From ed3347e835967706081395363e78549b2cb0623d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Feb 2025 11:50:21 +0000
Subject: [PATCH 1/4] Bump mlocati/ip-lib from 1.18.1 to 1.19.0

Bumps [mlocati/ip-lib](https://github.com/mlocati/ip-lib) from 1.18.1 to 1.19.0.
- [Release notes](https://github.com/mlocati/ip-lib/releases)
- [Commits](https://github.com/mlocati/ip-lib/compare/1.18.1...1.19.0)

---
updated-dependencies:
- dependency-name: mlocati/ip-lib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 composer.json |  2 +-
 composer.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/composer.json b/composer.json
index bdb8c85c..32670358 100644
--- a/composer.json
+++ b/composer.json
@@ -26,7 +26,7 @@
 	"require" : {
 		"php": "^7.3 || ^8.0",
 		"jdenticon/jdenticon": "1.0.2",
-		"mlocati/ip-lib": "1.18.1",
+		"mlocati/ip-lib": "1.19.0",
 		"symfony/polyfill-ctype": "^1.31",
 		"symfony/polyfill-php80": "^1.31",
 		"yzalis/identicon": "2.0.0"
diff --git a/composer.lock b/composer.lock
index 58222e9f..d4d1afa9 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "0fdf0f08646fa2a4cf9c076131f529f5",
+    "content-hash": "034b684cb56661f261b3c82559c38a2b",
     "packages": [
         {
             "name": "jdenticon/jdenticon",
@@ -57,16 +57,16 @@
         },
         {
             "name": "mlocati/ip-lib",
-            "version": "1.18.1",
+            "version": "1.19.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/mlocati/ip-lib.git",
-                "reference": "08bb43b4949069c543ebdf099a6b2c322d0172ab"
+                "reference": "86ec0cff2463c83daab105614da42f9221cfed3d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/mlocati/ip-lib/zipball/08bb43b4949069c543ebdf099a6b2c322d0172ab",
-                "reference": "08bb43b4949069c543ebdf099a6b2c322d0172ab",
+                "url": "https://api.github.com/repos/mlocati/ip-lib/zipball/86ec0cff2463c83daab105614da42f9221cfed3d",
+                "reference": "86ec0cff2463c83daab105614da42f9221cfed3d",
                 "shasum": ""
             },
             "require": {
@@ -112,7 +112,7 @@
             ],
             "support": {
                 "issues": "https://github.com/mlocati/ip-lib/issues",
-                "source": "https://github.com/mlocati/ip-lib/tree/1.18.1"
+                "source": "https://github.com/mlocati/ip-lib/tree/1.19.0"
             },
             "funding": [
                 {
@@ -124,7 +124,7 @@
                     "type": "other"
                 }
             ],
-            "time": "2024-10-29T15:44:19+00:00"
+            "time": "2025-02-04T08:16:46+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",

From f111def9463fef3d2ae6aa36ec4a201dab6fe6ed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 11:20:36 +0000
Subject: [PATCH 2/4] Bump mlocati/ip-lib from 1.19.0 to 1.20.0

Bumps [mlocati/ip-lib](https://github.com/mlocati/ip-lib) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/mlocati/ip-lib/releases)
- [Commits](https://github.com/mlocati/ip-lib/compare/1.19.0...1.20.0)

---
updated-dependencies:
- dependency-name: mlocati/ip-lib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 composer.json |  2 +-
 composer.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/composer.json b/composer.json
index 32670358..5188b14a 100644
--- a/composer.json
+++ b/composer.json
@@ -26,7 +26,7 @@
 	"require" : {
 		"php": "^7.3 || ^8.0",
 		"jdenticon/jdenticon": "1.0.2",
-		"mlocati/ip-lib": "1.19.0",
+		"mlocati/ip-lib": "1.20.0",
 		"symfony/polyfill-ctype": "^1.31",
 		"symfony/polyfill-php80": "^1.31",
 		"yzalis/identicon": "2.0.0"
diff --git a/composer.lock b/composer.lock
index d4d1afa9..f1cedb0f 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "034b684cb56661f261b3c82559c38a2b",
+    "content-hash": "b6e6a0433b36e6c81fcb3cb58b22a269",
     "packages": [
         {
             "name": "jdenticon/jdenticon",
@@ -57,16 +57,16 @@
         },
         {
             "name": "mlocati/ip-lib",
-            "version": "1.19.0",
+            "version": "1.20.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/mlocati/ip-lib.git",
-                "reference": "86ec0cff2463c83daab105614da42f9221cfed3d"
+                "reference": "fd45fc3bf08ed6c7e665e2e70562082ac954afd4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/mlocati/ip-lib/zipball/86ec0cff2463c83daab105614da42f9221cfed3d",
-                "reference": "86ec0cff2463c83daab105614da42f9221cfed3d",
+                "url": "https://api.github.com/repos/mlocati/ip-lib/zipball/fd45fc3bf08ed6c7e665e2e70562082ac954afd4",
+                "reference": "fd45fc3bf08ed6c7e665e2e70562082ac954afd4",
                 "shasum": ""
             },
             "require": {
@@ -112,7 +112,7 @@
             ],
             "support": {
                 "issues": "https://github.com/mlocati/ip-lib/issues",
-                "source": "https://github.com/mlocati/ip-lib/tree/1.19.0"
+                "source": "https://github.com/mlocati/ip-lib/tree/1.20.0"
             },
             "funding": [
                 {
@@ -124,7 +124,7 @@
                     "type": "other"
                 }
             ],
-            "time": "2025-02-04T08:16:46+00:00"
+            "time": "2025-02-04T17:30:58+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",

From 0a37a884e24af7b8391e7861e7767e0572d021ff Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Wed, 5 Feb 2025 22:27:21 +0100
Subject: [PATCH 3/4] chore: document change

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f78190af..bd9a4bd6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 # PrivateBin version history
 
 ## 1.7.7 (not yet released)
+* CHANGED: Upgrading libraries to: ip-lib 1.20.0
 
 ## 1.7.6 (2025-02-01)
 * ADDED: Ability to copy the paste by clicking the copy icon button or using the keyboard shortcut ctrl+c/cmd+c (#1390 & #12)

From ec5b72476e9472066039151a96b5eac7b1c3d0bd Mon Sep 17 00:00:00 2001
From: rugk <rugk+git@posteo.de>
Date: Fri, 7 Feb 2025 21:39:59 +0100
Subject: [PATCH 4/4] Change SECURITY.md to hint for acceping vulnerability
 reports via the GitHub mail

This seems to be a new feature and I've had this tested (with a different account) that this can be used by anyone.

IMHO, this is a convenient feature, as we'd need to publish it anyway there.
---
 SECURITY.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index 09289b7b..6d7b1192 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -14,5 +14,8 @@ a response within a week (usually during the next weekend). The respondee will
 reply from their personal address and can offer you their GPG public key to
 support end-to-end encrypted communication on sensitive topics or attachments.
 
+You can also [use the corresponding GitHub form](https://github.com/PrivateBin/PrivateBin/security/advisories/new)
+to report a new vulnerability directly on GitHub.
+
 You can also contact us via the regular issue tracker if the risk of early
 publication is low or you would request input from other PrivateBin users.