Update h2 in lockfile

Addresses RUSTSEC-2024-0003.  (May not be relevant, but we should
update out of tidiness.)

    $ nailing-cargo -o audit
    nailing-cargo: out-of-tree, git, building in: `/home/ian/Rustup/Mastodonochrome/Build/mastodonochrome'
    nailing-cargo: using really to run as user `rustcargo'
    nailing-cargo: *WARNING* cwd is not in Cargo.nail thbough it has Cargo.toml!
    nailing-cargo: nailed (0 manifests, 0 packages)
    nailing-cargo: invoking: cargo audit
	Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
	  Loaded 595 security advisories (from /home/rustcargo/.cargo/advisory-db)
	Updating crates.io index
	Scanning Cargo.lock for vulnerabilities (257 crate dependencies)
    Crate:     h2
    Version:   0.3.22
    Title:     Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
    Date:      2024-01-17
    ID:        RUSTSEC-2024-0003
    URL:       https://rustsec.org/advisories/RUSTSEC-2024-0003
    Solution:  Upgrade to ^0.3.24 OR >=0.4.2
    Dependency tree:
    h2 0.3.22
    ├── reqwest 0.11.23
    │   └── mastodonochrome 0.1.0
    └── hyper 0.14.28
	├── reqwest 0.11.23
	└── hyper-tls 0.5.0
	    └── reqwest 0.11.23

    error: 1 vulnerability found!

diff --git a/Cargo.lock b/Cargo.lock
index 1ee939b4d2e35e11777cf7c9246e08d0d695ae02..e3714b13bc7099a8dc07d4e1bf655a5ae8e0c63f 100644 (file)
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -635,9 +635,9 @@ checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
 
 [[package]]
 name = "h2"
-version = "0.3.22"
+version = "0.3.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4d6250322ef6e60f93f9a2162799302cd6f68f79f6e5d85c8c16f14d1d958178"
+checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9"
 dependencies = [
  "bytes",
  "fnv",