{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":2765899,"defaultBranch":"main","name":"openpgpjs","ownerLogin":"openpgpjs","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2011-11-13T10:36:43.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1206249?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1712927990.0","currentOid":""},"activityList":{"items":[{"before":"9cb1340c58df7b20f6498ba0f8f6c2c84af017d1","after":"7e2ea3f871f5d58338497bbc1f0353ced8acecf2","ref":"refs/heads/v6","pushedAt":"2024-05-02T19:46:11.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: update cache actions to Node 20","shortMessageHtmlLink":"CI: update cache actions to Node 20"}},{"before":"2bf7c92469e4ed405a6b64af8d7072ca8019a187","after":"9cb1340c58df7b20f6498ba0f8f6c2c84af017d1","ref":"refs/heads/v6","pushedAt":"2024-04-19T14:31:34.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: update cache actions to Node 20","shortMessageHtmlLink":"CI: update cache actions to Node 20"}},{"before":"5464caa6f7f8ce7144cf45855f8f5637c2ec4e26","after":"2bf7c92469e4ed405a6b64af8d7072ca8019a187","ref":"refs/heads/v6","pushedAt":"2024-04-12T13:19:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"6.0.0-beta.0","shortMessageHtmlLink":"6.0.0-beta.0"}},{"before":"231fbbe8cadfca6e9fc54b9842320f671e0d5d3a","after":"5464caa6f7f8ce7144cf45855f8f5637c2ec4e26","ref":"refs/heads/v6","pushedAt":"2024-04-12T11:47:52.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Fix email address validity check to still allow unicode values, and further relax constraints (#1739)\n\nWe relaxed constraints in a previous commit, but excluded unicode chars, which are however allowed in v5.\r\n\r\nWe now drop almost all email address constraints, by primarily rejecting\r\ncontrol and spaces char classes.\r\nLibrary users are strongly encouraged to implement additional checks as needed,\r\nbased on their supported email address format.\r\n\r\nNB: the validity checks in question affect the userID inputs accepted by e.g.\r\n`generateKey` and `reformatKey`, not the values parsed from existing entities,\r\ne.g. using `readKey` (where almost no validation is performed).","shortMessageHtmlLink":"Fix email address validity check to still allow unicode values, and f…"}},{"before":"90c8fbbf002bae206f66f2b47984b0907395f835","after":"231fbbe8cadfca6e9fc54b9842320f671e0d5d3a","ref":"refs/heads/v6","pushedAt":"2024-04-09T17:08:31.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Run npm update","shortMessageHtmlLink":"Run npm update"}},{"before":"e9e843280b6d3b9a6b9d1e9909f829dfdfea5853","after":"90c8fbbf002bae206f66f2b47984b0907395f835","ref":"refs/heads/v6","pushedAt":"2024-04-09T15:12:44.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Add back armor checksum for non-v6 artifacts (#1741)\n\nWe need to include the checksum to work around a GnuPG bug where data fails to\r\nbe decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071).\r\nPure v6 artifacts are unaffected and won't include the checksum, as mandated by\r\nthe spec.\r\n\r\nBreaking change:\r\n`openpgp.armor` takes an additional `emitChecksum` argument (defaults to\r\nfalse).\r\nNB: some types of data must not include the checksum, but compliance is left as\r\nresponsibility of the caller: this function does not carry out any checks.\r\nRefer to the crypto-refresh RFC for more details.\r\n\r\n---------\r\n\r\nCo-authored-by: Daniel Huigens ","shortMessageHtmlLink":"Add back armor checksum for non-v6 artifacts (#1741)"}},{"before":"516451e2ec0ed777cd193653d73729240cfdd393","after":"e9e843280b6d3b9a6b9d1e9909f829dfdfea5853","ref":"refs/heads/v6","pushedAt":"2024-04-05T15:26:10.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: update to sop-openpgp-v2 to test different v6 profiles\n\nThe implemented profiles do not work on v5, hence for now they need to be manually\ndisabled in the config of 'sop-openpgpjs-main'.","shortMessageHtmlLink":"CI: update to sop-openpgp-v2 to test different v6 profiles"}},{"before":"c68bd960cea7557907891578f7a1b44cdc5f1147","after":"516451e2ec0ed777cd193653d73729240cfdd393","ref":"refs/heads/v6","pushedAt":"2024-04-05T15:22:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: update to sop-openpgp-v2 to test different v6 profiles\n\nThe implemented profiles do not work on v5, hence for now they need to be manually\ndisabled in the config of 'sop-openpgpjs-main'.","shortMessageHtmlLink":"CI: update to sop-openpgp-v2 to test different v6 profiles"}},{"before":"aa222fecb2433e36f9bcee3e236da8e6fa02114f","after":"c68bd960cea7557907891578f7a1b44cdc5f1147","ref":"refs/heads/v6","pushedAt":"2024-04-02T15:37:57.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Randomise v4 and v5 signatures via custom notation, add `config.nonDeterministicSignaturesViaNotation` to disable feature (#1737)\n\nEdDSA is known to be vulnerable to fault attacks which can lead to secret key\r\nextraction if two signatures over the same data can be collected. Randomly\r\noccurring bitflips in specific parts of the computation might in principle\r\nresult in vulnerable faulty signatures being generated.\r\nTo protect signatures generated using v4 and v5 keys from this possibility, we\r\nrandomise each signature by adding a custom notation with a random value,\r\nfunctioning as a salt. \r\nFor simplicity, we add the salt to all algos, not just EdDSA, as it may also\r\nserve as protection in case of weaknesses in the hash algo, potentially\r\nhindering e.g. some chosen-prefix attacks.\r\nv6 signatures do not need to rely on this, as they are non-deterministic by\r\ndesign.\r\n\r\nWhile this notation solution is interoperable, it will reveal that the\r\nsignature has been generated using OpenPGP.js, which may not be desirable in\r\nsome cases.\r\nFor this reason, the option `config.nonDeterministicSignaturesViaNotation`\r\n(defaulting to true) has been added to turn off the feature.","shortMessageHtmlLink":"Randomise v4 and v5 signatures via custom notation, add `config.nonDe…"}},{"before":"6ebd179ed58c698d94599af48836825f0f7c902e","after":"aa222fecb2433e36f9bcee3e236da8e6fa02114f","ref":"refs/heads/v6","pushedAt":"2024-03-28T13:24:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Drop `config.revocationsExpire`, always honour revocation expiration instead (#1736)\n\nUnclear motivation for adding the original config option; if an expiration is there, it should\r\nbe honoured.\r\n\r\nBreaking change:\r\nthe option used to default to `false`, and ignore revocation expirations. We now honour\r\nthose expirations, namely match the behaviour resulting from setting the option to `true`.","shortMessageHtmlLink":"Drop config.revocationsExpire, always honour revocation expiration …"}},{"before":"2574795d37a1745250bac43fa62aed91dd2c1f8d","after":"6ebd179ed58c698d94599af48836825f0f7c902e","ref":"refs/heads/v6","pushedAt":"2024-03-22T16:29:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Fix encrypting to a key with no declared features","shortMessageHtmlLink":"Fix encrypting to a key with no declared features"}},{"before":"b41298a3f6a3ebf91e3ce0ba0b5b653dc3144770","after":"2574795d37a1745250bac43fa62aed91dd2c1f8d","ref":"refs/heads/v6","pushedAt":"2024-03-22T16:10:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Fix wrong serialization of PKESK v6 for x25519/x448 (#1734)\n\nThe cleartext session key symmetric algorithm was accidentally included in the packet.\r\nAs a result, the generated messages may fail to parse and/or decrypt in other implementations.\r\nThe messages would still decrypt successfully in OpenPGP.js, due to an overly permissive parsing procedure,\r\nwhich simply discarded the unused additional byte.