Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-17 21:46:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
10,077 Commits 526 Branches 384 Tags
link2xt/delay-debugging
Commit Graph

123 Commits

Author SHA1 Message Date
link2xt
6a3ef20a99 chore(cargo): update rustls-webpki to 0.103.10 
Upgrading fixes RUSTSEC-2026-0049 for our usage
of TLS for SMTP and IMAP.

This introduces duplicate dependency because iroh
still depends 0.102.
 2026-03-24 12:09:20 +00:00
link2xt
017099215c chore: add RUSTSEC-2026-0049 exception to deny.toml 
We cannot upgrade the crate because it is a transitive dependency
and the issue described in
<https://rustsec.org/advisories/RUSTSEC-2026-0049>
is not dangerous because it requiers a compromised CA
and revoked certificate. Worst case that happens
with iroh is that outer layer of encryption to
iroh relay is compromised, but iroh traffic is
still encrypted between peers without relying on CAs.
 2026-03-23 19:49:49 +00:00
link2xt
7b700591f4 chore: add constant_time_eq 0.3.1 to deny.toml 2026-03-19 02:16:37 +00:00
link2xt
3d409c37a1 chore: remove RUSTSEC-2026-0002 exception from deny.toml 
It is an "unsound" advisory for a transitive dependency
and cargo-deny does not report them by default
since cargo-deny 0.19.0.
 2026-02-03 21:25:41 +00:00
link2xt
cdacad235e chore: update lru 0.12.3 to 0.12.5 and add RUSTSEC-2026-0002 exception 
Closes https://github.com/chatmail/core/issues/7692
 2026-01-07 20:18:32 +00:00
link2xt
646728372b chore: add RUSTSEC-2025-0134 exception to deny.toml 2025-12-06 12:56:16 +00:00
dependabot[bot]
ca2b4d7a6f chore(cargo): bump tokio from 1.45.1 to 1.48.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.45.1 to 1.48.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.45.1...tokio-1.48.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
 2025-11-29 21:20:08 -03:00
dependabot[bot]
b1e6cf2052 chore(cargo): bump rand from 0.9.0 to 0.9.2 (#7501) 2025-11-29 00:18:03 +00:00
link2xt
3c93f61b4d fix: migrate from tokio-tar to astral-tokio-tar 
tokio-tar is unmaintained and has unpatched CVE-2025-62518.
More details on CVE are in <https://edera.dev/stories/tarmageddon>.
tokio-tar is only used for transferring backups
and worst case is that by manually inspecting
a carefully crafted backup user will not see
the same files as get unpacked when importing a backup.
 2025-10-22 16:09:21 +00:00
dependabot[bot]
1e37cb8c3c chore(cargo): bump nu-ansi-term from 0.46.0 to 0.50.1 
Bumps [nu-ansi-term](https://github.com/nushell/nu-ansi-term) from 0.46.0 to 0.50.1.
- [Release notes](https://github.com/nushell/nu-ansi-term/releases)
- [Changelog](https://github.com/nushell/nu-ansi-term/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nushell/nu-ansi-term/compare/v0.46.0...v0.50.1)

---
updated-dependencies:
- dependency-name: nu-ansi-term
  dependency-version: 0.50.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-03 13:17:03 -03:00
dependabot[bot]
4258088fb4 chore(cargo): bump tracing-subscriber from 0.3.19 to 0.3.20 
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.19 to 0.3.20.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.19...tracing-subscriber-0.3.20)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-version: 0.3.20
  dependency-type: direct:production
...

Co-authored-by: iequidoo <dgreshilov@gmail.com>
 2025-08-30 14:21:08 -03:00
iequidoo
4f1bf1f13c chore(deny.toml): add exception for duplicate toml_datetime 0.6.11 dependency 2025-08-02 16:16:43 -03:00
link2xt
25f44c517a chore: update async-imap to 0.11.0 2025-07-21 15:03:15 +00:00
link2xt
fbae0739a6 chore(cargo): update cordyceps from 0.3.2 to 0.3.4 2025-07-11 22:07:27 +00:00
link2xt
b45d9aa464 chore: update rusqlite to 0.36.0 2025-06-21 13:46:00 +00:00
link2xt
48b2e2bc1f chore: sort the list in deny.toml 2025-06-21 13:46:00 +00:00
link2xt
026ddbf9f1 build: upgrade parking_lot to 0.12.4 2025-06-05 20:15:37 +00:00
Friedel Ziegelmayer
5c2af42cdd build: update to rPGP 0.16.0 (#6719) 
Co-authored-by: Heiko Schaefer <heiko@schaefer.name>
Co-authored-by: link2xt <link2xt@testrun.org>
 2025-05-29 13:06:18 +00:00
link2xt
ab3cd6a8f7 chore(deny.toml): add exception for deplicate spin 0.9.8 dependency 2025-05-16 04:14:27 +00:00
link2xt
079260a7cf chore: update async-smtp to 0.10.2 2025-05-13 16:18:25 +00:00
link2xt
fdec78c092 chore: remove duplicate miniz_oxide dependency 2025-05-13 15:25:56 +00:00
l
6661a0803e chore: update iroh from 0.33.0 to 0.35.0 (#6687) 2025-05-12 20:33:21 +00:00
link2xt
746b071be0 chore: update async-imap from 0.10.3 to 0.10.4 2025-04-07 19:07:33 +00:00
link2xt
d307e75b2f chore: update async-smtp from 0.10.0 to 0.10.1 2025-04-07 19:00:58 +00:00
link2xt
a2d5a10f84 chore(cargo): bump fd-lock from 4.0.2 to 4.0.4 2025-04-07 18:21:12 +00:00
link2xt
3aea6884ac chore(cargo): update textwrap from 0.16.1 to 0.16.2 
This removes duplicate unicode-width dependency.
 2025-04-02 01:49:07 +00:00
link2xt
df24532503 chore: update resolve-conf from 0.7.0 to 0.7.1 2025-03-20 12:32:11 +00:00
link2xt
94187f7ee1 chore: update strum dependency 2025-03-17 15:19:36 +00:00
link2xt
65ea456bd8 build: remove websocket support from deltachat-jsonrpc 
WebSocket support is not used
and is not maintained. It still uses
outdated axum 0.7 version
and does not have any authentication.

