build(deps): bump the go_modules group across 2 directories with 11 updates

[dependabot]

Bumps the go_modules group with 9 updates in the / directory:

Package	From	To
github.com/consensys/gnark-crypto	0.12.1	0.18.1
github.com/go-chi/chi/v5	5.0.11	5.2.2
github.com/golang-jwt/jwt/v4	4.5.0	4.5.2
github.com/rs/cors	1.10.1	1.11.0
github.com/vektah/gqlparser/v2	2.5.10	2.5.15
google.golang.org/grpc	1.63.2	1.79.3
github.com/quic-go/quic-go	0.38.2	0.57.0
github.com/quic-go/webtransport-go	0.5.3	0.10.0
github.com/sirupsen/logrus	1.9.0	1.9.1

Bumps the go_modules group with 3 updates in the /erigon-lib directory: github.com/consensys/gnark-crypto, google.golang.org/grpc and github.com/sirupsen/logrus.

Updates github.com/consensys/gnark-crypto from 0.12.1 to 0.18.1

Release notes

Sourced from github.com/consensys/gnark-crypto's releases.

v0.18.1

Full Changelog: Consensys/gnark-crypto@v0.18.0...v0.18.1

v0.18.0

What's Changed

• perf: disable cobra bit reverse for small fields by @​gbotrel in Consensys/gnark-crypto#662
• perf: adds avx512 poseidon2 for small fields by @​gbotrel in Consensys/gnark-crypto#665
• GKR Gate Registry by @​Tabaie in Consensys/gnark-crypto#652
• chore: remove unused benchmark script by @​ivokub in Consensys/gnark-crypto#675
• Remove GKR from gnark-crypto by @​Tabaie in Consensys/gnark-crypto#670
• feat: make <31 bit field generated using uint32 by @​gbotrel in Consensys/gnark-crypto#676
• refactor: hash to curve by @​ivokub in Consensys/gnark-crypto#674
• fix: Eisenstein Half-GCD convergence by @​feltroidprime in Consensys/gnark-crypto#680
• feat/hashregistry by @​Tabaie in Consensys/gnark-crypto#687
• Feat/fftext by @​YaoJGalteland in Consensys/gnark-crypto#684
• Feat/vortex options by @​ThomasPiellard in Consensys/gnark-crypto#689
• [secp256k1]: replace outdated link to article by @​gap-editor in Consensys/gnark-crypto#690
• feat: remove dependency on internal package in ecc.go by @​gbotrel in Consensys/gnark-crypto#693

New Contributors

• @​feltroidprime made their first contribution in Consensys/gnark-crypto#680
• @​YaoJGalteland made their first contribution in Consensys/gnark-crypto#684
• @​gap-editor made their first contribution in Consensys/gnark-crypto#690

Full Changelog: Consensys/gnark-crypto@v0.17.0...v0.18.0

v0.17.0

What's Changed

• fix: missing Poseidon2 round keys by @​Tabaie in Consensys/gnark-crypto#621
• feat: Poseidon2 Hash Instantiation for BLS12-377 by @​Tabaie in Consensys/gnark-crypto#623
• feat: add Grumpkin elliptic curve (2-cycle with BN254) by @​yelhousni in Consensys/gnark-crypto#625
• Perf: Poseidon2 GKR circuit by @​Tabaie in Consensys/gnark-crypto#628
• feat: add sis avx512 and fft avx512 for koalabear by @​gbotrel in Consensys/gnark-crypto#622
• InterpolateOnRange refactor by @​Tabaie in Consensys/gnark-crypto#634
• chore: add auto close PR workflow by @​gbotrel in Consensys/gnark-crypto#638
• perf: subgroup membership by @​yelhousni in Consensys/gnark-crypto#635
• feat: poseidon2 for koala-bear, baby-bear and goldilocks by @​yelhousni in Consensys/gnark-crypto#629
• chore: generify poseidon2 parameters for other curves/fr by @​yelhousni in Consensys/gnark-crypto#636
• feat: baby-bear and koala-bear extensions of degree 4 by @​yelhousni in Consensys/gnark-crypto#643
• fix: ensure fast path is taken only with fixed bound and degree by @​gbotrel in Consensys/gnark-crypto#651
• Poseidon2 compression for small fields by @​Tabaie in Consensys/gnark-crypto#644
• fix: poseidon2 templates by @​yelhousni in Consensys/gnark-crypto#648
• test: improve NAF decomposition test coverage by @​DeVikingMark in Consensys/gnark-crypto#617
• refactor: generate code for poseidon2_test by @​yelhousni in Consensys/gnark-crypto#660
• test(bn254, bls12-381): test points intentionally not on sugroups G1/2 by @​yelhousni in Consensys/gnark-crypto#658
• refactor: generify small fields extensions by @​yelhousni in Consensys/gnark-crypto#647

