Skip to content

chore(deps): bump quinn-proto from 0.11.13 to 0.11.14#68

Merged
sonesuke merged 2 commits intomainfrom
dependabot/cargo/quinn-proto-0.11.14
Mar 30, 2026
Merged

chore(deps): bump quinn-proto from 0.11.13 to 0.11.14#68
sonesuke merged 2 commits intomainfrom
dependabot/cargo/quinn-proto-0.11.14

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 11, 2026
edited
Loading

Bumps quinn-proto from 0.11.13 to 0.11.14.

Release notes

Sourced from quinn-proto's releases.

quinn-proto 0.11.14

@​jxs reported a denial of service issue in quinn-proto 5 days ago:

We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.

Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.

What's Changed

Commits
  • 2c315aa proto: bump version to 0.11.14
  • 8ad47f4 Use newer rustls-pki-types PEM parser API
  • c81c028 ci: fix workflow syntax
  • 0050172 ci: pin wasm-bindgen-cli version
  • 8a6f82c Take semver-compatible dependency updates
  • e52db4a Apply suggestions from clippy 1.91
  • 6df7275 chore: Fix unnecessary_unwrap clippy
  • c8eefa0 proto: avoid unwrapping varint decoding during parameters parsing
  • 9723a97 fuzz: add fuzzing target for parsing transport parameters
  • eaf0ef3 Fix over-permissive proto dependency edge (#2385)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Mar 11, 2026
@dependabot
chore(deps): bump quinn-proto from 0.11.13 to 0.11.14
2deab04 
Bumps [quinn-proto](https://github.com/quinn-rs/quinn) from 0.11.13 to 0.11.14.
- [Release notes](https://github.com/quinn-rs/quinn/releases)
- [Commits](quinn-rs/quinn@quinn-proto-0.11.13...quinn-proto-0.11.14)

---
updated-dependencies:
- dependency-name: quinn-proto
  dependency-version: 0.11.14
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/cargo/quinn-proto-0.11.14 branch from 482ca18 to 2deab04 Compare March 30, 2026 10:50
@sonesuke sonesuke merged commit 3a6bd24 into main Mar 30, 2026
4 checks passed
@sonesuke sonesuke deleted the dependabot/cargo/quinn-proto-0.11.14 branch March 30, 2026 11:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sonesuke