Bump github.com/wneessen/go-mail from 0.4.2 to 0.7.2

[dependabot]

Bumps github.com/wneessen/go-mail from 0.4.2 to 0.7.2.

Release notes

Sourced from github.com/wneessen/go-mail's releases.

v0.7.2: Formatted mail address handling regression fix

Welcome to go-mail v0.7.2!

Unfortunately with the v0.7.1 vulnerability fix, a regression was introduced when formatted mail address with full name ("Toni Tester" <toni.tester@example.com> were used, resulting in only the mail address (<toni.tester@example.com>) being handed over to the SMTP client. This bug was spotted and reported by @​NCRonB in #497 - thank you very much for the report.

Sorry for any incovenience this might have caused!

What's Changed

• Refactored address handling for improved consistency and formatting by @​wneessen in wneessen/go-mail#498

Full Changelog: wneessen/go-mail@v0.7.1...v0.7.2

v0.7.1: Vulnerability fix in mail address handling

[!IMPORTANT] This release fixes a vulnerability. All users are encouraged to update to this release at their earliest convenience.

Welcome to go-mail v0.7.1!

This is a security release, which addresses a bug that causes insufficient address encoding when passing mail addresses to the SMTP client, which could lead to possible wrong address routing or even to ESMTP parameter smuggling.

The details of the bug are outlined in #495 and in the go-mail security advisory: GHSA-wpwj-69cm-q9c5 Github assigned the following CVE for this vulnerability: CVE-2025-59937

The vulnerability has been reported by xclow3n. Thank you very much for the detailed report and the thorough testing!

What's Changed

• Fix vulnerability in mail address passing to the smtp client by @​wneessen in wneessen/go-mail#496

Full Changelog: wneessen/go-mail@v0.7.0...v0.7.1

v0.6.2: Bugfix release

Welcome to go-mail v0.6.2! This release fixes some bugs and makes go-mail ready for Go 1.24.

Fix regression of custom SMTP authentication handling

PR #429 fixes a regression in the handling of custom smtp.Auth methods that was introduced with the v0.6.0 release. Basically, if a custom SMTP auth method was provided, it was simply ignored. Thanks to @​james-d-elliott of the Authelia project for reporting this.

Fix possible nil pointer derefernece in SendWithSMTPClient

With commit wneessen/go-mail@4641da4 we fixed a possible nil pointer dereference in the SendWithSMTPClient method. This would happen if a nil message would be provided to the method. This bug was reported using Github's private vulnerability reporting feature by @​younes199511. Thanks for the report!

Header count logic improvements

PR #421 fixed an issue in the header count logic that is used for S/MIME signing. If a header was broken into mutliple lines due to its lenght, the count logic was giving false results, resulting into false content for the S/MIME signature. Thanks to @​theexiile1305 for reporting the issue and helping to debug the issue!

Go 1.24 readiness

The PRs #431 and #433 make go-mail and its CI ready for Go 1.24.

What's Changed

• Refactor header count logic for accurate line tracking by @​wneessen in wneessen/go-mail#421
• chore: improve tests for multipart messages by @​wneessen in wneessen/go-mail#422

... (truncated)

Commits

• b56b66c Merge pull request #498 from wneessen/bugfix/497_address-name-is-not-included...
• a08e65e Bumped version to v0.7.2
• 80d1896 Refactored address handling for improved consistency and formatting
• 42e92cf Merge pull request #496 from wneessen/bugfix/495_mail-address-parsing
• c3c0757 Refactored error handling and return values across multiple files
• 06b3fce Fixed test case and replaced hidden Unicode character for address injection t...
• 158baff Bumped version to v0.7.1
• 591f073 Added tests to validate email address injection handling
• f61143a Refactored sender handling to make use of net/mail's mail address stringifica...
• 0dcdac6 Added test for handling quoted local-part in recipients (issue #495)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.