\r\n\r\nWe know also throw on unexpected cleartext symmetric algo in PKESK v6.","shortMessageHtmlLink":"Fix wrong serialization of PKESK v6 for x25519/x448 (#1734)"}},{"before":"b340608546f87a73238f3370fa5611130dbbbf8d","after":"b41298a3f6a3ebf91e3ce0ba0b5b653dc3144770","ref":"refs/heads/v6","pushedAt":"2024-03-22T15:28:44.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Add back armor checksum to detached signatures for GPG compatibility\n\nGPG v2 fails to parse detached signatures without the checksum","shortMessageHtmlLink":"Add back armor checksum to detached signatures for GPG compatibility"}},{"before":"fd2b021199134fda468ebf5799ef2a691e48c39f","after":"b340608546f87a73238f3370fa5611130dbbbf8d","ref":"refs/heads/v6","pushedAt":"2024-03-22T10:44:58.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: fix sop test result comparison","shortMessageHtmlLink":"CI: fix sop test result comparison"}},{"before":"360760e8e32b22627aa1fe18b0640bd54b3e3560","after":"fd2b021199134fda468ebf5799ef2a691e48c39f","ref":"refs/heads/v6","pushedAt":"2024-03-22T08:33:43.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: update SOP test suite, and compare with gopenpgp v3\n\nTo run crypto-refresh tests","shortMessageHtmlLink":"CI: update SOP test suite, and compare with gopenpgp v3"}},{"before":"34904daec9090b9ac7690d00220c23124ec0f9f0","after":"360760e8e32b22627aa1fe18b0640bd54b3e3560","ref":"refs/heads/v6","pushedAt":"2024-03-21T14:26:08.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: update SOP test suite, and compare with gopenpgp v3\n\nTo run crypto-refresh tests","shortMessageHtmlLink":"CI: update SOP test suite, and compare with gopenpgp v3"}},{"before":"147d043a32e27ddfec82f5efffb790ac7803c34f","after":"34904daec9090b9ac7690d00220c23124ec0f9f0","ref":"refs/heads/v6","pushedAt":"2024-03-21T13:10:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: update SOP test suite, and compare with gopenpgp v3\n\nTo run crypto-refresh tests","shortMessageHtmlLink":"CI: update SOP test suite, and compare with gopenpgp v3"}},{"before":"3f9897c840ca8e74cfc99f64d1b046170ba738c2","after":"63a1f9eed9dc9ecf678de969adf5a74f9f193f97","ref":"refs/heads/crypto-refresh","pushedAt":"2024-03-19T14:19:05.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Use v6 keys by default","shortMessageHtmlLink":"Use v6 keys by default"}},{"before":"f5cebfe6fdbbcbf072805b3a1aef61314ff4dd96","after":"147d043a32e27ddfec82f5efffb790ac7803c34f","ref":"refs/heads/v6","pushedAt":"2024-02-28T12:27:56.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"6.0.0-alpha.1","shortMessageHtmlLink":"6.0.0-alpha.1"}},{"before":"1fb7422e8ae9f183ca3d0d093506fb51ce67ede1","after":"f5cebfe6fdbbcbf072805b3a1aef61314ff4dd96","ref":"refs/heads/v6","pushedAt":"2024-02-28T12:06:41.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: update Playwright browser installation","shortMessageHtmlLink":"CI: update Playwright browser installation"}},{"before":"15adf84a7dcec0bf2b33a59034339272f610135c","after":"1fb7422e8ae9f183ca3d0d093506fb51ce67ede1","ref":"refs/heads/v6","pushedAt":"2024-02-28T11:59:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: update Playwright browser installation","shortMessageHtmlLink":"CI: update Playwright browser installation"}},{"before":"151f15e2823e78797976cf8a15f8e08fd76e8632","after":"15adf84a7dcec0bf2b33a59034339272f610135c","ref":"refs/heads/v6","pushedAt":"2024-02-28T11:52:12.000Z","pushType":"push","commitsCount":7,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Run npm update","shortMessageHtmlLink":"Run npm update"}},{"before":"a6283e64cc3490a31c4143d6fe2e46bb6693995f","after":"151f15e2823e78797976cf8a15f8e08fd76e8632","ref":"refs/heads/v6","pushedAt":"2024-02-27T13:56:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Node: drop asn1.js dependency (#1722)\n\nasn1.js is a fairly large lib and was simply needed to handle DER encodings in\r\nsome NodeCrypto operations.