highperfocused/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-08-31 17:51:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

mod:replace mongo driver to address CVE-2021-20329

Browse Source 
* The mongo driver has CVE https://github.com/advisories/GHSA-f6mq-5m25-4r72
* The mongo driver is an indirect reference and cannot be directly
upgraded.
* https://deps.dev/advisory/OSV/GO-2021-0112?from=%2Fgo%2Fgithub.com%252Flightningnetwork%252Flnd
* The fix will replace the reference of the library with the fixed
  version.
This commit is contained in:
naveen
2021-09-19 13:49:05 +00:00
parent c43b9e4fe7
commit 844dbc08e7
3 changed files with 62 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
go.mod
View File

@@ -82,6 +82,10 @@ replace github.com/lightningnetwork/lnd/healthcheck => ./healthcheck
replace github.com/lightningnetwork/lnd/kvdb => ./kvdb
// This replace is for addressing the CVE https://github.com/advisories/GHSA-f6mq-5m25-4r72
// This is a indirect dependency that cannot be upgraded directly.
replace go.mongodb.org/mongo-driver => go.mongodb.org/mongo-driver v1.5.1
replace git.schwanenlied.me/yawning/bsaes.git => github.com/Yawning/bsaes v0.0.0-20180720073208-c0276d75487e
// This replace is for https://github.com/advisories/GHSA-w73w-5m7g-f7qc