New quic-go@v0.42.0 causes build failure of app that is using caddy

[jediknight112]

In the latest release of quic-go https://github.com/quic-go/quic-go/releases/tag/v0.42.0 the quic.Config struct was modified and no longer has the RequireAddressValidation field in the quic.Config struct which results in this build error:

vendor/github.com/caddyserver/caddy/v2/listeners.go:477:4: unknown field RequireAddressValidation in struct literal of type quic.Config
vendor/github.com/caddyserver/caddy/v2/listeners.go:516:4: unknown field RequireAddressValidation in struct literal of type quic.Config

I bring this up because I received a Dependabot alert that guic-go@v0.42.0 is the secure version based on this GitHub Advisory Database link: GHSA-c33x-xqrf-c478

[mohammed90]

It's already upgraded in #6176. If you want it, you can build from HEAD.

[jediknight112]

While we can reference the commit SHA of main I pull this module into my go app via my go.mod and the latest release tag. Is there any ETA on when a new release is going to be made so i can just reference the new release instead of the main commit SHA?

[francislavoie]

We were hoping to get the release out in March, but we're all short on time so we didn't make that goal. Soon™

[mholt]

Yeah, my bad -- my notification backlog is down to just about 1 page now.

[epelc]

For anyone trying to do this you can run the following:

go get github.com/caddyserver/caddy/v2@master
# update list of other deps
go mod tidy
# Pull in above repo update from caddy if you use vendoring
go mod vendor