New Contributors

• @​DeVikingMark made their first contribution in Consensys/gnark-crypto#617

... (truncated)

Changelog

Sourced from github.com/consensys/gnark-crypto's changelog.

[v0.18.1] - 2025-10-28

Docs

• add CHANGELOG for 0.18.1

Perf

• limit memory allocation during Vector deserialization (#759)

[v0.18.0] - 2025-06-09

Build

• deps: bump golang.org/x/crypto from 0.33.0 to 0.35.0 (#677)

Chore

• remove unused benchmark script (#675)

Docs

• replace outdated link to article (#690)

Experiment

• vortex on koalabear (#645)

Feat

• remove dependency on internal package in ecc.go (#693)
• make <31 bit field generated using uint32 (#676)

Fix

• remove unimplemented path from fft ext
• Eisenstein Half-GCD convergence (#680)

Perf

• adds avx512 poseidon2 for small fields (#665)
• remove useless copies in e4 mul by elem (#667)
• disable cobra bit reverse for small fields (#662)

Refactor

• hash to curve (#674)

[v0.17.0] - 2025-03-11

Chore

• remove useless github workflow
• generify poseidon2 parameters for other curves/fr (#636)
• add auto close PR workflow (#638)

Feat

• baby-bear and koala-bear extensions of degree 4 (#643)
• poseidon2 for koala-bear, baby-bear and goldilocks (#629)
• add sis avx512 and fft avx512 for koalabear (#622)
• add Grumpkin elliptic curve (2-cycle with BN254) (#625)
• Poseidon2 Hash Instantiation for BLS12-377 (#623)

Fix

• poseidon2 templates (#648)
• ensure fast path is taken only with fixed bound and degree (#651)
• missing Poseidon2 round keys (#621)

Perf

• subgroup membership (#635)
• Poseidon2 GKR circuit (#628)

Refactor

• generify small fields extensions (#647)
• generate code for poseidon2_test (#660)

Style

... (truncated)

Commits

• fb04e95 docs: add CHANGELOG for 0.18.1
• 0a4d04a perf: limit memory allocation during Vector deserialization (#759)
• f8ab23a fix: remove unimplemented path from fft ext
• 2b70394 feat: remove dependency on internal package in ecc.go (#693)
• ca72a0f docs: replace outdated link to article (#690)
• 21614bd Feat/vortex options (#689)
• 0517915 Feat/fftext (#684)
• 404f8e5 feat/hashregistry (#687)
• 5660088 fix: Eisenstein Half-GCD convergence (#680)
• 1873045 build(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0 (#677)
• Additional commits viewable in compare view

Updates github.com/go-chi/chi/v5 from 5.0.11 to 5.2.2

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.2.2

What's Changed

• Use strings.Cut in a few places by @​JRaspass in go-chi/chi#971
• Fix non-constant format strings in t.Fatalf by @​JRaspass in go-chi/chi#972
• Apply fieldalignment fixes to optimize struct memory layout by @​pixel365 in go-chi/chi#974
• go 1.24 by @​pkieltyka in go-chi/chi#977
• chore: delint ioutil usage by @​costela in go-chi/chi#962
• Fixed typo in Router interface definition by @​mithileshgupta12 in go-chi/chi#958
• Add support for TinyGo by @​efraimbart in go-chi/chi#978
• Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by @​cxjava in go-chi/chi#982
• Make use of strings.Cut by @​scop in go-chi/chi#1005
• Change install command format to code block by @​sglkc in go-chi/chi#1001
• Correct documentation by @​mrdomino in go-chi/chi#992

