fix: dependabot alert for openpgp (#13282)

* fix: dependabot alert for openpgp

* chore: run yarn deep-clean-install

* chore: run yarn deep-clean-install without dedupe

* fix: update openpgp in e2e-tests

---------

Co-authored-by: 0.618 <[email protected]>

packages/amplify-e2e-tests/package.json

@@ -74,6 +74,7 @@
     "@types/openpgp": "^4.4.18",
     "@types/ws": "^7.4.4",
     "jest": "^29.5.0",
+    "openpgp": "^5.10.2",
     "ts-jest": "^29.1.0",
     "ts-node": "^10.4.0"
   },

packages/amplify-opensearch-simulator/package.json

@@ -34,14 +34,14 @@
     "get-port": "^5.1.1",
     "gunzip-maybe": "^1.4.2",
     "node-fetch": "^2.6.7",
-    "openpgp": "^4.10.10",
+    "openpgp": "^5.10.2",
     "promise-toolbox": "^0.20.0",
     "tar": "^6.1.11",
     "wait-port": "^0.2.7"
   },
   "devDependencies": {
     "@types/node": "^12.12.6",
-    "@types/openpgp": "^4.4.18",
+    "@types/openpgp": "^4.4.19",
     "uuid": "^8.3.2"
   },
   "berry": {

packages/amplify-opensearch-simulator/src/index.ts

@@ -305,13 +305,13 @@ export const ensureOpenSearchLocalExists = async (pathToOpenSearchData: string)
   const latestPublicKey = await nodeFetch(publicKeyUrl).then((res) => res.text());
   const opensearchSimulatorGunZippedTarball = await nodeFetch(opensearchMinLinuxArtifactUrl).then((res) => res.buffer());
 
-  const signature = await openpgp.signature.read(latestSig);
-  const publickey = await openpgp.key.readArmored(latestPublicKey);
-  const message = await openpgp.message.fromBinary(new Uint8Array(opensearchSimulatorGunZippedTarball));
+  const signature = await openpgp.readSignature({ binarySignature: latestSig });
+  const publickey = await openpgp.readKey({ armoredKey: latestPublicKey });
+  const message = await openpgp.createMessage({ binary: new Uint8Array(opensearchSimulatorGunZippedTarball) });
   const verificationResult = await openpgp.verify({
     message: message,
     signature: signature,
-    publicKeys: publickey.keys,
+    verificationKeys: publickey,
   });
 
   const { verified } = verificationResult.signatures[0];

yarn.lock

@@ -765,15 +765,15 @@ __metadata:
     "@aws-amplify/amplify-cli-core": 4.2.7
     "@aws-amplify/amplify-prompts": 2.8.4
     "@types/node": ^12.12.6
-    "@types/openpgp": ^4.4.18
+    "@types/openpgp": ^4.4.19
     aws-sdk: ^2.1426.0
     detect-port: ^1.3.0
     execa: ^5.1.1
     fs-extra: ^8.1.0
     get-port: ^5.1.1
     gunzip-maybe: ^1.4.2
     node-fetch: ^2.6.7
-    openpgp: ^4.10.10
+    openpgp: ^5.10.2
     promise-toolbox: ^0.20.0
     tar: ^6.1.11
     uuid: ^8.3.2
@@ -12783,12 +12783,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/openpgp@npm:^4.4.18":
-  version: 4.4.18
-  resolution: "@types/openpgp@npm:4.4.18"
+"@types/openpgp@npm:^4.4.18, @types/openpgp@npm:^4.4.19":
+  version: 4.4.19
+  resolution: "@types/openpgp@npm:4.4.19"
   dependencies:
     "@types/bn.js": "*"
-  checksum: 01e70eecc91a11878672da1c774babc33ca31e5822f541b32c8d9f6ec2f0c06acd0a679530294a0178d7152a940544053141f149e148fa166456421f351407b3
+  checksum: 1d01f52cad3e3996c647467a31aa552b7acadfe6ed8df15088c7ef7d0aaffc49cf16d8cb87a30cbd96071098cc7e09e5f4a876c85430f08a27b7d8653f2e43a6
   languageName: node
   linkType: hard
 
