From 208f8a2e713e4a873e65e405a7a40d66559ce43b Mon Sep 17 00:00:00 2001 From: Maxime Gaudin Date: Tue, 30 Jun 2026 07:58:24 +0200 Subject: [PATCH] fix(deps): patch quinn-proto memory exhaustion vulnerability (RUSTSEC-2026-0185) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bump quinn-proto 0.11.14 → 0.11.15 to fix remote memory exhaustion from unbounded out-of-order stream reassembly (severity: high 7.5). Co-authored-by: Cursor --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8fe3d5b..28b2a5f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2996,9 +2996,9 @@ dependencies = [ [[package]] name = "quinn-proto" -version = "0.11.14" +version = "0.11.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098" +checksum = "4fcb935c5bec503c2f0e306bdd3e58bb9029dcb14fa8d9ac76e3a5256ac0763e" dependencies = [ "aws-lc-rs", "bytes", @@ -3789,7 +3789,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd" dependencies = [ "fastrand", - "getrandom 0.3.4", + "getrandom 0.4.2", "once_cell", "rustix 1.1.4", "windows-sys 0.61.2",