diff options
| author | Dmitri Shuralyov <dmitshur@golang.org> | 2023-10-10 11:22:17 -0400 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2023-10-10 16:32:44 +0000 |
| commit | f34964a5cfa02c4b3c8f7eddf33e8579e1a37443 (patch) | |
| tree | 988d85fa74b3e7ea0e41f2abee7dd7343e645e64 /src/go.mod | |
| parent | 574a7f71a564eb4718e3968ed64c44beec84c479 (diff) | |
| download | go-f34964a5cfa02c4b3c8f7eddf33e8579e1a37443.tar.xz | |
all: pull in x/net v0.17.0 and its dependencies
Pull in a security fix from x/net/http2:
http2: limit maximum handler goroutines to MaxConcurrentStreams
Fixes #63417.
Fixes CVE-2023-39325.
Change-Id: I01e7774912e81007a7cf70f33e5989fb50a0b708
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/534295
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Diffstat (limited to 'src/go.mod')
| -rw-r--r-- | src/go.mod | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/go.mod b/src/go.mod index 021d00b3f6..8f7dd5c0b6 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,11 +3,11 @@ module std go 1.22 require ( - golang.org/x/crypto v0.12.0 - golang.org/x/net v0.14.1-0.20230809150940-1e23797619c9 + golang.org/x/crypto v0.14.0 + golang.org/x/net v0.17.0 ) require ( - golang.org/x/sys v0.12.0 // indirect - golang.org/x/text v0.12.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect ) |