Skip to content

Chore(deps): bump github.com/ProtonMail/gopenpgp/v2 from 2.3.0 to 2.5.2 #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Chore(deps): bump github.com/ProtonMail/gopenpgp/v2 from 2.3.0 to 2.5.2 #131

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 27, 2023

Bumps github.com/ProtonMail/gopenpgp/v2 from 2.3.0 to 2.5.2.

Release notes

Sourced from github.com/ProtonMail/gopenpgp/v2's releases.

Release version 2.5.2

Changed

  • Update github.com/ProtonMail/go-crypto to the latest version

Release version 2.5.1

Added

  • Streaming API to encrypt with compression:
    • func (keyRing *KeyRing) EncryptStreamWithCompression
    • func (keyRing *KeyRing) EncryptSplitStreamWithCompression
    • func (sk *SessionKey) EncryptStreamWithCompression

Release version 2.5.0

Changed

  • Update github.com/ProtonMail/go-crypto to the latest version
  • Update github.com/ProtonMail/go-mime to the latest version, which cleans up unneeded dependencies. And fix an issue with PGP/MIME messages with non standard encodings.
  • Sanitize strings returned in MIMECallbacks.OnBody() and PlainMessage.GetString(). Strings that have non utf8 characters will be sanitized to have the "character unknown" character : � instead.
  • Detached sign text messages with signature type text. Similarly, clearsigned messages now also use signature type text.
  • Leave trailing spaces of text messages intact (except for clearsigned messages, where the spec requires us to trim trailing spaces). Note that for backwards compatibility, when verifying detached signatures over text messages, the application will have to trim trailing spaces in order for the signature to verify, if it was created by a previous version of this library (using crypto.NewPlainMessageFromString()).

Release version 2.4.10

Update go-crypto

Release version 2.4.9

Upgrade underlying go-crypto version

Release version 2.4.8

Add AEAD decryption support

Release version 2.4.7

  • DecryptMIMEMessage will return the decrypted content in the OnBody callback, even when there's a signature verification error. That lets the caller decide whether they want to use the content with a warning or hard fail on signature errors.
  • Key generation functions no longer return an error if either the name or email is empty

Release version 2.4.6

Fix MIME signature parsing issues

Release version 2.4.5

Deprecate SeparateKeyAndData, replace with (msg *PGPMessage) SplitMessage() to split PGP messages

Release version 2.4.4

Clone returned slices from SeparateKeyAndData

Release version 2.4.3

Security

  • Fixed incorrect MDC parsing for session key decryption

Changed

  • SeparateKeyAndData is now implemented in a more generic way, by checking for the location in the bytes of the last session key packet, then splitting the binary message after that point.

Fixed

  • SeparateKeyAndData now correctly parses AEAD packets.

... (truncated)

Changelog

Sourced from github.com/ProtonMail/gopenpgp/v2's changelog.

[2.5.2] 2022-01-25

Changed

  • Update github.com/ProtonMail/go-crypto to the latest version

[2.5.1] 2022-01-24

Added

  • Streaming API to encrypt with compression:
    • func (keyRing *KeyRing) EncryptStreamWithCompression
    • func (keyRing *KeyRing) EncryptSplitStreamWithCompression
    • func (sk *SessionKey) EncryptStreamWithCompression

[2.5.0] 2022-12-16

Changed

  • Update github.com/ProtonMail/go-crypto to the latest version
  • Update github.com/ProtonMail/go-mime to the latest version, which cleans up unneeded dependencies. And fix an issue with PGP/MIME messages with non standard encodings.
  • Sanitize strings returned in MIMECallbacks.OnBody() and PlainMessage.GetString(). Strings that have non utf8 characters will be sanitized to have the "character unknown" character : � instead.
  • Detached sign text messages with signature type text. Similarly, clearsigned messages now also use signature type text.
  • Leave trailing spaces of text messages intact (except for clearsigned messages, where the spec requires us to trim trailing spaces). Note that for backwards compatibility, when verifying detached signatures over text messages, the application will have to trim trailing spaces in order for the signature to verify, if it was created by a previous version of this library (using crypto.NewPlainMessageFromString()).

[2.4.10] 2022-08-22

Changed

  • Updated underlying crypto library

[2.4.9] 2022-08-19

Changed

  • Updated underlying crypto library and adjusted key clearing functions
  • Fixed typos in errors and comments

[2.4.8] 2022-06-22

Changed

  • SessionKey.Decrypt() and SessionKey.DecryptAndVerify(), now support the decryption of AEAD encrypted data packets (packet type 20).

[2.4.7] 2022-04-27

Changed

  • DecryptMIMEMessage will return the decrypted content in the OnBody callback, even when there's a signature verification error. That lets the caller decide whether they want to use the content with a warning or hard fail on signature errors.
  • Key generation functions no longer return an error if either the name or email is empty

[2.4.6] 2022-03-25

Fixed

  • Update dependency github.com/ProtonMail/go-mime. It makes the parsing of MIME messages more flexible to messages with no specified charsets.
  • Fix the verification of PGP/MIME signature, the signature is now verified against the canonicalized content rather than the raw content.

[2.4.5] 2022-03-01

... (truncated)

Commits
  • b4e40eb Merge pull request #212 from ProtonMail/release-2.5.2
  • 6093df5 Prepare release of version 2.5.2
  • a896ae4 Merge pull request #211 from ProtonMail/upgrade-go-crypto
  • 47534e9 Upgrade go crypto and adapt SEIPD
  • 2adafdb Merge pull request #209 from ProtonMail/release-2.5.1
  • b3e7082 Prepare v2.5.1
  • c9bf4fb Merge pull request #208 from ProtonMail/feat/encrypt_compression_streaming
  • eccc1df Add streaming APIs to encrypt with compression
  • ffcaa7f Merge pull request #207 from ProtonMail/clean-dependencies
  • 0ce389a Clean dependencies
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Chore(deps): bump github.com/ProtonMail/gopenpgp/v2 from 2.3.0 to 2.5.2
9442c52 
Bumps [github.com/ProtonMail/gopenpgp/v2](https://github.com/ProtonMail/gopenpgp) from 2.3.0 to 2.5.2.
- [Release notes](https://github.com/ProtonMail/gopenpgp/releases)
- [Changelog](https://github.com/ProtonMail/gopenpgp/blob/main/CHANGELOG.md)
- [Commits](ProtonMail/gopenpgp@v2.3.0...v2.5.2)

---
updated-dependencies:
- dependency-name: github.com/ProtonMail/gopenpgp/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jan 27, 2023

The following labels could not be found: automation.

@dependabot dependabot bot mentioned this pull request Jan 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants