build(dev-deps): update dependency openpgp to v6 #175
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.11.2
->6.0.1
Release Notes
openpgpjs/openpgpjs (openpgp)
v6.0.1
Compare Source
What's Changed
exports.browser
entrypoint as higher priority thanimport
openpgp.verify
/decrypt
withexpectSigned: true
andformat: 'binary'
(#1805)generateKey
(options.type
) andPrivateKey.getDecryptionKeys()
type declarations (#1807)Full Changelog: openpgpjs/openpgpjs@v6.0.0...v6.0.1
v6.0.0
Compare Source
What's Changed
OpenPGP.js v6 adds support for the new version of the OpenPGP specification, RFC 9580. It also increases compliance with the specification, as demonstrated by the OpenPGP interoperability test suite.
OpenPGP.js v6 only makes minor API changes.
This is the first stable release of OpenPGP.js v6: no more breaking changes to the high-level API will be made until the next major release.
For the changes since the previous pre-release (v6.0.0-beta.3.patch.1), see the end of this message.
Here we list a summary of the main changes since v5:
Platform support changes
module
(type: module
in package.json), and declares exports, alongside the legacy package.json entrypoints, which should ensure backwards compatibility. Still, bundlers might be affected by the package.json changes depending on how they load the library.SubtleCrypto
(insecure contexts are no longer supported, asSubtleCrypto
is not available there)BigInt
s (not supported by e.g. Safari 13 and below, see full compatibility table)SymEncryptedSessionKeyPacket.s2k?.type === 'argon2'
orSecretKeyPacket|SecretSubkeyPacket.keyPacket.s2k?.type === 'argon2'
.Breaking API changes
read[Private]Key
: support parsing key blocks (return first parsable key); previously, parsing would fail if a block with more than one key was given in input (#1755)PrivateKey.getDecryptionKeys
will now throw if no decryption key is found (#1789). Previously, an empty array was returned. As a consequence of this change, someopenpgp.decrypt
errors will be more specific.config.allowMissingKeyFlags
below)config.nonDeterministicSignaturesViaNotation
(defaulting to true) has been added to turn off the feature..v5Keys
flag and encrypted withconfig.aeadProtect = true
) cannot be decrypted by OpenPGP.js v6 (viadecryptKey
) out-of-the-box (seeconfig.parseAEADEncryptedV4KeysAsLegacy
below) (#1672)config.enableParsingV5Entities
below). The affected entities are non-standard, and in the RFC 9580 they have been superseded by v6 keys, v6 signatures and SEIPDv2 encrypted data, respectively. However, generation of v5 entities was supported behind config flags in OpenPGP.js v5, and some other libraries, hence parsing them might be necessary in some cases. (#1774 , #1779)Configuration changes
config.v5Keys
flag and corresponding key generation. The flag is replaced by.v6Keys
, and results in a different key format.config.aeadProtect
flag has a different effect than in v5:config.parseAEADEncryptedV4KeysAsLegacy
to allow decrypting AEAD-encrypted v4 keys from OpenPGP.js v5 or older (namely keys generated without.v5Keys
flag and encrypted withconfig.aeadProtect = true
) (#1672).config.enableParsingV5Entities
to enable parsing support for v5 entities (https://github.com/openpgpjs/openpgpjs/pull/1774 , #1779)config.allowMissingKeyFlags
to bypass the missing key flag check (see https://github.com/openpgpjs/openpgpjs/pull/1677)config.minBytesForWebCrypto
, and always use WebCrypto if available, since there is no longer a performance overhead for small messages.enums.publicKey.eddsa
in favour ofenums.publicKey.eddsaLegacy
enums.curve.ed25519Legacy
to'ed25519Legacy'
(was:'ed25519'
)enums.curve.curve25519Legacy
to'curve25519Legacy'
(was:'curve25519'
)config.useIndutnyElliptic
to.useEllipticFallback
, to reflect the change of underlying library.enums.symmetric.plaintext
(internally unused)enums.curve.p256
,.p384
,.p521
are now marked as@deprecated
(to be dropped in the main release)enums.curve.nistP256
,.nistP384
,.nistP521
.'p256'
,'p384'
,'p521'
to'nistP256'
,'nistP384'
,'nistP521'
(these new values are expected bygenerateKey
, for theoptions.curve
argument).config.deflateLevel
(#1717)config.revocationsExpire
, always honor revocation expiration (#1736): the option used to default to false, and ignore revocation expirations. We now honor those expirations, namely match the behavior resulting from setting the option to true.config.preferredHashAlgorithm
) to SHA512 (#1801)New API options
openpgp.sign
,recipientKeys
andrecipientUserIDs
options have been added. These can be used to influence the selection of the hash algorithm via the algorithm preferences of the recipient keys, to ensure that the recipients will support the selected hash algorithm.Similarly, when signing+encrypting using
openpgp.encrypt
, theencryptionKeys
are now used to determine the preferred hash algorithms, instead of thesigningKeys
. (https://github.com/openpgpjs/openpgpjs/pull/1802)Full Changelog: openpgpjs/openpgpjs@v5.11.0...v6.0.0.
For additional context about the changes introduced by OpenPGP.js v6, you can also refer to the changelog of the various prereleases, starting from v6.0.0-alpha.0.
Changes since v6.0.0-beta.3.patch.1: the main changes since the previous pre-release are the changes to the handling of preferred hash algorithms mentioned above (#1801 and #1802). For the full changelog, see openpgpjs/openpgpjs@v6.0.0-beta.3.patch.1...v6.0.0.
Configuration
📅 Schedule: Branch creation - "before 4am on the first day of the month" in timezone Europe/Paris, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.