Bump openpgp and @hashicorp/js-releases #350
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps openpgp to 5.10.1 and updates ancestor dependency @hashicorp/js-releases. These dependencies need to be updated together.
Updates
openpgp
from 5.1.0 to 5.10.1Release notes
Sourced from openpgp's releases.
... (truncated)
Commits
5d02e3a
5.10.16b43e02
Merge pull request from GHSA-ch3c-v47x-4pgp11b5999
Reject cleartext messages with extraneous data preceeding hash header4df86e5
5.10.08d4dd34
Merge pull request #16205ae2846
CI: test on iOS Safari 14 instead of 15 to have access to SubtleCryptob164190
Internal: renameCurves
toCurvesWithOID
ef953ce
AddHKDF
fallback for Node 14, where SubtleCrypto is not availableee4ad89
Enforce AES with PKESK v3 using x25519 (new format)1c07d26
crypto-refresh
: add support for new X25519 key and PKESK formatMaintainer changes
This version was pushed to npm by larabr, a new releaser for openpgp since your current version.
Updates
@hashicorp/js-releases
from 1.6.1 to 1.7.0Release notes
Sourced from
@hashicorp/js-releases
's releases.Changelog
Sourced from
@hashicorp/js-releases
's changelog.Commits
6b64ff2
Fix publishing7d1b57f
Fix publishing92da1c8
Release 1.7.0 (#166)5291884
Merge pull request #165 from hashicorp/dependabot/github_actions/actions/chec...6dda7e9
Bump actions/checkout from 3.6.0 to 4.0.0e5fe1d5
Bump@types/node
from 14.18.56 to 14.18.58 (#164)2e9de5e
Merge pull request #163 from hashicorp/dependabot/npm_and_yarn/openpgp-5.10.1e139465
Bump openpgp from 5.9.0 to 5.10.1cc7d91e
Bump@types/semver
from 7.5.0 to 7.5.1 (#162)f0a3eb1
Merge pull request #161 from hashicorp/dependabot/github_actions/actions/chec...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.