* Remove deprecated classes

* Remove support for certificate fingerprints

* Remove many deprecated methods and pieces of code

* Remove SAML1.1/Shib1.3 support

* Remove many superfluous annotations

* Update unit test to work with new PHPunit

Closes #1268 
Closes #1020 
Closes #431 
Closes #167 
Closes #151 

* Raise minimum PHP version to 7.0

* Remove tests pre-PHP 7.2

* Upgrade dev dependencies

* Ignore tests for deprecated class

* Add typehints; not touching public API

* Remove none-array replacements-param; old behaviour from pre-1.4 release

* Psalm fixes

* Add upgrade notes

* PSR-12

PSR-12 compliancy

* Ensure getConfig* functions can only return Configuration

* Cleanup after #1189

* Deprecate Configuration::getConfigList

This is due to a recent change in master. We're no longer trying to fill the sessionID for transient sessions (doesn't even make any sense), so everywhere else where we were checking the session ID (e.g. to store the session) we need to check if it's transient instead, and give up in that case.

Add support for RFC6265bis SameSite cookie attribute

* Update Psalm

* Ignore DocblockTypeContradiction and RedundantConditionGivenDocblockType

* Fix Psalm-errors

* Raise minimum PHP-version to 5.6

* Update lock-file accordingly

* Fix phpunit

* Suppress Psalm-issue

forward-port of my recent fix in branch 1.15

Also fixes edge-case situation where $_SERVER['SERVER_PORT'] is not set for an HTTPS connection, this function would return an explicit port 80 i.e. ":80" rather than an empty string.

This reverts commit 9ad60fe1.

Psalm is starting to get annoying. Both openssl_decrypt() and realpath() can return a string or false on error. Psalm seems to ignore the latter all of a sudden, so it assumes the returned variable will always be a string and then it fails when you check on errors. This fix explicitly declares the problematic variables with types string or false, so that psalm stops complaining.