Bump github.com/wneessen/go-mail from 0.5.0 to 0.5.1

[dependabot]

Bumps github.com/wneessen/go-mail from 0.5.0 to 0.5.1.

Release notes

Sourced from github.com/wneessen/go-mail's releases.

v0.5.1: SMTP auth fixes and logging optimizations

Welcome to go-mail v0.5.1! This release brings a bug fix and some optimizations around logging.

Regression fix for SMTP authentication

With v0.5.0 we unintentionally introduced a regression for the SMTP authentication part of go-mail - at least for some edge cases. As reported in #332, in case the user did not provide an explicit SMTP authentication option, the Client would fail with an "server does not support SMTP AUTH" error. The quick work-around was setting SMTP Auth to "Custom" as pointed out in #328. While it improved the security of the package, as it would not skip authentication if none was given, it was breaking in some edge cases and the "Custom" auth type was not meant to be the default.

We now changed the SMTPAuthNoAuth from an empty string to "NOAUTH". This value is set as default for the Client in NewClient. This way we always have a fixed assignment and an empty string would not skip authentication. The auth() method has been updated to either assign the smtp.Auth function if SMTPAuthType is not set to "NOAUTH" or skip the part there is already an auth function set (this would only happen when SetSMTPAuthCustom or WithSMTPAuthCustom were used).

If SMTPAuthType is set to an empty string, the authentication assignment would fail as it is a not supported mechanism, therefore making sure that the client wouldn't accidentaly skip the authentication at all.

We are sorry if this broke your code with the v0.5.0 release. Thanks to @​james-d-elliott and @​ugexe for reporting this and for testing the fix.

SMTP authentication data logging

go-mail claims to ship with sane defaults. While this is true, there was one aspect where this wasn't true: debug logging. The debug logger would potentially expose SMTP authentication data to the logs, which could pose a risk. With v0.5.1 we now redact SMTP authentication data by default as a sane and secure default. We realize though, that you sometimes need access to the authentication data. Therefore two new options were introduced to the Client: WithLogAuthData() and SetLogAuthData(bool). With either of these you can instruct the Client to log full SMTP authentication data again.

Simplification of the message ID generation

As pointed out by @​mitar in #326, the way we generated the message ID was much to complicated using different sources of randomness while already using a secure string generator. #329 simplied the message ID generation to only use the secure string generator and get rid of the rest of the strings and numbers we added to the message ID. We now have 64 possible characters to generate a 22 character long string, which provides approx. 132 bits of entropy. This should more than enough to guarantee a unique ID for each message.

What's Changed

• Simplify message id generation and get rid of randnum by @​wneessen in wneessen/go-mail#329
• Redact logging of SMTP authentication data by @​wneessen in wneessen/go-mail#338
• Add default SMTP authentication type to NewClient by @​wneessen in wneessen/go-mail#335
• code duplication reduction for jsonlog.go and stdlog.go by @​sarff in wneessen/go-mail#336

CI/CD maintenance changes

• Bump actions/upload-artifact from 4.4.0 to 4.4.1 by @​dependabot in wneessen/go-mail#331
• Bump github/codeql-action from 3.26.11 to 3.26.12 by @​dependabot in wneessen/go-mail#330
• Bump actions/upload-artifact from 4.4.1 to 4.4.2 by @​dependabot in wneessen/go-mail#333
• Bump actions/upload-artifact from 4.4.2 to 4.4.3 by @​dependabot in wneessen/go-mail#334
• Bump github/codeql-action from 3.26.12 to 3.26.13 by @​dependabot in wneessen/go-mail#337

New Contributors

• @​sarff made their first contribution in wneessen/go-mail#336. Thank you very much!

Full Changelog: wneessen/go-mail@v0.5.0...v0.5.1

Commits

• 8ea80c0 Update doc.go
• 9ae7681 Merge pull request #336 from sarff/log-opt
• e854b21 Merge pull request #335 from wneessen/bug/332_server-does-not-support-smtp-au...
• bb2fd0f Merge pull request #338 from wneessen/feature/no_auth_logging
• 3234c13 Add tests for SetLogAuthData method
• 0944296 Enable logging of SMTP authentication data
• 55a5d02 Add support for configurable SMTP auth data logging
• 73663f6 Merge pull request #337 from wneessen/dependabot/github_actions/github/codeql...
• 4957941 Bump github/codeql-action from 3.26.12 to 3.26.13
• 7acfe80 Redact authentication logs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)