Bump github.com/quic-go/quic-go from 0.40.1 to 0.46.0

[dependabot]

Bumps github.com/quic-go/quic-go from 0.40.1 to 0.46.0.

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.46.0

New Features

• The http3.Server now has an IdleTimeout field: #4587. It works analogous to its HTTP/2 standard library equivalent: If no requests are received for the idle timeout period, the underlying QUIC connection is closed. Thanks to @​rs for implementing.
• The qlog file format was updated to the current qlog draft, which now uses JSON sequences (JSON-SEQ): #4609. qlog files now have the file extension .sqlog.

Breaking Changes

• logging.VersionNumber was renamed to logging.Version (#4621), mirroring a similar renaming of quic.VersionNumber to quic.Version introduced in an earlier release
• internal_error TLS alerts are now sent as QUIC CRYPTO_ERRORs (and not INTERNAL_ERRORs): #4601

Other Notable Changes

The stream logic for queueing stream-related control frames (RESET_STREAM, STOP_SENDING, MAX_STREAM_DATA, STREAM_DATA_BLOCKED) was completely rewritten. This makes quic-go more resilient to memory exhaustion attacks similar to those that we've seen earlier this year (1 and 2). It also enables further frame packing optimizations in the future.

Changelog

• metrics: create a new tracer on every call of DefaultConnectionTracer by @​marten-seemann in quic-go/quic-go#4560
• metrics: use the default metrics tracer in integration tests by @​marten-seemann in quic-go/quic-go#4562
• example: remove Dockerfile by @​marten-seemann in quic-go/quic-go#4568
• http3: fix race condition between Server.Serve and Server.Close by @​marten-seemann in quic-go/quic-go#4572
• http3: allow re-dialing of connection after a dial error by @​marten-seemann in quic-go/quic-go#4573
• fix stream documentation for StreamError return values by @​mengelbart in quic-go/quic-go#4575
• build(deps): bump docker/build-push-action from 5 to 6 by @​dependabot in quic-go/quic-go#4576
• use a net.ErrClosed when returning Accept from a closed server by @​marten-seemann in quic-go/quic-go#4569
• handshake: ignore unknown QUIC events from crypto/tls by @​marten-seemann in quic-go/quic-go#4577
• introduce a StreamLimitReachedError for Connection.Open{Uni}Stream by @​marten-seemann in quic-go/quic-go#4579
• ci: use Go 1.23rc2 for unit and integration tests by @​marten-seemann in quic-go/quic-go#4571
• handshake: remove unneeded tokenProtector interface by @​marten-seemann in quic-go/quic-go#4585
• ackhandler: optimize received packet tracking by @​marten-seemann in quic-go/quic-go#4584
• move connection logging to a separate file, absorb logutils package by @​marten-seemann in quic-go/quic-go#4586
• simplify handling of CRYPTO frames, remove cryptoDataHandler interface by @​marten-seemann in quic-go/quic-go#4588
• wire: optimize parsing of long header packets by @​marten-seemann in quic-go/quic-go#4589
• remove trivial IPv4 helper function by @​marten-seemann in quic-go/quic-go#4591
• wire: simplify packet number parsing, remove utils.ByteOrder interface by @​marten-seemann in quic-go/quic-go#4590
• utils: remove scarcely used time helper functions by @​marten-seemann in quic-go/quic-go#4593
• remove mock TokenStore implementation by @​marten-seemann in quic-go/quic-go#4597
• remove unused framer interface by @​marten-seemann in quic-go/quic-go#4599
• refactor frame packing to logic to not access the streams map by @​marten-seemann in quic-go/quic-go#4596
• ackhandler: reduce allocations for tracking sent packets by @​marten-seemann in quic-go/quic-go#4602
• mark stream completed when CancelWrite is called after receiving STOP_SENDING by @​sukunrt in quic-go/quic-go#4605
• simplify generation of STREAM_DATA_BLOCKED frames by @​marten-seemann in quic-go/quic-go#4608
• reduce allocations when handling crypto data by @​marten-seemann in quic-go/quic-go#4615
• handshake: remove gomock tls.ClientSessionCache implementation by @​marten-seemann in quic-go/quic-go#4619
• wire: speed up parsing of headers with arbitrary length connection IDs by @​marten-seemann in quic-go/quic-go#4618
• remove trivial mock implementation of the cryptoStream interface by @​marten-seemann in quic-go/quic-go#4620
• simplify frame queuing logic for 0-RTT rejection by @​marten-seemann in quic-go/quic-go#4607
• handshake: generate CRYPTO_ERRORs for internal_error TLS alerts by @​marten-seemann in quic-go/quic-go#4601
• remove unneeded cryptoStream interface by @​marten-seemann in quic-go/quic-go#4617
• logging: rename VersionNumber to Version by @​marten-seemann in quic-go/quic-go#4621

... (truncated)

Commits

• 0b033db fix logging of short header connection IDs (#4626)
• 46fc42d only declare send stream completed when RESET_STREAM is acknowledged (#4613)
• 7c471aa http3: implement server idle timeout support (#4587)
• af9fa7a queue stream-related control frames in the respective stream (#4610)
• d1f9af4 implement qlog JSONSEQ format, bump qlog version (#4609)
• f96923b logging: rename VersionNumber to Version (#4621)
• 931166b remove unneeded cryptoStream interface (#4617)
• f5ceb73 handshake: generate CRYPTO_ERRORs for internal_error TLS alerts (#4601)
• a147bee simplify frame queuing logic on 0-RTT rejection (#4607)
• 86d5044 remove trivial mock implementation of the cryptoStream interface (#4620)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[dependabot]

Superseded by #1141.