search

curl / curl-fuzzer

Quality assurance testing for the curl project
MIT License
85 stars 30 forks source link

chore(deps): update dependency nghttp2/nghttp2 to v1.61.0 #107

Closed renovate[bot] closed 4 months ago

renovate[bot] commented 6 months ago

Mend Renovate

This PR contains the following updates:

Package Update Change
nghttp2/nghttp2 minor 1.59.0 -> 1.61.0

Release Notes

nghttp2/nghttp2 (nghttp2/nghttp2) ### [`v1.61.0`](https://togithub.com/nghttp2/nghttp2/releases/tag/v1.61.0): nghttp2 v1.61.0 [Compare Source](https://togithub.com/nghttp2/nghttp2/compare/v1.60.0...v1.61.0) #### What's Changed - Fixes [CVE-2024-28182](https://togithub.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q) - nghttpx: Shutdown h3 stream read with trailer as well by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2087](https://togithub.com/nghttp2/nghttp2/pull/2087) - Checkout with submodules by [@​jonaski](https://togithub.com/jonaski) in [https://github.com/nghttp2/nghttp2/pull/2093](https://togithub.com/nghttp2/nghttp2/pull/2093) - Respect BUILD_STATIC_LIBS and add option for tests by [@​jonaski](https://togithub.com/jonaski) in [https://github.com/nghttp2/nghttp2/pull/2092](https://togithub.com/nghttp2/nghttp2/pull/2092) - build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nghttp2/nghttp2/pull/2097](https://togithub.com/nghttp2/nghttp2/pull/2097) - Workaround llvm issue on github ubuntu runner by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2098](https://togithub.com/nghttp2/nghttp2/pull/2098) - docker: Use copy --link by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2099](https://togithub.com/nghttp2/nghttp2/pull/2099) - Nghttpx header idle timeout by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2100](https://togithub.com/nghttp2/nghttp2/pull/2100) - nghttpx: Fix frontend-header-timeout does not work in config file by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2101](https://togithub.com/nghttp2/nghttp2/pull/2101) - Rewrite hexdump by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2102](https://togithub.com/nghttp2/nghttp2/pull/2102) - Switch to distroless/base-nossl by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2103](https://togithub.com/nghttp2/nghttp2/pull/2103) - Bump ngtcp2 by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2105](https://togithub.com/nghttp2/nghttp2/pull/2105) - nghttpx: Simplify quic connection close handling by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2106](https://togithub.com/nghttp2/nghttp2/pull/2106) - build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nghttp2/nghttp2/pull/2107](https://togithub.com/nghttp2/nghttp2/pull/2107) - autotools: Use tar-ustar automake option by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2108](https://togithub.com/nghttp2/nghttp2/pull/2108) - Automate release process by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2109](https://togithub.com/nghttp2/nghttp2/pull/2109) - autotools: Switch to tar-pax by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2110](https://togithub.com/nghttp2/nghttp2/pull/2110) - nghttpx: Drop a UDP datagram from well-known port by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2111](https://togithub.com/nghttp2/nghttp2/pull/2111) - nghttpx: Fix port byte order by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2112](https://togithub.com/nghttp2/nghttp2/pull/2112) - h2load: Allow host header to be overridden by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2113](https://togithub.com/nghttp2/nghttp2/pull/2113) - nghttpx: Rework QUIC stateless reset packet size by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2114](https://togithub.com/nghttp2/nghttp2/pull/2114) - nghttpx: More QUIC prohibited ports by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2115](https://togithub.com/nghttp2/nghttp2/pull/2115) - Add actions/stale by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2116](https://togithub.com/nghttp2/nghttp2/pull/2116) - nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2117](https://togithub.com/nghttp2/nghttp2/pull/2117) - nghttp: Support SSLKEYLOGFILE by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2119](https://togithub.com/nghttp2/nghttp2/pull/2119) - No rfc7540 priority fix by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2120](https://togithub.com/nghttp2/nghttp2/pull/2120) - Further reduce Stateless reset emission by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2122](https://togithub.com/nghttp2/nghttp2/pull/2122) - nghttpx: Rework Connection ID construction by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2124](https://togithub.com/nghttp2/nghttp2/pull/2124) - Nghttpx