Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-2860

Update Go driver version in compilecheck go.mod file

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 1.12.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      The Go driver version specified in the compilecheck go.mod file (internal/test/compilecheck/go.mod) is v0.0.0-00010101000000-000000000000, which Github's Dependabot determines is subject to CVE-2021-20329, which was fixed with Go Driver v1.5.1 (see alert here). While that version isn't actually used because the replace directive overrides it, Dependabot and some other customer dependency scanning tools may complain about that dependency. We should update the version declared in that file to prevent dependency scanning tools from complaining.

      Definition of done:

      • Update the go.mongodb.org/mongo-driver dependency declared in internal/test/compilecheck/go.mod to a version not affected by CVE-2021-20329 (update to latest preferably)

            Assignee:
            matt.dale@mongodb.com Matt Dale
            Reporter:
            matt.dale@mongodb.com Matt Dale
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: