Update dependency net-imap to v0.6.4.1 (main)#447
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
847c639 to
370851a
Compare
370851a to
a37f09b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.5.12→0.6.4.1Release Notes
ruby/net-imap (net-imap)
v0.6.4.1Compare Source
What's Changed
🔒 Security
This release fixes several more security vulnerabilities which are related to the fixes in
v0.6.4. Please see the linked security advisories for more information.This vulnerability depends how the server interprets non-synchronizing literals.
The connection is not vulnerable if the server supports non-synchronizing literals.
IDvalues contain only valid bytes by @nevans in #698#enablearguments are all atoms by @nevans in #699NOTE:
#enableshould never be called with untrusted input.This results in the affected command hanging until the connection is closed. If another thread attempts to send a concurrent pipelined command, the first thread will return with a syntax error and the second thread will hang until the connection closes.
{0}in RawData validation by @nevans in #700Added
Net::IMAP#inspectTLS info by @nevans in #674Fixed
config.max_non_synchronizing_literal = nilby @nevans in #672#disconnectby @nevans in #686Documentation
Other Changes
RawData.new, AddRawData.splitby @nevans in #679Miscellaneous
Full Changelog: ruby/net-imap@v0.6.4...v0.6.4.1
v0.6.4Compare Source
What's Changed
🔒 Security
This release contains fixes for multiple vulnerabilities concerning
STARTTLSstripping, argument validation, and denial of service attacks.Breaking Changes
ResponseReadermemoizesConfig#max_response_sizein #642.Changes to
#max_response_sizenow take effect once per response, not on everyIO#read.NOTE: It is not expected that this will affect any current usage. See the PR for details.
Added
BINARYextention to#append(RFC3516) by @nevans in #616LITERAL+andLITERAL-non-synchronizing literals (RFC7888) by @nevans in #649ScramAuthenticator#max_iterationsby @nevans in #654number64andnz-number64to NumValidator by @nevans in #625MailboxQuota#quota_rootalias by @nevans in #636Net::IMAP#inspectwith basic state by @nevans in #612ResponseParseError#parser_methods(and override#==) by @nevans in #615Fixed
attras anatomin #658#setquotastorage limit argument in #659SSLContext#setupinstead of#freezeby @idahomst in #627#get_tagged_responseby @nevans in #633SearchResult#to_sequence_setin #644, reported by @QuintasanDocumentation
.documentand.rdoc_optionsfiles, where possible by @nevans in #619Other Changes
Miscellaneous
#setquotaby @nevans in #636New Contributors
Full Changelog: ruby/net-imap@v0.6.3...v0.6.4
v0.6.3Compare Source
What's Changed
Added
#detailed_messagetoResponseParseErrorby @nevans in #599TERMandFORCE_COLORby @nevans in #607NO_COLOR) by @nevans in #609Config#overrides?(opposite of#inherited?) by @nevans in #610Config#inherits_defaults?by @nevans in #611Fixed
resp-textwith invalidresp-text-codeby @nevans in #601Config.version_defaultsshould be read only by @nevans in #594Other Changes
Config::AttrAccessorsa little by @nevans in #606Fixes for unreleased code:
resp-textfallback by @nevans in #605Miscellaneous
Full Changelog: ruby/net-imap@v0.6.2...v0.6.3
v0.6.2Compare Source
What's Changed
Fixed
SequenceSet#delete?(num..num)to return set by @nevans in #583#responses()freezing internal arrays by @nevans in #587, reported by @yurikoval in #581Full Changelog: ruby/net-imap@v0.6.1...v0.6.2
v0.6.1Compare Source
What's Changed
Fixed
SequenceSet#max(n)whencardinality < n <= sizeby @nevans in #580Miscellaneous
Full Changelog: ruby/net-imap@v0.6.0...v0.6.1
v0.6.0Compare Source
What's Changed
Breaking Changes
v0.6by @nevans in #539responses_without_blockchanged from:warnto:frozen_dupparser_use_deprecated_uidplus_datachanged from:up_to_max_sizetofalse(and is deprecated)parser_max_deprecated_uidplus_data_sizechanged from100to0(and is deprecated)SequenceSet#sizeto count*and repeated numbers by @nevans in #564SequenceSetis used to represent both sorted sets and ordered lists (which may contain duplicates). Members are non-zero UInt32 numbers, but"*"has special meaning as "the number corresponding to the last mailbox entry". So there are four different ways to count the members of aSequenceSet.Previously,
#sizewas an alias for#count. Now it differs in both relevant aspects.*is a unique member*is treated like 2³² - 1#cardinality#count#size#count_with_duplicatesUIDPlusDatawas deprecated by v0.5.6.AppendUIDDataorCopyUIDDatawill always be returned instead.MessageSetby @nevans in #573MessageSetwas deprecated by v0.5.0. UseSequenceSetinstead.This changes the YAML tag for
Datasubclasses fromruby/object:Net::IMAP::DataSubclasstoruby/data:Net::IMAP::DataSubclass. YAML dumped by earliernet-imapversions may not load correctly. Psych >= 5.2.5 is required to dump these objects correctly.OpenSSLandOpenSSL::SSLmodules intoNet::IMAPby @nevans in #533This only affects the ability to use OpenSSL constants from the
Net::IMAPnamespace.verify_callbacktoVerifyCallbackProcby @nevans in #534This functionality was never documented and is redundant with the
verify_callbackoption.Deprecated
The
parser_use_deprecated_uidplus_dataandparser_max_deprecated_uidplus_data_sizeconfig options will be removed in v0.7.0. They are kept for backward compatibility, but they do not affect response parser results. Whenparser_use_deprecated_uidplus_datais changed from the default value (false), deprecation warnings are printed when parsingAPPENDUIDorCOPYUIDresponse codes.Added
when_capabilities_cachedoption forConfig#sasl_irby @nevans in #561Net::IMAP::ConfigimprovementsConfig#inspectoutput by @nevans in #546Config#pretty_print(forKernel::pp) by @nevans in #547Config#inherited?for any number of args by @nevans in #552Net::IMAP::SequenceSetimprovementsSequenceSet#intersect!for in-place setANDby @nevans in #549SequenceSet#xor!for in-place setXORby @nevans in #550SequenceSet#appendby @nevans in #553SequenceSet#normalized?by @nevans in #558SequenceSet#cardinalitymethod by @nevans in #563SequenceSet#sizeto count*and repeated numbers by @nevans in #564Net::IMAP::NumValidatorimprovementsmod-sequence-valzer(RFC4551) inNumValidatorby @nevans in #570NumValidator.coerce_{type}methods by @nevans in #571Documentation
#uid_fetchwithpartialby @nevans in #532Other Changes
Datapolyfill by @nevans in #541This was only used for ruby 3.1, which is no longer supported. So this is not considered a breaking change.
Net::IMAP::SequenceSetperformanceSequenceSet#stringon normalized sets by @nevans in #554SequenceSet#normalizewhen frozen by @nevans in #556SequenceSet#full?by @nevans in #565SequenceSet#xorby @nevans in #567SequenceSetinternals by @nevans in #562SequenceSetinternals by @nevans in #568Miscellaneous
release.ymlforgithub_actionslabel by @nevans in #557Full Changelog: ruby/net-imap@v0.5.12...v0.6.0
v0.5.15Compare Source
What's Changed
🔒 Security
This release fixes several more security vulnerabilities which are related to the fixes in
v0.5.14. Please see the linked security advisories for more information.This vulnerability depends how the server interprets non-synchronizing literals.
The connection is not vulnerable if the server supports non-synchronizing literals.
IDvalues contain only valid bytes by @nevans in #703 (backports #698)#enablearguments are all atoms by @nevans in #703 (backport #699)NOTE:
#enableshould never be called with untrusted input.This results in the affected command hanging until the connection is closed. If another thread attempts to send a concurrent pipelined command, the first thread will return with a syntax error and the second thread will hang until the connection closes.
{0}in RawData validation by @nevans in #703 (backports #700)Fixed
#disconnectby @nevans in #697 (backports #686)Documentation
Other Changes
RawData.new, AddRawData.splitby @nevans in #696 (backports #679)Miscellaneous
Full Changelog: ruby/net-imap@v0.5.14...v0.5.15
v0.5.14Compare Source
What's Changed
🔒 Security
This release contains fixes for multiple vulnerabilities concerning
STARTTLSstripping, argument validation, and denial of service attacks.Added
ScramAuthenticator#max_iterations(backports #654) in #656, reported by @MasamuneeeFixed
version_defaultsshould be attr_reader (backports #594) by @nevans in #631Other Changes
Miscellaneous
Full Changelog: ruby/net-imap@v0.5.13...v0.5.14
v0.5.13Compare Source
What's Changed
Fixed
SequenceSet#delete?(num..num)to return set (backport to 0.5) by @nevans in #585SequenceSet#max(n)whencardinality < n <= size(backport to 0.5) by @nevans in #586config.responses_without_block = :frozen_dup(backport to 0.5) by @nevans in #588, reported by @yurikoval in #581Documentation
#uid_fetchwithpartialby @nevans in #532Other Changes
Config.versioned_defaultsto reduce merge conflicts (backport to 0.5) by @nevans in #584Miscellaneous
Full Changelog: ruby/net-imap@v0.5.12...v0.5.13
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.