Security fix

• Fixes GHSA-vrw8-fxc6-2r93 - "Host Header Injection Leads to Open Redirect in RedirectSlashes" commit
  • a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header
  • reported by Anuraag Baishya, @​anuraagbaishya. Thank you!

New Contributors

• @​pixel365 made their first contribution in go-chi/chi#974
• @​mithileshgupta12 made their first contribution in go-chi/chi#958
• @​efraimbart made their first contribution in go-chi/chi#978
• @​cxjava made their first contribution in go-chi/chi#982
• @​sglkc made their first contribution in go-chi/chi#1001
• @​mrdomino made their first contribution in go-chi/chi#992

Full Changelog: go-chi/chi@v5.2.1...v5.2.2

v5.2.1

⚠️ Chi supports Go 1.20+

Starting this release, we will now support the four most recent major versions of Go. See go-chi/chi#963 for related discussion.

What's Changed

• Support the four most recent major versions of Go by @​VojtechVitek in go-chi/chi#969

Full Changelog: go-chi/chi@v5.2.0...v5.2.1

v5.2.0

What's Changed

• update credits section to link to goji license by @​pkieltyka in go-chi/chi#944
• go 1.23 by @​pkieltyka in go-chi/chi#945
• Make Context.RoutePattern() nil-safe by @​gaiaz-iusipov in go-chi/chi#927
• govet: Fix non-constant format string by @​marcofranssen in go-chi/chi#952
• Add Find to Routes interface by @​joeriddles in go-chi/chi#872
• Fix grammar error by @​AntonC9018 in go-chi/chi#917
• feat(): add CF-Connecting-IP by @​n33pm in go-chi/chi#908
  • Revert "feat(): add CF-Connecting-IP" by @​VojtechVitek in go-chi/chi#966

... (truncated)

Changelog

Sourced from github.com/go-chi/chi/v5's changelog.

Changelog

v5.0.12 (2024-02-16)

• History of changes: see go-chi/chi@v5.0.11...v5.0.12

Commits

• 23c395f Correct documentation (#992)
• 5516d14 docs: change install code to code block (#1001)
• e235052 Make use of strings.Cut (#1005)
• 1be7ad9 Merge commit from fork
• d7034fd Exclude profiler when use tinygo (#982)
• d047034 support tinygo (#978)
• fe2c065 Fixed the typo (#958)
• 1aae5b2 chore: delint ioutil usage (#962)
• c6225e3 go 1.24 (#977)
• e846b83 Apply fieldalignment fixes to optimize struct memory layout (#974)
• Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

v4.5.1

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

• Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes GHSA-29wx-vh33-7x7r.

Full Changelog: golang-jwt/jwt@v4.5.0...v4.5.1

Commits

• 2f0e9ad Backporting 0951d18 to v4
• 7b1c1c0 Merge commit from fork
• See full diff in compare view

Updates github.com/rs/cors from 1.10.1 to 1.11.0

Commits

• 4c32059 Normalize allowed request headers and store them in a sorted set (fixes #170)...
• 8d33ca4 Complete documentation; deprecate AllowOriginRequestFunc in favour of AllowOr...
• af821ae Merge branch 'jub0bs-master'
• 0bcf73f Update benchmark
• eacc8e8 Fix skewed middleware benchmarks (#165)
• 9297f15 Respect the documented precedence of options (#163)
• 73f81b4 Fix readme benchmark rendering (#161)
• See full diff in compare view

Updates github.com/vektah/gqlparser/v2 from 2.5.10 to 2.5.15

Release notes

Sourced from github.com/vektah/gqlparser/v2's releases.

