature-params' => ['', ''],
@@ -405,7 +405,7 @@ class HttpMessageSigner
     {
         if (method_exists($interface, 'getUri')) {
             $authority = strtolower($interface->getUri()->getAuthority());
-            $authority = explode($authority, ':');
+            $authority = explode(':', $authority);
             return $authority[0];
         }
         throw new UnprocessableSignatureException('Unable to extract authority from MessageInterface');