Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-11-23 22:15:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,631 Commits 5 Branches 188 Tags 67 MiB
Commit Graph

2631 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
larabr
8dd8839694
Linter: add warnings for rules affecting code quality 
These rules were currently silenced to limit the noise,
but we should avoid introducing new problematic code instances,
and refactor to fix the issues when possible, since in many cases
this hinders the TS migration.
 2025-10-17 17:38:10 +02:00
larabr
48d1cfd15f
Linter: enable type info integration for rules (recommended-type-checked) 2025-10-17 17:38:09 +02:00
larabr
d4bb70815b
Linter: update to eslint v9 
This eslint version brings breaking changes related to the eslint config.
eslint-airbnb-config has yet to release a compatible version with the
new format, and it generally looks unmaintained, hence we drop the dependency
in favor of the built-in recommended configs.
 2025-10-17 16:41:01 +02:00
larabr
5a69043aad
Merge pull request #1916 
Bump playwright from 1.55.0 to 1.56.0
 2025-10-14 14:06:55 +02:00
larabr
3465a360ad
Tests: fix WebCrypto parallelism expectation for Chrome v141+ 
Chromium disabled some async WebCrypto operations in v141 .
Context: https://github.com/w3c/webcrypto/issues/389#issuecomment-3136298597 .
 2025-10-13 16:21:25 +02:00
dependabot[bot]
2bbe3fcbbc
Bump playwright from 1.55.0 to 1.56.0 
Bumps [playwright](https://github.com/microsoft/playwright) from 1.55.0 to 1.56.0.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.55.0...v1.56.0)

---
updated-dependencies:
- dependency-name: playwright
  dependency-version: 1.56.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-09 17:05:59 +00:00
larabr
884c6f4f3d
Merge pull request #1896 
Support Node v24
 2025-10-09 19:04:36 +02:00
larabr
b1dd6287ff
Tests: mocha: drop ts-node in favor of tsx 
To avoid using "experimental-specifier-resolution",
and for more stable ESM support.
 2025-10-06 14:53:43 +02:00
larabr
d9364ac2ea
CI: node tests: run also on Node v24 2025-10-06 14:53:43 +02:00
larabr
b4358cd865
TS: update node types to v24 
web-stream-tools types are affected
 2025-10-06 14:53:42 +02:00
dependabot[bot]
d4f9c77af6
Tests: Bump sinon from 20.0.0 to 21.0.0 (#1909) 
Bumps [sinon](https://github.com/sinonjs/sinon) from 20.0.0 to 21.0.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/commits)

---
updated-dependencies:
- dependency-name: sinon
  dependency-version: 21.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 16:10:07 +02:00
dependabot[bot]
66b442b8d5
Tests: Bump chai-as-promised from 7.1.2 to 8.0.1 (#1907) 
Bumps [chai-as-promised](https://github.com/chaijs/chai-as-promised) from 7.1.2 to 8.0.1.
- [Release notes](https://github.com/chaijs/chai-as-promised/releases)
- [Commits](https://github.com/chaijs/chai-as-promised/compare/v7.1.2...v8.0.1)

---
updated-dependencies:
- dependency-name: chai-as-promised
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 16:08:07 +02:00
dependabot[bot]
0215e92166
CI: Bump softprops/turnstyle from 1 to 3 (#1899) 
Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 1 to 3.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/v1...v3)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 15:52:30 +02:00
dependabot[bot]
e07e8d5f15
CI: Bump actions/download-artifact from 4 to 5 (#1901) 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 15:51:35 +02:00
dependabot[bot]
58f4b664cc
CI: Bump actions/setup-node from 4 to 5 (#1900) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 15:50:15 +02:00
dependabot[bot]
2d973b7634
CI: Bump actions/checkout from 4 to 5 (#1898) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 15:43:42 +02:00
larabr
296dd2724a
Dependabot: fix "CI" prefix config 2025-09-11 17:41:21 +02:00
larabr
f3b4bf920a
Merge pull request #1897 
Dependabot: setup for dev dependencies and CI actions
 2025-09-11 17:39:45 +02:00
larabr
4bc772623e
CI: Dependabot: also update Github actions 2025-09-11 13:19:28 +02:00
larabr
cf7382a7f6
Dependabot: update all dev dependencies on a monthly basis 
Patch and minor updates will be grouped in the same MRs.
Major updates will result in standalone MRs.