v2.5.15

What's Changed

• Revert ParseSchema default token limit of 1500, add ParseSchemaWithLimit, ParseSchemasWithLimit by @​StevenACoffman in vektah/gqlparser#306

Full Changelog: vektah/gqlparser@v2.5.14...v2.5.15

v2.5.14

What's Changed

• Add ParseQueryWithLimit by @​StevenACoffman in vektah/gqlparser#304

Full Changelog: vektah/gqlparser@v2.5.13...v2.5.14

v2.5.13

What's Changed

• Bump the actions-deps group in /validator/imported with 6 updates by @​dependabot in vektah/gqlparser#298
• Bump prettier from 3.2.5 to 3.3.0 in /validator/imported in the actions-deps group by @​dependabot in vektah/gqlparser#299
• Bump the actions-deps group in /validator/imported with 7 updates by @​dependabot in vektah/gqlparser#301
• Bump braces from 3.0.2 to 3.0.3 in /validator/imported by @​dependabot in vektah/gqlparser#302
• Token limit fix CVE-2023-49559 by @​uvzz in vektah/gqlparser#291

New Contributors

• @​uvzz made their first contribution in vektah/gqlparser#291

Full Changelog: vektah/gqlparser@v2.5.12...v2.5.13

v2.5.12

What's Changed

• Disallow empty parens (#292). by @​yuchenshi in vektah/gqlparser#293
• WithBuiltin FormatterOption added by @​atzedus in vektah/gqlparser#294
• Redo github actions by @​StevenACoffman in vektah/gqlparser#295
• Bump github.com/stretchr/testify from 1.4.0 to 1.9.0 in the actions-deps group by @​dependabot in vektah/gqlparser#296
• Bump the actions-deps group in /validator/imported with 8 updates by @​dependabot in vektah/gqlparser#297

New Contributors

• @​yuchenshi made their first contribution in vektah/gqlparser#293

Full Changelog: vektah/gqlparser@v2.5.11...v2.5.12

v2.5.11

What's Changed

• Bump get-func-name from 2.0.0 to 2.0.2 in /validator/imported by @​dependabot in vektah/gqlparser#284
• Bump @​babel/traverse from 7.22.6 to 7.23.2 in /validator/imported by @​dependabot in vektah/gqlparser#285
• Fix description formatting (possible " character) by @​blmhemu in vektah/gqlparser#289
• gqlerror: implement List.Unwrap by @​emersion in vektah/gqlparser#290

New Contributors

• @​blmhemu made their first contribution in vektah/gqlparser#289
• @​emersion made their first contribution in vektah/gqlparser#290

... (truncated)

Commits

• 55a3c47 Revert ParseSchema default token limit of 1500, add ParseSchemaWithLimit, Par...
• 36a3658 Add ParseQueryWithLimit (#304)
• d457fc0 Token limit fix CVE-2023-49559 (#291)
• 6db1bd3 Bump braces from 3.0.2 to 3.0.3 in /validator/imported (#302)
• 3900414 Bump the actions-deps group in /validator/imported with 7 updates (#301)
• 7c770f6 Bump prettier in /validator/imported in the actions-deps group (#299)
• 0ed4973 Bump the actions-deps group in /validator/imported with 6 updates (#298)
• 00fd36f Bump the actions-deps group in /validator/imported with 8 updates (#297)
• 9638a21 Bump github.com/stretchr/testify in the actions-deps group (#296)
• 55ebe37 Add Dependabot.yml
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.22.0 to 0.35.0

Commits

• 7292932 ssh: limit the size of the internal packet queue while waiting for KEX
• f66f74b acme/autocert: check host policy before probing the cache
• b0784b7 x509roots/fallback: drop obsolete build constraint
• 911360c all: bump golang.org/x/crypto dependencies of asm generators
• 89ff08d all: upgrade go directive to at least 1.23.0 [generated]
• e47973b all: update certs for go1.24
• 9290511 go.mod: update golang.org/x dependencies
• fa5273e x509roots/fallback: update bundle
• a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
• 71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.24.0 to 0.25.0

