Skip to content

Commit 582a4b0

Browse files
authored
chore(deps): bump quinn-proto to 0.11.15 (RUSTSEC-2026-0185) (#1269)
## Overview Fixes high-severity advisory [RUSTSEC-2026-0185](https://rustsec.org/advisories/RUSTSEC-2026-0185): *Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly*. Solution per the advisory is to upgrade to `>= 0.11.15`. `quinn-proto` is pulled in transitively via `reqwest -> quinn -> quinn-proto` across multiple workspace crates (`bottlecap`, `dogstatsd`, `datadog-fips`, `libddwaf`, `datadog-agent-config`). This blocks the v98 release — `cargo audit` is failing CI on `main`. `cargo audit` after the bump shows zero vulnerabilities; the remaining entries are pre-existing unmaintained-crate warnings (async-std, buf_redux, multipart, rustls-pemfile, safemem, twoway). ## Testing - `cargo audit` no longer reports a vulnerability.
1 parent 9135c18 commit 582a4b0

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

bottlecap/Cargo.lock

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)