build(deps): Bump github.com/quic-go/quic-go from 0.45.2 to 0.46.0 (#…

…6224)

Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.45.2 to 0.46.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/quic-go/quic-go/releases">github.com/quic-go/quic-go's releases</a>.</em></p>
<blockquote>
<h2>v0.46.0</h2>
<h2>New Features</h2>
<ul>
<li>The <code>http3.Server</code> now has an <code>IdleTimeout</code> field: <a href="https://redirect.github.com/quic-go/quic-go/issues/4587">#4587</a>. It works analogous to its HTTP/2 standard library equivalent: If no requests are received for the idle timeout period, the underlying QUIC connection is closed. Thanks to <a href="https://github.com/rs"><code>@​rs</code></a> for implementing.</li>
<li>The qlog file format was updated to the current qlog draft, which now uses JSON sequences (JSON-SEQ): <a href="https://redirect.github.com/quic-go/quic-go/issues/4609">#4609</a>. qlog files now have the file extension <code>.sqlog</code>.</li>
</ul>
<h2>Breaking Changes</h2>
<ul>
<li><code>logging.VersionNumber</code> was renamed to <code>logging.Version</code> (<a href="https://redirect.github.com/quic-go/quic-go/issues/4621">#4621</a>), mirroring a similar renaming of <code>quic.VersionNumber</code> to <code>quic.Version</code> introduced in an earlier release</li>
<li><code>internal_error</code> TLS alerts are now sent as QUIC CRYPTO_ERRORs (and not INTERNAL_ERRORs): <a href="https://redirect.github.com/quic-go/quic-go/issues/4601">#4601</a></li>
</ul>
<h2>Other Notable Changes</h2>
<p>The stream logic for queueing stream-related control frames (RESET_STREAM, STOP_SENDING, MAX_STREAM_DATA, STREAM_DATA_BLOCKED) was completely rewritten. This makes quic-go more resilient to memory exhaustion attacks similar to those that we've seen earlier this year (<a href="https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf">1</a> and <a href="https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478">2</a>). It also enables further frame packing optimizations in the future.</p>
<h2>Changelog</h2>
<ul>
<li>metrics: create a new tracer on every call of DefaultConnectionTracer by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4560">quic-go/quic-go#4560</a></li>
<li>metrics: use the default metrics tracer in integration tests by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4562">quic-go/quic-go#4562</a></li>
<li>example: remove Dockerfile by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4568">quic-go/quic-go#4568</a></li>
<li>http3: fix race condition between Server.Serve and Server.Close by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4572">quic-go/quic-go#4572</a></li>
<li>http3: allow re-dialing of connection after a dial error by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4573">quic-go/quic-go#4573</a></li>
<li>fix stream documentation for StreamError return values by <a href="https://github.com/mengelbart"><code>@​mengelbart</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4575">quic-go/quic-go#4575</a></li>
<li>build(deps): bump docker/build-push-action from 5 to 6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4576">quic-go/quic-go#4576</a></li>
<li>use a net.ErrClosed when returning Accept from a closed server by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4569">quic-go/quic-go#4569</a></li>
<li>handshake: ignore unknown QUIC events from crypto/tls by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4577">quic-go/quic-go#4577</a></li>
<li>introduce a StreamLimitReachedError for Connection.Open{Uni}Stream by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4579">quic-go/quic-go#4579</a></li>
<li>ci: use Go 1.23rc2 for unit and integration tests by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4571">quic-go/quic-go#4571</a></li>
<li>handshake: remove unneeded tokenProtector interface by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4585">quic-go/quic-go#4585</a></li>
<li>ackhandler: optimize received packet tracking by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4584">quic-go/quic-go#4584</a></li>
<li>move connection logging to a separate file, absorb logutils package by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4586">quic-go/quic-go#4586</a></li>
<li>simplify handling of CRYPTO frames, remove cryptoDataHandler interface by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4588">quic-go/quic-go#4588</a></li>
<li>wire: optimize parsing of long header packets by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4589">quic-go/quic-go#4589</a></li>
<li>remove trivial IPv4 helper function by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4591">quic-go/quic-go#4591</a></li>
<li>wire: simplify packet number parsing, remove utils.ByteOrder interface by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4590">quic-go/quic-go#4590</a></li>
<li>utils: remove scarcely used time helper functions by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4593">quic-go/quic-go#4593</a></li>
<li>remove mock TokenStore implementation by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4597">quic-go/quic-go#4597</a></li>
<li>remove unused framer interface by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4599">quic-go/quic-go#4599</a></li>
<li>refactor frame packing to logic to not access the streams map by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4596">quic-go/quic-go#4596</a></li>
<li>ackhandler: reduce allocations for tracking sent packets by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4602">quic-go/quic-go#4602</a></li>
<li>mark stream completed when CancelWrite is called after receiving STOP_SENDING by <a href="https://github.com/sukunrt"><code>@​sukunrt</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4605">quic-go/quic-go#4605</a></li>
<li>simplify generation of STREAM_DATA_BLOCKED frames by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4608">quic-go/quic-go#4608</a></li>
<li>reduce allocations when handling crypto data by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4615">quic-go/quic-go#4615</a></li>
<li>handshake: remove gomock tls.ClientSessionCache implementation by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4619">quic-go/quic-go#4619</a></li>
<li>wire: speed up parsing of headers with arbitrary length connection IDs by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4618">quic-go/quic-go#4618</a></li>
<li>remove trivial mock implementation of the cryptoStream interface by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4620">quic-go/quic-go#4620</a></li>
<li>simplify frame queuing logic for 0-RTT rejection by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4607">quic-go/quic-go#4607</a></li>
<li>handshake: generate CRYPTO_ERRORs for internal_error TLS alerts by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4601">quic-go/quic-go#4601</a></li>
<li>remove unneeded cryptoStream interface by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4617">quic-go/quic-go#4617</a></li>
<li>logging: rename VersionNumber to Version by <a href="https://github.com/marten-seemann"><code>@​marten-seemann</code></a> in <a href="https://redirect.github.com/quic-go/quic-go/pull/4621">quic-go/quic-go#4621</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/quic-go/quic-go/commit/0b033db188ea2339a458e9680e28110494f888a8"><code>0b033db</code></a> fix logging of short header connection IDs (<a href="https://redirect.github.com/quic-go/quic-go/issues/4626">#4626</a>)</li>
<li><a href="https://github.com/quic-go/quic-go/commit/46fc42d0da305fc32327f71dca8fb78c39f62fd9"><code>46fc42d</code></a> only declare send stream completed when RESET_STREAM is acknowledged (<a href="https://redirect.github.com/quic-go/quic-go/issues/4613">#4613</a>)</li>
<li><a href="https://github.com/quic-go/quic-go/commit/7c471aac7444aa72f1b0c328f993a1dc18c93122"><code>7c471aa</code></a> http3: implement server idle timeout support (<a href="https://redirect.github.com/quic-go/quic-go/issues/4587">#4587</a>)</li>
<li><a href="https://github.com/quic-go/quic-go/commit/af9fa7a555f2eca7585700d9e4979578b0b33040"><code>af9fa7a</code></a> queue stream-related control frames in the respective stream (<a href="https://redirect.github.com/quic-go/quic-go/issues/4610">#4610</a>)</li>
<li><a href="https://github.com/quic-go/quic-go/commit/d1f9af4cc6b13c96dc302ac9ec5f061ed294d36b"><code>d1f9af4</code></a> implement qlog JSONSEQ format, bump qlog version (<a href="https://redirect.github.com/quic-go/quic-go/issues/4609">#4609</a>)</li>
<li><a href="https://github.com/quic-go/quic-go/commit/f96923b5b276471d171d1363f1bc33bb6240e5c3"><code>f96923b</code></a> logging: rename VersionNumber to Version (<a href="https://redirect.github.com/quic-go/quic-go/issues/4621">#4621</a>)</li>
<li><a href="https://github.com/quic-go/quic-go/commit/931166bb8e0dee5183a3b43726cfe7f285529e9b"><code>931166b</code></a> remove unneeded cryptoStream interface (<a href="https://redirect.github.com/quic-go/quic-go/issues/4617">#4617</a>)</li>
<li><a href="https://github.com/quic-go/quic-go/commit/f5ceb73171b129bb82efdd7b493c9afddd6e36f0"><code>f5ceb73</code></a> handshake: generate CRYPTO_ERRORs for internal_error TLS alerts (<a href="https://redirect.github.com/quic-go/quic-go/issues/4601">#4601</a>)</li>
<li><a href="https://github.com/quic-go/quic-go/commit/a147bee19009c8f7f6d6d507bed31d6eebe6ab95"><code>a147bee</code></a> simplify frame queuing logic on 0-RTT rejection (<a href="https://redirect.github.com/quic-go/quic-go/issues/4607">#4607</a>)</li>
<li><a href="https://github.com/quic-go/quic-go/commit/86d5044eec4a4f68d358aeb9ebe9d62e19df4b71"><code>86d5044</code></a> remove trivial mock implementation of the cryptoStream interface (<a href="https://redirect.github.com/quic-go/quic-go/issues/4620">#4620</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/quic-go/quic-go/compare/v0.45.2...v0.46.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/quic-go/quic-go&package-manager=go_modules&previous-version=0.45.2&new-version=0.46.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

