Improve path challenge handling and compliance with :rfc:9000.
Limit the amount of buffered CRYPTO data to avoid memory exhaustion.
Enable SHA-384 based signature algorithms and SECP384R1 key exchange.
Build binary wheels against OpenSSL_ 3.3.0.
1.0.0
Ensure no data is sent after a stream reset.
Make :class:~aioquic.h3.connection.H3Connection's
:meth:~aioquic.h3.connection.H3Connection.send_datagram and
:meth:~aioquic.h3.connection.H3Connection.send_push_promise methods raise an
:class:~aioquic.h3.exceptions.InvalidStreamTypeError exception if an
invalid stream ID is specified.
Improve the documentation for
:class:~aioquic.asyncio.QuicConnectionProtocol's
:meth:~aioquic.asyncio.QuicConnectionProtocol.transmit method.
Fix :meth:~datetime.datetime.utcnow deprecation warning on Python 3.12
by using cryptography_ 42.0 and timezone-aware :class:~datetime.datetime
instances when validating TLS certificates.
Build binary wheels against OpenSSL_ 3.2.0.
Ignore any non-ASCII ALPN values received.
Perform more extensive HTTP/3 header validation in
:class:~aioquic.h3.connection.H3Connection.
Fix exceptions when draining stream writers in the :doc:asyncio API <asyncio>.
Set the :class:~aioquic.quic.connection.QuicConnection idle timer according to
:rfc:9000 section 10.1.
Implement fairer stream scheduling in :class:~aioquic.quic.connection.QuicConnection
to avoid head-of-line blocking.
Only load certifi_ root certificates if none was specified in the
:class:~aioquic.quic.configuration.QuicConfiguration.
Improve padding of UDP datagrams containing Initial packets to comply with :rfc:9000
section 14.1.
Limit the number of pending connection IDs marked for retirement to prevent a possible
DoS attack.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps aioquic from 0.9.25 to 1.1.0.
Changelog
Sourced from aioquic's changelog.
Commits
ff3281f
1.1.0e067e92
Build binary wheels against OpenSSL 3.3.0e4fb277
Ensure the source distribution is completed914a46
Add support for SECP384R1 key exchange7dc7214
Enable SHA-384 based signature algorithms174a2eb
Only buffer up to 512 KiB of pending CRYPTO frames #501. (#505)b507364
Improved path challenge handling. (#483)6c5b9db
Fix tests on macOS by using homebrew's prefix for OpenSSL1ce549d
Fix a codespell false positive onassertIn
a6d91fb
Make packet builder tests more realisticDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show