Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

golang: bump github.com/ProtonMail/gopenpgp/v2 from 2.5.2 to 2.7.5 #726

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

golang: bump github.com/ProtonMail/gopenpgp/v2 from 2.5.2 to 2.7.5 #726

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 12, 2024
edited
Loading

Bumps github.com/ProtonMail/gopenpgp/v2 from 2.5.2 to 2.7.5.

Release notes

Sourced from github.com/ProtonMail/gopenpgp/v2's releases.

Release v2.7.5

Added

  • API to get signature key IDs for mobile: 
    func (msg *PGPMessage) GetHexSignatureKeyIDsJson() []byte
  • API to get encryption key IDs for mobile: 
    func (msg *PGPMessage) GetHexEncryptionKeyIDsJson() []byte
  • API to get the number of key packets in a PGP message: 
    func (msg *PGPSplitMessage) GetNumberOfKeyPackets() (int, error)
  • API in package helper to encrypt a PGP message to an additional key: 
    func EncryptPGPMessageToAdditionalKey(messageToModify *crypto.PGPSplitMessage, keyRing *crypto.KeyRing, additionalKey *crypto.KeyRing) error

Release v2.7.5-proton

This release is 2.7.5 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

Release v2.7.4

Fixed

  • Ensure that (SessionKey).Decrypt functions return an error if no integrity protection is present in the encrypted input. To protect SEIPDv1 encrypted messages, SED packets must not be allowed in decryption.

Release 2.7.4-proton

This release is 2.7.4 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

Release v2.7.3

Added

  • Add helper.QuickCheckDecrypt function to the helper package. The function allows to check with high probability if a session key can decrypt a SEIPDv1 data packet given its 24-byte prefix.

Release 2.7.3-proton

This release is 2.7.3 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

Release v2.7.2

Update the underlying crypto library

Release 2.7.2-proton

This release is 2.7.2 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

Release v2.7.1

Added

  • Add mobile helpers for signature verification with contexts.

Release v2.7.1-proton

... (truncated)

Changelog

Sourced from github.com/ProtonMail/gopenpgp/v2's changelog.

[2.7.5] 2023-31-01

Added

  • API to get signature key IDs for mobile: 
    func (msg *PGPMessage) GetHexSignatureKeyIDsJson() []byte
  • API to get encryption key IDs for mobile: 
    func (msg *PGPMessage) GetHexEncryptionKeyIDsJson() []byte
  • API to get the number of key packets in a PGP message: 
    func (msg *PGPSplitMessage) GetNumberOfKeyPackets() (int, error)
  • API in package helper to encrypt a PGP message to an additional key: 
    func EncryptPGPMessageToAdditionalKey(messageToModify *crypto.PGPSplitMessage, keyRing *crypto.KeyRing, additionalKey *crypto.KeyRing) error

[2.7.4] 2023-10-27

Fixed

  • Ensure that (SessionKey).Decrypt functions return an error if no integrity protection is present in the encrypted input. To protect SEIPDv1 encrypted messages, SED packets must not be allowed in decryption.

[2.7.3] 2023-08-28

Added

  • Add helper.QuickCheckDecrypt function to the helper package. The function allows to check with high probability if a session key can decrypt a SEIPDv1 data packet given its 24-byte prefix.

[2.7.2] 2023-07-17

Changed

  • Updated underlying crypto library

Fixed

  • Ensure DecryptSessionKey returns an error for a missing key packet

[2.7.1] 2023-04-21

Added

  • Add mobile helpers for signature verification with contexts.

[2.7.0] 2023-04-14

Changed

  • The SignatureVerificationError struct now has a Cause error field, which is returned by the the Unwrap function. The cause is also included in the error message. NB: If the caller was relying on the exact message of the error, it might break the flow.
  • When a signature fails verification because of the signature context, it returns a SignatureVerificationError with status constants.SIGNATURE_BAD_CONTEXT instead of constants.SIGNATURE_FAILED.

Added

  • Add api for signature context on streams SignDetachedStreamWithContext.
  • Add API for signature context on embedded signatures.

... (truncated)

Commits
  • c6a3058 Prepare release 2.7.5 with packet API (#269)
  • 02a4599 Prepare release 2.7.4 (#256)
  • da4cecf Update session key decryption to not allow SED packets (#255)
  • 0eace54 Release version 2.7.3 (#252)
  • 987923f Add quick check for session key decryption (#249)
  • b97d994 Release version 2.7.2 (#247)
  • ca02a21 Ensure DecryptSessionKey returns an error for a missing key packet (#245)
  • cf8b8d4 Update go-crypto
  • d37f4eb Merge pull request #237 from ProtonMail/feat/signature-context-mobile-helpers
  • 2cf7a8c Add mobile helpers to verify signature contexts.
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
golang: bump github.com/ProtonMail/gopenpgp/v2 from 2.5.2 to 2.7.5
57fa1b5 
Bumps [github.com/ProtonMail/gopenpgp/v2](https://github.com/ProtonMail/gopenpgp) from 2.5.2 to 2.7.5.
- [Release notes](https://github.com/ProtonMail/gopenpgp/releases)
- [Changelog](https://github.com/ProtonMail/gopenpgp/blob/main/CHANGELOG.md)
- [Commits](ProtonMail/gopenpgp@v2.5.2...v2.7.5)

---
updated-dependencies:
- dependency-name: github.com/ProtonMail/gopenpgp/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 12, 2024
@dependabot dependabot bot mentioned this pull request Feb 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants