Update module mellium.im/xmpp to v0.22.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
mellium.im/xmpp	v0.21.4 → v0.22.0

---

Mellium allows Authentication Bypass by Spoofing

CVE-2024-46957 / GHSA-98hf-m87w-cq6h

More information

Details

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing because the stanza type is not checked. This is fixed in 0.22.0.

Severity

• CVSS Score: 9.3 / 10 (Critical)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-46957
• https://codeberg.org/mellium/xmpp/releases
• https://mellium.im/cve/cve-2024-46957
• https://codeberg.org/mellium/xmpp/releases/tag/v0.22.0
• https://github.com/advisories/GHSA-98hf-m87w-cq6h

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
mellium.im/sasl	v0.3.1 -> v0.3.2

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 40.42%. Comparing base (2528a15) to head (394793e).
⚠️ Report is 7 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #584      +/-   ##
==========================================
- Coverage   40.57%   40.42%   -0.16%     
==========================================
  Files          91       91              
  Lines        7206     7223      +17     
==========================================
- Hits         2924     2920       -4     
- Misses       3993     4013      +20     
- Partials      289      290       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
mellium.im/sasl	v0.3.1 -> v0.3.2