Commits

• d27919b go.mod: update golang.org/x dependencies
• e0324fc http2: use net.ErrClosed
• b20cd59 quic: initiate key rotation earlier in connections
• f95a3b3 html: fix typo in package doc
• 0a24555 http/httpguts: speed up ValidHeaderFieldName
• ec05fdc http2: don't retry the first request on a connection on GOAWAY error
• b67a0f0 http2: send correct LastStreamID in stream-caused GOAWAY
• a130fcc quic: don't consider goroutines running when tests start as leaked
• See full diff in compare view

Updates google.golang.org/grpc from 1.63.2 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

• server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

• stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

• grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

• mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • Special Thanks: @​vanja-p
• experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

• balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

• experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
• pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
  • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
• xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
• balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)
  • Special Thanks: @​marek-szews

Bug Fixes

• credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • Special Thanks: @​Atul1710
• xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
• health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • Special Thanks: @​sanki92
• transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • Special Thanks: @​joybestourous
• server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)
  • Special Thanks: @​joybestourous

Performance Improvements

• credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
• mem: Optimize pooling and creation of buffer objects. (#8784)
• transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

• dda86db Change version to 1.79.3 (#8983)
• 72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
• 97ca352 Changing version to 1.79.3-dev (#8954)
• 8902ab6 Change the version to release 1.79.2 (#8947)
• a928670 Cherry-pick #8874 to v1.79.x (#8904)
• 06df363 Change version to 1.79.2-dev (#8903)
• 782f2de Change version to 1.79.1 (#8902)
• 850eccb Change version to 1.79.1-dev (#8851)
• 765ff05 Change version to 1.79.0 (#8850)
• 68804be Cherry pick #8864 to v1.79.x (#8896)
• Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.38.2 to 0.57.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.57.0

This release contains a fix for CVE-2025-64702 by reworking the HTTP/3 header processing logic:

• Both client and server now send their respective header size constraints using the SETTINGS_MAX_FIELD_SECTION_SIZE setting: #5431
• For any QPACK-related errors, the correct error code (QPACK_DECOMPRESSION_FAILED) is now used: #5439
• QPACK header parsing is now incremental (instead of parsing all headers at once), which is ~5-10% faster and reduces allocations: #5435 (and quic-go/qpack#67)
• The server now sends a 431 status code (Request Header Fields Too Large) when encountering HTTP header fields exceeding the size constraint: #5452

 

Breaking Changes

• http3: Transport.MaxResponseBytes is now an int (before: int64): #5433  

Notable Fixes

• qlogwriter: fix storing of event schemas (this prevented qlog event logging from working for HTTP/3): #5430
• http3: errors sending the request are now ignored, instead, the response from the server is read (thereby allowing the client to read the status code, for example): #5432

What's Changed

• build(deps): bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in quic-go/quic-go#5426
• qlogwriter: fix storing of event schemas by @​marten-seemann in quic-go/quic-go#5430
• http3: send SETTINGS_MAX_FIELD_SECTION_SIZE in the SETTINGS frame by @​marten-seemann in quic-go/quic-go#5431
• http3: read response after encountering error sending the request by @​marten-seemann in quic-go/quic-go#5432
• http3: make Transport.MaxResponseBytes an int by @​marten-seemann in quic-go/quic-go#5433
• http3: add a benchmark for header parsing by @​marten-seemann in quic-go/quic-go#5435
• update qpack to v0.6.0 by @​marten-seemann in quic-go/quic-go#5434
• http3: use QPACK_DECOMPRESSION_FAILED for QPACK errors by @​marten-seemann in quic-go/quic-go#5439
• add documentation for Conn.NextConnection by @​marten-seemann in quic-go/quic-go#5442
• ackhandler: don’t generate an immediate ACK for the first packet by @​marten-seemann in quic-go/quic-go#5447
• don’t arm connection timer for connection ID retirement by @​marten-seemann in quic-go/quic-go#5449
• README: add nodepass to list of projects by @​yosebyte in quic-go/quic-go#5448
• qlogwriter: use synctest to make tests deterministic by @​marten-seemann in quic-go/quic-go#5454
• http3: limit size of decompressed headers by @​marten-seemann in quic-go/quic-go#5452

