fix(deps): update module github.com/pion/dtls/v3 to v3.1.0 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/pion/dtls/v3	v3.0.6 → v3.1.0

GitHub Vulnerability Alerts

CVE-2026-26014

Impact

Pion DTLS versions v1.0.0 through v3.0.10 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack".

Patches

Upgrade to v3.1.1 or later. This version includes PR #​796, which uses the 64-bit sequence number to populate the nonce_explicit part of the GCM nonce. This is according to best practice outlined in RFC 9325 section 7.2.1.

v3.0.11 is a backport patch supporting Go v1.21

Workarounds

There are no workarounds without upgrading to version v3.0.11, v3.1.1 or later.

References

Commit fixing the bug: pion/dtls@61762de
Commit fixing the bug (backport): 90e241c
Pull request: #​796

---

Release Notes

pion/dtls (github.com/pion/dtls/v3)

v3.1.0

Compare Source

Options patterns, Security fix and performance improvements.

Changelog

• 61762de Use sequence number for nonce in GCM ciphers (#​796)
• 46ee7c3 Refactor Common AEAD Code in Ciphersuite Package (#​789)
• 10bd10a Prefer server srtp protection profiles ordering
• 93c2677 Fix rare flaky test
• d46d2a7 Fix Bug in signature_algorithms_cert Handling (#​791)
• acad848 DTLS 1.3 signature_algorithms_cert Extension (#​788)
• 0a5b311 Introduce options patterns
• 9495bef DTLS 1.3 RSA-PSS Signature Scheme Support (#​778)
• f1c63e9 Refactor error types for 1.3 extensions (#​787)
• bed33fe Add PreSharedKey extensions for DTLS 1.3 (#​773)
• 01f7ba5 Update CI configs to v0.11.37
• 5b824b0 CCM Encrypt Speed + Memory Mgmt Improvements (#​784)
• 100a3aa GCM Speed + Memory Mgmt Improvements (#​783)
• 199a753 Add Ciphersuite Benchmark Tests (#​781)
• 6b2fbf1 Fix Race Condition in TestListenerCustomConnIDs (#​782)
• 8ea3afc Fix intermittent unit test failures (#​780)
• c6db81b Update README
• 44160f0 DTLS 1.3 CertificateRequest + Certificate Messages (#​774)
• 9121462 Add Cookie extension for DTLS 1.3 (#​770)

v3.0.11

Compare Source

Backport security fix for GHSA-9f3f-wv7r-qc8r (CVE-2026-26014)

This is the only release with the security fix for Go v1.21.

v3.0.10

Compare Source

Changelog

• 713910a Upgrade to pion/transport/v4
• e0d3160 Add the key share extension (#​749)
• 7a57e26 Update CI configs to v0.11.36
• 08d8c3e Fix gosec slice bounds warnings (#​764)
• 7b9612e Handshake fragments assembly refactoring (#​762)

v3.0.9

Compare Source

Changelog

• ab5f89b Implement TLS_EMPTY_RENEGOTIATION_INFO_SCSV
• d5761ac Prevent negative intervals

v3.0.8

Compare Source

Changelog

• ffd97f5 Backoff handshake retransmit
• 7ab1bc9 Update actions/checkout action to v6
• bdb5f23 Update module github.com/pion/transport/v3 to v3.1.1 (#​754)
• 1d9b6b1 Update module github.com/pion/transport/v3 to v3.1.0
• c06c3a7 Lock while writing to encryptedPackets
• ca7d80e Update CI configs to v0.11.32
• 9cfb13f Improve the record layer fuzz tests
• daa0fd4 Add fuzz tests for gcm
• 9ed5950 Add fuzz tests for ccm
• 7b68bd9 Add fuzz tests for packet buffer
• 7c62411 Update CI configs to v0.11.31
• 3e12f76 Add more tests for prf
• e7cbd62 Migrate elliptic curves from elliptic to ecdh
• 6ff535f Update module github.com/pion/transport/v3 to v3.0.8
• f6b0286 Add the supported_versions extension
• 120a895 Handle ECONNREFUSED timeout
• ed044c0 Update CI configs to v0.11.29
• 5611b14 Apply go modernize
• 27c3405 Update actions/checkout action to v5
• 8764fbd Update CI configs to v0.11.26
• 465f544 Update CI configs to v0.11.25
• 6e1e3c9 Update module github.com/stretchr/testify to v1.11.1
• 495a7b5 Update CI configs to v0.11.24
• 0b11eab Update module github.com/stretchr/testify to v1.11.0
• b8c2ab4 Fix lint issues with golangci-lint@​v2
• 0bf1902 Update CI configs to v0.11.22

v3.0.7

Compare Source

Changelog

• e3cf6bc Comply with RFC5746 and RFC5246
• f0c0987 Update module github.com/pion/logging to v0.2.4
• 63bf30c Update CI configs to v0.11.20
• 34fbe21 Replace interface{} with any
• 8bf2c71 Fix packet buffer read index after buffer resize
• 806ff2f Refactor cfg.onFlightState, avoid data race
• f5e908f Update CI configs to v0.11.19
• 58d3b7e Update lint rules, force testify/assert
• e57dc04 Update social media links, move to discord

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
github.com/pion/logging	v0.2.3 -> v0.2.4
github.com/stretchr/testify	v1.10.0 -> v1.11.1