Commit graph

611 commits

Author SHA1 Message Date
a63048f1bb
Merge pull request #206 from wneessen/dependabot/github_actions/codecov/codecov-action-4.2.0
Bump codecov/codecov-action from 4.1.1 to 4.2.0
2024-04-04 16:30:19 +02:00
dependabot[bot]
adb90c453d
Bump codecov/codecov-action from 4.1.1 to 4.2.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](c16abc29c9...7afa10ed9b)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-04 13:21:24 +00:00
dependabot[bot]
294de2c5ee
Bump sonarsource/sonarqube-quality-gate-action
Bumps [sonarsource/sonarqube-quality-gate-action](https://github.com/sonarsource/sonarqube-quality-gate-action) from f9fe214a5be5769c40619de2fff2726c36d2d5eb to 72f24ebf1f81eda168a979ce14b8203273b7c3ad.
- [Release notes](https://github.com/sonarsource/sonarqube-quality-gate-action/releases)
- [Commits](f9fe214a5b...72f24ebf1f)

---
updated-dependencies:
- dependency-name: sonarsource/sonarqube-quality-gate-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-04 13:21:20 +00:00
31529f1099
Merge pull request #204 from wneessen/dependabot/github_actions/sonarsource/sonarqube-scan-action-53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0
Bump sonarsource/sonarqube-scan-action from 9ad16418d1dd6d28912bc0047ee387e90181ce1c to 53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0
2024-03-28 16:21:44 +01:00
dependabot[bot]
b0bda8dbc8
Bump sonarsource/sonarqube-scan-action
Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 9ad16418d1dd6d28912bc0047ee387e90181ce1c to 53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](9ad16418d1...53c3e3207f)

---
updated-dependencies:
- dependency-name: sonarsource/sonarqube-scan-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-28 13:31:06 +00:00
ef276fbcee
Merge pull request #203 from wneessen/dependabot/github_actions/codecov/codecov-action-4.1.1
Bump codecov/codecov-action from 4.1.0 to 4.1.1
2024-03-27 15:35:00 +01:00
dependabot[bot]
d5d377c575
Bump codecov/codecov-action from 4.1.0 to 4.1.1
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](54bcd8715e...c16abc29c9)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-27 13:55:03 +00:00
cec3185376
Merge pull request #202 from wneessen/dependabot/github_actions/actions/dependency-review-action-4.2.5
Bump actions/dependency-review-action from 4.2.4 to 4.2.5
2024-03-26 14:58:05 +01:00
dependabot[bot]
181ce199af
Bump actions/dependency-review-action from 4.2.4 to 4.2.5
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.2.4 to 4.2.5.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](733dd5d4a5...5bbc3ba658)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-26 13:47:39 +00:00
3a31eb181e
Merge pull request #198 from wneessen/dependabot/github_actions/actions/upload-artifact-4.3.1
Bump actions/upload-artifact from 3.1.3 to 4.3.1
2024-03-25 16:13:01 +01:00
32a66f3df9
Merge pull request #199 from wneessen/dependabot/github_actions/actions/dependency-review-action-4.2.4
Bump actions/dependency-review-action from 4.2.3 to 4.2.4
2024-03-25 16:12:48 +01:00
9976302dd9
Merge pull request #200 from wneessen/dependabot/github_actions/fsfe/reuse-action-3.0.0
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
2024-03-25 16:12:33 +01:00
8fdad0ee4c
Merge pull request #201 from wneessen/dependabot/github_actions/actions/setup-go-5.0.0
Bump actions/setup-go from 3.5.0 to 5.0.0
2024-03-25 16:12:20 +01:00
dependabot[bot]
d28b22d05e
Bump actions/setup-go from 3.5.0 to 5.0.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](6edd4406fa...0c52d547c9)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:33 +00:00
dependabot[bot]
4660a9d734
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action) from 1.3.0 to 3.0.0.
- [Release notes](https://github.com/fsfe/reuse-action/releases)
- [Commits](28cf8f33bc...a46482ca36)

