Strange files in vendor folder

Hello, we are finding since yesterday strange files in the official download of updraftplus, can you confirm these are legit and it is not a compromise?

/home/*/www/wp-content/plugins/updraftplus/vendor/phpseclib/phpseclib/travis

total 20
dr-xr-xr-x 2 catfoodr catfoodr 4096 May 17 11:22 .
dr-xr-xr-x 6 catfoodr catfoodr 4096 May 16 19:38 ..
-r–r–r– 1 catfoodr catfoodr 533 May 16 19:38 install-php-extensions.sh
-r–r–r– 1 catfoodr catfoodr 2101 May 16 19:38 run-phpunit.sh
-r–r–r– 1 catfoodr catfoodr 82 May 16 19:38 setup-composer.sh
-r–r–r– 1 catfoodr catfoodr 82 May 16 19:38 setup-secure-shell.sh

In the file setup-secure-shell.sh there are user/pass . This is from the official download off your website:



!/bin/sh

#

This file is part of the phpseclib project.

#

(c) Andreas Fischer bantu@phpbb.com

#

For the full copyright and license information, please view the LICENSE

file that was distributed with this source code.

#
set -e
set -x

USERNAME='phpseclib'
PASSWORD='EePoov8po1aethu2kied1ne0'

Create phpseclib user and home directory

sudo useradd --create-home --base-dir /home "$USERNAME"

Set phpseclib user password

echo "$USERNAME:$PASSWORD" | sudo chpasswd

Create a 1024 bit RSA SSH key pair without passphrase for the travis user

ssh-keygen -t rsa -b 1024 -f "$HOME/.ssh/id_rsa" -q -N ""

Add the generated private key to SSH agent of travis user

ssh-add "$HOME/.ssh/id_rsa"

Allow the private key of the travis user to log in as phpseclib user

sudo mkdir -p "/home/$USERNAME/.ssh/"
sudo cp "$HOME/.ssh/id_rsa.pub" "/home/$USERNAME/.ssh/authorized_keys"
sudo ssh-keyscan -t rsa localhost > "/tmp/known_hosts"
sudo cp "/tmp/known_hosts" "/home/$USERNAME/.ssh/known_hosts"
sudo chown "$USERNAME:$USERNAME" "/home/$USERNAME/.ssh/" -R