New Contributors

• @​yosebyte made their first contribution in quic-go/quic-go#5448

Full Changelog: quic-go/quic-go@v0.56.0...v0.57.0

v0.56.0

This release introduces qlog support for HTTP/3 (#5367, #5372, #5374, #5375, #5376, #5381, #5383).

For this, we completely changed how connection tracing works. Instead of a general-purpose logging.ConnectionTracer (which we removed entirely), we now have a qlog-specific tracer (#5356, #5417). quic-go users can now implement their own qlog events.

It also removes the Prometheus-based metrics collection. Please comment on the tracking issue (#5294) if you rely on metrics and are interested in seeing metrics brought back in a future release.

Notable Changes

• replaced the unmaintained gojay with a custom, performance-optimized JSON encoder (#5353, #5371)

... (truncated)

Commits

• 5b2d212 http3: limit size of decompressed headers (#5452)
• e80b378 qlogwriter: use synctest to make tests deterministic (#5454)
• d43c589 README: add nodepass to list of projects (#5448)
• ca2835d don’t arm connection timer for connection ID retirement (#5449)
• e84ebae ackhandler: don’t generate an immediate ACK for the first packet (#5447)
• d4d168f add documentation for Conn.NextConnection (#5442)
• 4cdebbe http3: use QPACK_DECOMPRESSION_FAILED for QPACK errors (#5439)
• b7886d5 update qpack to v0.6.0 (#5434)
• 2fc9705 http3: add a benchmark for header parsing (#5435)
• dafdd6f http3: make Transport.MaxResponseBytes an int (#5433)
• Additional commits viewable in compare view

Updates github.com/quic-go/webtransport-go from 0.5.3 to 0.10.0

Release notes

Sourced from github.com/quic-go/webtransport-go's releases.

v0.10.0

This release updates webtransport-go to use the new API introduced in quic-go v0.59.0 (#221): Instead of "hijacking" streams from the HTTP/3 layer, the underlying QUIC connection is now owned by WebTransport, and webtransport-go dispatches incoming streams to either the HTTP/3 layer or an existing or new WebTransport session.

New Features

• Implemented Application Protocol Negotiation: #190
• The QUIC Stream Resets with Partial Delivery is now used to enforce reliable delivery of the WebTransport stream header: #239

Breaking Changes

• Session.ConnectionState was renamed to SessionState: #189
• The StreamID method was removed from Stream, SendStream and ReceiveStream: #226
• The Server now embeds the http3.Server as a pointer (instead of by value): #215

Other Changes

• The Stream and the SendStream now expose a Context method: #176 (thanks to @​Sicilica)
• Delayed streams for already closed sessions are immediately reset: #235
• The Session context now uses the request or dial context, allowing the application to attach values to the context: #199
• When a WebTransport session is closed, streams are reset using the WT_SESSION_GONE error. Stream Read and Write now wait for the WT_CLOSE_SESSION capsule on the CONNECT stream to return a meaningful error: #213

Notable Fixes

• Closed sessions are now properly cleaned up: #198 (thanks to @​rolaechea), #230
• Session errors are now properly propagated to the stream Read and Write calls: #207
• The length limit for WT_CLOSE_SESSION capsules is now enforced: #202
• The dial timeout is now respected while waiting for the server's HTTP/3 settings: #216
• A 10ms deadline is applied before attempting the WT_CLOSE_SESSION capsule, preventing Session.Close from blocking any longer than 10ms: #224
• errors.Is error comparisons were fixed for StreamError and SessionError: #204, #205
• The underlying QUIC connection is now closed when establishing a WebTransport session fails: #236

Changelog

• ci: remove 386 (32 bit x86) by @​marten...

  Description has been truncated