faster worker lookup by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2125](https://togithub.com/nghttp2/nghttp2/pull/2125) - nghttpx: Split thread into worker_process and thread by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2126](https://togithub.com/nghttp2/nghttp2/pull/2126) - bpf: Drop bad QUIC packet by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2127](https://togithub.com/nghttp2/nghttp2/pull/2127) - cmake: check `SSL_provide_quic_data` when `ENABLE_HTTP3` is `ON` by [@​jimmy-park](https://togithub.com/jimmy-park) in [https://github.com/nghttp2/nghttp2/pull/2128](https://togithub.com/nghttp2/nghttp2/pull/2128) - nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2129](https://togithub.com/nghttp2/nghttp2/pull/2129) - nghttpx: Migrate to ares_getaddrinfo by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2132](https://togithub.com/nghttp2/nghttp2/pull/2132) - Bump munit by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2131](https://togithub.com/nghttp2/nghttp2/pull/2131) - nghttpx: Fix error message by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2133](https://togithub.com/nghttp2/nghttp2/pull/2133) - nghttpd: Fix read stall by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2134](https://togithub.com/nghttp2/nghttp2/pull/2134) #### New Contributors - [@​jonaski](https://togithub.com/jonaski) made their first contribution in [https://github.com/nghttp2/nghttp2/pull/2093](https://togithub.com/nghttp2/nghttp2/pull/2093) - [@​jimmy-park](https://togithub.com/jimmy-park) made their first contribution in [https://github.com/nghttp2/nghttp2/pull/2128](https://togithub.com/nghttp2/nghttp2/pull/2128) **Full Changelog**: https://github.com/nghttp2/nghttp2/compare/v1.60.0...v1.61.0 > \[!CAUTION] > > Do not download from https://github.com/nghttp2/nghttp2/archive/refs/tags/v1.61.0.zip or https://github.com/nghttp2/nghttp2/archive/refs/tags/v1.61.0.tar.gz. They do not work. ### [`v1.60.0`](https://togithub.com/nghttp2/nghttp2/releases/tag/v1.60.0): nghttp2 v1.60.0 [Compare Source](https://togithub.com/nghttp2/nghttp2/compare/v1.59.0...v1.60.0) #### What's Changed - makerelease.sh: Speed up git submodule by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2043](https://togithub.com/nghttp2/nghttp2/pull/2043) - Speed up git clone by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2044](https://togithub.com/nghttp2/nghttp2/pull/2044) - build(deps): bump actions/cache from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nghttp2/nghttp2/pull/2046](https://togithub.com/nghttp2/nghttp2/pull/2046) - Fixing the build and install trees by [@​anthonyalayo](https://togithub.com/anthonyalayo) in [https://github.com/nghttp2/nghttp2/pull/2051](https://togithub.com/nghttp2/nghttp2/pull/2051) - build(deps): bump microsoft/setup-msbuild from 1 to 2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nghttp2/nghttp2/pull/2052](https://togithub.com/nghttp2/nghttp2/pull/2052) - nghttpx: Set ocsp response to SSL in case of boringssl by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2055](https://togithub.com/nghttp2/nghttp2/pull/2055) - Run with python3 by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2054](https://togithub.com/nghttp2/nghttp2/pull/2054) - src: Certificate Compression with boringssl by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2056](https://togithub.com/nghttp2/nghttp2/pull/2056) - Fix missing newline by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2057](https://togithub.com/nghttp2/nghttp2/pull/2057) - Switch to aws lc by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2058](https://togithub.com/nghttp2/nghttp2/pull/2058) - Libbrotli fixup by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2059](https://togithub.com/nghttp2/nghttp2/pull/2059) - Deprecate RFC 7540 priorities (aka stream dependencies) by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2060](https://togithub.com/nghttp2/nghttp2/pull/2060) - Let dependabot manage go modules by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2061](https://togithub.com/nghttp2/nghttp2/pull/2061) - build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nghttp2/nghttp2/pull/2062](https://togithub.com/nghttp2/nghttp2/pull/2062) - integration-tests: Omit unused parameters by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2065](https://togithub.com/nghttp2/nghttp2/pull/2065) - Munit by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2064](https://togithub.com/nghttp2/nghttp2/pull/2064) - Introduce nghttp2\_ssize API by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2066](https://togithub.com/nghttp2/nghttp2/pull/2066) - Move