search

goreleaser / nfpm

nFPM is Not FPM - a simple deb, rpm, apk, ipk, and arch linux packager written in Go
https://nfpm.goreleaser.com/
MIT License
2.17k stars 157 forks source link

feat(deps): bump github.com/ProtonMail/gopenpgp/v2 from 2.2.2 to 2.5.1 #617

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/ProtonMail/gopenpgp/v2 from 2.2.2 to 2.5.1.

Release notes

Sourced from github.com/ProtonMail/gopenpgp/v2's releases.

Release version 2.5.1

Added

  • Streaming API to encrypt with compression:
    • func (keyRing *KeyRing) EncryptStreamWithCompression
    • func (keyRing *KeyRing) EncryptSplitStreamWithCompression
    • func (sk *SessionKey) EncryptStreamWithCompression

Release version 2.5.0

Changed

  • Update github.com/ProtonMail/go-crypto to the latest version
  • Update github.com/ProtonMail/go-mime to the latest version, which cleans up unneeded dependencies. And fix an issue with PGP/MIME messages with non standard encodings.
  • Sanitize strings returned in MIMECallbacks.OnBody() and PlainMessage.GetString(). Strings that have non utf8 characters will be sanitized to have the "character unknown" character : � instead.
  • Detached sign text messages with signature type text. Similarly, clearsigned messages now also use signature type text.
  • Leave trailing spaces of text messages intact (except for clearsigned messages, where the spec requires us to trim trailing spaces). Note that for backwards compatibility, when verifying detached signatures over text messages, the application will have to trim trailing spaces in order for the signature to verify, if it was created by a previous version of this library (using crypto.NewPlainMessageFromString()).

Release version 2.4.10

Update go-crypto

Release version 2.4.9

Upgrade underlying go-crypto version

Release version 2.4.8

Add AEAD decryption support

Release version 2.4.7

  • DecryptMIMEMessage will return the decrypted content in the OnBody callback, even when there's a signature verification error. That lets the caller decide whether they want to use the content with a warning or hard fail on signature errors.
  • Key generation functions no longer return an error if either the name or email is empty

Release version 2.4.6

Fix MIME signature parsing issues

Release version 2.4.5

Deprecate SeparateKeyAndData, replace with (msg *PGPMessage) SplitMessage() to split PGP messages

Release version 2.4.4

Clone returned slices from SeparateKeyAndData

Release version 2.4.3

Security

  • Fixed incorrect MDC parsing for session key decryption

Changed

  • SeparateKeyAndData is now implemented in a more generic way, by checking for the location in the bytes of the last session key packet, then splitting the binary message after that point.

Fixed

  • SeparateKeyAndData now correctly parses AEAD packets.
  • (ap *AttachmentProcessor) Finish() now returns encryption errors correctly.

Release version 2.4.2

Update underlying crypto library and prevent AEAD messages from being created until the specification is stable

... (truncated)

Changelog

Sourced from github.com/ProtonMail/gopenpgp/v2's changelog.

[2.5.1] 2022-01-24

Added

  • Streaming API to encrypt with compression:
    • func (keyRing *KeyRing) EncryptStreamWithCompression
    • func (keyRing *KeyRing) EncryptSplitStreamWithCompression
    • func (sk *SessionKey) EncryptStreamWithCompression

[2.5.0] 2022-12-16

Changed

  • Update github.com/ProtonMail/go-crypto to the latest version
  • Update github.com/ProtonMail/go-mime to the latest version, which cleans up unneeded dependencies. And fix an issue with PGP/MIME messages with non standard encodings.
  • Sanitize strings returned in MIMECallbacks.OnBody() and PlainMessage.GetString(). Strings that have non utf8 characters will be sanitized to have the "character unknown" character : � instead.
  • Detached sign text messages with signature type text. Similarly, clearsigned messages now also use signature type text.
  • Leave trailing spaces of text messages intact (except for clearsigned messages, where the spec requires us to trim trailing spaces). Note that for backwards compatibility, when verifying detached signatures over text messages, the application will have to trim trailing spaces in order for the signature to verify, if it was created by a previous version of this library (using crypto.NewPlainMessageFromString()).

[2.4.10] 2022-08-22

Changed

  • Updated underlying crypto library

[2.4.9] 2022-08-19

Changed

  • Updated underlying crypto library and adjusted key clearing functions
  • Fixed typos in errors and comments

[2.4.8] 2022-06-22

Changed

  • SessionKey.Decrypt() and SessionKey.DecryptAndVerify(), now support the decryption of AEAD encrypted data packets (packet type 20).

[2.4.7] 2022-04-27

Changed

  • DecryptMIMEMessage will return the decrypted content in the OnBody callback, even when there's a signature verification error. That lets the caller decide whether they want to use the content with a warning or hard fail on signature errors.
  • Key generation functions no longer return an error if either the name or email is empty

[2.4.6] 2022-03-25

Fixed

  • Update dependency github.com/ProtonMail/go-mime. It makes the parsing of MIME messages more flexible to messages with no specified charsets.
  • Fix the verification of PGP/MIME signature, the signature is now verified against the canonicalized content rather than the raw content.

[2.4.5] 2022-03-01

Added

  • (msg *PGPMessage) SplitMessage() to split PGP messages, replacing SeparateKeyAndData.

Changed

... (truncated)

Commits
  • 2adafdb Merge pull request #209 from ProtonMail/release-2.5.1
  • b3e7082 Prepare v2.5.1
  • c9bf4fb Merge pull request #208 from ProtonMail/feat/encrypt_compression_streaming
  • eccc1df Add streaming APIs to encrypt with compression
  • ffcaa7f Merge pull request #207 from ProtonMail/clean-dependencies
  • 0ce389a Clean dependencies
  • e1f4ae0 Merge pull request #206 from ProtonMail/release-2.5.0
  • b0dcd6e Prepare release of v2.5.0
  • 101172f Merge pull request #205 from ProtonMail/update-go-crypto
  • d3a0b14 Update changelog
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
cloudflare-workers-and-pages[bot] commented 1 year ago

Deploying with  Cloudflare Pages  Cloudflare Pages

Latest commit: ec4ccc9
Status: ✅  Deploy successful!
Preview URL: https://408a1a35.nfpm.pages.dev
Branch Preview URL: https://dependabot-go-modules-github-rn0r.nfpm.pages.dev

View logs

codecov[bot] commented 1 year ago

Codecov Report

Merging #617 (ec4ccc9) into main (b55113f) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #617   +/-   ##
=======================================
  Coverage   70.48%   70.48%           
=======================================
  Files          21       21           
  Lines        3168     3168           
=======================================
  Hits         2233     2233           
  Misses        717      717           
  Partials      218      218

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

caarlos0 commented 1 year ago

@dependabot ignore this major version

dependabot[bot] commented 1 year ago

OK, I won't notify you about version 2.x.x again, unless you re-open this PR. 😢