chore(deps): bump openpgp and renovate

[dependabot]

Bumps openpgp to 5.10.2 and updates ancestor dependency renovate. These dependencies need to be updated together.

Updates openpgp from 5.7.0 to 5.10.2

Release notes

Sourced from openpgp's releases.

v5.10.2

What's Changed

• Fix CFB decryption performance in JS fallback for ciphers other than AES (#1679)
• Minor: fix packet validity check for new curve25519 keys without key flags

Full Changelog: openpgpjs/openpgpjs@v5.10.1...v5.10.2

v5.10.1

Reject cleartext messages with extraneous data preceeding hash, addressing: GHSA-ch3c-v47x-4pgp.

v5.10.0

• crypto-refresh: add support for new Ed25519/X25519 keys, signatures and messages (#1620)
• Support parsing encrypted key with unknown s2k types or cipher algos (#1658)
• Fix forward compatibility of keys, SKESKs, and detached/cleartext signatures and ECDH (#1656)

This release does not include any breaking changes.

Full Changelog: openpgpjs/openpgpjs@v5.9.0...v5.10.0

v5.9.0

• Add support for verifying User Attributes in verifyAllUsers (#1637)
• Allow email addresses with trailing numbers in domain (#1642)
• TS: add declaration for verify with CleartextMessage input (#1640)
• Add revoke to Subkey in type definition (#1639)

v5.8.0

• Add additionalAllowedPackets config option, to allow parsing packets that are not usually expected/allowed in a given context (openpgpjs/openpgpjs#1618)
• Fix shorthand check on user revoked status in getPrimaryUser method (openpgpjs/openpgpjs#1623)
• Run Sequoia's OpenPGP interoperability test suite in CI, to catch interoperability regressions (openpgpjs/openpgpjs#1603)

Commits

• d6145ac 5.10.2
• f90c53a Minor: fix packet validity check for new curve25519 keys without key flags
• 2ba8229 Fix CFB decryption performance in JS fallback for ciphers other than AES (#1679)
• 5d02e3a 5.10.1
• 6b43e02 Merge pull request from GHSA-ch3c-v47x-4pgp
• 11b5999 Reject cleartext messages with extraneous data preceeding hash header
• 4df86e5 5.10.0
• 8d4dd34 Merge pull request #1620
• 5ae2846 CI: test on iOS Safari 14 instead of 15 to have access to SubtleCrypto
• b164190 Internal: rename Curves to CurvesWithOID
• Additional commits viewable in compare view

Updates renovate from 34.160.0 to 37.3.2

Release notes

Sourced from renovate's releases.

37.3.2

37.3.2 (2023-10-02)

Bug Fixes

• deps: update ghcr.io/containerbase/sidecar docker tag to v9.20.8 (#24962) (be9d896)

Miscellaneous Chores

• deps: update dependency @​types/semver to v7.5.3 (#24961) (7b025ce)

37.3.1

37.3.1 (2023-10-02)

Bug Fixes

• versionCompatibility: fix compatibility suffix (#24954) (e6fdecd)

Documentation

• versionCompatbility: fix suffix example (8a0956d)

Miscellaneous Chores

• improve descriptions (#24946) (45ca2cf)

Code Refactoring

• types: optional newValue (#24953) (1b70c42)

Continuous Integration

• drop actions/stale bot for issues and PRs (#24950) (260c9af)

37.3.0

37.3.0 (2023-10-02)

Features

• versionCompatibility (#24717) (42b3a7c)

... (truncated)

Commits

• 7b025ce chore(deps): update dependency @​types/semver to v7.5.3 (#24961)
• be9d896 fix(deps): update ghcr.io/containerbase/sidecar docker tag to v9.20.8 (#24962)
• 260c9af ci: drop actions/stale bot for issues and PRs (#24950)
• e6fdecd fix(versionCompatibility): fix compatibility suffix (#24954)
• 1b70c42 refactor(types): optional newValue (#24953)
• 8a0956d docs(versionCompatbility): fix suffix example
• 45ca2cf chore: improve descriptions (#24946)
• 42b3a7c feat: versionCompatibility (#24717)
• d847715 refactor(helm): More idiomatic schema usage (#24934)
• 4b9bb12 docs: update references to renovate/renovate to v37 (#24935)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.