build(deps): bump openpgp from 5.0.1 to 5.2.0 in /website

[dependabot]

Bumps openpgp from 5.0.1 to 5.2.0.

Release notes

Sourced from openpgp's releases.

v5.2.0

• Drop MS Edge Legacy support (#1474)
• Check existence of navigator before using it (#1475)
• Fix Key.isRevoked() and SignaturePacket.verify() TypeScript definitions, and remove SignaturePacket.verified from Typescript declarations (#1486, #1494)
• CI: Update mocha (#1503)

v5.1.0

• Add support for constant-time decryption of PKCS#1 v1.5-encoded session keys (#1445)

  Implement optional constant-time decryption flow to hinder Bleichenbacher-like attacks against RSA- and ElGamal public-key encrypted session keys.

  Changes:

  • Add config.constantTimePKCS1Decryption to enable the constant-time processing (defaults to false). The constant-time option is off by default since it has measurable performance impact on message decryption, and it is only helpful in specific application scenarios (more info below).
  • Add config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms (defaults to the AES algorithms). The set of supported ciphers is restricted by default since the number of algorithms negatively affects performance.

  Bleichenbacher-like attacks are of concern for applications where both of the following conditions are met:

  1. New/incoming messages are automatically decrypted (without user interaction);
  2. An attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).

• Check key requirements in PrivateKey.addSubkey() (#1423)

  Breaking change: when generating new subkeys through key.addSubkey(), we now check config.rejectCurves and prevent adding subkeys using the corresponding curves. By default, config.rejectCurves includes the brainpool curves (brainpoolP256r1, brainpoolP384r1, brainpoolP512r1) and the Bitcoin curve (secp256k1).

  This is a follow up to #1395, which introduced the same check to openpgp.generateKey.

• Initial Deno support (#1448)

• Replace strings with integer algorithm identifiers in packet classes (#1410)

  In several packet classes, we used to store string identifiers for public-key, aead, cipher or hash algorithms. To make the code consistent and to avoid having to convert to/from string values, we now always store integer values instead, e.g. enums.symmetric.aes128 is used instead of 'aes128'.

  This is not expected to be a breaking change for most library users. Note that the type of Key.getAlgorithmInfo() and of the session key objects returned and accepted by top-level functions remain unchanged.

  Affected classes (type changes for some properties and method's arguments):

  • PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket
  • SymEncryptedIntegrityProtectedDataPacket, AEADEncryptedDataPacket, SymmetricallyEncryptedDataPacket
  • LiteralDataPacket, CompressedDataPacket
  • PublicKeyEncryptedSessionKey, SymEncryptedSessionKeyPacket
  • SignaturePacket

  Other potentially breaking changes:

  • Removed property AEADEncryptedDataPacket.aeadAlgo, since it was redudant given .aeadAlgorithm.
  • Renamed AEADEncryptedDataPacket.cipherAlgo -> .cipherAlgorithm

• CI: create annotations on performance regression warnings/errors (#1441)

• CI: use Node v16 instead of v15

• Update documentation link (#1455)

• Rename master branch to main

Commits

• a1ef5f5 5.2.0
• 7aaa34d CI: update mocha (#1503)
• e5c7c77 TypeScript: fix data argument type in SignaturePacket.verify() (#1494)
• f93f59e Check existence of navigator before using it (#1475)
• f54b133 Drop MS Edge Legacy support (#1474)
• 255926a TypeScript: mark signature arg as optional in Key.isRevoked() and remove ...
• 717f6bf Update web-stream-tools
• 917b5e5 Persist docs/CNAME after release
• d5d8de3 Create CNAME
• bd13edf 5.1.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #1283 (4ae832e) into master (56b95d4) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1283   +/-   ##
=======================================
  Coverage   76.97%   76.97%           
=======================================
  Files           7        7           
  Lines         456      456           
=======================================
  Hits          351      351           
  Misses         73       73           
  Partials       32       32           

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more