net/http: update bundled golang.org/x/net/http2

Pull in security fix 2d13015 http2: cap the size of the server's canonical header cache and 0a0e4e1 http2: Fix handling of expect continue 04296fa http2: prioritize RST_STREAM frames in random write scheduler Fixes #50058 Fixes CVE-2021-44716 Change-Id: Ia40a2e52fa240e54a83b5ec7d8116cb6639ecbb9 Reviewed-on: https://go-review.googlesource.com/c/go/+/370579 Trust: Filippo Valsorda <[email protected]> Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Damien Neil <[email protected]>
cloudflare · Dec 9, 2021 · 307d7c6 · 307d7c6
1 parent 61ba0bc
commit 307d7c6
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 26 deletions.
diff --git a/src/go.mod b/src/go.mod
@@ -4,7 +4,7 @@ go 1.18
 
 require (
  golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa
- golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9
+ golang.org/x/net v0.0.0-20211209124913-491a49abca63
 )
 
 require (

diff --git a/src/go.sum b/src/go.sum
@@ -1,7 +1,7 @@
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa h1:idItI2DDfCokpg0N51B2VtiLdJ4vAuXC9fnCb2gACo4=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9 h1:0qxwC5n+ttVOINCBeRHO0nq9X7uy8SDsPoi5OaCdIEI=
-golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY=
+golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/sys v0.0.0-20211205182925-97ca703d548d h1:FjkYO/PPp4Wi0EAUOVLxePm7qVW4r4ctbWpURyuOD0E=
 golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/text v0.3.8-0.20211105212822-18b340fc7af2 h1:GLw7MR8AfAG2GmGcmVgObFOHXYypgGjnGno25RDwn3Y=

diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
diff --git a/src/vendor/golang.org/x/net/dns/dnsmessage/message.go b/src/vendor/golang.org/x/net/dns/dnsmessage/message.go
diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
@@ -9,7 +9,7 @@ golang.org/x/crypto/curve25519/internal/field
 golang.org/x/crypto/hkdf
 golang.org/x/crypto/internal/poly1305
 golang.org/x/crypto/internal/subtle
-# golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9
+# golang.org/x/net v0.0.0-20211209124913-491a49abca63
 ## explicit; go 1.17
 golang.org/x/net/dns/dnsmessage
 golang.org/x/net/http/httpguts