Merge pull request #5789 from naveensrinivasan/naveen/feat/fix-CVE-2021-29482

mod: Upgraded xz library to FIX the CVE-2021-29482
2025-08-31 08:02:25 +02:00 · 2021-09-30 20:16:13 -07:00
parent 91edfaed85 04f57c6f57
commit 8ba68ca59f
5 changed files with 54 additions and 12 deletions
--- a/go.mod
+++ b/go.mod
@@ -87,6 +87,9 @@ replace git.schwanenlied.me/yawning/bsaes.git => github.com/Yawning/bsaes v0.0.0
 // This replace is for https://github.com/advisories/GHSA-w73w-5m7g-f7qc
 replace github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt v3.2.1+incompatible

+// This replace is for https://github.com/advisories/GHSA-25xm-hr59-7c27
+replace github.com/ulikunitz/xz => github.com/ulikunitz/xz v0.5.8
+
 // If you change this please also update .github/pull_request_template.md and
 // docs/INSTALL.md.
 go 1.16