[release-branch.go1.16] net/http: update bundled golang.org/x/net/http2

Pull in security fix a5309b3 http2: cap the size of the server's canonical header cache Updates #50058 Fixes CVE-2021-44716 Change-Id: Ifdd13f97fce168de5fb4b2e74ef2060d059800b9 Reviewed-on: https://go-review.googlesource.com/c/go/+/370575 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Alex Rakoczy <alex@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
golang · Dec 9, 2021 · d0aebe3 · d0aebe3
1 parent 9995027
commit d0aebe3
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 5 deletions.
diff --git a/src/go.mod b/src/go.mod
@@ -4,7 +4,7 @@ go 1.16
 
 require (
 	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
-	golang.org/x/net v0.0.0-20211201233224-64539c132272
+	golang.org/x/net v0.0.0-20211209100217-a5309b321dca
 	golang.org/x/sys v0.0.0-20201204225414-ed752295db88 // indirect
 	golang.org/x/text v0.3.4 // indirect
 )
diff --git a/src/go.sum b/src/go.sum
@@ -2,8 +2,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
 golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20211201233224-64539c132272 h1:yz7zX5EMX9IFSUDQtHpohPOP+fh7w1Me4FH/El1jctU=
-golang.org/x/net v0.0.0-20211201233224-64539c132272/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20211209100217-a5309b321dca h1:UmeWAm8AwB6NA/e4FSaGlK1EKTLXKX3utx4Si+6kfPg=
+golang.org/x/net v0.0.0-20211209100217-a5309b321dca/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
@@ -8,7 +8,7 @@ golang.org/x/crypto/curve25519
 golang.org/x/crypto/hkdf
 golang.org/x/crypto/internal/subtle
 golang.org/x/crypto/poly1305
-# golang.org/x/net v0.0.0-20211201233224-64539c132272
+# golang.org/x/net v0.0.0-20211209100217-a5309b321dca
 ## explicit
 golang.org/x/net/dns/dnsmessage
 golang.org/x/net/http/httpguts