aries-framework-go icon indicating copy to clipboard operation
aries-framework-go copied to clipboard

Published 20 hours ago verified publisher icon hyperledger-archives

BTCEC/v2

Open markcryptohash opened this issue 2 years ago • 1 comments

aries-framework-go should either update their require to v0.22.1 instead of v0.22.0-beta, or they should update to v0.23.1 (and btcec/v2 and btcd/btcutil)

What I'm trying to do

Trying to run the latest BTCSUITE vs aries-framework.

Expected result

I expect it work with BTCEC/v2.

Actual result

Go complains: ../../go/pkg/mod/github.com/hyperledger/[email protected]/pkg/doc/jose/jwk/jwk.go:21:2: no required module provides package github.com/btcsuite/btcd/btcec; to add it: go get github.com/btcsuite/btcd/btcec //So then I run the above command. ▶ go get github.com.com/btcsuite/btcd/btcec go: module github.com/btcsuite/btcd@upgrade found (v0.23.1), but does not contain package github.com/btcsuite/btcd/btcec

My code is running the latest btcsuite. I tried down grading but it became an untenable dependency mess.

markcryptohash avatar Sep 24 '22 05:09 markcryptohash

I think this should be considered as a security issue due to CVE-2022-44797 , as tools such as Trivy will complain about this library which still imports previous version of btcd.

gunturaf avatar Nov 22 '22 07:11 gunturaf