Bump simplejavamail.version from 8.8.3 to 8.9.0

[dependabot]

Bumps simplejavamail.version from 8.8.3 to 8.9.0.
Updates org.simplejavamail:simple-java-mail from 8.8.3 to 8.9.0

Release notes

Sourced from org.simplejavamail:simple-java-mail's releases.

v8.9.0 - Security update

#507: [security] Update 3rd party dependencies to get rid of all currently known CVE issues

Changes:

Dependencies:

• Spring 5.3.27 -> 5.3.34
• Spring Boot 2.5.15 -> 2.7.18
• commons-io 2.7 -> 2.11.0
• utils-mail-smime 2.3.1 -> 2.3.3
  • org.bouncycastle:bcjmail-jdk15to18 1.75 -> org.bouncycastle:bcjmail-jdk18on 1.78.1
• ical4j 2.2.4 -> ical4j-vcard 2.0.0-beta2

Other:

• Junit 4 -> Junit 5 (including Mockito, AssertJ and got rid of Powermock)
• maven-surefire-plugin 2.19.1 -> 3.2.5

v8.8.4 CVE smime-module (bouncycastle)

#506: [CVE] Upgrade utils-mail-smime dependency to 2.3.2, to resolve CVE issue in bouncycastle

Changelog

Sourced from org.simplejavamail:simple-java-mail's changelog.

v8.9.0 (26-April-2024)

• #507: [security] Update 3rd party dependencies to get rid of all currently known CVE issues (see issue for details)

v8.8.0 - v8.8.4

• v8.8.4 (23-April-2024): #506: Upgrade utils-mail-smime dependency to 2.3.2, to resolve CVE issue in bouncycastle
• v8.8.3 (13-April-2024): #502: [Bug] Message headers not treated with case insensitivity as per RFC, causing deviating headers to slip through the filters
• v8.8.2 (05-April-2024): #495: Add config support for 'verifyingServerIdentity' with SMTP, also: since Angus 1.1.0 server identity checks are on by default and can be countered by mailerBuilder.verifyingServerIdentity(false)
• v8.8.2 (05-April-2024): #501: [dependency] Update outlook-message-parser dependency, which has improved support for X500 addresses
• v8.8.1 (04-April-2024): #500: [bug] Fix parsing addresses from headers in EML files, like a Disposition-Notification-To with umlaut
• v8.8.0 (22-March-2024): #499: [Enhancement] Expose finer-grained DKIM configuration through the builder api and disable 'l-param' by default)

NOTE: this release changes the default for DKIM signing from 'l-param' true to false. If you rely on this feature, you need to enable it explicitly (see the updated https://www.simplejavamail.org/security.html#section-sending-dkim).

v8.7.0 - v8.7.1

• v8.7.1 (20-March-2024): #498: [Enhancement] Make S/MIME algorithms configurable (signature algorithm for signing, key encapsulation and cipher algorithms for encryption)
• v8.7.1 (20-March-2024): #497: [Bug] Order of attachments is lost when converting a MimeMessage to an Email
• v8.7.0 (20-March-2024): don't use this version: versioning messed up

NOTE: this breaks the API for S/MIME related builder methods. Refer to the S/MIME documentation for the new API.

v8.6.0 - v8.6.3

• v8.6.3 (13-February-2024): #491: [bug] Attachment body parts should separately parse Content-Disposition and ContentID, possible resulting in an downloadable attachment that is also embedded
• v8.6.2 (27-January-2024): #493: [bug] don't require smime-module when adding collection of headers (also used when copying email)
• v8.6.1 (18-January-2024): #487: Move header filtering from MimeMessageParser to EmailConverter, thereby enabling access to all parsed headers when using MimeMessageParser directly
• v8.6.1 (18-January-2024): #489: Finished update to Angus Mail by updating activation dependency
• v8.6.0 (17-January-2024): #489: Update to Angus Mail

NOTE: this release switches to Angus Mail which should be a transparent change, but if you encounter any issues, please report them. One known issue is that Angus, since 1.1.0, performs server identity checks by default, which was previously disabled for SMTP. If you encounter issues with this, you can disable it with mailerBuilder.verifyingServerIdentity(false) and starting from 8.8.2, this also works with SMTP transport strategy (see #495).

v8.5.0 - v8.5.1

• v8.5.1 (15-December-2023): #486: [dependency] Handle Outlook's Non-Standard S/MIME Signed Messages
• v8.5.0 (13-December-2023): #484: [bug] Addresses passed as string are not always interpreted correctly

v8.4.0 (12-December-2023)

• #483: Enhancement: add native support for overriding envelope-level receiver(s)

v8.3.0 - v8.3.5

... (truncated)

Commits

• 687ac7f released 8.9.0 [skip ci]
• d09e642 Merge branch 'refs/heads/develop'
• 04a91b9 Preparing release 8.9.0
• 080c5df Update utils-mail-smime version to 2.3.3, which upgrades to new bouncycastle ...
• 42a268f minor pom cleanup [skip ci]
• 728eff9 Merge branch 'refs/heads/master' into develop
• 15532bb released 8.8.4 [skip ci]
• 4177f67 Preparing release 8.8.4
• e6e4d19 Merge pull request #506 from rover886/patch-1
• 89656bc Update pom.xml
• Additional commits viewable in compare view

Updates org.simplejavamail:authenticated-socks-module from 8.8.3 to 8.9.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)