\r\nThis change replaces the dependency by moving to:\r\n\r\n- JWT encoding for RSA (support added in Node v15)\r\n- a much lighter dependency (eckey-utils) for ECDSA, where JWT cannot be used\r\nfor now, as Node has yet to add decoding support for Brainpool curves.\r\n\r\nThe change also allows us to drop BN.js as a direct dependency, optimising the\r\nBigInteger-related chunking in the lightweight build.","shortMessageHtmlLink":"Node: drop asn1.js dependency (#1722)"}},{"before":"db15f6d6a16430b4f1723dae981d121bf6409474","after":"a6283e64cc3490a31c4143d6fe2e46bb6693995f","ref":"refs/heads/v6","pushedAt":"2024-02-27T13:43:24.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Drop internal `cipher/aes` module\n\nThe module was barely used, and its presence confusing, since\nWebCrypto or asmcrypto are often directly used and usable instead.\nAlso, use AES_CBC instead of AES_ECB for single-block encryption,\nso that we can drop support for the latter in the asmcrypto lib.","shortMessageHtmlLink":"Drop internal cipher/aes module"}},{"before":"b413a113f99cfce602e192adb467680e31081777","after":"db15f6d6a16430b4f1723dae981d121bf6409474","ref":"refs/heads/v6","pushedAt":"2024-02-26T14:37:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Import legacy ciphers (CAST5, TwoFish, BlowFish, DES) only on demand (#1723)\n\nThis primarily affects the lightweight build, which will not include these\r\n(fairly large) modules in the main bundle file.","shortMessageHtmlLink":"Import legacy ciphers (CAST5, TwoFish, BlowFish, DES) only on demand (#…"}},{"before":"a4e2c56c49adb3163627ab6f55ed8ec35fc729b7","after":"026b348cf87988cf95896dd9c5dd1a0c8129ddb1","ref":"refs/heads/main","pushedAt":"2024-02-19T16:24:42.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"5.11.1","shortMessageHtmlLink":"5.11.1"}},{"before":"7a6b41fbd45bbd0591cc12f7861e24516eb06ff7","after":"a4e2c56c49adb3163627ab6f55ed8ec35fc729b7","ref":"refs/heads/main","pushedAt":"2024-02-19T16:14:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"Use JS fallback code for RSA message decryption in Node if PKCS#1 is not supported (#1728)\n\nNecessary as Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption.","shortMessageHtmlLink":"Use JS fallback code for RSA message decryption in Node if PKCS#1 is …"}},{"before":"17bbab44c9c2291bc5b814ca7800e529184a135b","after":"7a6b41fbd45bbd0591cc12f7861e24516eb06ff7","ref":"refs/heads/main","pushedAt":"2024-02-19T14:17:41.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"README: replace \"IETF proposal\" with \"RFC4880bis proposal\" (#1726)","shortMessageHtmlLink":"README: replace \"IETF proposal\" with \"RFC4880bis proposal\" (#1726)"}},{"before":"7003d19c71044fb731899b69403089f4b47eddc7","after":"17bbab44c9c2291bc5b814ca7800e529184a135b","ref":"refs/heads/main","pushedAt":"2024-02-19T12:52:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"README: clarify web-stream-tools version to install for TypeScript projects [skip ci]","shortMessageHtmlLink":"README: clarify web-stream-tools version to install for TypeScript pr…"}},{"before":"280828dae65b0b5aae923510049fe4da8c471333","after":"b413a113f99cfce602e192adb467680e31081777","ref":"refs/heads/v6","pushedAt":"2024-02-12T12:53:55.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"larabr","name":null,"path":"/larabr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7375870?s=80&v=4"},"commit":{"message":"CI: update actions to Node 20","shortMessageHtmlLink":"CI: update actions to Node 20"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEQCjUZgA","startCursor":null,"endCursor":null}},"title":"Activity · openpgpjs/openpgpjs"}