Delta Chat Desktop has a new browser target
that implements WebSocket support on top
of stdio server, supports blobs
and is tested in CI.
 2025-03-16 09:04:26 +00:00
link2xt
b6d4d10025 chore: update iroh to 0.33 2025-03-09 18:21:24 +00:00
link2xt
287829d385 build: use mailbuilder from crates.io 
This gets rid of the last git dependency.
 2025-03-09 17:53:59 +00:00
link2xt
d2e1e57890 chore: make cargo-deny happy 2025-03-08 01:45:13 +00:00
link2xt
f94b21d4aa chore: remove RUSTSEC-2025-0007 exception because "ring" is maintained again 
This backs out commit 985ef22d75.
 2025-02-22 18:20:05 +00:00
Hocuri
985ef22d75 chore: allow unmaintained "ring" library in deny.toml (#6562) 2025-02-22 11:12:11 +01:00
link2xt
67f768fec0 refactor: use mail-builder instead of lettre_email 2025-02-18 21:29:35 +00:00
link2xt
aaa02968d3 chore: add RUSTSEC-2025-0006 to deny.toml 2025-02-10 20:11:47 +00:00
link2xt
6f5620dad5 chore: update futures-concurrency 
This removes two duplicate dependencies.
 2025-02-05 03:21:13 +00:00
link2xt
1d55458781 chore: upgrade iroh from 0.31 to 0.32 2025-02-04 19:45:01 +00:00
link2xt
6297bb967a chore: upgrade iroh from 0.30 to 0.31 2025-02-04 19:16:50 +00:00
link2xt
258b5cde70 chore: update pgp to 0.15 2025-02-04 17:55:58 +00:00
dignifiedquire
5bde9b66d1 feat: upgrade to iroh@0.30.0 2025-01-28 03:26:57 +00:00
link2xt
a3734a5f87 Reapply "chore(cargo): bump rustyline from 14.0.0 to 15.0.0" 
This reverts commit 6cd6aca7b8.
 2025-01-23 02:59:10 +00:00
link2xt
3cbfb47b6e build: switch to non-git version of encoded-words 2025-01-19 10:51:46 +00:00
link2xt
8ec098210e fix: update shadowsocks crate to 1.22.0 to avoid panic when parsing some QR codes 
`aead-cipher` feature has become optional
and is disabled by default.
We enable it to avoid breaking compatibility.
 2025-01-03 23:56:47 +00:00
link2xt
6cd6aca7b8 Revert "chore(cargo): bump rustyline from 14.0.0 to 15.0.0" 
This reverts commit b74ff278ce.
 2024-12-17 17:21:20 +00:00
dependabot[bot]
b74ff278ce chore(cargo): bump rustyline from 14.0.0 to 15.0.0 
Bumps [rustyline](https://github.com/kkawakam/rustyline) from 14.0.0 to 15.0.0.
- [Release notes](https://github.com/kkawakam/rustyline/releases)
- [Changelog](https://github.com/kkawakam/rustyline/blob/master/History.md)
- [Commits](https://github.com/kkawakam/rustyline/compare/v14.0.0...v15.0.0)

---
updated-dependencies:
- dependency-name: rustyline
  dependency-type: direct:production
  update-type: version-update:semver-major
...
 2024-12-12 14:25:54 -03:00
link2xt
abe81d0b84 build: add idna 0.5.0 exception into deny.toml 2024-12-09 13:33:40 +00:00
link2xt
ff734ee24d chore(cargo): update rPGP to 0.14.2 2024-12-05 12:22:04 +00:00
link2xt
2ae98f963e chore: fixup deny.toml 2024-12-03 00:36:21 +00:00
link2xt
e7a29f0aa7 chore(cargo): update rPGP from 0.13.2 to 0.14.0 2024-11-14 09:31:40 +00:00