Bump github.com/wneessen/go-mail from 0.4.2 to 0.7.1

[dependabot]

Bumps github.com/wneessen/go-mail from 0.4.2 to 0.7.1.

Release notes

Sourced from github.com/wneessen/go-mail's releases.

v0.7.1: Vulnerability fix in mail address handling

[!IMPORTANT] This release fixes a vulnerability. All users are encouraged to update to this release at their earliest convenience.

Welcome to go-mail v0.7.1!

This is a security release, which addresses a bug that causes insufficient address encoding when passing mail addresses to the SMTP client, which could lead to possible wrong address routing or even to ESMTP parameter smuggling.

The details of the bug are outlined in #495 and in the go-mail security advisory: GHSA-wpwj-69cm-q9c5 Github assigned the following CVE for this vulnerability: CVE-2025-59937

The vulnerability has been reported by xclow3n. Thank you very much for the detailed report and the thorough testing!

What's Changed

• Fix vulnerability in mail address passing to the smtp client by @​wneessen in wneessen/go-mail#496

Full Changelog: wneessen/go-mail@v0.7.0...v0.7.1

v0.6.2: Bugfix release

Welcome to go-mail v0.6.2! This release fixes some bugs and makes go-mail ready for Go 1.24.

Fix regression of custom SMTP authentication handling

PR #429 fixes a regression in the handling of custom smtp.Auth methods that was introduced with the v0.6.0 release. Basically, if a custom SMTP auth method was provided, it was simply ignored. Thanks to @​james-d-elliott of the Authelia project for reporting this.

Fix possible nil pointer derefernece in SendWithSMTPClient

With commit wneessen/go-mail@4641da4 we fixed a possible nil pointer dereference in the SendWithSMTPClient method. This would happen if a nil message would be provided to the method. This bug was reported using Github's private vulnerability reporting feature by @​younes199511. Thanks for the report!

Header count logic improvements

PR #421 fixed an issue in the header count logic that is used for S/MIME signing. If a header was broken into mutliple lines due to its lenght, the count logic was giving false results, resulting into false content for the S/MIME signature. Thanks to @​theexiile1305 for reporting the issue and helping to debug the issue!

Go 1.24 readiness

The PRs #431 and #433 make go-mail and its CI ready for Go 1.24.

What's Changed

• Refactor header count logic for accurate line tracking by @​wneessen in wneessen/go-mail#421
• chore: improve tests for multipart messages by @​wneessen in wneessen/go-mail#422
• Add tests for handling nil messages in email client by @​wneessen in wneessen/go-mail#427
• Fix regression of custom smtp.Auth not working by @​wneessen in wneessen/go-mail#429
• Skip tests for broken rand.Reader on Go 1.24+. by @​wneessen in wneessen/go-mail#433
• chore: update CI to Go 1.24 by @​wneessen in wneessen/go-mail#431
• Update version to 0.6.2 and fix typo in documentation by @​wneessen in wneessen/go-mail#434

CI/CD maintenance changes

• Bump golang.org/x/text from 0.21.0 to 0.22.0 by @​dependabot in wneessen/go-mail#425
• Bump golang.org/x/crypto from 0.32.0 to 0.33.0 by @​dependabot in wneessen/go-mail#426

Full Changelog: wneessen/go-mail@v0.6.1...v0.6.2

v0.6.1: Fix for multipart message rendering

... (truncated)

Commits

• 42e92cf Merge pull request #496 from wneessen/bugfix/495_mail-address-parsing
• c3c0757 Refactored error handling and return values across multiple files
• 06b3fce Fixed test case and replaced hidden Unicode character for address injection t...
• 158baff Bumped version to v0.7.1
• 591f073 Added tests to validate email address injection handling
• f61143a Refactored sender handling to make use of net/mail's mail address stringifica...
• 0dcdac6 Added test for handling quoted local-part in recipients (issue #495)
• ff718ad Refactored recipient handling to make use of net/mail's mail address stringif...
• ac1eb03 Merge pull request #494 from wneessen/switch-pbkdf2-to-stdlib
• 0508d94 Removed internal PBKDF2 implementation and replaced with Go's standard library
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #56.