Skip to content

Commit 9759d62

Browse files
chore(deps): bump github.com/quic-go/quic-go from 0.37.0 to 0.37.3 (#573)
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.37.0 to 0.37.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/quic-go/quic-go/releases">github.com/quic-go/quic-go's releases</a>.</em></p> <blockquote> <h2>v0.37.3</h2> <p>This patch release</p> <ul> <li>fixes handling of ACK frames serialized after CRYPTO frames: <a href="https://redirect.github.com/quic-go/quic-go/issues/4018">#4018</a></li> <li>sets a <code>net.Conn</code> on the <code>tls.ClientHelloInfo</code> used on <code>GetCertificate</code> and <code>GetConfigForClient</code>, for <code>tls.Config</code>s returned (recursively) from <code>GetConfigForClient</code>: <a href="https://redirect.github.com/quic-go/quic-go/pull/4016">quic-go/quic-go#4016</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.2...v0.37.3">https://github.com/quic-go/quic-go/compare/v0.37.2...v0.37.3</a></p> <h2>v0.37.2</h2> <p>This patch release</p> <ul> <li>contains a backport of the fix that triggered the Go 1.20.7 / 1.19.12 patch release (<a href="https://github.com/golang/go/commit/2350afd2e8ab054390e284c95d5b089c142db017">https://github.com/golang/go/commit/2350afd2e8ab054390e284c95d5b089c142db017</a>): <a href="https://redirect.github.com/quic-go/quic-go/pull/4012">quic-go/quic-go#4012</a></li> <li>sets a <code>net.Conn</code> with the correct addresses on the <code>tls.ClientHelloInfo</code> used in <code>tls.Config.GetCertificate</code>: <a href="https://redirect.github.com/quic-go/quic-go/pull/4015">quic-go/quic-go#4015</a></li> </ul> <p>Note that in order to be protected against the DoS attack making use of large RSA keys, it's necessary to update to this patch release (for Go 1.20). For Go 1.21, please update the Go compiler.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.1...v0.37.2">https://github.com/quic-go/quic-go/compare/v0.37.1...v0.37.2</a></p> <h2>v0.37.1</h2> <p>This is a patch release fixing two regressions introduced in the v0.37.0 release:</p> <ul> <li>http3: fix check for content length of the response by <a href="https://github.com/imroc"><code>@​imroc</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/3998">quic-go/quic-go#3998</a></li> <li>set a net.Conn with the correct addresses on the tls.ClientHelloInfo by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4001">quic-go/quic-go#4001</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/imroc"><code>@​imroc</code></a> made their first contribution in <a href="https://redirect.github.com/quic-go/quic-go/pull/3998">quic-go/quic-go#3998</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.0...v0.37.1">https://github.com/quic-go/quic-go/compare/v0.37.0...v0.37.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617"><code>b6a4725</code></a> fix handling of ACK frames serialized after CRYPTO frames (<a href="https://redirect.github.com/quic-go/quic-go/issues/4018">#4018</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/4eedeb073ff6f6538189eab03dd253149675f015"><code>4eedeb0</code></a> add tls.ClientHelloInfo.Conn for recursive GetConfigForClient calls (<a href="https://redirect.github.com/quic-go/quic-go/issues/4016">#4016</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/38b703e9aecd8fce2269629ca13d7674c493b86a"><code>38b703e</code></a> add error handling when confirming handshake on HANDSHAKE_DONE frames (<a href="https://redirect.github.com/quic-go/quic-go/issues/4017">#4017</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/a0a2e5ff26e4c5568a28b3bbc2882e0a3a36a9a3"><code>a0a2e5f</code></a> set a net.Conn for tls.ClientHelloInfo.Conn used by GetCertificate (<a href="https://redirect.github.com/quic-go/quic-go/issues/4014">#4014</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/b8aa6a8286c5d4d881745134550e2dbe2a2ec91d"><code>b8aa6a8</code></a> update qtls to restrict RSA keys in certificates to &lt;= 8192 bits (<a href="https://redirect.github.com/quic-go/quic-go/issues/4012">#4012</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/f3a0ce1599732cb56b958c2f0903074b62a7e9bf"><code>f3a0ce1</code></a> set a net.Conn with the correct addresses on the tls.ClientHelloInfo (<a href="https://redirect.github.com/quic-go/quic-go/issues/4001">#4001</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/44a58dc425fc0ff2c9a5a9afa3e380d3e47f96ec"><code>44a58dc</code></a> ci: update Go 1.21 to rc3 (<a href="https://redirect.github.com/quic-go/quic-go/issues/3994">#3994</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/32f8b20ae5fdfa6d508d00a232b2543240cc6ca0"><code>32f8b20</code></a> http3: fix check for content length of the response (<a href="https://redirect.github.com/quic-go/quic-go/issues/3998">#3998</a>)</li> <li>See full diff in <a href="https://github.com/quic-go/quic-go/compare/v0.37.0...v0.37.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/quic-go/quic-go&package-manager=go_modules&previous-version=0.37.0&new-version=0.37.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 0f7c6eb commit 9759d62

