Bump h2 from 0.4.0 to 0.4.2

[dependabot]

Bumps h2 from 0.4.0 to 0.4.2.

Release notes

Sourced from h2's releases.

v0.4.2

What's Changed

• Limit error resets for misbehaving connections.
• Fix selecting MAX_CONCURRENT_STREAMS value if no value is advertised initially.

New Contributors

• @​magurotuna made their first contribution in hyperium/h2#736

v0.4.1

What's Changed

• fix: streams awaiting capacity lockout by @​dswij in hyperium/h2#730

New Contributors

• @​dswij made their first contribution in hyperium/h2#730

Changelog

Sourced from h2's changelog.

0.4.2 (January 17th, 2024)

• Limit error resets for misbehaving connections.
• Fix selecting MAX_CONCURRENT_STREAMS value if no value is advertised initially.

0.4.1 (January 8, 2024)

• Fix assigning connection capacity which could starve streams in some instances.

Commits

• 5f53606 v0.4.2
• 59570e1 streams: limit error resets for misbehaving connections
• d2f09fb fix: set MAX_CONCURRENT_STREAMS to usize::MAX if no value is advertised initi...
• 66a1ed8 doc: clarify that the default value of initial_max_send_streams is 100
• ee1f75a v0.4.1
• 756345e fix: streams awaiting capacity lockout (#730)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[thejefflarson]

@dependabot rebase

…

On Fri, Jan 19, 2024 at 7:26 AM dependabot[bot] ***@***.***> wrote: This automated pull request fixes a security vulnerability <https://github.com/thejefflarson/personal-assistant/security/dependabot/8> (moderate severity). Learn more about Dependabot security updates <https://docs.github.com/github/managing-security-vulnerabilities/configuring-dependabot-security-updates>. ------------------------------ Bumps h2 <https://github.com/hyperium/h2> from 0.4.0 to 0.4.2. Release notes *Sourced from h2's releases <https://github.com/hyperium/h2/releases>.* v0.4.2 What's Changed - Limit error resets for misbehaving connections. - Fix selecting MAX_CONCURRENT_STREAMS value if no value is advertised initially. New Contributors - @​magurotuna <https://github.com/magurotuna> made their first contribution in hyperium/h2#736 <https://redirect.github.com/hyperium/h2/pull/736> v0.4.1 What's Changed - fix: streams awaiting capacity lockout by @​dswij <https://github.com/dswij> in hyperium/h2#730 <https://redirect.github.com/hyperium/h2/pull/730> New Contributors - @​dswij <https://github.com/dswij> made their first contribution in hyperium/h2#730 <https://redirect.github.com/hyperium/h2/pull/730> Changelog *Sourced from h2's changelog <https://github.com/hyperium/h2/blob/master/CHANGELOG.md>.* 0.4.2 (January 17th, 2024) - Limit error resets for misbehaving connections. - Fix selecting MAX_CONCURRENT_STREAMS value if no value is advertised initially. 0.4.1 (January 8, 2024) - Fix assigning connection capacity which could starve streams in some instances. Commits - 5f53606 <hyperium/h2@5f53606> v0.4.2 - 59570e1 <hyperium/h2@59570e1> streams: limit error resets for misbehaving connections - d2f09fb <hyperium/h2@d2f09fb> fix: set MAX_CONCURRENT_STREAMS to usize::MAX if no value is advertised initi... - 66a1ed8 <hyperium/h2@66a1ed8> doc: clarify that the default value of initial_max_send_streams is 100 - ee1f75a <hyperium/h2@ee1f75a> v0.4.1 - 756345e <hyperium/h2@756345e> fix: streams awaiting capacity lockout (#730 <https://redirect.github.com/hyperium/h2/issues/730>) - See full diff in compare view <hyperium/h2@v0.4.0...v0.4.2> [image: Dependabot compatibility score] <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. ------------------------------ Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - @dependabot rebase will rebase this PR - @dependabot recreate will recreate this PR, overwriting any edits that have been made to it - @dependabot merge will merge this PR after your CI passes on it - @dependabot squash and merge will squash and merge this PR after your CI passes on it - @dependabot cancel merge will cancel a previously requested merge and block automerging - @dependabot reopen will reopen this PR if it is closed - @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page <https://github.com/thejefflarson/personal-assistant/network/alerts>. ------------------------------ You can view, comment on, or merge this pull request online at: #3 Commit Summary - 3d8e5fe <3d8e5fe> Bump h2 from 0.4.0 to 0.4.2 File Changes (1 file <https://github.com/thejefflarson/personal-assistant/pull/3/files> ) - *M* Cargo.lock <https://github.com/thejefflarson/personal-assistant/pull/3/files#diff-13ee4b2252c9e516a0547f2891aa2105c3ca71c6d7a1e682c69be97998dfc87e> (4) Patch Links: - https://github.com/thejefflarson/personal-assistant/pull/3.patch - https://github.com/thejefflarson/personal-assistant/pull/3.diff — Reply to this email directly, view it on GitHub <#3>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAANQRIMZBUQ4UHNRPWTZP3YPKGBNAVCNFSM6AAAAABCCD3J2SVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA4TANZXHE3DSNA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.