Merge branch 'main' into fix-pto-all

.github/dependabot.yml

@@ -7,6 +7,9 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    # Disable all non-security updates.
+    # <https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit>
+    open-pull-requests-limit: 0
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:

.github/workflows/check.yml

@@ -111,7 +111,7 @@ jobs:
           RUST_LOG: warn
           BUILD_DIR: ${{ matrix.type == 'release' && 'release' || 'debug' }}
 
-      - uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2
+      - uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
         with:
           files: lcov.info
           fail_ci_if_error: false
@@ -129,6 +129,13 @@ jobs:
           path: simulation-seeds
           compression-level: 9
 
+  check-cargo-lock:
+    name: Ensure `Cargo.lock` contains all required dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - run: cargo update -w --locked
+
   bench:
     needs: [check]
     if: >

.github/workflows/dependency-review.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
+      - uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
         with:
           base-ref: ${{ github.event.pull_request.base.sha || 'main' }}
           head-ref: ${{ github.event.pull_request.head.sha || github.ref }}

.github/workflows/qns.yml

@@ -42,7 +42,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
-      - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+      - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
         id: meta
         with:
           images: ghcr.io/${{ github.repository }}-qns
@@ -213,15 +213,20 @@ jobs:
                 fi
                 [ -n "$RESULT" ] || continue
                 DIFF=$(wdiff -n "$BASELINE" - <<< "$RESULT" || true)
-                RESULT=$(echo "$DIFF" | sed -E "s/\[-|-\]/~~/g; s/\{\+|\+\}/\*\*/g")
+                RESULT=$(echo "$DIFF" | sed -E "s/\[-/ _~~/g; s/-\]/~~_ /g; s/\{\+/ <ins>\*\*/g; s/\+\}/\*\*<\/ins> /g")
                 echo "* [$PAIR]($LOG): $RESULT" >> "$ROLE.$GROUP.md"
               done
             done
           done
           {
             echo "### Failed Interop Tests"
             if [ -e client.failed.md ] || [ -e server.failed.md ]; then
-              echo "[QUIC Interop Runner](https://github.com/quic-interop/quic-interop-runner), *client* vs. *server*"
+              echo -n "[QUIC Interop Runner](https://github.com/quic-interop/quic-interop-runner), *client* vs. *server*"
+              SHA=$(cat results-main/baseline-sha.txt || true)
+              if [ -n "$SHA" ]; then
+                echo ", differences relative to $SHA."
+              fi
+              echo
               echo "#### $LATEST as client"
               cat client.failed.md
               echo "#### $LATEST as server"
@@ -252,10 +257,15 @@ jobs:
             echo "</details>"
           } >> comment.md
 
+      - if: github.ref == 'refs/heads/main'
+        run: |
+          mv results results-main
+          echo "${{ github.sha }}" > results-main/baseline-sha.txt
+
       - if: github.ref == 'refs/heads/main'
         uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
-          path: results
+          path: results-main
           key: qns-${{ github.sha }}
 
       - uses: ./.github/actions/pr-comment-data-export

.gitignore

@@ -4,4 +4,3 @@
 /.vscode/
 /lcov.info
 /target/
-Cargo.lock