Bump net-imap from 0.6.4 to 0.6.4.1

[dependabot]

Bumps net-imap from 0.6.4 to 0.6.4.1.

Release notes

Sourced from net-imap's releases.

v0.6.4.1

What's Changed

🔒 Security

This release fixes several more security vulnerabilities which are related to the fixes in v0.6.4. Please see the linked security advisories for more information.

• (moderate) Command Injection via non-synchronizing literal in "raw" argument (CVE-2026-47240, GHSA-8p34-64r3-mwg8) This vulnerability depends how the server interprets non-synchronizing literals. The connection is not vulnerable if the server supports non-synchronizing literals.
  • 🥅 Validate non-synchronizing literals support by @​nevans in ruby/net-imap#701
• (moderate) Command Injection via unvalidated ID and ENABLE arguments (CVE-2026-47242, GHSA-46q3-7gv7-qmgg)
  • 🥅 Validate ID values contain only valid bytes by @​nevans in ruby/net-imap#698
  • 🥅 Validate #enable arguments are all atoms by @​nevans in ruby/net-imap#699 NOTE: #enable should never be called with untrusted input.
• (low) Denial of Service via incomplete "raw" argument validation (CVE-2026-47241, GHSA-c4fp-cxrr-mj66) This results in the affected command hanging until the connection is closed. If another thread attempts to send a concurrent pipelined command, the first thread will return with a syntax error and the second thread will hang until the connection closes.
  • Reported by @​fg0x0
  • 🐛 Prevent trailing {0} in RawData validation by @​nevans in ruby/net-imap#700

Added

• 🔍 Add more detail to Net::IMAP#inspect TLS info by @​nevans in ruby/net-imap#674

Fixed

• 🔧 Disallow config.max_non_synchronizing_literal = nil by @​nevans in ruby/net-imap#672
• 🧵 Fix deadlock in #disconnect by @​nevans in ruby/net-imap#686
• 🥅 Validate that Atom and Flag are not empty by @​nevans in ruby/net-imap#684

Documentation

• ⚠️ Boost visibility of raw data argument documentation warnings by @​nevans in ruby/net-imap#677

Other Changes

• 🏷️ Allow 64-bit Integer arguments by @​nevans in ruby/net-imap#675
• 🥅 Ensure send_number_data input is an Integer by @​nevans in ruby/net-imap#676
• ♻️ Improve RawData.new, Add RawData.split by @​nevans in ruby/net-imap#679
• 🏷️ Less strict number string coercion, to match RFCs by @​nevans in ruby/net-imap#680
• 🥅 Validate response literal byte size format by @​nevans in ruby/net-imap#681

Miscellaneous

• ⬆️ Bump step-security/harden-runner from 2.19.0 to 2.19.1 by @​dependabot[bot] in ruby/net-imap#673
• ✅ Improvements to tests' FakeServer by @​nevans in ruby/net-imap#678
• ⬆️ Bump step-security/harden-runner from 2.19.1 to 2.19.3 by @​dependabot[bot] in ruby/net-imap#682
• ⬆️ Bump step-security/harden-runner from 2.19.3 to 2.19.4 by @​dependabot[bot] in ruby/net-imap#683

Full Changelog: ruby/net-imap@v0.6.4...v0.6.4.1

Commits

• 357f3b5 🔖 Bump version to 0.6.4.1
• e066b83 🔀 Merge pull request #701 from ruby/security/validate-non_sync_literal-support
• 0ea9eba ✅ Fix flaky tests for MacOS, TruffleRuby
• 5cad699 🔀 Merge pull request #700 from ruby/security/fix-raw_data-trailing-literal-ma...
• 5a0af4a 🔀 Merge pull request #699 from ruby/security/validate-enable-arguments
• b9d1972 🔀 Merge pull request #698 from ruby/security/validate-quoted-data
• 07e002b ♻️ Use QuotedString internally to send quoted string
• ae9f83b ♻️ Extract str.bytesize lvar in send_literal
• d6ddd29 🐛 Prevent trailing {0} in RawData validation
• 1f97168 🥅 Validate #enable arguments are all atoms
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.93%. Comparing base (587fa1f) to head (5711536).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2053   +/-   ##
=======================================
  Coverage   91.93%   91.93%           
=======================================
  Files         159      159           
  Lines        7328     7328           
=======================================
  Hits         6737     6737           
  Misses        591      591           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.