---
updated-dependencies:
- dependency-name: fsfe/reuse-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:29 +00:00
dependabot[bot]
82a0ffef1a
Bump actions/dependency-review-action from 4.2.3 to 4.2.4
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](0fa40c3c10...733dd5d4a5)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:26 +00:00
dependabot[bot]
92bf3166c4
Bump actions/upload-artifact from 3.1.3 to 4.3.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](a8a3f3ad30...5d5d22a312)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:21 +00:00
f60ef348aa
Merge pull request #197 from wneessen/more_test_coverage
Full test coverage in B64LineBreaker
2024-03-24 22:37:05 +01:00
86e648a695
Rename error variables in b64linebreaker_test.go
In b64linebreaker_test.go, the names of error variables "mockErr" and "mockNewlineErr" have been changed to "errMockDefault" and "errMockNewline" to better clarify their roles. All instances in test cases where these error variables were used have been updated correspondingly.
2024-03-24 22:26:15 +01:00
4d6bca0f65
Refactor test cases and introduce mock writers in b64linebreaker_test.go
The commit modifies existing test cases in the TestBase64LineBreaker_WriteAndClose function where it introduces mock writers to better simulate I/O operations. The introduced mock writers are 'mockWriterExcess' and 'mockWriterNewline' which respectively simulate scenarios of data exceeding body length and inclusion of newline.
2024-03-24 22:23:36 +01:00
c0e856f2ad
Add new test and mockWriter to b64linebreaker_test.go
This update includes a new TestBase64LineBreaker_WriteAndClose function with cases for validating write and close operations in the b64linebreaker module. In addition, a mockWriter is introduced to simulate I/O operations for testing purposes.
2024-03-24 21:34:06 +01:00
5384690a97
Merge pull request #196 from wneessen/scorecard_badge
Add OpenSSF Scorecard badge to README
2024-03-24 16:42:00 +01:00
7514d735e0
Add OpenSSF Scorecard badge to README
This commit introduces the OpenSSF Scorecard badge to the README file. The badge will provide immediate access to the security scorecards of the go-mail project for users.
2024-03-24 16:34:38 +01:00
f9859799b2
Merge pull request #195 from step-security-bot/stepsecurity_remediation_1711216890
[StepSecurity] ci: Harden GitHub Actions
2024-03-23 19:06:20 +01:00
StepSecurity Bot
d87e2205d6
[StepSecurity] ci: Harden GitHub Actions
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-23 18:01:31 +00:00
25ee875300
"Add Govulncheck Security Scan workflow"
A new GitHub Actions workflow for Govulncheck Security Scan has been added. This workflow gets activated on every push or pull request and includes runner hardening and executing 'govulncheck' to identify potential vulnerabilities.
2024-03-23 18:59:10 +01:00
4aeeca5a82
Merge pull request #194 from wneessen/OpenSSF-badge
Add OpenSSF Best Practices badge to README.md
2024-03-23 17:34:47 +01:00
0dc449f582
Add OpenSSF Best Practices badge to README.md
An OpenSSF Best Practices badge was added to the README file. This badge reflects adherence to critical open source software security practices.
2024-03-23 17:28:04 +01:00
11258613d5
Merge pull request #193 from wneessen/implement_fuzzing
Implement fuzzing
2024-03-23 16:52:01 +01:00
a4918210f1
Update Base64LineBreaker fuzzing tests in b64linebreaker_test.go
Updated the fuzzing tests in the `Base64LineBreaker_Write` function. The change specifically converts integer bytes from decimal to octal. This ensures proper testing of a wider range of input scenarios, increasing the reliability and robustness of the code.
2024-03-23 16:51:18 +01:00
dae7d80759
Add fuzzing tests for subject and from fields in msg_test.go
Included two new fuzzing tests for 'Subject' and 'From' to increase code coverage and reliability. These tests expand our checking strategy by using dynamic inputs and making sure no unexpected errors occur when dealing with a variety of possible input scenarios.
2024-03-23 16:46:21 +01:00
91a3fc5261
Ignore testdata in Git
Added 'testdata' to .gitignore file. This ensures that any files or folders named 'testdata', which are most likely used for local testing, will not be tracked by Git allowing for a cleaner working directory.
2024-03-23 16:36:01 +01:00
821ee0a9e1
Update Base64LineBreaker_Write testing
Enhanced testing for the Base64LineBreaker_Write function by adding a fuzz test. This additional fuzz test provides the function with a variety of random byte inputs as a way of uncovering any hidden errors and contributing to more reliable coding.
2024-03-23 16:35:32 +01:00
280f85abd1
Add fuzz testing to Base64LineBreaker_Write function
The update enhances testing for the Base64LineBreaker_Write function by creating a fuzz test. This new fuzz test feeds the function with a wide range of random byte inputs to improve the detection of hidden anomalies and help ensure more robust code.
2024-03-23 16:14:07 +01:00
932ac2be48
Merge pull request #192 from wneessen/fix_token_perms
Add read permissions to GitHub workflow files
2024-03-23 15:52:26 +01:00
c78388a2cb
Add read permissions to GitHub workflow files
This commit adds read permissions for 'contents' in the GitHub workflow files sonarqube.yml and reuse.yml. This allows these specific workflows to access the relevant contents they need for execution.
2024-03-23 15:49:03 +01:00
976adc5be9
Merge pull request #186 from wneessen/dependabot/github_actions/github/codeql-action-3.24.9
Bump github/codeql-action from 1.1.39 to 3.24.9
2024-03-22 16:13:33 +01:00
bd513b3d5a
Merge pull request #187 from wneessen/dependabot/github_actions/codecov/codecov-action-4.1.0
Bump codecov/codecov-action from 3.1.6 to 4.1.0
2024-03-22 16:13:20 +01:00
f82a3fc261
Merge pull request #188 from wneessen/dependabot/github_actions/golangci/golangci-lint-action-4.0.0
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
2024-03-22 16:13:08 +01:00
e789acfa75
Merge pull request #190 from wneessen/dependabot/github_actions/ossf/scorecard-action-2.3.1
Bump ossf/scorecard-action from 2.0.6 to 2.3.1
2024-03-22 16:12:55 +01:00
6d31b35fa2
Merge pull request #189 from wneessen/dependabot/github_actions/actions/dependency-review-action-4.2.3
Bump actions/dependency-review-action from 2.5.1 to 4.2.3
2024-03-22 16:12:42 +01:00
b32410df19
Merge pull request #191 from wneessen/fix_reuse
Add SPDX license headers to GitHub workflow files
2024-03-22 16:10:51 +01:00
101e90f607
Add SPDX license headers to GitHub workflow files
This commit adds SPDX license headers to GitHub workflow files: scorecards.yml, dependency-review.yml, and dependabot.yml. This ensures that the license and copyright information is easily available for everyone to see.
2024-03-22 16:10:30 +01:00
dependabot[bot]
60578e4c00
Bump ossf/scorecard-action from 2.0.6 to 2.3.1
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](99c53751e0...0864cf1902)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:09 +00:00
dependabot[bot]
dbf19d2646
Bump actions/dependency-review-action from 2.5.1 to 4.2.3
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.5.1 to 4.2.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](0efb1d1d84...0fa40c3c10)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:05 +00:00
dependabot[bot]
86d86beb7f
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](3a91952989...3cfe3a4abb)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:02 +00:00
dependabot[bot]
6283546390
Bump codecov/codecov-action from 3.1.6 to 4.1.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.6 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](ab904c41d6...54bcd8715e)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:04:59 +00:00
dependabot[bot]
1b6f49cd18
Bump github/codeql-action from 1.1.39 to 3.24.9
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.39 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1.1.39...1b1aada464948af03b950897e5eb522f92603cc2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:04:55 +00:00
612e125c9a
Merge pull request #185 from step-security-bot/stepsecurity_remediation_1711118204
[StepSecurity] Apply security best practices
2024-03-22 16:04:31 +01:00
StepSecurity Bot
886edbc0c9
[StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-22 14:36:47 +00:00