Sourced from github.com/ProtonMail/go-crypto's releases.

Release v1.3.0

What's Changed

• API v2: Tolerate invalid key signatures if one verifies in ProtonMail/go-crypto#284
• Enforce acceptable hash functions in clearsign in ProtonMail/go-crypto#281
• Allow to set a decompressed message size limit in ProtonMail/go-crypto#285
• API v1: Only allow acceptable hashes when writing signatures in ProtonMail/go-crypto#286

Full Changelog: https://github.com/ProtonMail/go-crypto/compare/v1.2.0...v1.3.0

Release v1.3.0-proton

This release is v1.3.0 with support for the following non-standardized features:

• Presistent symmetric keys experimental + latest draft draft-ietf-openpgp-persistent-symmetric-keys-00
• Automatic forwarding draft-wussler-openpgp-forwarding-00
• Post-quantum algorithms draft-ietf-openpgp-pqc (Updated to draft-ietf-openpgp-pqc-09)

• 3b22d85 Merge pull request #286 from ProtonMail/feat/v1-api-enforce-signature-hashes
• a9af95c feat(v1): Only allow acceptable hashes when writing signatures
• 3c60603 Merge pull request #285 from ProtonMail/feat/decompression-size-limit
• d664700 feat: Allow to set a decompressed size limit
• e1ea40e Merge pull request #281 from ProtonMail/fix/clearsign-check-hash
• 9cd4c3a feat(clearsign): Write complete legacy hash header
• 244eb1c fix(clearsign): Enforce acceptable hash functions in clearsign
• a994e32 Merge pull request #284 from ProtonMail/feat/less-restrictive-key-signature
• 8fe0e95 feat(v2): Tolerate invalid key signatures if one passes
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)