fix(deps): update rust crate tonic to v0.12.3 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
tonic	dependencies	patch	0.12.2 -> 0.12.3

GitHub Vulnerability Alerts

CVE-2024-47609

Impact

note: this only affects v0.12.0 - v0.12.2

When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a tcp/tls stream. This can be triggered via causing the accept call to error out with errors there were not covered correctly causing the accept loop to exit.

More information can be found here

Patches

Upgrading to tonic 0.12.3 and above contains the fix.

Workarounds

A custom accept loop is a possible workaround.

---

Release Notes

hyperium/tonic (tonic)

v0.12.3

Compare Source

Features

• server: Added support for grpc max_connection_age (#​1865)
• build: Add #[deprecated] to deprecated client methods (#​1879)
• build: plumb skip_debug through prost Builder and add test (#​1900)

Bug Fixes

• build: Revert "fix tonic-build cargo build script outputs (#​1821)" which accidentally increases MSRV (#​1898)
• server: ignore more error kinds in incoming socket stream (#​1885)
• transport: do not shutdown server on broken connections (#​1948)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.