highperfocused/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-09-05 17:05:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

mod: Upgraded xz library to FIX the CVE-2021-29482

Browse Source 
Included a replace directive to avoid using an high severity CVE
https://github.com/advisories/GHSA-25xm-hr59-7c27

This library is indirectly referenced and cannot be upgraded directly.

The https://github.com/fergusstrange/embedded-postgres/pull/42 was
merged to fix the CVE issue.
This commit is contained in:
naveen
2021-09-24 18:55:09 +00:00
parent 3385d38414
commit 04f57c6f57
5 changed files with 54 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
go.mod
View File

@@ -87,6 +87,9 @@ replace git.schwanenlied.me/yawning/bsaes.git => github.com/Yawning/bsaes v0.0.0
// This replace is for https://github.com/advisories/GHSA-w73w-5m7g-f7qc
replace github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt v3.2.1+incompatible
// This replace is for https://github.com/advisories/GHSA-25xm-hr59-7c27
replace github.com/ulikunitz/xz => github.com/ulikunitz/xz v0.5.8
// If you change this please also update .github/pull_request_template.md and
// docs/INSTALL.md.
go 1.15