Bump github.com/refraction-networking/utls from 1.3.2 to 1.5.4

[dependabot[bot]]

Bumps github.com/refraction-networking/utls from 1.3.2 to 1.5.4.

Release notes

Sourced from github.com/refraction-networking/utls's releases.

v1.5.4 Maintenance: bugfix and undo breaking API

What's Changed

• fix link to issues by @​acheong08 in refraction-networking/utls#244
• fix: sanity check status request v2 extension data (#246) by @​VeNoMouS in refraction-networking/utls#247
• feat: add an option to skip resumption on nil ext & update examples by @​3andne in refraction-networking/utls#239
• fix: Reuse existing PreSharedKeyExtension bug (#248) by @​VeNoMouS in refraction-networking/utls#251
• improvement: maintenance+cleanup+fix by @​gaukas in refraction-networking/utls#252

New Contributors

• @​acheong08 made their first contribution in refraction-networking/utls#244
• @​VeNoMouS made their first contribution in refraction-networking/utls#247

Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.3...v1.5.4

v1.5.3 Hotfix: secondary key share

What's Changed

• fix: secondary keyshares may be lost after overriding keySharesParams by @​gaukas in refraction-networking/utls#238

Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.2...v1.5.3

v1.5.2 bugfix

What's Changed

• Fix removing session state by @​own2pwn in refraction-networking/utls#236
• sync: Go 1.21.0 breaking change by @​gaukas in https://github.com/refraction-networking/utls/commit/fc79497d3f1c0f25f1ceb6672c3772b79b99c30f

New Contributors

• @​own2pwn made their first contribution in refraction-networking/utls#236

Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.0...v1.5.2

v1.5.0 Post-Quantum and Session Resumption

What's Changed

• uTLS: X25519Kyber768Draft00 hybrid post-quantum key agreement by @​gaukas in refraction-networking/utls#223
• new: Support TLS-PSK (TLS 1.3) by @​gaukas, @​zeeker999 and @​3andne in refraction-networking/utls#231

A big shout out to @​3andne for spending time on major refactoring/revision in the Session Resumption for both TLS 1.2 (SessionTicket-based) and TLS 1.3 (PreSharedKey-based)!

New API

type ISessionTicketExtension interface {
    TLSExtension
// If false is returned, utls will invoke `InitializeByUtls()` for the necessary initialization.
Initializable

// InitializeByUtls is invoked when IsInitialized() returns false.
// It initializes the extension using a real and valid TLS 1.2 session.
InitializeByUtls(session *SessionState, ticket []byte)

</tr></table>

... (truncated)

Commits

• e89d82c improvement: maintenance+cleanup+fix (#252)
• 428ca2c fix: default PreSharedKeyExtension bug (#248) (#251)
• 75eb8e9 feat: add an option to skip resumption on nil ext & update examples (#239)
• df6e4c8 fix: sanity check status request v2 extension data (#246) (#247)
• d2b5b70 fix link to issues (#244)
• 67192c2 fix: lost secondary keyshares (#238)
• fc79497 sync: Go 1.21.0 breaking change
• f255bcb Fix removing session state (#236)
• 8094658 new: Support TLS-PSK (TLS 1.3) (#231)
• 45e7f1d new: more parrots and safety update (#227)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.