-
Type: Improvement
-
Resolution: Fixed
-
Priority: Unknown
-
Affects Version/s: None
-
Component/s: None
-
None
-
Not Needed
-
The Go driver version specified in the compilecheck go.mod file (internal/test/compilecheck/go.mod) is v0.0.0-00010101000000-000000000000, which Github's Dependabot determines is subject to CVE-2021-20329, which was fixed with Go Driver v1.5.1 (see alert here). While that version isn't actually used because the replace directive overrides it, Dependabot and some other customer dependency scanning tools may complain about that dependency. We should update the version declared in that file to prevent dependency scanning tools from complaining.
Definition of done:
- Update the go.mongodb.org/mongo-driver dependency declared in internal/test/compilecheck/go.mod to a version not affected by CVE-2021-20329 (update to latest preferably)