go.mod

@@ -34,7 +34,7 @@ require (
 	github.com/prometheus/client_golang v1.19.1
 	github.com/prometheus/client_model v0.6.1
 	github.com/prometheus/common v0.55.0
-	github.com/quic-go/quic-go v0.45.2
+	github.com/quic-go/quic-go v0.46.0
 	github.com/rs/cors v1.11.0
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/seehuhn/mt19937 v1.0.0

go.sum

@@ -539,8 +539,8 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
 github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/quic-go v0.45.2 h1:DfqBmqjb4ExSdxRIb/+qXhPC+7k6+DUNZha4oeiC9fY=
-github.com/quic-go/quic-go v0.45.2/go.mod h1:1dLehS7TIR64+vxGR70GDcatWTOtMX2PUtnKsjbTurI=
+github.com/quic-go/quic-go v0.46.0 h1:uuwLClEEyk1DNvchH8uCByQVjo3yKL9opKulExNDs7Y=
+github.com/quic-go/quic-go v0.46.0/go.mod h1:1dLehS7TIR64+vxGR70GDcatWTOtMX2PUtnKsjbTurI=
 github.com/quic-go/webtransport-go v0.8.0 h1:HxSrwun11U+LlmwpgM1kEqIqH90IT4N8auv/cD7QFJg=
 github.com/quic-go/webtransport-go v0.8.0/go.mod h1:N99tjprW432Ut5ONql/aUhSLT0YVSlwHohQsuac9WaM=
 github.com/raulk/go-watchdog v1.3.0 h1:oUmdlHxdkXRJlwfG0O9omj8ukerm8MEQavSiDTEtBsk=