Audits of passbolt and its dependencies

Have any recent audits been completed on the open source packages used by passbolt? In particular I’m curious about openpgp.js. I found this one alarming audit from several years ago, and I’m curious if there’s a more up to date version available since this package is at the core of passbolt’s security.

Hi, there’s a link to the latest passbolt Security whitepaper at the bottom of this page in the References section: Passbolt Help | Why do I need a browser extension?

Inside it includes a 2018 review link for the openpgp.js library.