Bump github.com/privacybydesign/irmago from 0.12.6 to 0.13.3

[dependabot]

Bumps github.com/privacybydesign/irmago from 0.12.6 to 0.13.3.

Release notes

Sourced from github.com/privacybydesign/irmago's releases.

v0.13.3

Fixed

• Auto-update mechanism of IRMA configuration not working in ghcr.io/privacybydesign/irma Docker container
• Panics occur when the timestamp file does not exist in a scheme directory

v0.13.2

What's Changed

• feat: remove mail header 'Content-Transfer-Encoding: binary' by @​sanderhollaar in privacybydesign/irmago#331

Full Changelog: privacybydesign/irmago@v0.13.1...v0.13.2

v0.13.1

Fixed

• Invalid amount of arguments in query scan when e-mail revalidation is disabled

v0.13.0

Added

• E-mail address revalidation, addressing issues where user's e-mail addresses can be (temporary) invalid
• Publish the Docker image of the irma CLI tool on ghcr.io/privacybydesign/irma
• Support for revocation db type sqlserver (Microsoft SQL Server)

Changed

• Use separate application user in Dockerfile for entrypoint
• Rename RevocationStorage's UpdateLatest function to LatestUpdates. This name better fits its behaviour. The functionality stays the same.
• Validate revocation witness before revocation update is applied
• RevocationStorage's EnableRevocation function does not return an error anymore if it has been enabled already
• Use a Docker image created from scratch as base for the Dockerfile
• Custom WrapErrorPrefix function that respects the error's type
• Log info message of irma.SessionError errors

As part of e-mail address revalidation:

• VerifyMXRecord incorporates a check to see if there is an active network connection
• MyIrma server: /user returns an additional field revalidate_in_progress in the JSON response body, indicating whether the e-mail address is being revalidated or not
• MyIrma server: /user/delete and /email/remove return a 500 status code and REVALIDATE_EMAIL error type if one or more e-mail addresses of the user are invalid

Note: Enabling e-mail address revalidation requires a change in the database schema. In order to do this please add the revalidate_on column of type bigint to the irma.emails table. See the schema file. Otherwise e-mail address revalidation is disabled and there will not be a breaking change.

Fixed

• Race conditions in database logic of revocation storage
• irma scheme verify not detecting missing files in index
• Scheme verification/signing does not reject credentials with invalid revocation settings
• Write transactions within memory implementation of revocation storage may lead to unintended changes

Removed

• Superfluous openssl package in Dockerfile

Security

• Let IRMA servers by default reject IRMA/Yivi apps that don't support pairing codes (IRMA protocol version <= 2.7)

Note: This is an important security update for issuers to make sure that pairing codes cannot be circumvented.

... (truncated)

Changelog

Sourced from github.com/privacybydesign/irmago's changelog.

[0.13.3] - 2023-09-06

Fixed

• Auto-update mechanism of IRMA configuration not working in ghcr.io/privacybydesign/irma Docker container
• Panics occur when the timestamp file does not exist in a scheme directory

[0.13.2] - 2023-08-22

Changed

• Remove mail header 'Content-Transfer-Encoding: binary' The header gets converted to 'Content-Transfer-Encoding: quoted-printable' causing 'arc=fail (body hash mismatch)' with gmail

[0.13.1] - 2023-08-16

Fixed

• Invalid amount of arguments in query scan when e-mail revalidation is disabled

[0.13.0] - 2023-08-10

Added

• E-mail address revalidation, addressing issues where user's e-mail addresses can be (temporary) invalid
• Publish the Docker image of the irma CLI tool on ghcr.io/privacybydesign/irma
• Support for revocation db type sqlserver (Microsoft SQL Server)

Changed

• Use separate application user in Dockerfile for entrypoint
• Rename RevocationStorage's UpdateLatest function to LatestUpdates. This name better fits its behaviour. The functionality stays the same.
• Validate revocation witness before revocation update is applied
• RevocationStorage's EnableRevocation function does not return an error anymore if it has been enabled already
• Use a Docker image created from scratch as base for the Dockerfile
• Custom WrapErrorPrefix function that respects the error's type
• Log info message of irma.SessionError errors

As part of e-mail address revalidation:

• VerifyMXRecord incorporates a check to see if there is an active network connection
• MyIrma server: /user returns an additional field revalidate_in_progress in the JSON response body, indicating whether the e-mail address is being revalidated or not
• MyIrma server: /user/delete and /email/remove return a 500 status code and REVALIDATE_EMAIL error type if one or more e-mail addresses of the user are invalid

Note: Enabling e-mail address revalidation requires a change in the database schema. In order to do this please add the revalidate_on column of type bigint to the irma.emails table. See the schema file. Otherwise e-mail address revalidation is disabled and there will not be a breaking change.

Fixed

• Race conditions in database logic of revocation storage
• irma scheme verify not detecting missing files in index
• Scheme verification/signing does not reject credentials with invalid revocation settings
• Write transactions within memory implementation of revocation storage may lead to unintended changes

Removed

• Superfluous openssl package in Dockerfile

Security

• Let IRMA servers by default reject IRMA/Yivi apps that don't support pairing codes (IRMA protocol version <= 2.7)

Note: This is an important security update for issuers to make sure that pairing codes cannot be circumvented. IRMA apps that don't support pairing codes should not be in circulation anymore, so this change won't affect users.

... (truncated)

Commits

• 7290e9e Merge pull request #342 from privacybydesign/version-bump-v0.13.3
• f26b6d5 Version bump for v0.13.3
• 94e07c4 Merge pull request #341 from privacybydesign/fix-timestamp-panics
• 8c6dca4 Fix: panics occur when the timestamp file does not exist in a scheme directory
• 29a64fe Merge pull request #336 from privacybydesign/dockerfile-schemes-update-fix
• 6f9d92d Merge branch 'master' into dockerfile-schemes-update-fix
• feb39a4 Merge pull request #340 from privacybydesign/fix-integration-test-serverside
• 5e8439f CI/CD: integration-test-serverside is run using wrong irmaclient version
• f002314 Merge pull request #339 from privacybydesign/bump-download-artifact-action
• 14cb7f9 CI/CD: bump version of download-artifact action
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2524.