Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update module github.com/protonmail/gopenpgp/v2 to v3 #216

Merged

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 7, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/ProtonMail/gopenpgp/v2 v2.8.0 -> v3.0.0 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

ProtonMail/gopenpgp (github.com/ProtonMail/gopenpgp/v2)

v3.0.0

Compare Source

What's Changed

New simplified and unified API

GopenPGP v3 introduces a new unified API for high level OpenPGP operations. In comparison to GopenPGP v2, where similar functions were dispersed across different types and required varying implementations for the same operations, GopenPGP v3 consolidates these functions into a consistent interface. Now, operations such as Sign, Verify, Encrypt, Decrypt, and Key generation are each accessible through a unified, builder like API, simplifying integration and enhancing code readability across cryptographic workflows.

However, applications migrating from v2 to v3 will need to update their API calls, as the changes are not backward-compatible. This means that all previous API calls must be rewritten to align with the new, unified API structure. GopenPGP v3 supports the migration process by offering extensive documentation and practical examples. We recommend upgrading to v3 for the latest features and improvements, but we'll continue to support GopenPGP v2 for the time being. Our support includes ongoing bug fixes and minor feature updates to ensure stability and functionality for existing users.

For usage examples of the new API, see the README. For the full documentation, see https://pkg.go.dev/github.com/ProtonMail/gopenpgp/v3.

Profiles

GopenPGP v3 introduces the concept of profiles, enabling applications to configure OpenPGP algorithm selection based on their specific needs. For most applications, the provided preset profiles offer robust and secure defaults, eliminating the need for additional configuration.

RFC 9580 and Interoperability

GopenPGP v3 adds full support for the latest OpenPGP specification, RFC 9580. Compliance with the specification has also been significantly enhanced, as confirmed by the results in the OpenPGP interoperability test suite. These enhancements in GopenPGP v3 are possible by leveraging a new API in the go-crypto fork, which enables a range of improvements in functionality, compliance, and performance.

Go Mobile Support

GopenPGP v3 aims to be fully compatible with Gomobile to provide an API for mobile platforms. For this reason, the library defaults to a builder-like pattern, which is less commonly used in Go. All code that is only relevant for mobile platforms has been moved to the mobile module.

Extending Functionality

GopenPGP v3 introduces a streaming interface across all APIs, enabling memory efficient processing of large data.
Additionally, it extends the library's functionality with various improvements, such as:

  • Consider all signatures in a message during verification and allow inspection of each.
  • Support signing with multiple keys.
  • Support encrypting to an "anonymous recipient", where the recipient KeyID is represented as all zeros in the message.
  • Add support for the intended recipient feature as specified in RFC 9580.
  • Ensure consistent behaviour across all APIs.
  • Support generating v6 keys as specified in RFC 9580.

Full Changelog: ProtonMail/gopenpgp@v2.7.5...v3.0.0.

Changelog since v3.0.0-beta.0: ProtonMail/gopenpgp@v3.0.0-beta.0...v3.0.0.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Nov 7, 2024
Copy link
Contributor Author

renovate bot commented Nov 7, 2024

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: mod upgrade --mod-name=github.com/ProtonMail/gopenpgp/v2 -t=3
go: downloading github.com/ProtonMail/gopenpgp/v3 v3.0.0
go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
go: downloading github.com/google/go-cmp v0.6.0
go: downloading github.com/maxatome/go-testdeep v1.12.0
go: downloading github.com/kr/pretty v0.3.1
go: downloading github.com/go-playground/assert/v2 v2.2.0
go: downloading github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb
go: downloading github.com/kr/text v0.2.0
go: downloading github.com/rogpeppe/go-internal v1.11.0
go: downloading github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399
go: downloading github.com/hashicorp/go-hclog v1.6.3
go: downloading golang.org/x/term v0.26.0
go: downloading github.com/onsi/gomega v1.34.1
go: downloading github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a
go: downloading github.com/fatih/color v1.16.0
go: downloading github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
go: downloading github.com/gliderlabs/ssh v0.3.7
go: downloading github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be
go: finding module for package github.com/ProtonMail/gopenpgp/v3/helper
go: github.com/cidverse/cid/pkg/core/secret imports
	github.com/ProtonMail/gopenpgp/v3/helper: module github.com/ProtonMail/gopenpgp/v3@latest found (v3.0.0), but does not contain package github.com/ProtonMail/gopenpgp/v3/helper
exit status 1

@renovate renovate bot requested a review from PhilippHeuer November 7, 2024 20:45
@renovate renovate bot force-pushed the chore/dependencies/github.com-protonmail-gopenpgp-v2-3.x branch 4 times, most recently from c11362b to e4f1112 Compare November 13, 2024 21:42
@PhilippHeuer PhilippHeuer force-pushed the chore/dependencies/github.com-protonmail-gopenpgp-v2-3.x branch from e4f1112 to f4880d0 Compare November 13, 2024 21:51
@PhilippHeuer PhilippHeuer merged commit d0b71b9 into main Nov 13, 2024
5 checks passed
@PhilippHeuer PhilippHeuer deleted the chore/dependencies/github.com-protonmail-gopenpgp-v2-3.x branch November 13, 2024 21:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant