From 09521758dbab00f51f635acdc71468e7e89d2388 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 13:51:17 +0000 Subject: [PATCH 01/39] Bump sonarsource/sonarqube-scan-action from 2.2.0 to 2.3.0 Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/540792c588b5c2740ad2bb4667db5cd46ae678f2...aecaf43ae57e412bd97d70ef9ce6076e672fe0a9) --- updated-dependencies: - dependency-name: sonarsource/sonarqube-scan-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/sonarqube.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index 279ecd1..4593992 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -44,7 +44,7 @@ jobs: run: | go test -v -race --coverprofile=./cov.out ./... - - uses: sonarsource/sonarqube-scan-action@540792c588b5c2740ad2bb4667db5cd46ae678f2 # master + - uses: sonarsource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9 # master env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} From 307c7de3115fe57de223a7e4d89a473a398e3db7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jul 2024 13:42:06 +0000 Subject: [PATCH 02/39] Bump fsfe/reuse-action from 3.0.0 to 4.0.0 Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action) from 3.0.0 to 4.0.0. - [Release notes](https://github.com/fsfe/reuse-action/releases) - [Commits](https://github.com/fsfe/reuse-action/compare/a46482ca367aef4454a87620aa37c2be4b2f8106...3ae3c6bdf1257ab19397fab11fd3312144692083) --- updated-dependencies: - dependency-name: fsfe/reuse-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/reuse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 657df03..f1f5ee9 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -20,4 +20,4 @@ jobs: - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: REUSE Compliance Check - uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106 # v3.0.0 + uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4.0.0 From 132fe02384f710319f37633e220747134f40dcce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 13:18:08 +0000 Subject: [PATCH 03/39] Bump actions/upload-artifact from 4.3.3 to 4.3.4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65462800fd760344b1a7b4382951275a0abb4808...0b2256b8c012f0828dc542b3febcab082c67f72b) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 4c3e0b8..85c71a6 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,7 +67,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif From e8b7d0825f8c3654aea3f6a93abc674e8de79b57 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Jul 2024 13:36:12 +0000 Subject: [PATCH 04/39] Bump actions/setup-go from 5.0.1 to 5.0.2 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/cdcb36043654635271a94b9a6d1392de5bb323a7...0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codecov.yml | 2 +- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/sonarqube.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 622ab66..b215230 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -46,7 +46,7 @@ jobs: - name: Checkout Code uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master - name: Setup go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ matrix.go }} - name: Install sendmail diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 2eeeeba..c3a226f 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -24,7 +24,7 @@ jobs: with: egress-policy: audit - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: '1.22' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index 4593992..24e5805 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -36,7 +36,7 @@ jobs: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: '1.22.x' From 35b3f6eba061b5a5ddd9073fa74f66a2efc87a91 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Jul 2024 13:59:17 +0000 Subject: [PATCH 05/39] Bump actions/dependency-review-action from 4.3.3 to 4.3.4 Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.3 to 4.3.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/72eb03d02c7872a771aacd928f3123ac62ad6d3a...5a2ce3f5b92ee19cbb1541a4984c76d921601d7c) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 4d6ba02..3a3b1a3 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -28,4 +28,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: 'Dependency Review' - uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3 + uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 From 58c0f034bc70c8707f91ed9436fc27fce87a1dfc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Jul 2024 13:59:26 +0000 Subject: [PATCH 06/39] Bump github/codeql-action from 3.25.11 to 3.25.12 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b611370bb5703a7efb587f9d136a52ea24c5c38c...4fa2a7953630fd2f3fb380f21be14ede0169dd4f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9bee2c3..4402851 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 85c71a6..2b9e737 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: sarif_file: results.sarif From 47e901d80d32b7cf4d226f09612154bb711c25a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jul 2024 13:18:49 +0000 Subject: [PATCH 07/39] Bump step-security/harden-runner from 2.8.1 to 2.9.0 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.8.1 to 2.9.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6...0d381219ddf674d61a7572ddd19d7941e271515c) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codecov.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/govulncheck.yml | 2 +- .github/workflows/reuse.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/sonarqube.yml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index b215230..1fbaab4 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -39,7 +39,7 @@ jobs: go: [1.18, 1.19, '1.20', '1.21', '1.22'] steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4402851..f754deb 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -45,7 +45,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 3a3b1a3..9481940 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index c3a226f..a66bbf2 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 121dcd8..5b2aae6 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit - name: Run govulncheck diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index f1f5ee9..c10f620 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2b9e737..c602524 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index 24e5805..1e6030c 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit From 94fe71c647403a8375f98d71ca508f6380213c0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:49:10 +0000 Subject: [PATCH 08/39] Bump github/codeql-action from 3.25.12 to 3.25.13 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4fa2a7953630fd2f3fb380f21be14ede0169dd4f...2d790406f505036ef40ecba973cc774a50395aac) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f754deb..a87b410 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index c602524..29faef3 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: sarif_file: results.sarif From c811ee689f26e275a9c40953a758dfe332e8e215 Mon Sep 17 00:00:00 2001 From: Norbert Hauriel Date: Wed, 24 Jul 2024 13:12:06 +0200 Subject: [PATCH 09/39] fix(typo): client.go error message --- client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client.go b/client.go index 1ca4814..1d175d1 100644 --- a/client.go +++ b/client.go @@ -683,7 +683,7 @@ func (c *Client) DialAndSendWithContext(ctx context.Context, messages ...*Msg) e return fmt.Errorf("send failed: %w", err) } if err := c.Close(); err != nil { - return fmt.Errorf("failed to close connction: %w", err) + return fmt.Errorf("failed to close connection: %w", err) } return nil } From d199a3a1e84447fcb177081c435859324e16bd03 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Jul 2024 13:37:13 +0000 Subject: [PATCH 10/39] Bump github/codeql-action from 3.25.13 to 3.25.14 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.13 to 3.25.14. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2d790406f505036ef40ecba973cc774a50395aac...5cf07d8b700b67e235fbb65cbc84f69c0cf10464) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a87b410..3ec8185 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/init@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/autobuild@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/analyze@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 29faef3..1c81226 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/upload-sarif@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14 with: sarif_file: results.sarif From 7af241aef378e468c96e0ffc973d5c3ec371306a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:32:57 +0000 Subject: [PATCH 11/39] Bump github/codeql-action from 3.25.14 to 3.25.15 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.14 to 3.25.15. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/5cf07d8b700b67e235fbb65cbc84f69c0cf10464...afb54ba388a7dca6ecae48f608c4ff05ff4cc77a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3ec8185..b08c76c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14 + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14 + uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14 + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 1c81226..0495fee 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif From 161082f757e44ee28868ecce009c4be5f9d67829 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:33:00 +0000 Subject: [PATCH 12/39] Bump ossf/scorecard-action from 2.3.3 to 2.4.0 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 1c81226..1509e47 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -45,7 +45,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif From cd91fbd777feb183d9673d137f1aefb6fa87ca01 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 13:54:10 +0000 Subject: [PATCH 13/39] Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.0.1 to 6.1.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/a4f60bb28d35aeee14e6880718e0c85ff1882e64...aaa42aa0628b4ae2578232a66b541047968fac86) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index a66bbf2..1332e62 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -29,7 +29,7 @@ jobs: go-version: '1.22' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: golangci-lint - uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 + uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version version: latest From a28cf14efdc858a8e7b79bcb6d8dc9626f9b0ddb Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Thu, 1 Aug 2024 10:54:42 +0200 Subject: [PATCH 14/39] Add support for US-ASCII (7bit) encoding Implemented a new encoding type, `EncodingUSASCII`, representing US-ASCII (7bit) encoding. Updated the test suite to include this new encoding in the test cases, ensuring proper validation and coverage. --- encoding.go | 3 +++ encoding_test.go | 1 + 2 files changed, 4 insertions(+) diff --git a/encoding.go b/encoding.go index 2187e5f..47213da 100644 --- a/encoding.go +++ b/encoding.go @@ -27,6 +27,9 @@ const ( // EncodingQP represents the "quoted-printable" encoding as specified in RFC 2045. EncodingQP Encoding = "quoted-printable" + // EncodingUSASCII represents encoding with only US-ASCII characters (aka 7Bit) + EncodingUSASCII Encoding = "7bit" + // NoEncoding avoids any character encoding (except of the mail headers) NoEncoding Encoding = "8bit" ) diff --git a/encoding_test.go b/encoding_test.go index 86f686a..14711b7 100644 --- a/encoding_test.go +++ b/encoding_test.go @@ -16,6 +16,7 @@ func TestEncoding_String(t *testing.T) { {"Encoding: Base64", EncodingB64, "base64"}, {"Encoding: QP", EncodingQP, "quoted-printable"}, {"Encoding: None/8bit", NoEncoding, "8bit"}, + {"Encoding: US-ASCII/7bit", EncodingUSASCII, "7bit"}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { From ed93e51cecf2b8ccdfbee455b1337eaa1897b5fb Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Thu, 1 Aug 2024 10:55:28 +0200 Subject: [PATCH 15/39] Add support for 7bit and 8bit encodings in EML parsing Enhanced EML parsing to handle 7bit and 8bit content transfer encodings. Updated related test cases to verify the correct handling of these encodings. This ensures compliance with RFC2045 for defaulting to 7bit when no encoding is specified. --- eml.go | 18 ++++++- eml_test.go | 145 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 161 insertions(+), 2 deletions(-) diff --git a/eml.go b/eml.go index ed20d0d..896e0c6 100644 --- a/eml.go +++ b/eml.go @@ -207,6 +207,12 @@ func parseEMLBodyParts(parsedMsg *netmail.Message, bodybuf *bytes.Buffer, msg *M // parseEMLBodyPlain parses the mail body of plain type mails func parseEMLBodyPlain(mediatype string, parsedMsg *netmail.Message, bodybuf *bytes.Buffer, msg *Msg) error { contentTransferEnc := parsedMsg.Header.Get(HeaderContentTransferEnc.String()) + // According to RFC2045, if no Content-Transfer-Encoding is set, we can imply 7bit US-ASCII encoding + if contentTransferEnc == "" || strings.EqualFold(contentTransferEnc, EncodingUSASCII.String()) { + msg.SetEncoding(EncodingUSASCII) + msg.SetBodyString(ContentType(mediatype), bodybuf.String()) + return nil + } if strings.EqualFold(contentTransferEnc, NoEncoding.String()) { msg.SetEncoding(NoEncoding) msg.SetBodyString(ContentType(mediatype), bodybuf.String()) @@ -308,14 +314,22 @@ ReadNextPart: } switch { + case strings.EqualFold(mutliPartTransferEnc[0], EncodingUSASCII.String()): + part.SetEncoding(EncodingUSASCII) + part.SetContent(string(multiPartData)) + case strings.EqualFold(mutliPartTransferEnc[0], NoEncoding.String()): + part.SetEncoding(NoEncoding) + part.SetContent(string(multiPartData)) case strings.EqualFold(mutliPartTransferEnc[0], EncodingB64.String()): - if err := handleEMLMultiPartBase64Encoding(multiPartData, part); err != nil { + part.SetEncoding(EncodingB64) + if err = handleEMLMultiPartBase64Encoding(multiPartData, part); err != nil { return fmt.Errorf("failed to handle multipart base64 transfer-encoding: %w", err) } case strings.EqualFold(mutliPartTransferEnc[0], EncodingQP.String()): + part.SetEncoding(EncodingQP) part.SetContent(string(multiPartData)) default: - return fmt.Errorf("unsupported Content-Transfer-Encoding") + return fmt.Errorf("unsupported Content-Transfer-Encoding: %s", mutliPartTransferEnc[0]) } msg.parts = append(msg.parts, part) diff --git a/eml_test.go b/eml_test.go index 8823eec..5704ce4 100644 --- a/eml_test.go +++ b/eml_test.go @@ -32,6 +32,29 @@ This is a test mail. Please do not reply to this. Also this line is very long so should be wrapped. +Thank your for your business! +The go-mail team + +-- +This is a signature` + exampleMailPlain7Bit = `Date: Wed, 01 Nov 2023 00:00:00 +0000 +MIME-Version: 1.0 +Message-ID: <1305604950.683004066175.AAAAAAAAaaaaaaaaB@go-mail.dev> +Subject: Example mail // plain text without encoding +User-Agent: go-mail v0.4.0 // https://github.com/wneessen/go-mail +X-Mailer: go-mail v0.4.0 // https://github.com/wneessen/go-mail +From: "Toni Tester" +To: +Cc: +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 7bit + +Dear Customer, + +This is a test mail. Please do not reply to this. Also this line is very long so it +should be wrapped. + + Thank your for your business! The go-mail team @@ -525,6 +548,72 @@ hw22iFHl7YlpOmedZvtMTfQffXeXnvI+rTKNxguyvDKvB7U4qQAAAAlwSFlzAAALEwAACxMBAJqc GAAAABFJREFUCJljnMoAA0wMNGcCAEQrAKk9oHKhAAAAAElFTkSuQmCC --fe785e0384e2607697cc2ecb17cce003003bb7ca9112104f3e8ce727edb5--` + exampleMultiPart7BitBase64 = `Date: Wed, 01 Nov 2023 00:00:00 +0000 +MIME-Version: 1.0 +Message-ID: <1305604950.683004066175.AAAAAAAAaaaaaaaaB@go-mail.dev> +Subject: Example mail // 7bit with base64 attachment +User-Agent: go-mail v0.4.1 // https://github.com/wneessen/go-mail +X-Mailer: go-mail v0.4.1 // https://github.com/wneessen/go-mail +From: "Toni Tester" +To: +Cc: +Content-Type: multipart/mixed; + boundary="------------26A45336F6C6196BD8BBA2A2" + +This is a multi-part message in MIME format. +--------------26A45336F6C6196BD8BBA2A2 +Content-Type: text/plain; charset=US-ASCII; format=flowed +Content-Transfer-Encoding: 7bit + +testtest +testtest +testtest +testtest +testtest +testtest + +--------------26A45336F6C6196BD8BBA2A2 +Content-Type: text/plain; charset=UTF-8; + name="testfile.txt" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; + filename="testfile.txt" + +VGhpcyBpcyBhIHRlc3QgaW4gQmFzZTY0 +--------------26A45336F6C6196BD8BBA2A2--` + exampleMultiPart8BitBase64 = `Date: Wed, 01 Nov 2023 00:00:00 +0000 +MIME-Version: 1.0 +Message-ID: <1305604950.683004066175.AAAAAAAAaaaaaaaaB@go-mail.dev> +Subject: Example mail // 8bit with base64 attachment +User-Agent: go-mail v0.4.1 // https://github.com/wneessen/go-mail +X-Mailer: go-mail v0.4.1 // https://github.com/wneessen/go-mail +From: "Toni Tester" +To: +Cc: +Content-Type: multipart/mixed; + boundary="------------26A45336F6C6196BD8BBA2A2" + +This is a multi-part message in MIME format. +--------------26A45336F6C6196BD8BBA2A2 +Content-Type: text/plain; charset=US-ASCII; format=flowed +Content-Transfer-Encoding: 8bit + +testtest +testtest +testtest +testtest +testtest +testtest + +--------------26A45336F6C6196BD8BBA2A2 +Content-Type: text/plain; charset=UTF-8; + name="testfile.txt" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; + filename="testfile.txt" + +VGhpcyBpcyBhIHRlc3QgaW4gQmFzZTY0 +--------------26A45336F6C6196BD8BBA2A2--` ) func TestEMLToMsgFromString(t *testing.T) { @@ -534,6 +623,10 @@ func TestEMLToMsgFromString(t *testing.T) { enc string sub string }{ + { + "Plain text no encoding (7bit)", exampleMailPlain7Bit, "7bit", + "Example mail // plain text without encoding", + }, { "Plain text no encoding", exampleMailPlainNoEnc, "8bit", "Example mail // plain text without encoding", @@ -866,6 +959,58 @@ func TestEMLToMsgFromStringMultipartMixedAlternativeRelated(t *testing.T) { } } +func TestEMLToMsgFromStringMultipartMixedWith7Bit(t *testing.T) { + wantSubject := "Example mail // 7bit with base64 attachment" + msg, err := EMLToMsgFromString(exampleMultiPart7BitBase64) + if err != nil { + t.Errorf("EML multipart mixed with 7bit: %s", err) + } + if subject := msg.GetGenHeader(HeaderSubject); len(subject) > 0 && !strings.EqualFold(subject[0], wantSubject) { + t.Errorf("EMLToMsgFromString of EML multipart mixed with 7bit: expected subject: %s,"+ + " but got: %s", wantSubject, subject[0]) + } + if len(msg.parts) != 1 { + t.Errorf("EMLToMsgFromString of EML multipart mixed with 7bit failed: expected 1 part, got: %d", + len(msg.parts)) + return + } + if !strings.EqualFold(msg.parts[0].GetEncoding().String(), EncodingUSASCII.String()) { + t.Errorf("EMLToMsgFromString of EML multipart mixed with 7bit failed: expected encoding: %s, got %s", + EncodingUSASCII.String(), msg.parts[0].GetEncoding().String()) + } + if len(msg.attachments) != 1 { + t.Errorf("EMLToMsgFromString of EML multipart mixed with 7bit failed: expected 1 attachment, got: %d", + len(msg.attachments)) + return + } +} + +func TestEMLToMsgFromStringMultipartMixedWith8Bit(t *testing.T) { + wantSubject := "Example mail // 8bit with base64 attachment" + msg, err := EMLToMsgFromString(exampleMultiPart8BitBase64) + if err != nil { + t.Errorf("EML multipart mixed with 8bit: %s", err) + } + if subject := msg.GetGenHeader(HeaderSubject); len(subject) > 0 && !strings.EqualFold(subject[0], wantSubject) { + t.Errorf("EMLToMsgFromString of EML multipart mixed with 8bit: expected subject: %s,"+ + " but got: %s", wantSubject, subject[0]) + } + if len(msg.parts) != 1 { + t.Errorf("EMLToMsgFromString of EML multipart mixed with 8bit failed: expected 1 part, got: %d", + len(msg.parts)) + return + } + if !strings.EqualFold(msg.parts[0].GetEncoding().String(), NoEncoding.String()) { + t.Errorf("EMLToMsgFromString of EML multipart mixed with 8bit failed: expected encoding: %s, got %s", + NoEncoding.String(), msg.parts[0].GetEncoding().String()) + } + if len(msg.attachments) != 1 { + t.Errorf("EMLToMsgFromString of EML multipart mixed with 8bit failed: expected 1 attachment, got: %d", + len(msg.attachments)) + return + } +} + // stringToTempFile is a helper method that will create a temporary file form a give data string func stringToTempFile(data, name string) (string, string, error) { tempDir, err := os.MkdirTemp("", fmt.Sprintf("*-%s", name)) From 69b1dc23599234b4fd97058e56a55b3b6108e4c4 Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Fri, 2 Aug 2024 15:30:46 +0200 Subject: [PATCH 16/39] Refactor: Handle missing Content-Type as plain text Added a new example email and modified tests to include an RFC 5322 format. Refactored the code to handle cases where the Content-Type header is missing by defaulting to plain text (7bit, US-ASCII). Deleted redundant test cases that no longer apply. --- eml.go | 10 +++++++++- eml_test.go | 43 ++++++++++++++----------------------------- 2 files changed, 23 insertions(+), 30 deletions(-) diff --git a/eml.go b/eml.go index 896e0c6..7e705f6 100644 --- a/eml.go +++ b/eml.go @@ -180,7 +180,15 @@ func parseEMLBodyParts(parsedMsg *netmail.Message, bodybuf *bytes.Buffer, msg *M // Extract the transfer encoding of the body mediatype, params, err := mime.ParseMediaType(parsedMsg.Header.Get(HeaderContentType.String())) if err != nil { - return fmt.Errorf("failed to extract content type: %w", err) + switch { + // If no Content-Type header is found, we assume that this is a plain text, 7bit, US-ASCII mail + case strings.EqualFold(err.Error(), "mime: no media type"): + mediatype = TypeTextPlain.String() + params = make(map[string]string) + params["charset"] = CharsetASCII.String() + default: + return fmt.Errorf("failed to extract content type: %w", err) + } } if value, ok := params["charset"]; ok { msg.SetCharset(Charset(value)) diff --git a/eml_test.go b/eml_test.go index 5704ce4..44bfb54 100644 --- a/eml_test.go +++ b/eml_test.go @@ -14,6 +14,16 @@ import ( ) const ( + // RFC 5322 example mail + // See: https://datatracker.ietf.org/doc/html/rfc5322#appendix-A.1.1 + exampleMailRFC5322A11 = `From: John Doe +To: Mary Smith +Subject: Saying Hello +Date: Fri, 21 Nov 1997 09:55:06 -0600 +Message-ID: <1234@local.machine.example> + +This is a message just to say hello. +So, "Hello".` exampleMailPlainNoEnc = `Date: Wed, 01 Nov 2023 00:00:00 +0000 MIME-Version: 1.0 Message-ID: <1305604950.683004066175.AAAAAAAAaaaaaaaaB@go-mail.dev> @@ -72,18 +82,6 @@ Cc: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 -This plain text body should not be parsed as Base64. -` - exampleMailPlainNoContentType = `Date: Wed, 01 Nov 2023 00:00:00 +0000 -MIME-Version: 1.0 -Message-ID: <1305604950.683004066175.AAAAAAAAaaaaaaaaB@go-mail.dev> -Subject: Example mail // plain text without encoding -User-Agent: go-mail v0.4.0 // https://github.com/wneessen/go-mail -X-Mailer: go-mail v0.4.0 // https://github.com/wneessen/go-mail -From: "Toni Tester" -To: -Cc: - This plain text body should not be parsed as Base64. ` exampleMailPlainUnknownContentType = `Date: Wed, 01 Nov 2023 00:00:00 +0000 @@ -623,6 +621,10 @@ func TestEMLToMsgFromString(t *testing.T) { enc string sub string }{ + { + "RFC5322 A1.1", exampleMailRFC5322A11, "7bit", + "Saying Hello", + }, { "Plain text no encoding (7bit)", exampleMailPlain7Bit, "7bit", "Example mail // plain text without encoding", @@ -731,12 +733,6 @@ func TestEMLToMsgFromReaderFailing(t *testing.T) { t.Error("EML from Reader with unknown content type was supposed to fail, but didn't") } mailbuf.Reset() - mailbuf.WriteString(exampleMailPlainNoContentType) - _, err = EMLToMsgFromReader(mailbuf) - if err == nil { - t.Error("EML from Reader with no content type was supposed to fail, but didn't") - } - mailbuf.Reset() mailbuf.WriteString(exampleMailPlainUnsupportedTransferEnc) _, err = EMLToMsgFromReader(mailbuf) if err == nil { @@ -800,17 +796,6 @@ func TestEMLToMsgFromFileFailing(t *testing.T) { if err = os.RemoveAll(tempDir); err != nil { t.Error("failed to remove temp dir:", err) } - tempDir, tempFile, err = stringToTempFile(exampleMailPlainNoContentType, "testmail") - if err != nil { - t.Errorf("failed to write EML string to temp file: %s", err) - } - _, err = EMLToMsgFromFile(tempFile) - if err == nil { - t.Error("EML from Reader with no content type was supposed to fail, but didn't") - } - if err = os.RemoveAll(tempDir); err != nil { - t.Error("failed to remove temp dir:", err) - } tempDir, tempFile, err = stringToTempFile(exampleMailPlainUnsupportedTransferEnc, "testmail") if err != nil { t.Errorf("failed to write EML string to temp file: %s", err) From a1ca73fb31c39d48e6ba4ba9bb344f88a6fb82a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 14:04:31 +0000 Subject: [PATCH 17/39] Bump actions/upload-artifact from 4.3.4 to 4.3.5 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.4 to 4.3.5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/0b2256b8c012f0828dc542b3febcab082c67f72b...89ef406dd8d7e03cfd12d9e0a4a378f454709029) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 06f57aa..614e874 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,7 +67,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: SARIF file path: results.sarif From a80447d2be4320884e86443e9f3f96f9589a2d77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Aug 2024 13:36:40 +0000 Subject: [PATCH 18/39] Bump step-security/harden-runner from 2.9.0 to 2.9.1 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.0 to 2.9.