Skip to content

chore(deps): bump quinn-proto 0.11.14 -> 0.11.15 (RUSTSEC-2026-0185)#161

Merged
StefanSteiner merged 1 commit into
tableau:mainfrom
StefanSteiner:chore/bump-quinn-proto-rustsec-2026-0185
Jun 24, 2026
Merged

chore(deps): bump quinn-proto 0.11.14 -> 0.11.15 (RUSTSEC-2026-0185)#161
StefanSteiner merged 1 commit into
tableau:mainfrom
StefanSteiner:chore/bump-quinn-proto-rustsec-2026-0185

Conversation

@StefanSteiner

Copy link
Copy Markdown
Contributor

What

Bump quinn-proto 0.11.140.11.15 to resolve RUSTSEC-2026-0185.

Why

cargo audit --deny warnings fails on CI:

Crate:     quinn-proto
Version:   0.11.14
Title:     Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly
Date:      2026-06-22
ID:        RUSTSEC-2026-0185
URL:       https://rustsec.org/advisories/RUSTSEC-2026-0185
Severity:  7.5 (high)
Solution:  Upgrade to >=0.11.15

quinn-proto is a transitive dependency (via quinn), so only Cargo.lock changes — no manifest edits required.

How

cargo update -p quinn-proto --precise 0.11.15

Verification

  • cargo audit --deny warnings now passes clean (0 vulnerabilities).
  • cargo build — full workspace compiles.

Resolves a high-severity (7.5) advisory: remote memory exhaustion in
quinn-proto from unbounded out-of-order stream reassembly. quinn-proto
is a transitive dependency (via quinn), so only Cargo.lock changes.

cargo audit --deny warnings now passes clean; full workspace builds.
@StefanSteiner StefanSteiner merged commit d9aa64d into tableau:main Jun 24, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant