From f34964a5cfa02c4b3c8f7eddf33e8579e1a37443 Mon Sep 17 00:00:00 2001
From: Dmitri Shuralyov <dmitshur@golang.org>
Date: Tue, 10 Oct 2023 11:22:17 -0400
Subject: all: pull in x/net v0.17.0 and its dependencies

Pull in a security fix from x/net/http2:
http2: limit maximum handler goroutines to MaxConcurrentStreams

Fixes #63417.
Fixes CVE-2023-39325.

Change-Id: I01e7774912e81007a7cf70f33e5989fb50a0b708
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/534295
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 src/cmd/go.mod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/cmd/go.mod')

diff --git a/src/cmd/go.mod b/src/cmd/go.mod
index 7ede9960b9..7e095fdb14 100644
--- a/src/cmd/go.mod
+++ b/src/cmd/go.mod
@@ -7,8 +7,8 @@ require (
 	golang.org/x/arch v0.4.0
 	golang.org/x/mod v0.12.0
 	golang.org/x/sync v0.3.0
-	golang.org/x/sys v0.12.0
-	golang.org/x/term v0.11.0
+	golang.org/x/sys v0.13.0
+	golang.org/x/term v0.13.0
 	golang.org/x/tools v0.13.1-0.20230920233436-f9b8da7b22be
 )
 
-- 
cgit v1.3