Skip to content

Bump net-imap from 0.5.6 to 0.5.7#1479

Merged
Obsiye merged 1 commit intomainfrom
dependabot/bundler/net-imap-0.5.7
Mar 31, 2026
Merged

Bump net-imap from 0.5.6 to 0.5.7#1479
Obsiye merged 1 commit intomainfrom
dependabot/bundler/net-imap-0.5.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 29, 2025
edited
Loading

Bumps net-imap from 0.5.6 to 0.5.7.

Release notes

Sourced from net-imap's releases.

v0.5.7

What's Changed

🔒 Security

This release adds two features to prevent unbounded memory use: the response_handlers keyword argument to Net::IMAP.new (ruby/net-imap#419) so response handlers can be added before the server can send any responses, and the max_response_size config attribute (ruby/net-imap#444, GHSA-j3g3-5qv5-52mj, CVE-2025-43857, reported by @​Masamuneee).

[!NOTE] The default max_response_size is extremely high, to avoid issues with secure connections to trusted servers that are well-behaved. It can be configured more conservatively to guard against untrusted servers (for example, connecting to user-provided hostnames). It is the responsibility of net-imap users to configure their client appropriately for the server they are connecting to.

Added

Documentation

Other Changes

Miscellaneous

Full Changelog: ruby/net-imap@v0.5.6...v0.5.7

Commits
  • 364869b 🔖 Bump version to v0.5.7
  • 10137ba 🔀 Merge pull request #444 from ruby/limit-response-size
  • b6bdee2 ✨ Make max_response_size configurable
  • 0ae8576 ✨ Limit max response size to 512MiB (hard-coded)
  • b32b675 ♻️ Save ResponseReader ivars: @​buff & @​literal_size
  • d28879e 🔀 Merge pull request #433 from ruby/response_reader
  • 18bc621 ♻️ Extract ResponseReader from get_response
  • b1413c6 ✨ Customize SequenceSet YAML serialization
  • d839268 🔀 Merge pull request #429 from ruby/rational-config-versions
  • c7732e6 ♻️ Add default_proc to Config.version_defaults
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Apr 29, 2025
@Obsiye
Copy link
Copy Markdown
Contributor

Obsiye commented Mar 31, 2026

@dependabot rebase

@dependabot
Bump net-imap from 0.5.6 to 0.5.7
36ef4fb 
Bumps [net-imap](https://github.com/ruby/net-imap) from 0.5.6 to 0.5.7.
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](ruby/net-imap@v0.5.6...v0.5.7)

---
updated-dependencies:
- dependency-name: net-imap
  dependency-version: 0.5.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/net-imap-0.5.7 branch from 19f31a3 to 36ef4fb Compare March 31, 2026 08:56
@Obsiye Obsiye merged commit 1dd8ae9 into main Mar 31, 2026
8 checks passed
@Obsiye Obsiye deleted the dependabot/bundler/net-imap-0.5.7 branch March 31, 2026 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Obsiye Obsiye Obsiye approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Obsiye