From 2425bc4653092baf858aaa0f754e5d8e0cc98ba3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ralph=20K=C3=BCpper?= <ralph2@skelpo.com>
Date: Tue, 23 Jun 2026 04:56:05 +0200
Subject: [PATCH] =?UTF-8?q?chore(deps):=20bump=20quinn-proto=200.11.14=20?=
 =?UTF-8?q?=E2=86=92=200.11.15=20(RUSTSEC-2026-0185)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Lockfile-only bump to clear the security-audit CI job. quinn-proto
v0.11.14 is vulnerable to remote memory exhaustion from unbounded
out-of-order stream reassembly (RUSTSEC-2026-0185, fix >=0.11.15);
it is a transitive dep via the reqwest/quinn HTTP/3 stack. No other
dependency churn.
---
 Cargo.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index a7a29ea324..db6cecd831 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -6807,9 +6807,9 @@ dependencies = [
 
 [[package]]
 name = "quinn-proto"
-version = "0.11.14"
+version = "0.11.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098"
+checksum = "4fcb935c5bec503c2f0e306bdd3e58bb9029dcb14fa8d9ac76e3a5256ac0763e"
 dependencies = [
  "bytes",
  "getrandom 0.3.4",