v0.3.4: Dependency/Security update

This is a maintenance release to update dependencies and to release the packages with the latest Go version 1.22.2, which fixes a security vulnerbility in net/http.

What's Changed

• build(deps): bump github.com/labstack/echo/v4 from 4.11.2 to 4.11.3 by @dependabot in #62
• build(deps): bump github.com/labstack/gommon from 0.4.0 to 0.4.1 by @dependabot in #63
• build(deps): bump github.com/kkyr/fig from 0.3.2 to 0.4.0 by @dependabot in #64
• build(deps): bump github.com/labstack/gommon from 0.4.1 to 0.4.2 by @dependabot in #65
• build(deps): bump github.com/labstack/echo/v4 from 4.11.3 to 4.11.4 by @dependabot in #66
• build(deps): bump github.com/wneessen/go-mail from 0.4.0 to 0.4.1 by @dependabot in #67
• [StepSecurity] Apply security best practices by @step-security-bot in #68
• build(deps): bump actions/setup-go from 3.5.0 to 5.0.0 by @dependabot in #72
• build(deps): bump docker/build-push-action from 5.0.0 to 5.3.0 by @dependabot in #71
• build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #73
• build(deps): bump sigstore/cosign-installer from 3.1.1 to 3.4.0 by @dependabot in #69
• build(deps): bump github/codeql-action from 1.1.39 to 3.24.8 by @dependabot in #70
• Remove cosign version specification in Docker workflow by @wneessen in #74
• Remove .idea from VCS by @wneessen in #75
• Update scorecards.yml configuration and action versions by @wneessen in #76
• [StepSecurity] Apply security best practices by @step-security-bot in #77
• Update codeql-analysis.yml configuration and runner conditions by @wneessen in #78
• Improve Swift and Go conditions in codeql-analysis.yml by @wneessen in #79
• Create codeql.yml by @wneessen in #80
• [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #81
• Fix sec findings by @wneessen in #82
• Add read-only permissions to SonarQube workflow file by @wneessen in #83
• build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.2.0 by @dependabot in #88
• build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in #87
• build(deps): bump actions/dependency-review-action from 2.5.1 to 4.2.3 by @dependabot in #86
• build(deps): bump docker/metadata-action from 5.0.0 to 5.5.1 by @dependabot in #85
• build(deps): bump actions/checkout from 2.7.0 to 4.1.2 by @dependabot in #84
• build(deps): bump actions/dependency-review-action from 4.2.3 to 4.2.4 by @dependabot in #89
• build(deps): bump github/codeql-action from 3.24.8 to 3.24.9 by @dependabot in #90
• build(deps): bump actions/dependency-review-action from 4.2.4 to 4.2.5 by @dependabot in #91
• build(deps): bump sonarsource/sonarqube-scan-action from 9ad16418d1dd6d28912bc0047ee387e90181ce1c to 53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0 by @dependabot in #92
• Update server.go by @wneessen in #93
• build(deps): bump golang from 0b55ab8 to c4fb952 by @dependabot in #94

New Contributors

• @step-security-bot made their first contribution in #68

Full Changelog: v0.3.3...v0.3.4

v0.3.3: Dependency/Security update

This is another dependency update that addresses the HTTP/2 Rapid Reset Attack.
It is advised to update to v0.3.3.

What's Changed

• build(deps): bump github.com/labstack/echo/v4 from 4.11.1 to 4.11.2 by @dependabot in #60
• Update server.go by @wneessen in #61

Full Changelog: v0.3.2...v0.3.3

v0.3.2: Maintenance/security release

This is a maintenance release mainly updating depencies.

Security note

For users of the Docker version provided here, this also updates the Go version js-mailer is compiled with to Go 1.21.3 which fixes a critical security flaw in the net/http package. It's highly advised to update to the latest Docker build.

What's Changed

• build(deps): bump github.com/labstack/echo/v4 from 4.10.1 to 4.10.2 by @dependabot in #53
• build(deps): bump github.com/wneessen/go-mail from 0.3.8 to 0.3.9 by @dependabot in #54
• build(deps): bump github.com/wneessen/go-mail from 0.3.9 to 0.4.0 by @dependabot in #55
• build(deps): bump github.com/labstack/echo/v4 from 4.10.2 to 4.11.1 by @dependabot in #56
• build(deps): bump github.com/kkyr/fig from 0.3.1 to 0.3.2 by @dependabot in #57
• build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 by @dependabot in #58
• Bump version to 0.3.2 by @wneessen in #59

Full Changelog: v0.3.1...v0.3.2

v0.3.1 Dependency updates

This is mainly a dependency update. In particular updaing Labstack Echo, which fixed a security vulnerabity in one of its dependencies. Read me: https://pkg.go.dev/vuln/GO-2023-1571

What's Changed

• Fix #44 code-smell by @wneessen in #45
• Bump github.com/wneessen/go-mail from 0.3.5 to 0.3.6 by @dependabot in #46
• Bump github.com/labstack/echo/v4 from 4.9.1 to 4.10.0 by @dependabot in #47
• Bump github.com/wneessen/go-mail from 0.3.6 to 0.3.7 by @dependabot in #48
• build(deps): bump github.com/wneessen/go-mail from 0.3.7 to 0.3.8 by @dependabot in #49
• build(deps): bump github.com/kkyr/fig from 0.3.0 to 0.3.1 by @dependabot in #50
• build(deps): bump github.com/labstack/echo/v4 from 4.10.0 to 4.10.1 by @dependabot in #51
• Dependency updates by @wneessen in #52

Full Changelog: v0.3.0...v0.3.1

v0.3.0: Cloudflare Turnstile support

This release adds support for the Cloudflare Turnstile captchas.

What's Changed

• Bump github.com/wneessen/go-mail from 0.3.4 to 0.3.5 by @dependabot in #40
• v0.3.0: Implement Cloudflare Turnstile as supported captcha feature by @wneessen in #42

Full Changelog: v0.2.9...v0.3.0

v0.2.9

What's Changed

• Bump github.com/wneessen/go-mail from 0.3.1 to 0.3.2 by @dependabot in #35
• Bump github.com/wneessen/go-mail from 0.3.2 to 0.3.3 by @dependabot in #36
• Bump github.com/wneessen/go-mail from 0.3.3 to 0.3.4 by @dependabot in #37
• v0.2.9: Update dependencies and introduce golangci-lint by @wneessen in #38

Dependencies updated

• github.com/ReneKroon/ttlcache/v2 v2.11.0 => github.com/jellydator/ttlcache/v2 v2.11.1
• github.com/mattn/go-colorable v0.1.13
• github.com/mitchellh/mapstructure v1.5.0
• github.com/pelletier/go-toml v1.9.5
• github.com/valyala/fasttemplate v1.2.2
• golang.org/x/crypto v0.2.0
• golang.org/x/sync

Full Changelog: v0.2.8...v0.2.9

v0.2.7: Dependecy updates

This is a maintenance release. No new features have been introduced but two dependencies have been updated:

• go-mail has been bumped to v0.2.7
• echo has been bumped to v4.9.0

v0.2.6: Maintenance release

This is a maintenance release. No new features have been introduced

Changes

• 574c52d Fixes some code smells that were identified by SonarQube
• 062adb5 Updates go-mail to v0.2.1 and updates yaml.v3 to v3.0.1 which fixes a vulnerability

v0.2.4: Go mail library replacement

This release replaces the legacy and unmaintained https://github.com/go-mail/mail library with my own go-mail implementation, which is maintained and follows modern and idomatic Go patterns.

v0.2.3: Reply-To header

17df8f1 adds the functionality to have the form mail automatically set a "Reply-To" header based on the mail address of a configurable form field, so the receiver of the form mail can press the "Reply" button to reach the sender.