This this includes some security fixes that don't impact Terraform along
with a number of general improvements and fixes in the Go toolchain that
don't appear to affect Terraform behavior.

- URL parsing (such as in the "source" argument in a "module" block) now
  validates more strictly the port portion, rejecting non-numeric ports.
  Previously this could potentially lead to parts of the URL being
  silently ignored.

- The temporary callback server for the forthcoming OAuth client
  implementation in "terraform login" would otherwise have been vulnerable
  to local (on the same host) denial of service attacks, which is not
  a common attack vector but good to fix anyway.