Skip to content
This repository was archived by the owner on Jul 18, 2023. It is now read-only.

Bump openpgp from 2.6.2 to 4.6.2 #3

Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump openpgp from 2.6.2 to 4.6.2 #3

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 2, 2019

Bumps openpgp from 2.6.2 to 4.6.2.

Release notes

Sourced from openpgp's releases.

v4.6.2

  • Fix verifying one-pass signatures in the compat build (broken in v4.6.0) (#968)

v4.6.1

  • Use native Node crypto for RSA key generation (#947)
  • Throw when trying to encrypt a key that's already encrypted (#950)
  • Fix intermittent Brainpool sign/verify bug (#948)
  • Style fixes; add spaces around all infix operators, remove use of new Buffer (#954)
  • Fix generating signing subkeys (#967)
  • Fix decrypting newly generated key object when using the Worker

v4.6.0

Nontrivial changes

  • Implement V5 signatures and update V5 keys to rfc4880bis-07 (#895)
  • Remove support for openpgp.config.aead_protect_version = 0 (see below)
  • Add separate config option to use V5 keys, openpgp.config.v5_keys = true. Previously, this was implied by openpgp.config.aead_protect = true. This is no longer the case. This also means that it is now possible to use AEAD (which is often much faster in browsers) in combination with V4 keys.
  • DSA: Fix intermittent generation of invalid signatures (#938)
  • Fix armor checksum errors being ignored when not streaming (#935)
  • Decrypt message with multiple keys in parallel
  • Don't keep the entire message in memory while decrypting when streaming
  • Accept @ in User ID names (#930)
  • Implement ECDH using Web Crypto for supported (NIST) curves (#914)
  • Implement ECDH using Node crypto (#921)

Trivial changes

  • Fix test failing due to expired key (#941)
  • Disable HKP tests due to keyserver.ubuntu.com no longer serving CORS headers (#940)
  • Fix comment describing RSA coefficient u (#937)
  • Don't babelify ES6 in unit tests when testing in modern browsers
  • Style fixes and new style rules for ESLint (#919)
  • Fix grunt-saucelabs by updating Sauce Labs Tunnel (#917)

Backwards-incompatible changes

This release is backwards-incompatible if you do all of the following:

  • Set openpgp.config.aead_protect = true,
  • Generate keys in OpenPGP.js,
  • Export them (these keys would have been incompatible with the new spec),
  • Store them on disk and/or expect them to continue working

Or:

  • Set openpgp.config.aead_protect = true and openpgp.config.aead_protect_version = 0
  • Encrypt messages
  • Store them on disk and/or expect them to continue working

There's a warning about breaking changes when using these config options in the README, hence why these changes were made in a minor release. If anyone is affected by this anyway, please ask for help on gitter and I'll try my best to offer some workarounds.

v4.5.5

... (truncated)
Commits
  • 2877bac Release new version
  • aa8d37a Fix verifying one-pass signatures in the compat build (#968)
  • a14b09c Release new version
  • 67e98e8 Merge pull request #967 from twiss/keygen-fixes
  • 18474bd Fix decrypting newly generated key object when using the Worker
  • a731a60 Fix writing newly generated embedded primary key binding signatures
  • 5d9629d Style fixes; add spaces around all infix operators, remove new Buffer (#954)
  • b23ee19 Fix intermittent Brainpool sign/verify bug (#948)
  • a7cc71e Throw when trying to encrypt a key that's already encrypted (#950)
  • d27060e Use native Node crypto for RSA key generation (#947)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by twiss, a new releaser for openpgp since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump openpgp from 2.6.2 to 4.6.2
7e1893f 
Bumps [openpgp](https://github.com/openpgpjs/openpgpjs) from 2.6.2 to 4.6.2.
- [Release notes](https://github.com/openpgpjs/openpgpjs/releases)
- [Commits](openpgpjs/openpgpjs@v2.6.2...v4.6.2)

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 2, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant