Skip to content

chore: update dependencies #318

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

chore: update dependencies #318

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3f43767
chore: update dependencies
reneleonhardt Sep 28, 2025
8ede816
fix warnings
reneleonhardt Sep 28, 2025
f05262e
remove bits_decode casting
reneleonhardt Sep 28, 2025
720cffb
suppress manual_is_multiple_of
reneleonhardt Sep 28, 2025
ef66a14
suppress more warnings
reneleonhardt Sep 28, 2025
373a99c
review: add todos
reneleonhardt Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions .github/actions/compliance/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,9 @@ runs:
using: "composite"
steps:
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: stable
override: true

- name: Cache builds
uses: camshaft/rust-cache@v1
Expand Down Expand Up @@ -67,7 +66,7 @@ runs:
# publish report only when pushing to master
- name: Push to gh-pages
if: github.ref == 'refs/heads/master'
uses: ad-m/github-push-action@master
uses: ad-m/github-push-action@v1
with:
github_token: ${{ github.token }}
branch: gh-pages
Expand Down
12 changes: 12 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
version: 2
updates:
- package-ecosystem: cargo
directories:
- /
- fuzz
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if there is a benefit for us with dependabot because as libary users can use newer versions without the need to update them in the libary.
@seanmonstar what do you think?

Maybe we can keep fuzz and add examples? Or can we just activate for dev-dependencies?
If deciding to use it for all then the subcrates (h3_quinn,h3_datagram and h3_webtransport) should be added. Or is it enough to add root directory?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't found dependabot to be sufficiently useful when developing libraries, mostly just annoying. 🤷

Copy link
Contributor Author

@reneleonhardt reneleonhardt Oct 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's better than having libraries with outdated dependencies 😄
I added all crates, / adds all members, others like fuzz are not included in the workspace.

You can limit the amount of PRs, group and ignore as much as you like if you think that it makes it easier for you merging updates.
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--
I wonder how much of a problem is expected if it never has been used here...

But no, your users can only update transitive dependencies within compatible ranges as you can see in my changes.
For example, rcgen = "0.14" allows them to update to 0.14.5 if my work would be merged.
Until then 0.13.3 is the allowed maximum:
https://crates.io/crates/rcgen/versions

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Libraries rarely have outdated dependencies, since lockfiles are ignored and semver ranges allow users to upgrade. The only time it's true is when a dependency releases a semver-breaking change, which we typically need to handle manually anyways.

I still think it's better to drop dependabot here.

schedule:
interval: weekly
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
103 changes: 27 additions & 76 deletions .github/workflows/CI.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
env:
RUST_BACKTRACE: 1
toolchain_style: stable
toolchain_msrv: 1.70.0
toolchain_msrv: 1.74.1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only h3_quinn msrv increase should be necessary for quinn

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you check for yourself?
My result was always 1.74.1.

toolchain_h3_quinn_msrv: 1.74.1
toolchain_doc: nightly-2025-04-02
toolchain_lint: stable
Expand All @@ -35,76 +35,49 @@ jobs:
name: Check Style
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
- name: Install Rust ${{ env.toolchain_style }}
uses: actions-rs/toolchain@v1
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
profile: minimal
toolchain: ${{ env.toolchain_style }}
override: true
components: rustfmt
- uses: Swatinem/rust-cache@v2
- name: cargo fmt --all -- --check
uses: actions-rs/cargo@v1
with:
command: fmt
args: --all -- --check
- run: cargo fmt --all -- --check

lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
- name: Install Rust ${{ env.toolchain_lint }}
uses: actions-rs/toolchain@v1
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
profile: minimal
toolchain: ${{ env.toolchain_lint }}
override: true
components: clippy
- uses: Swatinem/rust-cache@v2
- name: cargo clippy
uses: actions-rs/cargo@v1
with:
command: clippy
- run: cargo clippy

msrv:
name: Check MSRV
needs: [style]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
- name: Install Rust ${{ env.toolchain_msrv }}
uses: actions-rs/toolchain@v1
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
profile: minimal
toolchain: ${{ env.toolchain_msrv }}
override: true
- uses: Swatinem/rust-cache@v2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove rust-cache?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't, it's built-in 😉
https://github.com/actions-rust-lang/setup-rust-toolchain#inputs

Name Description Default
cache Automatically configure Rust cache (using [Swatinem/rust-cache]) true

- name: cargo check -p h3
uses: actions-rs/cargo@v1
with:
command: check
args: -p h3
- run: cargo check -p h3

msrv_h3_quinn:
name: Check MSRV of `h3-quinn`
needs: [style]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
- name: Install Rust ${{ env.toolchain_h3_quinn_msrv }}
uses: actions-rs/toolchain@v1
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
profile: minimal
toolchain: ${{ env.toolchain_h3_quinn_msrv }}
override: true
- uses: Swatinem/rust-cache@v2
- name: cargo check -p h3-quinn
uses: actions-rs/cargo@v1
with:
command: check
args: -p h3-quinn
- run: cargo check -p h3-quinn

test:
name: Test ${{ matrix.toolchain }} ${{ matrix.os }} ${{ matrix.target }}
Expand All @@ -123,7 +96,7 @@ jobs:
target: i686-unknown-linux-gnu
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
# Add this step for 32-bit build support
- name: Install 32-bit development libraries
if: matrix.target == 'i686-unknown-linux-gnu'
Expand All @@ -132,18 +105,13 @@ jobs:
sudo apt-get update
sudo apt-get install -y gcc-multilib libc6-dev-i386
- name: Install Rust ${{ matrix.toolchain }}
uses: actions-rs/toolchain@v1
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
profile: minimal
toolchain: ${{ matrix.toolchain }}
target: ${{ matrix.target }}
override: true
- uses: Swatinem/rust-cache@v2
- name: cargo test
uses: actions-rs/cargo@v1
with:
command: test
args: --features ${{ matrix.features }} --target ${{ matrix.target }}
- run: cargo test --features ${{ matrix.features }} --target ${{ matrix.target }}
env: #[cfg(feature = "datagram")] unexpected `cfg` condition value: `datagram`
RUSTFLAGS: "-A unexpected_cfgs"
- name: h3Spec
run: ./ci/h3spec.sh
if: matrix.toolchain == 'stable'
Expand All @@ -153,49 +121,35 @@ jobs:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
- name: Install Rust ${{ env.toolchain_doc }}
uses: actions-rs/toolchain@v1
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
profile: minimal
toolchain: ${{ env.toolchain_doc }}
override: true
- uses: Swatinem/rust-cache@v2
- name: cargo rustdoc -p h3 -- -D intra-doc-link-resolution-failure
uses: actions-rs/cargo@v1
with:
command: rustdoc
args: -p h3 -- -D intra-doc-link-resolution-failure
- run: cargo rustdoc -p h3 -- -D intra-doc-link-resolution-failure

fuzz:
name: Fuzz test
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
- name: Install Rust ${{ env.toolchain_fuzz }}
uses: actions-rs/toolchain@v1
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
profile: minimal
toolchain: ${{ env.toolchain_fuzz }}
override: true
- uses: Swatinem/rust-cache@v2
- name: Install cargo-fuzz
uses: camshaft/install@v1
with:
crate: cargo-fuzz
- name: cargo fuzz run fuzz_varint -- -runs=1
uses: actions-rs/cargo@v1
with:
command: fuzz
args: run fuzz_varint -- -runs=1
- run: cargo fuzz run fuzz_varint -- -runs=1

compliance:
name: Compliance report
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
with:
persist-credentials: false
fetch-depth: 0
Expand All @@ -209,13 +163,10 @@ jobs:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
- name: Install Rust stable
uses: actions-rs/toolchain@v1
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- uses: Swatinem/rust-cache@v2
- name: Run server and client examples test
run: ./ci/example_test.sh
4 changes: 2 additions & 2 deletions examples/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@ quinn = { version = "0.11", default-features = false, features = [
"rustls",
"ring",
] }
rcgen = { version = "0.13" }
rcgen = { version = "0.14" }
rustls = { version = "0.23", default-features = false, features = [
"logging",
"ring",
"std",
] }
rustls-native-certs = "0.7"
rustls-native-certs = "0.8"
structopt = "0.3"
tokio = { version = "1.27", features = ["full"] }
tracing = "0.1.37"
Expand Down
20 changes: 9 additions & 11 deletions examples/client.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ use std::{path::PathBuf, sync::Arc};
use futures::future;
use h3::error::{ConnectionError, StreamError};
use rustls::pki_types::CertificateDer;
use rustls_native_certs::CertificateResult;
use structopt::StructOpt;
use tokio::io::AsyncWriteExt;
use tracing::{error, info};
Expand Down Expand Up @@ -63,18 +64,15 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {

// load CA certificates stored in the system
let mut roots = rustls::RootCertStore::empty();
match rustls_native_certs::load_native_certs() {
Ok(certs) => {
for cert in certs {
if let Err(e) = roots.add(cert) {
error!("failed to parse trust anchor: {}", e);
}
}
let CertificateResult { certs, errors, .. } = rustls_native_certs::load_native_certs();
for cert in certs {
if let Err(e) = roots.add(cert) {
error!("failed to parse trust anchor: {}", e);
}
Err(e) => {
error!("couldn't load any default trust roots: {}", e);
}
};
}
for e in errors {
error!("couldn't load default trust roots: {}", e);
}

// load certificate of CA who issues the server certificate
// NOTE that this should be used for dev only
Expand Down
4 changes: 3 additions & 1 deletion h3-datagram/src/datagram.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ where
B: Buf,
{
/// Creates a new datagram frame
// TODO: remove for MSRV >= 1.87 https://github.com/rust-lang/rust/issues/128101
#[allow(unknown_lints, clippy::manual_is_multiple_of)]
pub fn new(stream_id: StreamId, payload: B) -> Self {
assert!(
stream_id.into_inner() % 4 == 0,
Expand Down Expand Up @@ -106,7 +108,7 @@ where

fn chunk(&self) -> &[u8] {
if self.len - self.pos > 0 {
return &self.stream_id[self.pos..self.len];
&self.stream_id[self.pos..self.len]
} else {
self.payload.chunk()
}
Expand Down
8 changes: 3 additions & 5 deletions h3-quinn/src/datagram.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ impl<B: Buf> SendDatagram<B> for SendDatagramHandler {
let mut buf: EncodedDatagram<B> = data.into();
self.conn
.send_datagram(buf.copy_to_bytes(buf.remaining()))
.map_err(|err| convert_send_datagram_error(err))
.map_err(convert_send_datagram_error)
}
}

Expand All @@ -49,7 +49,7 @@ impl RecvDatagram for RecvDatagramHandler {
Poll::Ready(
ready!(self.datagrams.poll_next_unpin(cx))
.expect("self. datagrams never returns None")
.map_err(|e| convert_connection_error(e)),
.map_err(convert_connection_error),
)
}
}
Expand Down Expand Up @@ -90,9 +90,7 @@ fn convert_h3_error_to_datagram_error(
) -> h3_datagram::ConnectionErrorIncoming {
match error {
ConnectionErrorIncoming::ApplicationClose { error_code } => {
h3_datagram::ConnectionErrorIncoming::ApplicationClose {
error_code: error_code,
}
h3_datagram::ConnectionErrorIncoming::ApplicationClose { error_code }
}
ConnectionErrorIncoming::Timeout => h3_datagram::ConnectionErrorIncoming::Timeout,
ConnectionErrorIncoming::InternalError(err) => {
Expand Down
10 changes: 5 additions & 5 deletions h3-quinn/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ where
) -> Poll<Result<Self::BidiStream, ConnectionErrorIncoming>> {
let (send, recv) = ready!(self.incoming_bi.poll_next_unpin(cx))
.expect("self.incoming_bi BoxStream never returns None")
.map_err(|e| convert_connection_error(e))?;
.map_err(convert_connection_error)?;
Poll::Ready(Ok(Self::BidiStream {
send: Self::SendStream::new(send),
recv: Self::RecvStream::new(recv),
Expand All @@ -93,7 +93,7 @@ where
) -> Poll<Result<Self::RecvStream, ConnectionErrorIncoming>> {
let recv = ready!(self.incoming_uni.poll_next_unpin(cx))
.expect("self.incoming_uni BoxStream never returns None")
.map_err(|e| convert_connection_error(e))?;
.map_err(convert_connection_error)?;
Poll::Ready(Ok(Self::RecvStream::new(recv)))
}

Expand Down Expand Up @@ -383,7 +383,7 @@ impl quic::RecvStream for RecvStream {
let (stream, chunk) = ready!(self.read_chunk_fut.poll(cx));
self.stream = Some(stream);
Poll::Ready(Ok(chunk
.map_err(|e| convert_read_error_to_stream_error(e))?
.map_err(convert_read_error_to_stream_error)?
.map(|c| c.bytes)))
}

Expand Down Expand Up @@ -450,7 +450,7 @@ where
{
fn new(stream: quinn::SendStream) -> SendStream<B> {
Self {
stream: stream,
stream,
writing: None,
}
}
Expand All @@ -466,7 +466,7 @@ where
while data.has_remaining() {
let stream = Pin::new(&mut self.stream);
let written = ready!(stream.poll_write(cx, data.chunk()))
.map_err(|err| convert_write_error_to_stream_error(err))?;
.map_err(convert_write_error_to_stream_error)?;
data.advance(written);
}
}
Expand Down
Loading
Loading