2 files changed

Lines changed: 6 additions & 6 deletions

File tree

go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ require (
1010
github.com/fatih/color v1.15.0
1111
github.com/joho/godotenv v1.4.0
1212
github.com/matoous/go-nanoid/v2 v2.0.0
13-
github.com/quic-go/quic-go v0.37.0
13+
github.com/quic-go/quic-go v0.37.3
1414
github.com/reactivex/rxgo/v2 v2.5.0
1515
github.com/second-state/WasmEdge-go v0.13.0
1616
github.com/spf13/cobra v1.7.0
@@ -43,7 +43,7 @@ require (
4343
github.com/onsi/ginkgo/v2 v2.11.0 // indirect
4444
github.com/pelletier/go-toml/v2 v2.0.8 // indirect
4545
github.com/pmezard/go-difflib v1.0.0 // indirect
46-
github.com/quic-go/qtls-go1-20 v0.3.0 // indirect
46+
github.com/quic-go/qtls-go1-20 v0.3.1 // indirect
4747
github.com/spf13/afero v1.9.5 // indirect
4848
github.com/spf13/cast v1.5.1 // indirect
4949
github.com/spf13/jwalterweatherman v1.1.0 // indirect

go.sum

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -181,10 +181,10 @@ github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qR
181181
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
182182
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
183183
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
184-
github.com/quic-go/qtls-go1-20 v0.3.0 h1:NrCXmDl8BddZwO67vlvEpBTwT89bJfKYygxv4HQvuDk=
185-
github.com/quic-go/qtls-go1-20 v0.3.0/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
186-
github.com/quic-go/quic-go v0.37.0 h1:wf/Ym2yeWi98oQn4ahiBSqdnaXVxNQGj2oBQFgiVChc=
187-
github.com/quic-go/quic-go v0.37.0/go.mod h1:XtCUOCALTTWbPyd0IxFfHf6h0sEMubRFvEYHl3QxKw8=
184+
github.com/quic-go/qtls-go1-20 v0.3.1 h1:O4BLOM3hwfVF3AcktIylQXyl7Yi2iBNVy5QsV+ySxbg=
185+
github.com/quic-go/qtls-go1-20 v0.3.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
186+
github.com/quic-go/quic-go v0.37.3 h1:pkHH3xaMNUNAh6OtgEV/0K6Fz+YIJXhPzgd/ShiRDm4=
187+
github.com/quic-go/quic-go v0.37.3/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU=
188188
github.com/reactivex/rxgo/v2 v2.5.0 h1:FhPgHwX9vKdNQB2gq9EPt+EKk9QrrzoeztGbEEnZam4=
189189
github.com/reactivex/rxgo/v2 v2.5.0/go.mod h1:bs4fVZxcb5ZckLIOeIeVH942yunJLWDABWGbrHAW+qU=
190190
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=

0 commit comments

Comments
 (0)