OpenPGP.js 4.2.0 Signature Bypass / Invalid Curve Attack https://t.co/U7sXlfyr3V #advisory