search

anacrolix / confluence

Torrent client as a HTTP service
Mozilla Public License 2.0
237 stars 32 forks source link

Bump github.com/pion/dtls/v2 from 2.1.5 to 2.2.4 #37

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/pion/dtls/v2 from 2.1.5 to 2.2.4.

Release notes

Sourced from github.com/pion/dtls/v2's releases.

v2.2.4

Security

This release contains 2 patches by @​nerd2 from Motorola Solutions that could lead to panics at runtime. We'd like to thank Sam for finding and responsibly disclosing the vulnerabilities to @​pion/security.

Changelog

  • 9e922d5 Add fuzz tests for handshake
  • a50d26c Fix panic unmarshalling hello verify request
  • 7a14903 Fix OOB read in server hello

v2.2.3

Changelog

  • 8b8bc87 Update module github.com/pion/udp to v0.1.4

v2.2.2

Changelog

  • 0473adf Add SkipHelloVerify option to dTLS
  • 11ea8c2 Update module golang.org/x/crypto to v0.5.0
  • f3c7b2d Update module golang.org/x/net to v0.5.0
  • 3dca8e4 Update github.com/pion/transport to v2
  • 3606b0d Use Go's built-in fuzzing tool instead of go-fuzz
  • b122250 Update CI configs to v0.10.3
  • 6aaf97c Fix fuzzing of recordLayer
  • 3a6f531 Update CI configs to v0.10.1
  • d0f27fe Update module github.com/pion/udp to v0.1.2
  • 205e480 Update CI configs to v0.9.0
  • f40c61d Update hash name check to be case insensitive
  • 3026357 Update module golang.org/x/crypto to v0.4.0
  • 08c3602 Update module golang.org/x/net to v0.4.0
  • 5e7f90f Update CI configs to v0.8.1
  • c21afb8 Ignore lint error on Subjects() deprecation
  • 0b11454 Update module golang.org/x/crypto to v0.3.0
  • 265bf7a Update module golang.org/x/net to v0.2.0
  • f4896b5 Update module github.com/pion/transport to v0.14.1
  • 1209570 Update module github.com/pion/transport to v0.14.0
  • 8eed8ed Update module golang.org/x/crypto to v0.1.0
  • 4ae7e13 Update CI configs to v0.8.0
  • 984d41b Update golang.org/x/net digest to 107f3e3
  • aabc687 Update golang.org/x/crypto digest to eccd636
  • 4f8fa1e Update golang.org/x/crypto digest to c86fa9a
  • 980895f Update golang.org/x/net digest to 83b083e
  • a04cfcc Implement GetCertificate and GetClientCertificate
  • 43968a2 Close connection when handshake timeout occurs
  • b8ebc62 Set e2e/Dockerfile to golang:1.18-bullseye
  • 82c1271 Implement VerifyConnection as is in tls.Config
  • de299f5 Make the Elliptic curves and order configurable

... (truncated)

Commits
  • 9e922d5 Add fuzz tests for handshake
  • a50d26c Fix panic unmarshalling hello verify request
  • 7a14903 Fix OOB read in server hello
  • 8b8bc87 Update module github.com/pion/udp to v0.1.4
  • 0473adf Add SkipHelloVerify option to dTLS
  • 11ea8c2 Update module golang.org/x/crypto to v0.5.0
  • f3c7b2d Update module golang.org/x/net to v0.5.0
  • 3dca8e4 Update github.com/pion/transport to v2
  • 3606b0d Use Go's built-in fuzzing tool instead of go-fuzz
  • b122250 Update CI configs to v0.10.3
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/anacrolix/confluence/network/alerts).