Chore: bump github.com/refraction-networking/utls from 1.5.4 to 1.6.3

[dependabot]

Bumps github.com/refraction-networking/utls from 1.5.4 to 1.6.3.

Release notes

Sourced from github.com/refraction-networking/utls's releases.

v1.6.3 Cryptographically Secured Shuffle

Don't panic! This does not cause any significant security concern, since modern platforms are doing fine with limited randomness from math/rand. This patch is for some much restrictive platforms such as WebAssembly.

What's Changed

• security: crypto/rand ShuffleChromeTLSExtensions by @​gaukas in refraction-networking/utls#286

Full Changelog: refraction-networking/utls@v1.6.2...v1.6.3

v1.6.2 Dependency and Upstream Update

What's Changed

• deps: bump all deps to latest by @​gaukas in refraction-networking/utls#279
• ⬆️ sync: merge changes from golang/[email protected] release branch by @​gaukas in refraction-networking/utls#280

Full Changelog: refraction-networking/utls@v1.6.1...v1.6.2

v1.6.1 Hotfix: kyberslash2

Security Warning

This is a security update fixing kyberslash2, a timing side-channel attack against CIRCL library used by uTLS.

What's Changed

• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @​dependabot in refraction-networking/utls#273
• feat: parse GREASE ECH from raw by @​gaukas in refraction-networking/utls#276
• build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 by @​dependabot in refraction-networking/utls#277

Full Changelog: refraction-networking/utls@v1.6.0...v1.6.1

v1.6.0 One step closer to ECH

What's New

• We now have GREASE ECH parrots (Chrome 120, Firefox 120) available!

What's Changed

• improvement: cleanup by @​VeNoMouS in refraction-networking/utls#253
• build(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 by @​dependabot in refraction-networking/utls#254
• Deprecate usage of OmitEmptyPsk field in PreSharedKeyExtension (closes #255) by @​sleeyax in refraction-networking/utls#256
• sync: go 1.21.4 by @​gaukas in refraction-networking/utls#261
• fix: no padding if raw clienthello is too short by @​gaukas in refraction-networking/utls#263
• new: vendor godicttls package by @​gaukas in refraction-networking/utls#265
• feat: add GREASEEncryptedClientHelloExtension by @​gaukas in refraction-networking/utls#266
• feat: chrome 120 non-pq client hello by @​hax0r31337 in refraction-networking/utls#268
• bump: firefox and chrome auto parrot to latest by @​gaukas in refraction-networking/utls#269
• fix: grease ech parrot for chrome 120 by @​hax0r31337 in refraction-networking/utls#271
• fix: incorrect firefox nss parrot ECH params by @​gaukas in refraction-networking/utls#272

New Contributors

• @​sleeyax made their first contribution in refraction-networking/utls#256
• @​hax0r31337 made their first contribution in refraction-networking/utls#268

Full Changelog: refraction-networking/utls@v1.5.4...v1.6.0

Commits

• 3d4788c security: crypto/rand ShuffleChromeTLSExtensions (#286)
• d2768e4 ⬆️ sync: merge changes from golang/[email protected] release branch (#280)
• 5796f97 🚑 fix: code broken after merging
• 8680818 ➖ update: remove unused boring files
• 36f1f79 ⚠️ deprecate: weak ciphers
• bd8fe35 🔀 update: Merge 'upstream:release-branch.go1.22'
• c209e4b deps: bump all deps to latest (#279)
• 8b9a63f build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#277)
• 42e79cb feat: parse GREASE ECH from raw (#276)
• f8beb04 build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#273)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (458db39) 36.12% compared to head (a667376) 35.68%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2899      +/-   ##
==========================================
- Coverage   36.12%   35.68%   -0.45%     
==========================================
  Files         715      729      +14     
  Lines       40949    41484     +535     
==========================================
+ Hits        14794    14802       +8     
- Misses      24521    25050     +529     
+ Partials     1634     1632       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[xiaokangwang]

@dependabot rebase