deprecated warning upfront by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2067](https://togithub.com/nghttp2/nghttp2/pull/2067) - Describe RFC 7540 priorities deprecation plan by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2068](https://togithub.com/nghttp2/nghttp2/pull/2068) - Apps migrate nghttp2 ssize by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2069](https://togithub.com/nghttp2/nghttp2/pull/2069) - src: Remove unused functions by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2070](https://togithub.com/nghttp2/nghttp2/pull/2070) - Reconsider ssize t usage in src by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2071](https://togithub.com/nghttp2/nghttp2/pull/2071) - Use GitHub private vulnerability reporting by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2072](https://togithub.com/nghttp2/nghttp2/pull/2072) - Move security policy to GitHub standard location by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2073](https://togithub.com/nghttp2/nghttp2/pull/2073) - Bump mruby to 3.3.0 by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2074](https://togithub.com/nghttp2/nghttp2/pull/2074) - Bump llhttp to [`4858809`](https://togithub.com/nghttp2/nghttp2/commit/48588093ca4219b5f689acfc9ebea9e4c8c37663) by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2075](https://togithub.com/nghttp2/nghttp2/pull/2075) - h2load: Add --sni option by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2076](https://togithub.com/nghttp2/nghttp2/pull/2076) - Bump ngtcp2 dependencies by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2077](https://togithub.com/nghttp2/nghttp2/pull/2077) - mruby: Adopt deprecation of mrbc\_ prefix by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2078](https://togithub.com/nghttp2/nghttp2/pull/2078) - neverbleed: Define \_GNU_SOURCE for pthread_setaffinity_np by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2079](https://togithub.com/nghttp2/nghttp2/pull/2079) - bpf: Pre-expand aes key by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2080](https://togithub.com/nghttp2/nghttp2/pull/2080) - mruby: Exclude mrdb gem which causes nghttpx to crash by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2081](https://togithub.com/nghttp2/nghttp2/pull/2081) - nghttpx: Reuse EVP_CIPHER_CTX for QUIC connection ID encryption by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2082](https://togithub.com/nghttp2/nghttp2/pull/2082) - Run apt-get update before install by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2083](https://togithub.com/nghttp2/nghttp2/pull/2083) - src: Deal with the case that send_quantum < max_udp_payload_size by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2084](https://togithub.com/nghttp2/nghttp2/pull/2084) - nghttpx: Remove SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE by [@​tatsuhiro-t](https://togithub.com/tatsuhiro-t) in [https://github.com/nghttp2/nghttp2/pull/2085](https://togithub.com/nghttp2/nghttp2/pull/2085) - Fix build when `AI_NUMERICSERV` is undefined by [@​barracuda156](https://togithub.com/barracuda156) in [https://github.com/nghttp2/nghttp2/pull/2086](https://togithub.com/nghttp2/nghttp2/pull/2086) #### New Contributors - [@​barracuda156](https://togithub.com/barracuda156) made their first contribution in [https://github.com/nghttp2/nghttp2/pull/2086](https://togithub.com/nghttp2/nghttp2/pull/2086) **Full Changelog**: https://github.com/nghttp2/nghttp2/compare/v1.59.0...v1.60.0 > \[!IMPORTANT] > > The APIs that uses `ssize_t`, including structs and callback functions, have been deprecated. New APIs that use `nghttp2_ssize` are introduced as a replacement. See [#​2066](https://togithub.com/nghttp2/nghttp2/issues/2066) for details. > > [RFC 7540](https://datatracker.ietf.org/doc/html/rfc7540) priorities (aka stream dependencies) APIs have been deprecated. They work just like before, but in the future release after the end of 2024, the functionality is removed, and the deprecated APIs start behaving differently. See the API documentation for details. RFC 7540 priorities have been deprecated by [RFC 9113](https://datatracker.ietf.org/doc/html/rfc9113). Consider migrating [RFC 9218](https://datatracker.ietf.org/doc/html/rfc9218) > extensible prioritization scheme. > > The asc files are now signed with `rsa4096/5339A2BE82E07DEC`. You can find it at keyserver.ubuntu.com. > \[!CAUTION] > > Do not download from https://github.com/nghttp2/nghttp2/archive/refs/tags/v1.60.0.zip or https://github.com/nghttp2/nghttp2/archive/refs/tags/v1.60.0.tar.gz. They do not work.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.