Skip to content

chore(deps): bump lettre from 0.11.21 to 0.11.22#868

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/cargo/develop/lettre-0.11.22
Open

chore(deps): bump lettre from 0.11.21 to 0.11.22#868
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/cargo/develop/lettre-0.11.22

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 14, 2026
edited
Loading

Bumps lettre from 0.11.21 to 0.11.22.

Release notes

Sourced from lettre's releases.

v0.11.22 - update now if you're using Boring TLS

Security

  • Fix inverted TLS hostname verification flag in boring-tls backend that silently disabled hostname verification f5efffc

Bug Fixes

  • Cap read_response buffer to prevent unbounded memory growth #1143

Misc

  • Upgrade rustls-platform-verifier to v0.7 #1136
Changelog

Sourced from lettre's changelog.

v0.11.22 (2026-05-14)

Security

  • Fix inverted TLS hostname verification flag in boring-tls backend that silently disabled hostname verification (f5efffc)

Bug Fixes

  • Cap read_response buffer to prevent unbounded memory growth (#1143)

Misc

  • Upgrade rustls-platform-verifier to v0.7 (#1136)

#1136: lettre/lettre#1136 #1143: lettre/lettre#1143

Commits
  • 9b88c4f Prepare v0.11.22
  • f5efffc fix(transport-smtp): negate hostname-verify flag for boring-tls
  • f62f304 fix(transport-smtp): cap read_response buffer
  • fa402db build(deps): upgrade rustls-platform-verifier to v0.7
  • See full diff in compare view

@dependabot dependabot Bot added Build | Project System Compiling and Packaging Dependencies Related to Dependencies labels May 14, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 14, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.53%. Comparing base (843aaff) to head (1485757).

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop     #868      +/-   ##
===========================================
+ Coverage    68.52%   68.53%   +0.01%     
===========================================
  Files          161      161              
  Lines        13111    13111              
  Branches     13111    13111              
===========================================
+ Hits          8984     8986       +2     
+ Misses        3853     3850       -3     
- Partials       274      275       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dependabot
chore(deps): bump lettre from 0.11.21 to 0.11.22
1485757 
Bumps [lettre](https://github.com/lettre/lettre) from 0.11.21 to 0.11.22.
- [Release notes](https://github.com/lettre/lettre/releases)
- [Changelog](https://github.com/lettre/lettre/blob/master/CHANGELOG.md)
- [Commits](lettre/lettre@v0.11.21...v0.11.22)

---
updated-dependencies:
- dependency-name: lettre
  dependency-version: 0.11.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/develop/lettre-0.11.22 branch from 92eefc7 to 1485757 Compare May 15, 2026 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Build | Project System Compiling and Packaging Dependencies Related to Dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants