Revoked Uids are considered as valid

[rrrooommmaaa]

The attached key has 2 User IDs, one them is revoked (according to Kleopatra) as discovered in https://github.com/FlowCrypt/flowcrypt-enterprise-on-prem/issues/3291
first-mock-test-0x358D46419AAB290AA05005C04A02B5C677B2716E0101-private.zip
However, in Flowcrypt Compatibilty Page this revoked UID <user@example.com> is shown as perfectly valid.
Need to check the OpenPGP.js/key-handling code

[tomholub]

Still a problem after v5 update?

[rrrooommmaaa]

Still a problem after v5 update?

Yes, because we simply iterate through the key.users and this data is unchecked.
We can use await key.verifyAllUsers() method instead which processes self certifications and revocation signatures and returns valid flag in addition to userID string