CoNET
CoNET copied to clipboard
Published
20 hours ago •
CoNETProject
CoNETProject
[Snyk] Security upgrade openpgp from 4.10.10 to 5.0.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEFETCH-2964180 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: openpgp
The new version differs by 197 commits.- acafb28 5.0.0
- 4f1c474 5.0.0-6
- a599638 Docs: clarify content of returned `signatures` value in `openpgp.verify` and `decrypt`
- 3fa778a Add `config.rejectCurves` and prevent generating keys using blacklisted algorithms (#1395)
- f57d352 Set default `config.minRSABits` to 2047 (#1392)
- f59b0de 5.0.0-5
- da60fa0 Add security policy (#1388)
- d9829fc Throw on unrecognised configuration in top-level functions (#1387)
- 4b6189b Rename `config.tolerant` to `config.ignoreUnsupportedPackets`, add `config.ignoreMalformedPackets` (#1386)
- 3cd61ff TypeScript: add missing `config` options to the type definitions (#1385)
- 7ebdd6a Update dependencies (#1383)
- 1837077 5.0.0-4
- 5e99760 Update web-stream-tools
- 85d129a Export Subkey class (#1381)
- 1ac71a9 Github: add ISSUE_TEMPLATES (#1369)
- b604458 Rename `format: 'armor'` option to `format: 'armored'` in top-level functions (#1377)
- ce70484 Replace `armor` option with `format` in `openpgp.encrypt`, `sign` and `encryptSessionKey` (#1354)
- 53f54e1 Extend BaseStream<> from AsyncIterable<> (#1373)
- e450582 Update README to use `openpgp.readPrivateKey()` where applicable (#1362)
- 3886358 Remove `valid` and `error` from the verification result of `openpgp.verify` and `decrypt` (#1348)
- ed8db3d CI: Ignore unhandled rejections in tests in Safari 14.1 (#1371)
- ab22fe8 Lint: enforce single quotes and do not error on class methods without `this` (#1341)
- d238a02 Support using `Key.isPrivate()` for type inference, remove `Key.isPublic()` (#1347)
- f50abd8 Support passing a non-array value to `encryption/signingKeyIDs` in top-level functions (#1342)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
