build(deps): bump github.com/quic-go/webtransport-go from 0.10.0 to 0.11.0

[dependabot]

Bumps github.com/quic-go/webtransport-go from 0.10.0 to 0.11.0.

Release notes

Sourced from github.com/quic-go/webtransport-go's releases.

v0.11.0

This release focuses on full compatibility with draft-15. The server keeps limited backwards compatibility with older draft clients where this is straightforward, but that compatibility is intentionally not comprehensive.

WebTransport flow control is not supported yet (see issue #256).

Breaking Changes

• webtransport-go now requires Go 1.25 or newer: #243

Protocol Changes

• Use SETTINGS_WT_ENABLED for WebTransport draft-version negotiation. The server continues to accept the old ENABLE_WEBTRANSPORT setting for compatibility with older clients: #254
• Send SETTINGS_WT_ENABLED from the client, as required by draft-15: #271 (thanks to @​tobbee)
• Use webtransport-h3 as the Extended CONNECT :protocol token. The server continues to accept the legacy webtransport token for compatibility with older clients: #280 (thanks to @​tomholford)
• Use the WT_REQUIREMENTS_NOT_MET error when the peer does not advertise the required HTTP/3 or WebTransport capabilities: #252
• Add support for the WT_ALPN_ERROR session error: #277
• Validate WebTransport session IDs before accepting incoming streams: #283
• Advertise SETTINGS values as required by Safari 26.4: #261 (thanks to @​birros)

New Features

• Added a runnable example server and client, including browser-side JavaScript and certificate hash verification in the Go client: #285

Notable Fixes

• Fixed a stream close race condition where ReceiveStream.Read or SendStream.Write could block forever when the local and remote side closed a session concurrently: #267 (thanks to @​aler9)
• Server.ListenAndServe now closes the UDP socket it creates: #274

What's Changed

• update to Go 1.26, drop Go 1.24 by @​marten-seemann in quic-go/webtransport-go#243
• build an image for the WebTransport Interop Runner by @​marten-seemann in quic-go/webtransport-go#244
• Bump docker/setup-buildx-action from 3 to 4 by @​dependabot[bot] in quic-go/webtransport-go#249
• Bump docker/build-push-action from 6 to 7 by @​dependabot[bot] in quic-go/webtransport-go#250
• Bump docker/login-action from 3 to 4 by @​dependabot[bot] in quic-go/webtransport-go#251
• Bump docker/setup-qemu-action from 3 to 4 by @​dependabot[bot] in quic-go/webtransport-go#248
• use the WT_REQUIREMENTS_NOT_MET error by @​marten-seemann in quic-go/webtransport-go#252
• use SETTINGS_WT_ENABLED introduced in draft-15 by @​marten-seemann in quic-go/webtransport-go#254
• ci: bump codecov/codecov-action from 5 to 6 by @​dependabot[bot] in quic-go/webtransport-go#260
• ci: bump nanasess/setup-chromedriver from 2 to 3 by @​dependabot[bot] in quic-go/webtransport-go#266
• ci: bump codecov/codecov-action from 6 to 7 by @​dependabot[bot] in quic-go/webtransport-go#268
• ci: pin non-GitHub-owned GitHub Actions by @​marten-seemann in quic-go/webtransport-go#270
• README: update to draft-15 by @​marten-seemann in quic-go/webtransport-go#273
• send SETTINGS_WT_ENABLED from the client by @​tobbee in quic-go/webtransport-go#271
• close UDP socket created by Server.ListenAndServe by @​marten-seemann in quic-go/webtransport-go#274
• run go fix across the entire codebase by @​marten-seemann in quic-go/webtransport-go#275
• ci: run go fix as part of the lint workflow by @​marten-seemann in quic-go/webtransport-go#276
• add support for the WT_ALPN_ERROR by @​marten-seemann in quic-go/webtransport-go#277
• fix stream close race condition on session close by @​aler9 in quic-go/webtransport-go#267
• fix flaky TestDatagrams by @​marten-seemann in quic-go/webtransport-go#278

... (truncated)

Commits

• 683e220 update quic-go to v0.60.0 (#287)
• 39cf509 send WebTransport SETTINGS expected by Safari 26.4 (#261)
• c7ca10b add an example server and client (#285)
• 1cdd8a0 implement validation of session IDs (#283)
• 6b0bec9 use webtransport-h3 as the :protocol upgrade token (#280)
• 81409ba fix flaky TestDatagrams (#278)
• 041fa66 fix stream close race condition on session close (#267)
• 134464b add support for the WT_ALPN_ERROR (#277)
• f062c1d ci: run go fix as part of the lint workflow (#276)
• 1ea6cd6 run go fix across the entire codebase (#275)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

New Coverage	58.0% of statements
Patch Coverage	0.0% of changed statements (0/0)

---

^{Coverage provided by https://github.com/seriousben/go-patch-cover-action}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/​quic-go/​webtransport-go@​v0.10.0 ⏵ v0.11.0	-3

View full report