Skip to content

fix(deps): bump openpgp from 6.3.0 to 6.3.1#593

Merged
larryrider merged 1 commit into
mainfrom
dependabot-npm_and_yarn-openpgp-6.3.1
Jun 8, 2026
Merged

fix(deps): bump openpgp from 6.3.0 to 6.3.1#593
larryrider merged 1 commit into
mainfrom
dependabot-npm_and_yarn-openpgp-6.3.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 6, 2026

Copy link
Copy Markdown
Contributor

Bumps openpgp from 6.3.0 to 6.3.1.

Release notes

Sourced from openpgp's releases.

v6.3.1

What's Changed

  • Add config.maxArgon2MemoryExponent for argon2 memory limit (#1943, #2014)
  • Fix RSA signing using SHA3 (#1952)
  • Allow creating signature notations when generating/reformatting keys (#1953)
  • TS: fix 'node16'/'nodenext' compatibility, and emit type declarations for .ts files with external exports under dist/types (#1987)
  • TS: fix AnyPacket declaration to also include BasePacket<true> subclasses (#1991)
  • Fix non-zero IV usages for AES-CFB (spec compliance issue; no security or interoperability impact) (#2012)
  • Various dependency version bumps

Full Changelog: openpgpjs/openpgpjs@v6.3.0...v6.3.1

Commits
  • 2ac0048 6.3.1
  • 3c6abc9 Argon2: set hard limit for config.maxArgon2MemoryExponent to cap memory at ...
  • cba2904 Internal: fix readExactSubarray to correctly enforce end boundary (#2013)
  • 4318a48 Run npm audit
  • dd9274e Fix non-zero IV usages for AES-CFB (#2012)
  • 0a67d5e npm: add min-release-age constraint (for manual installs)
  • 2ba545d Bump the dev-dependencies group across 1 directory with 9 updates (#2011)
  • 657ac64 Bump eslint-plugin-unicorn from 62.0.0 to 64.0.0 (#1999)
  • df8c044 Bump fflate from 0.8.2 to 0.8.3 (#2007)
  • 3891531 Bump fast-xml-builder (#2003)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
fix(deps): bump openpgp from 6.3.0 to 6.3.1
0d45f7e 
Bumps [openpgp](https://github.com/openpgpjs/openpgpjs) from 6.3.0 to 6.3.1.
- [Release notes](https://github.com/openpgpjs/openpgpjs/releases)
- [Commits](openpgpjs/openpgpjs@v6.3.0...v6.3.1)

---
updated-dependencies:
- dependency-name: openpgp
  dependency-version: 6.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 6, 2026
@dependabot dependabot Bot requested a review from larryrider as a code owner June 6, 2026 04:13
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 6, 2026
@larryrider larryrider merged commit f6efd9d into main Jun 8, 2026
4 of 5 checks passed
@larryrider larryrider deleted the dependabot-npm_and_yarn-openpgp-6.3.1 branch June 8, 2026 08:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@larryrider larryrider larryrider approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@larryrider