Bump github.com/quic-go/quic-go from 0.48.2 to 0.50.0 #16

dependabot · 2025-02-24T12:38:11Z

Bumps github.com/quic-go/quic-go from 0.48.2 to 0.50.0.

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.50.0

This release implements server-side path-probing (as described in section 9 of RFC 9000): #4932, #4933, #4935, #4938, #4939, #4940, #4941, #4944, #4947, #4959.

When the server receives a packet for an existing connection from a different IP address / port, it first needs to probe the new path before it can send packets on that path. This happens when the client experiences a NAT rebinding, and when the client attempts to migrate to a new connection. Previous versions of quic-go would accept the packets from the new path, but never switch to the new path.

Note that the client side connection migration logic (#234) is not yet implemented in quic-go (but we're working on it!).

Major Changes

use the new crypto/tls 0-RTT API that we helped design in 2023: #4953

use a ringbuffer to store received packets, significantly reducing memory consumption: #4929

according to our Go version policy, we removed support for Go 1.22. quic-go now requires Go 1.23 or Go 1.24: #4880

the connection timer logic was refactored, enabling future changes to this code path: #4927

Other Fixes

fix busy-looping when pacing packets and the send queue blocks: #4943

don't drop undecryptable packets when deriving 2 sets of keys at the same time (i.e. when resuming a 0-RTT connection): #4950

Go 1.24 FIPS 140-3 Caveats

Go 1.24 made several changes related to FIPS 140-3 compliance. Among others, it introduced a fips-only mode (enabled by setting GODEBUG="fips140=only").

It is not possible to use quic-go in fips-only mode, since the QUIC RFC requires initializing an AES GCM cipher with a fixed nonce, which is considered unsafe according to FIPS 140-3, or at least the Go team's interpretation thereof. See quic-go/quic-go#4894 and the discussion on [Go issue #69536](golang/go#69536).

Before v0.50.0, quic-go would initialize the AES cipher on init, leading to a panic when using fips-only mode. For v0.50.0 we changed this behavior to lazy initialization (quic-go/quic-go#4916). Note that this still means it's not possible to use QUIC in fips-only mode.

Changelog

ackhandler: remove unneeded error return from packet history iterator by @marten-seemann in quic-go/quic-go#4917

proxy: remove Proxy.LocalPort method by @marten-seemann in quic-go/quic-go#4920

proxy: rename to Proxy, refactor initialization by @marten-seemann in quic-go/quic-go#4921

proxy: add function to simulate NAT rebinding by @marten-seemann in quic-go/quic-go#4922

proxy: optimize packet sorting logic by @marten-seemann in quic-go/quic-go#4923

simplify handling of packet unpacking errors by @marten-seemann in quic-go/quic-go#4924

refactor connection error propagation by @marten-seemann in quic-go/quic-go#4925

refactor packet handling into a separate function by @marten-seemann in quic-go/quic-go#4926

congestion: migrate the pacer tests away from Ginkgo by @marten-seemann in quic-go/quic-go#4929

utils: add a method to reset the RTTStats for connection migration by @marten-seemann in quic-go/quic-go#4930

add a packet packer method to pack path probe packets by @marten-seemann in quic-go/quic-go#4932

add a method to change the remote address of the sendConn by @marten-seemann in quic-go/quic-go#4933

ackhandler: add path probe tracking logic to sent packet history by @marten-seemann in quic-go/quic-go#4934

implement connection ID handling for path probe packets by @marten-seemann in quic-go/quic-go#4935

fix flaky TestConnectionReceivePrioritization by @marten-seemann in quic-go/quic-go#4936

add a method to the sendQueue to send probe packets by @marten-seemann in quic-go/quic-go#4939

implement a path manager to track the validation status of new paths by @marten-seemann in quic-go/quic-go#4938

query MTU discoverer for increases after processing ACK frame by @marten-seemann in quic-go/quic-go#4941

http3: minor simplification of panic handling logic by @marten-seemann in quic-go/quic-go#4942

use a ringbuffer to store received packets in the connection by @marten-seemann in quic-go/quic-go#4928

refactor connection timer logic by @marten-seemann in quic-go/quic-go#4927

ackhandler: implement timer logic for path probe packets by @marten-seemann in quic-go/quic-go#4940

... (truncated)

Commits

d726a79 remove unneeded tracking of acknowledgments for PATH_CHALLENGEs (#4959)
9f704c7 ackhandler: fix handling of lost path probes on loss timer (#4956)
bf28da8 handshake: use new crypto/tls 0-RTT API (#4953)
b32f1fa ackhandler: use Go iterators to iterate over sent packets (#4952)
12f2be0 bump go.mod version to Go 1.23, run 1.23 and 1.24 on CI (#4880)
5af3916 ci: update golangci-lint to v1.64.4 (#4951)
48b8182 keep undecryptable packets when deriving 0-RTT and handshake keys (#4950)
5a1a34d implement server-side path validation logic (#4944)
ca26e98 migrate the connection ID generator tests away from Ginkgo (#4948)
b47e86c add a way to reset the MTU discoverer (#4947)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.48.2 to 0.50.0. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](quic-go/quic-go@v0.48.2...v0.50.0) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 24, 2025

dependabot bot mentioned this pull request Feb 24, 2025

Bump github.com/quic-go/quic-go from 0.48.2 to 0.49.0 #12

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump github.com/quic-go/quic-go from 0.48.2 to 0.50.0 #16

Bump github.com/quic-go/quic-go from 0.48.2 to 0.50.0 #16

Uh oh!

dependabot bot commented on behalf of github Feb 24, 2025

Uh oh!

Uh oh!

Bump github.com/quic-go/quic-go from 0.48.2 to 0.50.0 #16

Are you sure you want to change the base?

Bump github.com/quic-go/quic-go from 0.48.2 to 0.50.0 #16

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 24, 2025

v0.50.0

Major Changes

Other Fixes

Go 1.24 FIPS 140-3 Caveats

Changelog

Uh oh!

Uh oh!