Merge branch 'main' into cubic

.config/nextest.toml

@@ -3,3 +3,6 @@
 fail-fast = false
 # Terminate test after three slow periods of 60 seconds.
 slow-timeout = { period = "60s", terminate-after = 3 }
+
+[profile.ci.junit]
+path = "junit.xml"

.github/actions/quic-interop-runner/action.yml

@@ -35,7 +35,7 @@ runs:
 
     - name: Install dependencies
       run: |
-        sudo add-apt-repository ppa:wireshark-dev/stable
+        sudo add-apt-repository ppa:wireshark-dev/nightly
         sudo apt-get update
         sudo apt-get install -y --no-install-recommends tshark
       shell: bash

.github/workflows/check-vm.yml

@@ -25,7 +25,12 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [freebsd, openbsd, netbsd, solaris]
+        os: [
+              freebsd,
+              # openbsd, # FIXME: Re-enable once their NSS package is new enough.
+              # netbsd, # FIXME: NSS package is new enough, but test_fixture::fixture_init dies with `NssError { name: "SEC_ERROR_LEGACY_DATABASE", code: -8015, desc: "The certificate/key database is in an old, unsupported format." }`
+              # solaris # FIXME: Re-enable once their NSS package is new enough.
+            ]
     runs-on: ubuntu-latest
 
     steps:
@@ -94,7 +99,7 @@ jobs:
             rm -rf target # Don't sync this back to host
 
       - if: matrix.os == 'netbsd'
-        uses: vmactions/netbsd-vm@7c9086fdb4cc1aa814cda6e305390c2b966551a9
+        uses: vmactions/netbsd-vm@46a58bbf03682b4cb24142b97fa315ae52bed573
         with:
           usesh: true
           envs: "CARGO_TERM_COLOR RUST_BACKTRACE RUST_LOG GITHUB_ACTIONS"
@@ -157,7 +162,7 @@ jobs:
             cargo test --no-fail-fast --release
             rm -rf target # Don't sync this back to host
 
-      - uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
+      - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
         with:
           files: lcov.info
           fail_ci_if_error: false

.github/workflows/check.yml

@@ -119,6 +119,13 @@ jobs:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         if: matrix.type == 'debug' && matrix.rust-toolchain == 'nightly'
 
+      - uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2
+        with:
+          files: target/nextest/ci/junit.xml
+          fail_ci_if_error: false
+          token: ${{ secrets.CODECOV_TOKEN }}
+          verbose: true
+
       - name: Save simulation seeds artifact
         if: always()
         uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
@@ -136,7 +143,5 @@ jobs:
 
   bench:
     needs: [check]
-    if: >
-      (github.event_name == 'workflow_dispatch' && github.event.inputs.run_benchmarks) ||
-      (github.event_name != 'workflow_dispatch' && github.event_name != 'pull_request')
+    if: github.event_name != 'workflow_dispatch' || github.event.inputs.run_benchmarks
     uses: ./.github/workflows/bench.yml

.github/workflows/clippy.yml

@@ -46,7 +46,7 @@ jobs:
       # respective default features only. Can reveal warnings otherwise
       # hidden given that a plain cargo clippy combines all features of the
       # workspace. See e.g. https://github.com/mozilla/neqo/pull/1695.
-      - run: cargo hack clippy --all-targets --feature-powerset --exclude-features gecko -- -D warnings
+      - run: cargo hack clippy --all-targets --benches --feature-powerset --exclude-features gecko -- -D warnings
       - run: cargo doc --workspace --no-deps --document-private-items
         env:
           RUSTDOCFLAGS: "--deny rustdoc::broken_intra_doc_links --deny warnings"

.github/workflows/qns.yml

@@ -54,7 +54,7 @@ jobs:
             # set latest tag for default branch
             type=raw,value=latest,enable={{is_default_branch}}
 
-      - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
+      - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         if: github.event_name != 'pull_request'
         with:
           push: true
@@ -65,7 +65,7 @@ jobs:
           cache-to: type=gha,mode=max
           platforms: 'linux/amd64, linux/arm64'
 
-      - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
+      - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         id: docker_build_and_push
         with:
           tags: ${{ steps.meta.outputs.tags }}

.github/workflows/sanitize.yml

@@ -27,8 +27,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        # TODO: Unpin ubuntu when https://github.com/rust-lang/rust/issues/111073#issuecomment-2561607617 is fixed.
-        os: [ubuntu-22.04, macos-latest] # No Windows support for sanitizers.
+        os: [ubuntu-latest, macos-latest] # No Windows support for sanitizers.
         sanitizer: [address, thread, leak] # TODO: memory
         exclude:
           # Memory and leak sanitizers are not supported on macOS.
@@ -62,7 +61,7 @@ jobs:
           ASAN_OPTIONS: detect_leaks=1:detect_stack_use_after_return=1
           RUST_BACKTRACE: 1
         run: |
-          if [ "${{ matrix.os }}" = "ubuntu-22.04" ]; then
+          if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then
             sudo apt-get install -y --no-install-recommends llvm
             TARGET="x86_64-unknown-linux-gnu"
           elif [ "${{ matrix.os }}" = "macos-latest" ]; then

Cargo.toml

@@ -20,7 +20,7 @@ description = "Neqo, the Mozilla implementation of QUIC in Rust."
 keywords = ["quic", "http3", "neqo", "mozilla", "ietf", "firefox"]
 categories = ["network-programming", "web-programming"]
 readme = "README.md"
-version = "0.11.0"
+version = "0.12.1"
 # Keep in sync with `.rustfmt.toml` `edition`.
 edition = "2021"
 license = "MIT OR Apache-2.0"