Chore(deps): [security] bump h11 from 0.14.0 to 0.16.0

Bumps h11 from 0.14.0 to 0.16.0. This update includes a security fix.

Vulnerabilities fixed

h11 accepts some malformed Chunked-Encoding bodies

Impact

A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions.

Details

HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of:

• chunk length
• \r\n
• length bytes of content
• \r\n

In versions of h11 up to 0.14.0, h11 instead parsed them as:

• chunk length
• \r\n
• length bytes of content
• any two bytes

... (truncated)

Patched versions: 0.16.0
Affected versions: < 0.16.0

Commits

• 1c5b075 this time for surer
• d9c3699 this time for sure...
• d91b9dd blacken
• 5a4683c Soothe mypy
• 9c9567f Bump version to 0.16.0
• 114803a Merge commit from fork
• 9462006 Bump version to 0.15.0
• 70a96be Merge pull request #181 from Julien00859/Julien00859/get_int_max_str_digits
• 60782ad Reject Content-Length longer 1 billion TB
• dff7cc3 Validate Chunked-Encoding chunk footer
• Additional commits viewable in compare view