Commit 582a4b0
authored
chore(deps): bump quinn-proto to 0.11.15 (RUSTSEC-2026-0185) (#1269)
## Overview
Fixes high-severity advisory
[RUSTSEC-2026-0185](https://rustsec.org/advisories/RUSTSEC-2026-0185):
*Remote memory exhaustion in quinn-proto from unbounded out-of-order
stream reassembly*. Solution per the advisory is to upgrade to `>=
0.11.15`.
`quinn-proto` is pulled in transitively via `reqwest -> quinn ->
quinn-proto` across multiple workspace crates (`bottlecap`, `dogstatsd`,
`datadog-fips`, `libddwaf`, `datadog-agent-config`).
This blocks the v98 release — `cargo audit` is failing CI on `main`.
`cargo audit` after the bump shows zero vulnerabilities; the remaining
entries are pre-existing unmaintained-crate warnings (async-std,
buf_redux, multipart, rustls-pemfile, safemem, twoway).
## Testing
- `cargo audit` no longer reports a vulnerability.1 parent 9135c18 commit 582a4b0
1 file changed
Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments