[Vanta] Remediate quinn-proto to 0.11.14 (CIP-2901)

[tobyhede]

Summary

• Bumps quinn-proto from 0.11.12 to 0.11.14

CVE-2026-31812

Remote DoS via panic on malformed QUIC Initial packet containing malformed quic_transport_parameters.

• Advisory: GHSA-6xvm-j4wr-6v98

References

• https://github.com/cipherstash/proxy/security/dependabot/17
• Linear: CIP-2901

Test plan

• CI passes

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7c9419f2-3a60-43db-9112-932a3a3e2259

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch toby/cip-2901-remediate-quinn-proto

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}