Skip to content

Build(deps): bump quinn-proto from 0.11.13 to 0.11.14#8

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/quinn-proto-0.11.14
Open

Build(deps): bump quinn-proto from 0.11.13 to 0.11.14#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/quinn-proto-0.11.14

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 7, 2026
edited
Loading

Bumps quinn-proto from 0.11.13 to 0.11.14.

Release notes

Sourced from quinn-proto's releases.

quinn-proto 0.11.14

@​jxs reported a denial of service issue in quinn-proto 5 days ago:

We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.

Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.

What's Changed

Commits
  • 2c315aa proto: bump version to 0.11.14
  • 8ad47f4 Use newer rustls-pki-types PEM parser API
  • c81c028 ci: fix workflow syntax
  • 0050172 ci: pin wasm-bindgen-cli version
  • 8a6f82c Take semver-compatible dependency updates
  • e52db4a Apply suggestions from clippy 1.91
  • 6df7275 chore: Fix unnecessary_unwrap clippy
  • c8eefa0 proto: avoid unwrapping varint decoding during parameters parsing
  • 9723a97 fuzz: add fuzzing target for parsing transport parameters
  • eaf0ef3 Fix over-permissive proto dependency edge (#2385)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 7, 2026
djf73 pushed a commit that referenced this pull request May 14, 2026
Sync from internal source — a8a4118
81bb16b 
Mirror of paths listed in .oss-paths from the internal source repo at
commit a8a4118, dated 2026-05-14 16:17:57 +0100.

Internal HEAD: Merge pull request #8 from Field-Logic-Ltd/fix/embed-config-default-v0.1.1
@dependabot dependabot Bot changed the title Build(deps): bump quinn-proto from 0.11.13 to 0.11.14 Bump quinn-proto from 0.11.13 to 0.11.14 May 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/cargo/quinn-proto-0.11.14 branch 3 times, most recently from ea82874 to 735d774 Compare May 14, 2026 16:14
@dependabot dependabot Bot changed the title Bump quinn-proto from 0.11.13 to 0.11.14 Build(deps): bump quinn-proto from 0.11.13 to 0.11.14 May 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/cargo/quinn-proto-0.11.14 branch from 735d774 to c5519af Compare May 14, 2026 16:37
@dependabot
Build(deps): bump quinn-proto from 0.11.13 to 0.11.14
108b48f 
Bumps [quinn-proto](https://github.com/quinn-rs/quinn) from 0.11.13 to 0.11.14.
- [Release notes](https://github.com/quinn-rs/quinn/releases)
- [Commits](quinn-rs/quinn@quinn-proto-0.11.13...quinn-proto-0.11.14)

---
updated-dependencies:
- dependency-name: quinn-proto
  dependency-version: 0.11.14
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/quinn-proto-0.11.14 branch from c5519af to 108b48f Compare May 18, 2026 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants