@asantos23 This conversation was already resolved as it was fixed in a different release. <i>Next time</i> please open a separate thread so everyone can see it. That being said, let me explain a few of these …
* random_compat
This is a library that provides true random number support for older versions of PHP. On modern versions (i.e. 7+) it’s unnecessary as the random number generators are native. It’s included here as a dependency of the defuse/php-encryption library.
This is a polyfill, meaning it’s built in such a way that it’s not even used if you’re on the right version of PHP – it’s only actually loaded if you’re on old PHP and lack native support.
Note also that WordPress ships this library as part of core as well, so your site is already running it ??
* defuse/php-encryption
This library is used to encrypt sessions at rest and provides a wrapper around common encryption functionality in PHP. If you’re not encryption sessions – though you should be – it won’t do anything.
* Deprecation warnings
These won’t break your site. They’re a consequence of the plugin supporting older versions of PHP and necessarily including libraries that provide backwards-compatibility support. I will eventually be removing them when I bump the minimum version to 7.2 … but that’s a ways out.
* Deprecation errors
These errors – the removal of the mcrypt extension as of PHP 7.2 – are known. They’re why the random-compat library is included at all. Older versions of PHP that lacked a true random number generator used mcrypt to generate random values. Modern PHP uses a native interface and the library doesn’t even try to load the extension.
In summary: static code sniffing is giving you some false positive errors here.