Fix vulnerabilities go-2024-3302 and go-2024-2682

[peczenyj]

based on govulncheck tool, I find two vulnerabilities on this repository

you can install this tool via go install golang.org/x/vuln/cmd/govulncheck@latest

the fix is about update the dependency github.com/quic-go/quic-go and there is a minor change in one structure ( http3.Server ) since one field was renamed

$ govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-3302
    ICMP Packet Too Large Injection Attack on Linux in
    github.com/quic-go/quic-go
  More info: https://pkg.go.dev/vuln/GO-2024-3302
  Module: github.com/quic-go/quic-go
    Found in: github.com/quic-go/quic-go@v0.40.1
    Fixed in: github.com/quic-go/quic-go@v0.48.2
    Platforms: linux
    Example traces found:
      #1: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.DialAddrEarly
      #2: internal/server/server.go:111:41: server.Start calls http3.Server.ListenAndServe, which eventually calls quic.ListenAddrEarly
      #3: internal/server/server.go:111:41: server.Start calls http3.Server.ListenAndServe, which eventually calls quic.ListenEarly
      #4: internal/ingestion/api_handlers_video.go:833:28: ingestion.Manager.convertRobustStreamToJPEG calls quic.StreamError.Error
      #5: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.Transport.DialEarly
      #6: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.connMultiplexer.RemoveConn
      #7: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.connection.AcceptStream
      #8: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.connection.AcceptUniStream
      #9: cmd/test-client/main.go:43:25: test.main calls io.ReadAll, which eventually calls quic.connection.CloseWithError
      #10: internal/server/server.go:111:41: server.Start calls http3.Server.ListenAndServe, which eventually calls quic.connection.OpenUniStream
      #11: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.oobConn.ReadPacket
      #12: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.packetHandlerMap.Close
      #13: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.packetHandlerMap.GetStatelessResetToken
      #14: cmd/test-client/main.go:45:22: test.main calls http3.hijackableBody.Close, which calls quic.receiveStream.CancelRead
      #15: cmd/test-client/main.go:43:25: test.main calls io.ReadAll, which eventually calls quic.receiveStream.Read
      #16: cmd/test-client/main.go:43:25: test.main calls io.ReadAll, which eventually calls quic.sendStream.CancelWrite
      #17: internal/queue/hybrid_queue.go:381:21: queue.HybridQueue.Close calls bufio.Writer.Flush, which eventually calls quic.sendStream.Write
      #18: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.setDF
      #19: internal/server/server.go:111:41: server.Start calls http3.Server.ListenAndServe, which eventually calls quic.stream.Close

Vulnerability #2: GO-2024-2682
    Denial of service via connection starvation in github.com/quic-go/quic-go
  More info: https://pkg.go.dev/vuln/GO-2024-2682
  Module: github.com/quic-go/quic-go
    Found in: github.com/quic-go/quic-go@v0.40.1
    Fixed in: github.com/quic-go/quic-go@v0.42.0
    Example traces found:
      #1: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.DialAddrEarly
      #2: internal/server/server.go:111:41: server.Start calls http3.Server.ListenAndServe, which eventually calls quic.ListenAddrEarly
      #3: internal/server/server.go:111:41: server.Start calls http3.Server.ListenAndServe, which eventually calls quic.ListenEarly
      #4: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.Transport.DialEarly
      #5: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.connection.AcceptStream
      #6: internal/ingestion/rtp/session.go:272:22: rtp.Session.SetSDP calls sync.Once.Do, which eventually calls quic.connection.AcceptUniStream
      #7: internal/server/server.go:111:41: server.Start calls http3.Server.ListenAndServe, which eventually calls quic.connection.OpenUniStream
      #8: cmd/test-client/main.go:45:22: test.main calls http3.hijackableBody.Close, which calls quic.receiveStream.CancelRead
      #9: cmd/test-client/main.go:43:25: test.main calls io.ReadAll, which eventually calls quic.receiveStream.Read
      #10: cmd/test-client/main.go:43:25: test.main calls io.ReadAll, which eventually calls quic.sendStream.CancelWrite

Your code is affected by 2 vulnerabilities from 1 module.
This scan also found 0 vulnerabilities in packages you import and 3
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.

[zsiec]

Thanks for the contribution!