@@ -14034,6 +14034,7 @@ __metadata:
     moment: ^2.24.0
     node-fetch: ^2.6.7
     node-pty: beta
+    openpgp: ^5.10.2
     rimraf: ^3.0.0
     title-case: ^3.0.3
     ts-jest: ^29.1.0
@@ -25576,7 +25577,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"node-fetch@npm:2.6.7, node-fetch@npm:^2.1.2, node-fetch@npm:^2.6.1, node-fetch@npm:^2.6.5, node-fetch@npm:^2.6.6, node-fetch@npm:^2.6.7":
+"node-fetch@npm:2.6.7, node-fetch@npm:^2.6.1, node-fetch@npm:^2.6.5, node-fetch@npm:^2.6.6, node-fetch@npm:^2.6.7":
   version: 2.6.7
   resolution: "node-fetch@npm:2.6.7"
   dependencies:
@@ -25635,15 +25636,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"node-localstorage@npm:~1.3.0":
-  version: 1.3.1
-  resolution: "node-localstorage@npm:1.3.1"
-  dependencies:
-    write-file-atomic: ^1.1.4
-  checksum: 78eb29d4fa36bd7fc1f48a6e197201beb46d75532ad5ba11932f29fd60ed7e0d83018977a31e0bea44ef49d3c8448f5ddf0eb7566fcc5f6321b29d45f36663a6
-  languageName: node
-  linkType: hard
-
 node-pty@beta:
   version: 0.11.0-beta19
   resolution: "node-pty@npm:0.11.0-beta19"
@@ -26354,14 +26346,12 @@ node-pty@beta:
   languageName: node
   linkType: hard
 
-"openpgp@npm:^4.10.10":
-  version: 4.10.10
-  resolution: "openpgp@npm:4.10.10"
+"openpgp@npm:^5.10.2":
+  version: 5.10.2
+  resolution: "openpgp@npm:5.10.2"
   dependencies:
     asn1.js: ^5.0.0
-    node-fetch: ^2.1.2
-    node-localstorage: ~1.3.0
-  checksum: abec215d19bc2d6c7a4a7fbf970f8003c495338d948ef3a6abd36bab5a5036a7217e2ea89d899c313e70a7c54ae819f1550c6ae657095d334e8acaec743578bf
+  checksum: 2978a8f3b39c74da92aea268def44a75e9e41665157f6a60bd753d5c0d44d2ea659ae17c6095be6d3d1485fd556d65a31403ef63cf24451fc113794e7f2e74a9
   languageName: node
   linkType: hard
 
@@ -30135,13 +30125,6 @@ node-pty@beta:
   languageName: node
   linkType: hard
 
-"slide@npm:^1.1.5":
-  version: 1.1.6
-  resolution: "slide@npm:1.1.6"
-  checksum: f3bde70fd4c0a2ba6c23c674f010849865ddfacbc0ae3a57522d7ce88e4cc6c186d627943c34004d4f009a3fb477c03307b247ab69a266de4b3c72b271a6a03a
-  languageName: node
-  linkType: hard
-
 "smart-buffer@npm:^4.2.0":
   version: 4.2.0
   resolution: "smart-buffer@npm:4.2.0"
@@ -33174,17 +33157,6 @@ node-pty@beta:
   languageName: node
   linkType: hard
 
-"write-file-atomic@npm:^1.1.4":
-  version: 1.3.4
-  resolution: "write-file-atomic@npm:1.3.4"
-  dependencies:
-    graceful-fs: ^4.1.11
-    imurmurhash: ^0.1.4
-    slide: ^1.1.5
-  checksum: 6f6270708f12e9bba36c527da3f06e4e11146681947b00732695f769f23651713e085e88a5e0f8d04f40d131ed1f1f588d9eeade3a0f862fe8a91f4b4a15a23c
-  languageName: node
-  linkType: hard
-
 "write-file-atomic@npm:^2.4.2":
   version: 2.4.3
   resolution: "write-file-atomic@npm:2.4.3"