search

Icelk / kvarn

An extensible and efficient forward-thinking web server for the future.
https://kvarn.org
Apache License 2.0
15 stars 1 forks source link

build(deps): update h2 requirement from 0.3.17 to 0.4.2 #42

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 8 months ago

Updates the requirements on h2 to permit the latest version.

Release notes

Sourced from h2's releases.

v0.4.2

What's Changed

  • Limit error resets for misbehaving connections.
  • Fix selecting MAX_CONCURRENT_STREAMS value if no value is advertised initially.

New Contributors

Changelog

Sourced from h2's changelog.

0.4.2 (January 17th, 2024)

  • Limit error resets for misbehaving connections.
  • Fix selecting MAX_CONCURRENT_STREAMS value if no value is advertised initially.

0.4.1 (January 8, 2024)

  • Fix assigning connection capacity which could starve streams in some instances.

0.4.0 (November 15, 2023)

  • Update to http 1.0.
  • Remove deprecated Server::poll_close().

0.3.22 (November 15, 2023)

  • Add header_table_size(usize) option to client and server builders.
  • Improve throughput when vectored IO is not available.
  • Update indexmap to 2.

0.3.21 (August 21, 2023)

  • Fix opening of new streams over peer's max concurrent limit.
  • Fix RecvStream to return data even if it has received a CANCEL stream error.
  • Update MSRV to 1.63.

0.3.20 (June 26, 2023)

  • Fix panic if a server received a request with a :status pseudo header in the 1xx range.
  • Fix panic if a reset stream had pending push promises that were more than allowed.
  • Fix potential flow control overflow by subtraction, instead returning a connection error.

0.3.19 (May 12, 2023)

  • Fix counting reset streams when triggered by a GOAWAY.
  • Send too_many_resets in opaque debug data of GOAWAY when too many resets received.

0.3.18 (April 17, 2023)

  • Fix panic because of opposite check in is_remote_local().

0.3.17 (April 13, 2023)

  • Add Error::is_library() method to check if the originated inside h2.
  • Add max_pending_accept_reset_streams(usize) option to client and server builders.
  • Fix theoretical memory growth when receiving too many HEADERS and then RST_STREAM frames faster than an application can accept them off the queue. (CVE-2023-26964)

... (truncated)

Commits
  • 5f53606 v0.4.2
  • 59570e1 streams: limit error resets for misbehaving connections
  • d2f09fb fix: set MAX_CONCURRENT_STREAMS to usize::MAX if no value is advertised initi...
  • 66a1ed8 doc: clarify that the default value of initial_max_send_streams is 100
  • ee1f75a v0.4.1
  • 756345e fix: streams awaiting capacity lockout (#730)
  • 122091a v0.4.0
  • 9defea8 remove deprecated Server::poll_close (#727)
  • 1ca1dc6 update http to 1.0
  • 8867e95 remove private from root crate
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 8 months ago

Looks like h2 is up-to-date now, so this is no longer needed.