Skip to content

Bump net-imap gem to address dependabot issue#1954

Merged
Shinomix merged 1 commit intomainfrom
bump-net-imap-gem
Mar 17, 2025
Merged

Bump net-imap gem to address dependabot issue#1954
Shinomix merged 1 commit intomainfrom
bump-net-imap-gem

Conversation

@Shinomix
Copy link
Contributor

@Shinomix Shinomix commented Mar 17, 2025

What this PR does

Address "Possible DoS by memory exhaustion in net-imap" dependabot alert by bumping net-imap gem to v0.4.19 which closes CVE-2025-25186.

Reviewer's guide to testing

net-imap is a sub-dependency of activemailer, through mail. Release v0.4.19 do not include breaking changes, rollout should be transparent.

Checklist

Before submitting the PR, please consider if any of the following are needed:

  • Update CHANGELOG.md if the changes would impact users
  • Update README.md, if appropriate.
  • Update any relevant pages in /docs, if necessary
  • For security fixes, the Disclosure Policy must be followed.

@Shinomix Shinomix requested a review from hubb March 17, 2025 14:15
@Shinomix Shinomix requested a review from a team as a code owner March 17, 2025 14:15
@Shinomix Shinomix force-pushed the bump-net-imap-gem branch from a3ff2a9 to 6aa2100 Compare March 17, 2025 14:18
@Shinomix Shinomix merged commit 278d384 into main Mar 17, 2025
8 checks passed
@Shinomix Shinomix deleted the bump-net-imap-gem branch March 17, 2025 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants