Skip to content

chore(deps): bump pgp from 0.19.0 to 0.20.0#2131

Merged
genedna merged 1 commit into
mainfrom
dependabot/cargo/pgp-0.20.0
Jun 24, 2026
Merged

chore(deps): bump pgp from 0.19.0 to 0.20.0#2131
genedna merged 1 commit into
mainfrom
dependabot/cargo/pgp-0.20.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps pgp from 0.19.0 to 0.20.0.

Release notes

Sourced from pgp's releases.

v0.20.0

⛰️ Features

  • Derive Ord for Timestamp (#738) - (12e61b3)
  • Implement more functionality from draft-wussler-openpgp-forwarding (#723) - (47a0ce2)
  • [breaking] By default, MDC-check first when decrypting SEIPDv1; allow optional streaming (#662) - (8e0ef98)
  • Handling of ECDSA/EdDSA secret key packets with unknown curve (#796) - (1e3a886)

🐛 Bug Fixes

  • Abort on all-zero x25519 shared secret - (35e98dd)
  • Don't panic in legacy_key_id() for v2/3 keys with very short RSA modulus (#760) - (970b18f)
  • Improve draft-forwarding implementation - (e0910fe)
  • Catch underflow in a controlled manner - (c33f55b)
  • Subpacket length handling (#764) - (c9b0955)
  • Timestamp::now() panics in WASM (#784) - (a4dafc8)
  • Allow verifying signatures over empty payload - (010a2df)

🚜 Refactor

  • Replace regex with memchr for newline normalization (#744) - (0800991)
  • Replace try_key! macro with plain functions - (a162c07)

📚 Documentation

  • Add GpgFrontend to notable users and libraries (#769) - (2a943ae)
  • Document what ADSK in key flags means - (2df698c)

🧪 Testing

  • Don't run a test by default that requires "tests/tests" (#748) - (02d1536)
  • Dearmorer gets confused (in debug builds) - (747dd37)
  • Parse incomplete armored data (#765) - (5007673)
  • Add unit test for #146 (#766) - (a8a0790)

⚙️ Miscellaneous Tasks

Api

  • [breaking] Mark legacy ECC curves as such - (a888a7f)
Changelog

Sourced from pgp's changelog.

0.20.0 - 2026-06-23

⛰️ Features

  • Derive Ord for Timestamp (#738) - (12e61b3)
  • Implement more functionality from draft-wussler-openpgp-forwarding (#723) - (47a0ce2)
  • [breaking] By default, MDC-check first when decrypting SEIPDv1; allow optional streaming (#662) - (8e0ef98)
  • Handling of ECDSA/EdDSA secret key packets with unknown curve (#796) - (1e3a886)

🐛 Bug Fixes

  • Abort on all-zero x25519 shared secret - (35e98dd)
  • Don't panic in legacy_key_id() for v2/3 keys with very short RSA modulus (#760) - (970b18f)
  • Improve draft-forwarding implementation - (e0910fe)
  • Catch underflow in a controlled manner - (c33f55b)
  • Subpacket length handling (#764) - (c9b0955)
  • Timestamp::now() panics in WASM (#784) - (a4dafc8)
  • Allow verifying signatures over empty payload - (010a2df)

🚜 Refactor

  • Replace regex with memchr for newline normalization (#744) - (0800991)
  • Replace try_key! macro with plain functions - (a162c07)

📚 Documentation

  • Add GpgFrontend to notable users and libraries (#769) - (2a943ae)
  • Document what ADSK in key flags means - (2df698c)

🧪 Testing

  • Don't run a test by default that requires "tests/tests" (#748) - (02d1536)
  • Dearmorer gets confused (in debug builds) - (747dd37)
  • Parse incomplete armored data (#765) - (5007673)
  • Add unit test for #146 (#766) - (a8a0790)

⚙️ Miscellaneous Tasks

Api

  • [breaking] Mark legacy ECC curves as such - (a888a7f)
Commits
  • a4c186a chore(pgp): release 0.20.0
  • 010a2df fix: allow verifying signatures over empty payload
  • 6cb96e1 chore: disable default num_enum features
  • f7f1050 Check signature type in verify_key_third_party()
  • bad35c6 Check signature types in verify_* methods
  • 2df698c docs: document what ADSK in key flags means
  • 1e3a886 feat: handling of ECDSA/EdDSA secret key packets with unknown curve (#796)
  • 5ae7053 handling of ECDH secret subkeys with unknown curve (#781)
  • a4dafc8 fix: Timestamp::now() panics in WASM (#784)
  • 8e0ef98 feat!: by default, MDC-check first when decrypting SEIPDv1; allow optional st...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pgp](https://github.com/rpgp/rpgp) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/rpgp/rpgp/releases)
- [Changelog](https://github.com/rpgp/rpgp/blob/main/CHANGELOG.md)
- [Commits](rpgp/rpgp@v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: pgp
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jun 23, 2026
@genedna genedna added this pull request to the merge queue Jun 24, 2026
Merged via the queue into main with commit 8883320 Jun 24, 2026
8 checks passed
@dependabot dependabot Bot deleted the dependabot/cargo/pgp-0.20.0 branch June 24, 2026 02:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant