build(deps): bump openpgp from 5.0.0-5 to 5.0.0

[dependabot]

Bumps openpgp from 5.0.0-5 to 5.0.0.

Release notes

Sourced from openpgp's releases.

v5.0.0

This is the first stable release of OpenPGP.js v5 (no more breaking changes to the high-level API will be made). There are no changes since the last prerelease (v5.0.0-6). The changelog since OpenPGP.js v4 is:

Security improvements

• Improve the security of newly generated keys:
  • Generate ECC keys by default (#1065)
  • RSA keys can still be generated with the new type parameter of generateKey: (#1179)

    import { generateKey } from 'openpgp';
    const { privateKey } = await generateKey({
      userIDs: [{ name: 'Test', email: 'test@email' }],
      type: 'rsa'
    });

  • Newly generated RSA keys are now 4096-bits by default
  • Remove SHA-1 from the default preferred hash algorithms (#1067)
  • Remove 3DES and CAST5 from the default preferred symmetric algorithms (#1068)
• Reject certain insecure keys by default:
  • Add config.rejectPublicKeyAlgorithms, and default to disallowing the use of ElGamal and DSA for encrypting new messages and signing and verifying signatures, respectively (#1264)
  • Reject RSA keys with fewer than config.minRSABits bits (defaulting to 2048) when encrypting new messages and signing and verifying signatures, not just on key generation (#1264)
  • If you want to make an exception for a certain key or algorithm, rather than adjusting the global openpgp.config, you can now pass a config to a single function call, perhaps after warning the user / confirming that they want to allow this; for example:

    import { createMessage, encrypt } from 'openpgp';
    const message = await createMessage('Hello world!');
    try {
      await encrypt({
        message,
        encryptionKeys: publicKeys
      });
    } catch (err) {
      if (err.message.includes('...') && confirm('Warning: keys are insecure. Use anyway?')) {
        await encrypt({
          message,
          encryptionKeys: publicKeys,
          config: { minRSABits: 1024, rejectPublicKeyAlgorithms: new Set() }
        });
      } else {
        throw err;
      }
    }

    Of course, if at all possible, it's better to (ask users to) generate new keys, instead.
• … and a few smaller configuration changes

Library size reductions

• openpgp.HKP has been moved to a separate package: openpgpjs/hkp-client
• openpgp.WKD has been moved to a separate package: openpgpjs/wkd-client
• openpgp.Keyring and LocalStore have been removed, because keyring handling and storage should be handled in the application, as localStorage may not meet the durability requirements of the application.

... (truncated)

Commits

• acafb28 5.0.0
• 4f1c474 5.0.0-6
• a599638 Docs: clarify content of returned signatures value in openpgp.verify and ...
• 3fa778a Add config.rejectCurves and prevent generating keys using blacklisted algor...
• f57d352 Set default config.minRSABits to 2047 (#1392)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #508 (c071c70) into master (f6d4366) will increase coverage by 0.68%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #508      +/-   ##
==========================================
+ Coverage   95.23%   95.91%   +0.68%     
==========================================
  Files           4        4              
  Lines         147      147              
  Branches       40       40              
==========================================
+ Hits          140      141       +1     
+ Misses          7        6       -1     

Flag	Coverage Δ
demo	85.71% <ø> (ø)
macos-latest	95.91% <ø> (+0.68%)	⬆️
script	96.99% <ø> (+0.75%)	⬆️
ubuntu-latest	95.91% <ø> (+0.68%)	⬆️
windows-latest	95.91% <ø> (+0.68%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
src/buildExec.ts	99.00% <0.00%> (+1.00%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f6d4366...c071c70. Read the comment docs.