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/0d381219ddf674d61a7572ddd19d7941e271515c...5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codecov.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/govulncheck.yml | 2 +- .github/workflows/reuse.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/sonarqube.yml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 1fbaab4..c4e290d 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -39,7 +39,7 @@ jobs: go: [1.18, 1.19, '1.20', '1.21', '1.22'] steps: - name: Harden Runner - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: audit diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b08c76c..6c30fe9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -45,7 +45,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 9481940..13ad6e7 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: audit diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 1332e62..29d3b6c 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: audit diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 5b2aae6..8b1693d 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: audit - name: Run govulncheck diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index c10f620..1897833 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: audit diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 614e874..f4f49e8 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: audit diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index 1e6030c..f3a0f25 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: audit From ab9aa2b46f035bc1133fdf632fffc4f45556b570 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Aug 2024 13:43:31 +0000 Subject: [PATCH 19/39] Bump github/codeql-action from 3.25.15 to 3.26.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/afb54ba388a7dca6ecae48f608c4ff05ff4cc77a...eb055d739abdc2e8de2e5f4ba1a8b246daa779aa) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6c30fe9..6c7904e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f4f49e8..3c1740f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: sarif_file: results.sarif From 45c041f4fa733482791fdb010b9c16ba859077c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Aug 2024 13:43:34 +0000 Subject: [PATCH 20/39] Bump actions/upload-artifact from 4.3.5 to 4.3.6 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.5 to 4.3.6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/89ef406dd8d7e03cfd12d9e0a4a378f454709029...834a144ee995460fba8ed112a2fc961b36a5ec5a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f4f49e8..b69de63 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,7 +67,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: SARIF file path: results.sarif From a3a41f23999fa4c6392e3581e28877f7051e8a7e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:26:01 +0000 Subject: [PATCH 21/39] Bump sonarsource/sonarqube-scan-action from 2.3.0 to 3.0.0 Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 2.3.0 to 3.0.0. - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/aecaf43ae57e412bd97d70ef9ce6076e672fe0a9...0c0f3958d90fc466625f1d1af1f47bddd4cc6bd1) --- updated-dependencies: - dependency-name: sonarsource/sonarqube-scan-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/sonarqube.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index f3a0f25..36f3f32 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -44,7 +44,7 @@ jobs: run: | go test -v -race --coverprofile=./cov.out ./... - - uses: sonarsource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9 # master + - uses: sonarsource/sonarqube-scan-action@0c0f3958d90fc466625f1d1af1f47bddd4cc6bd1 # master env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} From 7caf0b8e19711d0f0b3296c31aa02c925c367d81 Mon Sep 17 00:00:00 2001 From: Alexander Setzer Date: Wed, 14 Aug 2024 14:55:08 +0200 Subject: [PATCH 22/39] Fix typo / inconsistency for (*Msg).SetAttachments --- msg.go | 11 +++++++++-- msg_test.go | 6 +++--- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/msg.go b/msg.go index e018492..c0333f2 100644 --- a/msg.go +++ b/msg.go @@ -684,11 +684,18 @@ func (m *Msg) GetBoundary() string { return m.boundary } -// SetAttachements sets the attachements of the message. -func (m *Msg) SetAttachements(files []*File) { +// SetAttachments sets the attachments of the message. +func (m *Msg) SetAttachments(files []*File) { m.attachments = files } +// SetAttachements sets the attachments of the message. +// +// Deprecated: use SetAttachments instead. +func (m *Msg) SetAttachements(files []*File) { + m.SetAttachments(files) +} + // UnsetAllAttachments unset the attachments of the message. func (m *Msg) UnsetAllAttachments() { m.attachments = nil diff --git a/msg_test.go b/msg_test.go index b2f0920..16cd196 100644 --- a/msg_test.go +++ b/msg_test.go @@ -1413,7 +1413,7 @@ func TestMsg_SetAttachments(t *testing.T) { for _, f := range tt.files { files = append(files, &File{Name: f}) } - m.SetAttachements(files) + m.SetAttachments(files) if len(m.attachments) != len(files) { t.Errorf("SetAttachements() failed. Number of attachments expected: %d, got: %d", len(files), len(m.attachments)) @@ -1448,7 +1448,7 @@ func TestMsg_UnsetAllAttachments(t *testing.T) { for _, f := range tt.attachments { files = append(files, &File{Name: f}) } - m.SetAttachements(files) + m.SetAttachments(files) if len(m.attachments) != len(files) { t.Errorf("SetAttachements() failed. Number of attachments expected: %d, got: %d", len(files), @@ -1610,7 +1610,7 @@ func TestMsg_UnsetAllParts(t *testing.T) { for _, f := range tt.attachments { attachments = append(attachments, &File{Name: f}) } - m.SetAttachements(attachments) + m.SetAttachments(attachments) if len(m.attachments) != len(attachments) { t.Errorf("SetAttachements() failed. Number of attachments files expected: %d, got: %d", len(attachments), len(m.attachments)) From e9ff81052eb8f0ffc38563a97fb30c2a6c7668db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 14:04:28 +0000 Subject: [PATCH 23/39] Bump github/codeql-action from 3.26.0 to 3.26.1 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.0 to 3.26.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/eb055d739abdc2e8de2e5f4ba1a8b246daa779aa...29d86d22a34ea372b1bbf3b2dced2e25ca6b3384) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6c7904e..27bfe0e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/init@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/autobuild@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/analyze@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index c8715dd..cda1b0e 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 with: sarif_file: results.sarif From 58075536a3255c96b8395fb4d13ea022c771f929 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Aug 2024 13:37:42 +0000 Subject: [PATCH 24/39] Bump github/codeql-action from 3.26.1 to 3.26.2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.1 to 3.26.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/29d86d22a34ea372b1bbf3b2dced2e25ca6b3384...429e1977040da7a23b6822b13c129cd1ba93dbb2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 27bfe0e..8ed142f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 + uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 + uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 + uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index cda1b0e..a8d0861 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: sarif_file: results.sarif From 647ff86b291d76e7060020ba2a561876305bc40b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E7=9B=BC=E5=BA=9A?= Date: Fri, 16 Aug 2024 15:46:16 +0800 Subject: [PATCH 25/39] Support lowercase username and password challenge --- smtp/auth_login.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/smtp/auth_login.go b/smtp/auth_login.go index 7cd5c5d..aa80223 100644 --- a/smtp/auth_login.go +++ b/smtp/auth_login.go @@ -20,13 +20,15 @@ const ( // extension. // // See: https://learn.microsoft.com/en-us/openspecs/exchange_server_protocols/ms-xlogin/. - LoginXUsernameChallenge = "Username:" + LoginXUsernameChallenge = "Username:" + LoginXUsernameLowerChallenge = "username:" // LoginXPasswordChallenge represents the Password Challenge response sent by the SMTP server per the AUTH LOGIN // extension. // // See: https://learn.microsoft.com/en-us/openspecs/exchange_server_protocols/ms-xlogin/. - LoginXPasswordChallenge = "Password:" + LoginXPasswordChallenge = "Password:" + LoginXPasswordLowerChallenge = "password:" // LoginXDraftUsernameChallenge represents the Username Challenge response sent by the SMTP server per the IETF // draft AUTH LOGIN extension. It should be noted this extension is an expired draft which was never formally @@ -76,9 +78,9 @@ func (a *loginAuth) Start(server *ServerInfo) (string, []byte, error) { func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) { if more { switch string(fromServer) { - case LoginXUsernameChallenge, LoginXDraftUsernameChallenge: + case LoginXUsernameChallenge, LoginXUsernameLowerChallenge, LoginXDraftUsernameChallenge: return []byte(a.username), nil - case LoginXPasswordChallenge, LoginXDraftPasswordChallenge: + case LoginXPasswordChallenge, LoginXPasswordLowerChallenge, LoginXDraftPasswordChallenge: return []byte(a.password), nil default: return nil, fmt.Errorf("unexpected server response: %s", string(fromServer)) From 590dfe97e77c2627c6889d59a99d812f082c79e5 Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Fri, 16 Aug 2024 10:16:53 +0200 Subject: [PATCH 26/39] Refactor error handling for nil template pointers Replace fmt.Errorf with errors.New for consistency in error handling. This change ensures a more streamlined and uniform error reporting approach across the codebase. Also updated a test case from t.Errorf to t.Error for better readability. --- b64linebreaker.go | 4 ++-- msg.go | 12 ++++++------ msgwriter_test.go | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/b64linebreaker.go b/b64linebreaker.go index f5fb967..088b38e 100644 --- a/b64linebreaker.go +++ b/b64linebreaker.go @@ -5,7 +5,7 @@ package mail import ( - "fmt" + "errors" "io" ) @@ -26,7 +26,7 @@ var newlineBytes = []byte(SingleNewLine) // line length is reached func (l *Base64LineBreaker) Write(data []byte) (numBytes int, err error) { if l.out == nil { - err = fmt.Errorf(ErrNoOutWriter) + err = errors.New(ErrNoOutWriter) return } if l.used+len(data) < MaxBodyLength { diff --git a/msg.go b/msg.go index c0333f2..a909d04 100644 --- a/msg.go +++ b/msg.go @@ -743,7 +743,7 @@ func (m *Msg) SetBodyWriter( // The content type will be set to text/html automatically func (m *Msg) SetBodyHTMLTemplate(tpl *ht.Template, data interface{}, opts ...PartOption) error { if tpl == nil { - return fmt.Errorf(errTplPointerNil) + return errors.New(errTplPointerNil) } buffer := bytes.Buffer{} if err := tpl.Execute(&buffer, data); err != nil { @@ -758,7 +758,7 @@ func (m *Msg) SetBodyHTMLTemplate(tpl *ht.Template, data interface{}, opts ...Pa // The content type will be set to text/plain automatically func (m *Msg) SetBodyTextTemplate(tpl *tt.Template, data interface{}, opts ...PartOption) error { if tpl == nil { - return fmt.Errorf(errTplPointerNil) + return errors.New(errTplPointerNil) } buf := bytes.Buffer{} if err := tpl.Execute(&buf, data); err != nil { @@ -790,7 +790,7 @@ func (m *Msg) AddAlternativeWriter( // The content type will be set to text/html automatically func (m *Msg) AddAlternativeHTMLTemplate(tpl *ht.Template, data interface{}, opts ...PartOption) error { if tpl == nil { - return fmt.Errorf(errTplPointerNil) + return errors.New(errTplPointerNil) } buffer := bytes.Buffer{} if err := tpl.Execute(&buffer, data); err != nil { @@ -805,7 +805,7 @@ func (m *Msg) AddAlternativeHTMLTemplate(tpl *ht.Template, data interface{}, opt // The content type will be set to text/plain automatically func (m *Msg) AddAlternativeTextTemplate(tpl *tt.Template, data interface{}, opts ...PartOption) error { if tpl == nil { - return fmt.Errorf(errTplPointerNil) + return errors.New(errTplPointerNil) } buffer := bytes.Buffer{} if err := tpl.Execute(&buffer, data); err != nil { @@ -1314,7 +1314,7 @@ func fileFromReadSeeker(name string, reader io.ReadSeeker) *File { // fileFromHTMLTemplate returns a File pointer form a given html/template.Template func fileFromHTMLTemplate(name string, tpl *ht.Template, data interface{}) (*File, error) { if tpl == nil { - return nil, fmt.Errorf(errTplPointerNil) + return nil, errors.New(errTplPointerNil) } buffer := bytes.Buffer{} if err := tpl.Execute(&buffer, data); err != nil { @@ -1326,7 +1326,7 @@ func fileFromHTMLTemplate(name string, tpl *ht.Template, data interface{}) (*Fil // fileFromTextTemplate returns a File pointer form a given text/template.Template func fileFromTextTemplate(name string, tpl *tt.Template, data interface{}) (*File, error) { if tpl == nil { - return nil, fmt.Errorf(errTplPointerNil) + return nil, errors.New(errTplPointerNil) } buffer := bytes.Buffer{} if err := tpl.Execute(&buffer, data); err != nil { diff --git a/msgwriter_test.go b/msgwriter_test.go index e6582fb..a41e5d3 100644 --- a/msgwriter_test.go +++ b/msgwriter_test.go @@ -122,7 +122,7 @@ func TestMsgWriter_writeMsg(t *testing.T) { em += fmt.Sprintf("* incorrect %q field", ea[e]) } em += fmt.Sprintf("\n\nFull message:\n%s", ms) - t.Errorf(em) + t.Error(em) } } From e288bcae5e1f3dcd16d0dd2be86ce4b585086fa5 Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Fri, 16 Aug 2024 10:17:31 +0200 Subject: [PATCH 27/39] Update GolangCI config to go 1.23 and exclude examples Upgraded the Go version in GolangCI configuration from 1.22 to 1.23. Added the "examples" directory to the exclusion list for linting. --- .golangci.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.golangci.toml b/.golangci.toml index 2501c6a..223dc0b 100644 --- a/.golangci.toml +++ b/.golangci.toml @@ -3,8 +3,9 @@ ## SPDX-License-Identifier: MIT [run] -go = "1.22" +go = "1.23" tests = true +exclude-dirs = ["examples"] [linters] enable = ["stylecheck", "whitespace", "containedctx", "contextcheck", "decorder", From 2801193074f9cdf7afec9db83aa24d851ac314b1 Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Fri, 16 Aug 2024 10:25:22 +0200 Subject: [PATCH 28/39] Update FreeBSD version in CI configuration Changed the CI configuration to use FreeBSD 13.3 instead of 13.2. This update ensures that the CI runs with the latest available FreeBSD image, improving compatibility and performance. --- .cirrus.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 48c69f6..f240ff5 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -6,9 +6,9 @@ freebsd_task: name: FreeBSD matrix: - - name: FreeBSD 13.2 + - name: FreeBSD 13.3 freebsd_instance: - image_family: freebsd-13-2 + image_family: freebsd-13-3 - name: FreeBSD 14.0 freebsd_instance: image_family: freebsd-14-0 From 801a93459e453d91a7e42eaaac72a097b7687d77 Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Fri, 16 Aug 2024 10:28:52 +0200 Subject: [PATCH 29/39] Update workflow to support Go 1.23 This commit adjusts the GitHub Actions workflow to include Go 1.23 in the matrix of supported versions. It also updates conditional steps for sendmail installation and coverage upload to reflect the new Go version. --- .github/workflows/codecov.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index c4e290d..41a6c27 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -36,7 +36,7 @@ jobs: strategy: matrix: os: [ubuntu-latest, macos-latest, windows-latest] - go: [1.18, 1.19, '1.20', '1.21', '1.22'] + go: ['1.20', '1.21', '1.22', '1.23'] steps: - name: Harden Runner uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 @@ -50,14 +50,14 @@ jobs: with: go-version: ${{ matrix.go }} - name: Install sendmail - if: matrix.go == '1.22' && matrix.os == 'ubuntu-latest' + if: matrix.go == '1.23' && matrix.os == 'ubuntu-latest' run: | sudo apt-get -y install sendmail; which sendmail - name: Run Tests run: | go test -v -race --coverprofile=coverage.coverprofile --covermode=atomic ./... - name: Upload coverage to Codecov - if: success() && matrix.go == '1.22' && matrix.os == 'ubuntu-latest' + if: success() && matrix.go == '1.23' && matrix.os == 'ubuntu-latest' uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos From e61d1689f62ef9c2f84e5648409c1f1c61a0edfd Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Fri, 16 Aug 2024 10:29:21 +0200 Subject: [PATCH 30/39] Update Go version in golangci-lint workflow Change Go version from 1.22 to 1.23 in the GitHub Actions workflow configuration for golangci-lint. This ensures compatibility with the latest Go features and improvements. --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 29d3b6c..8604469 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -26,7 +26,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: '1.22' + go-version: '1.23' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: golangci-lint uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 From 8b69fa92ae32078f408c2cfa37ba358cadeb7d8b Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Fri, 16 Aug 2024 10:30:20 +0200 Subject: [PATCH 31/39] Update Go version in SonarQube workflow Bump Go version from 1.22.x to 1.23.x in the SonarQube GitHub Actions workflow. This ensures compatibility with the latest features and improvements in Go. --- .github/workflows/sonarqube.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index 36f3f32..d9ca623 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -38,7 +38,7 @@ jobs: - name: Setup Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: '1.22.x' + go-version: '1.23.x' - name: Run unit Tests run: | From 5454f44f67631b48f3a0a96e1c220621b79d1b31 Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Fri, 16 Aug 2024 10:49:36 +0200 Subject: [PATCH 32/39] Update doc.go Bump version to 0.4.3 --- doc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc.go b/doc.go index 5f41bc9..6f90af0 100644 --- a/doc.go +++ b/doc.go @@ -6,4 +6,4 @@ package mail // VERSION is used in the default user agent string -const VERSION = "0.4.2" +const VERSION = "0.4.3" From 7fbcfcc3f811b68e4a6d440eda26873490175cd4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Aug 2024 13:15:19 +0000 Subject: [PATCH 33/39] Bump github/codeql-action from 3.26.2 to 3.26.3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.2 to 3.26.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/429e1977040da7a23b6822b13c129cd1ba93dbb2...883d8588e56d1753a8a58c1c86e88976f0c23449) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8ed142f..48e0481 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/init@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/autobuild@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/analyze@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a8d0861..27bbc43 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/upload-sarif@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3 with: sarif_file: results.sarif From 57139ae50aa5a77d68903d15eefbf316bd2c7d9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Aug 2024 14:05:22 +0000 Subject: [PATCH 34/39] Bump github/codeql-action from 3.26.3 to 3.26.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.3 to 3.26.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/883d8588e56d1753a8a58c1c86e88976f0c23449...f0f3afee809481da311ca3a6ff1ff51d81dbeb24) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 48e0481..83b8d3f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3 + uses: github/codeql-action/init@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3 + uses: github/codeql-action/autobuild@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3 + uses: github/codeql-action/analyze@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 27bbc43..595eb47 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3 + uses: github/codeql-action/upload-sarif@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4 with: sarif_file: results.sarif From 1ea51e2a41cb5ec4af0eb09938b4e8b62a8be9d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 14:05:22 +0000 Subject: [PATCH 35/39] Bump github/codeql-action from 3.26.4 to 3.26.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.4 to 3.26.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f0f3afee809481da311ca3a6ff1ff51d81dbeb24...2c779ab0d087cd7fe7b826087247c2c81f27bfa6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 83b8d3f..fb24126 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4 + uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4 + uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4 + uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 595eb47..668de62 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4 + uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: sarif_file: results.sarif From 52e8265f97a87081d370db7a60d4a18356be7da4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Aug 2024 13:59:21 +0000 Subject: [PATCH 36/39] Bump github/codeql-action from 3.26.5 to 3.26.6 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.5 to 3.26.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2c779ab0d087cd7fe7b826087247c2c81f27bfa6...4dd16135b69a43b6c8efb853346f8437d92d3c93) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index fb24126..caab6ba 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 668de62..b4279e5 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -75,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif From fa05b38e310e45b58d4391bcb8ab1233b27024dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Aug 2024 13:19:01 +0000 Subject: [PATCH 37/39] Bump sonarsource/sonarqube-quality-gate-action Bumps [sonarsource/sonarqube-quality-gate-action](https://github.com/sonarsource/sonarqube-quality-gate-action) from 72f24ebf1f81eda168a979ce14b8203273b7c3ad to dc2f7b0dd95544cd550de3028f89193576e958b9. - [Release notes](https://github.com/sonarsource/sonarqube-quality-gate-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-quality-gate-action/compare/72f24ebf1f81eda168a979ce14b8203273b7c3ad...dc2f7b0dd95544cd550de3028f89193576e958b9) --- updated-dependencies: - dependency-name: sonarsource/sonarqube-quality-gate-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .github/workflows/sonarqube.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index d9ca623..1c77858 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -49,7 +49,7 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} - - uses: sonarsource/sonarqube-quality-gate-action@72f24ebf1f81eda168a979ce14b8203273b7c3ad # master + - uses: sonarsource/sonarqube-quality-gate-action@dc2f7b0dd95544cd550de3028f89193576e958b9 # master timeout-minutes: 5 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 6f97bd59b935e1707bd90ee4aed56376c649a4bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 14:04:59 +0000 Subject: [PATCH 38/39] Bump actions/upload-artifact from 4.3.6 to 4.4.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.6 to 4.4.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/834a144ee995460fba8ed112a2fc961b36a5ec5a...50769540e7f4bd5e21e526ee35c689e35e0d6874) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b4279e5..2e0f045 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,7 +67,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif From a46b67bdf1394b3a96fa454af2d292d7033e6a26 Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Tue, 3 Sep 2024 10:05:44 +0200 Subject: [PATCH 39/39] Update doc.go Bump version to v0.4.4 --- doc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc.go b/doc.go index 6f90af0..831a57c 100644 --- a/doc.go +++ b/doc.go @@ -6,4 +6,4 @@ package mail // VERSION is used in the default user agent string -const VERSION = "0.4.3" +const VERSION = "0.4.4"