Also, since only two schedules are currently supported for each package-ecosystem,
the update frequency of noble and fflate has been changed to a daily one
(same as playwright).
 2025-09-11 13:17:10 +02:00
larabr
6f9584d13f
6.2.2 v6.2.2 2025-09-02 14:45:07 +02:00
larabr
93d9df7724
Fix zlib compression for data larger than 65KB (#1894) 
Regression introduced in https://github.com/openpgpjs/openpgpjs/pull/1826
(v6.2.0) .
Due to internal fflate lib changes, part of the compressed data ended up being discarded,
leading to a corrupted compressed payload for the encrypted/signed message,
which cannot be decompressed.

Compression is disabled by default in openpgpjs.
Hence, the issue affects only users who enabled zlib compression via e.g.
`config.preferredCompressionAlgorithm = openpgp.enums.compression.zlib`
and encrypted or signed data larger than 65KB.
 2025-09-02 14:40:35 +02:00
larabr
30ce607245
6.2.1 v6.2.1 2025-08-26 14:44:09 +02:00
larabr
2138b80cba
Merge pull request #1886 
Bump dev dependencies to latest versions, and fix TS test setup
 2025-08-25 17:09:13 +02:00
larabr
c5f9ecf3e4
Tests: TS: add back missing type checking 
tsx does not run any type checking, hence a separate
tsc step is needed .

Also, fix resulting type issue caused by external lib types.
 2025-08-25 15:59:50 +02:00
larabr
5027bcd0eb
Tests: TS: temporarily lock @types/node version to v22 
v24 brings breaking changes that will be fixed in the next
minor openpgpjs release
 2025-08-25 15:49:24 +02:00
larabr
bcdb59729c
Run npm update 
Including npm audit
 2025-08-25 15:47:46 +02:00
dependabot[bot]
0a92baf8ba
Tests: bump playwright from 1.54.1 to 1.55.0 (#1883) 
Bumps [playwright](https://github.com/microsoft/playwright) from 1.54.1 to 1.55.0.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.54.1...v1.55.0)

---
updated-dependencies:
- dependency-name: playwright
  dependency-version: 1.55.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-21 11:38:50 +02:00
dependabot[bot]
449ba5bc7a
Build(deps-dev): bump @noble/curves from 1.9.5 to 1.9.6 (#1880) 
Bumps the noble group with 1 update: [@noble/curves](https://github.com/paulmillr/noble-curves).


Updates `@noble/curves` from 1.9.5 to 1.9.6
- [Release notes](https://github.com/paulmillr/noble-curves/releases)
- [Commits](https://github.com/paulmillr/noble-curves/compare/1.9.5...1.9.6)

---
updated-dependencies:
- dependency-name: "@noble/curves"
  dependency-version: 1.9.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: noble
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-06 14:39:30 +02:00
larabr
ddbd0d72f9
Merge pull request #1873 2025-07-31 19:19:10 +02:00
larabr
c1ea7ca464
Tests: update ECDH negative test expectations to match WebKit Windows behavior 
AES-KW unwrapping failure does not throw an OperationError there,
instead it returns an empty buffer, which then fails to be PKCS5 decoded.
 2025-07-31 19:09:59 +02:00
larabr
faeceec49e
CI: set fail-on-cache-miss for cached build folders 2025-07-31 19:09:59 +02:00
larabr
0f586241e8
CI: run browser tests also on Windows 2025-07-31 19:09:59 +02:00
larabr
6b1da73b97
Merge pull request #1875 2025-07-31 19:08:40 +02:00
larabr
e05ca9e2d2
Internal: switch away from deprecated noble-curve util.randomPrivateKey 2025-07-31 19:07:57 +02:00
dependabot[bot]
29cdf978c4
Build(deps-dev): bump @noble/curves from 1.9.2 to 1.9.5 
Bumps the noble group with 1 update: [@noble/curves](https://github.com/paulmillr/noble-curves).

