Missing: phpseclib3 not in composer.json dependencies #18
Description
Description
The RemoteServerManager trait uses phpseclib3 classes but the package is not declared in composer.json.
Location
- File: src/Concerns/RemoteServerManager.php (imports on lines 10-11)
- File: composer.json
Issue
The code imports:
- phpseclib3\Crypt\PublicKeyLoader
- phpseclib3\Net\SSH2
But composer.json does not list phpseclib3 as a dependency. This means:
- The dependency may come transitively but is not guaranteed
- Version constraints are not specified
- Security updates may not be tracked
Recommendation
Add to composer.json require section:
- phpseclib/phpseclib: ^3.0
Also ensure you're using a version without known CVEs and keep it updated.
Severity
Medium - Missing dependency could cause runtime failures or version conflicts