Bump github.com/quic-go/quic-go from 0.38.1 to 0.39.0

[dependabot[bot]]

Bumps github.com/quic-go/quic-go from 0.38.1 to 0.39.0.

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.39.0

New Features

• quic-go now uses feeds ECN signals into its congestion controller (#4059). ECN is used by routers to signal congestion before queues overflow (and packets are dropped). When using ECN, there are a number of failure modes, which necessitates some rather complex validation logic, see section 13.4 of RFC 9000 for details. ECN support can be disabled by setting the QUIC_GO_DISABLE_ECN environment variable to true.
• The HTTP/3 package introduced a http3.Error, making the errors returned by the http3 package more useful, and allowing easy assertions of the HTTP/3 error codes defined in RFC 9114: #4039

Other Changes

• The key used to encrypt resumption tokens can now be configured using using Transport.TokenGeneratorKey: #4066
• The RTT is now saved in session tickets, even when not using 0-RTT, allowing for faster session resumption: #4042
• The reason for dial cancelations is now returned, when the context is canceled using a context.CancelCauseFunc: #4078

When using Go 1.21, make sure to build with (at least) Go 1.21.1, as this release fixes a remote-triggered panic in crypto/tls. See the release announcement for details.

Breaking Changes

• Config.DisableVersionNegotiationPackets was moved to the Transport: #4047
• Config.MaxTokenAge was moved to the Transport: #4084
• Config.MaxRetryTokenAge was removed. The age limit for Retry tokens is now set to twice the handshake timeout: #4064
• The handshake timeout is now set to twice the handshake idle timeout: #4063. For clients, it is recommend to limit the duration of the handshake by using setting the context on the Dial call.
• The logging.Tracer and logging.ConnectionTracer are now structs (not interfaces): #4082

Please support quic-go!

Is your project / company relying on quic-go? Please consider funding the project. Any support is highly appreciated!

Changelog

• ci: fix integration test running with and without GSO by @​marten-seemann in quic-go/quic-go#4043
• ci: fix syntax error in integration test workflow by @​marten-seemann in quic-go/quic-go#4048
• fix flaky version negotiation connection unit test by @​marten-seemann in quic-go/quic-go#4052
• switch from unmaintained golang/mock to go.uber.org/mock by @​marten-seemann in quic-go/quic-go#4050
• move the DisableVersionNegotiationPackets flag to the Transport by @​marten-seemann in quic-go/quic-go#4047
• move GSO control message handling to the oobConn by @​marten-seemann in quic-go/quic-go#4056
• integration tests: fix connection timeout in 0-RTT test by @​tanghaowillow in quic-go/quic-go#4060
• ackhandler: rename variables to follow RFC 9002 terminology by @​marten-seemann in quic-go/quic-go#4062
• ci: update GitHub checkout and setup-go actions to v4 by @​marten-seemann in quic-go/quic-go#4067
• update qtls-go1-20 to v0.3.4 by @​marten-seemann in quic-go/quic-go#4068
• remove TLS post-handshake message reassembly logic by @​marten-seemann in quic-go/quic-go#4073
• ackhandler: use the receive time of the Retry packet for RTT estimation by @​marten-seemann in quic-go/quic-go#4070
• set the handshake timeout to twice the handshake idle timeout by @​marten-seemann in quic-go/quic-go#4063
• remove Config.MaxRetryTokenAge, set it to the handshake timeout by @​marten-seemann in quic-go/quic-go#4064
• randomize the serialization order of control frames by @​marten-seemann in quic-go/quic-go#4069
• add ECN support by @​marten-seemann in quic-go/quic-go#4059
• save the RTT in non-0-RTT session tickets by @​tanghaowillow in quic-go/quic-go#4042
• remove duplicate mocks for the Tracer and the ConnectionTracer by @​marten-seemann in quic-go/quic-go#4076
• ackhandler: detect ECN mangling by @​marten-seemann in quic-go/quic-go#4080
• ci: clean up Codecov ignore list by @​marten-seemann in quic-go/quic-go#4081
• expose GSO usage through ConnectionState by @​birneee in quic-go/quic-go#4083
• add a Transport config option for the key used to encrypt tokens by @​marten-seemann in quic-go/quic-go#4066
• http09: increase the startup timeout in tests by @​marten-seemann in quic-go/quic-go#4071

... (truncated)

Commits

• 9a397ab update gomock to v0.3.0 (#4087)
• 4bdff39 README: add Hysteria (#4085)
• 4a04618 ackhandler: fix ECN mangling detection when packets are lost (#4089)
• c12f425 ackhandler: don't fail ECN validation if less than 10 testing packets are los...
• 9010cfd remove unused unknownPacketHandler interface (#4093)
• 22fb59e create FUNDING.yml
• 55eebd4 return the cancellation cause for cancelled dials (#4078)
• 1affe38 move MaxTokenAge configuration option to the Transport (#4084)
• 9b82196 make the logging.Tracer and logging.ConnectionTracer a struct (#4082)
• d8cc4cb http3: introduce an HTTP/3 error type (#4039)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov[bot]]

Codecov Report

Merging #271 (8037a2a) into main (e3e7441) will not change coverage. Report is 2 commits behind head on main. The diff coverage is n/a.

@@            Coverage Diff            @@
##              main      #271   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           55        56    +1     
  Lines         1697      1716   +19     
=========================================
+ Hits          1697      1716   +19     

see 1 file with indirect coverage changes

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more