Updates `@noble/curves` from 1.9.2 to 1.9.5
- [Release notes](https://github.com/paulmillr/noble-curves/releases)
- [Commits](https://github.com/paulmillr/noble-curves/compare/1.9.2...1.9.5)

---
updated-dependencies:
- dependency-name: "@noble/curves"
  dependency-version: 1.9.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: noble
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-31 19:07:57 +02:00
larabr
659e3dbbd0
Merge pull request #1877 2025-07-31 18:05:14 +02:00
larabr
ed5554e114
Lightweight build: lazy load tweetnacl dependency module (curve25519 JS fallback) 
Since all major browsers have shipped support for the curve
in WebCrypto, we only load the JS fallback if needed.

Also, add native/non-native ECDH test for Curve25519Legacy.
(The more modern X25519/X448 algo implementations cannot be
tested that way since they include an HKDF step for which
we assume native support and do not implement a fallback.)
 2025-07-31 17:42:37 +02:00
larabr
721b918296
Key validation: use WebCrypto API when available for curve25519 
For Ed25519/Ed25519Legacy native validation code does a sign-verify check over random data.
This is faster than re-deriving the public point using tweetnacl.
If the native implementation is not available, we fall back to re-deriving
the public point only.

For X25519/Curve25519Legacy, both the native and fallback flows do an ecdh exchange;
in the fallback case, this results in slower performance compared to the existing check,
but encryption subkeys are hardly ever validated directly (only in case of gnu-dummy keys),
and this solution keeps the code simpler.

Separately, all validation tests have been updated to use valid params from a different
key, rather than corrupted parameters.
 2025-07-28 15:13:54 +02:00
larabr
4054ff0543
README: add section about how to update to the latest version and deprecation policy (#1876) [skip ci] 
Co-authored-by: Daniel Huigens <d.huigens@protonmail.com>
 2025-07-25 14:47:36 +02:00
larabr
c30404c143
6.2.0 v6.2.0 2025-07-17 18:14:15 +02:00
dependabot[bot]
732f3c88b2
Tests: bump playwright from 1.53.0 to 1.54.1 (#1872) 
Bumps [playwright](https://github.com/microsoft/playwright) from 1.53.0 to 1.54.1.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.53.0...v1.54.1)

---
updated-dependencies:
- dependency-name: playwright
  dependency-version: 1.54.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-14 10:47:42 +02:00
larabr
24f776a9af
Merge pull request #1870 
Add workarounds for WebCrypto X25519 bugs on WebKit Linux

At least some of the errors were found to also affect Epiphany ,
not just the playwright built , unlike previously reported (4762d2c) .
 2025-07-14 10:45:25 +02:00
larabr
9703ab891e
Add workaround for WebCrypto X25519 key generation bug on WebKit Linux 
Similar/same issue was already patched for Ed25519 .

https://bugs.webkit.org/show_bug.cgi?id=279113
 2025-07-10 21:22:20 +02:00
larabr
b9275642e1
Add workaround for WebCrypto X25519 key export bug on WebKit Linux 
https://bugs.webkit.org/show_bug.cgi?id=289693
 2025-07-10 21:21:15 +02:00
larabr
d155da23dd
Revert "CI: do not test Webkit on Linux" 
This reverts commit 4762d2c7623eccaf297a2bf9f4c7aa957aa32c6f.
 2025-07-09 16:00:08 +02:00
dependabot[bot]
448418a6f5
Bump @noble/curves from 1.9.0 to 1.9.2 in the noble group (#1855) 
Bumps the noble group with 1 update: [@noble/curves](https://github.com/paulmillr/noble-curves).


Updates `@noble/curves` from 1.9.0 to 1.9.2
- [Release notes](https://github.com/paulmillr/noble-curves/releases)
- [Commits](https://github.com/paulmillr/noble-curves/compare/1.9.0...1.9.2)

---
updated-dependencies:
- dependency-name: "@noble/curves"
  dependency-version: 1.9.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: noble
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-17 16:58:58 +02:00
larabr
208402ebcb
Merge pull request #1850 
Bump dev dependencies to latest versions
 2025-06-17 15:54:00 +02:00
larabr
232da14940 Tests: revert update to chai v5 
Chai v5 broke support for Safari below v16.4;
we delay the update for now, waiting for their fix.
 2025-06-13 16:46:40 +02:00
larabr
cabc91c42c Bump dev dependencies to latest versions 
Only one breaking change with `@rollup/plugin-typescript`,
that enforced a check on the `outDir` location.
 2025-06-13 16:38:12 +02:00