Fixes#6386.
Bumps the btcutil/psbt library to the latest version v1.1.3 that fixes
an issue with de-serializing a PSBT that contains an unsigned
transaction with no inputs.
The newest version of aez points directly to
gitlab.com/yawning/bsaes.git instead of the unreachable
git.schwanenlied.me/yawning/bsaes.git that required the replace
directive.
With the recent PR #6285 merged that bumped the btcd dependency, we no
longer need to bump the github.com/onsi/ginkgo package with a replace
directive. Instead it was bumped indirectly by merging
https://github.com/btcsuite/btcd/pull/1780 which is included in the btcd
version we reference.
With the dependency to lnd@v0.14.2-beta removed, we no longer depend on
the mongo-driver indirectly so we can remove the security related
replace directive.
This commit was previously split into the following parts to ease
review:
- 2d746f68: replace imports
- 4008f0fd: use ecdsa.Signature
- 849e33d1: remove btcec.S256()
- b8f6ebbd: use v2 library correctly
- fa80bca9: bump go modules
In this commit we update go-pretty to use the latest v6 version of the
library. The existing version we used had a reported vulnerability.
Updating to this newest version also helped to shrink our set of
indirect dependencies.
In the future we can use
https://github.com/lightningnetwork/lnd/pull/5870 to detect/flag these
issues automatically.
Fixes#6293
Apparently we already pushed a tag named tlv/v1.0.0 a while ago (which
points to a commit not in master)...
We need to bump the version of the tag to v1.0.1 since we cannot replace
old tags (without causing a lot of caching problems).
urfave/cli added functionality for generating Fish shell tab-completions
a few releases ago. We bump the dependency version to get access to
this functionality.
Instead of hard coding a commit to use for a binary tool that we use
during the build process, we now only use "go install" to install the
binaries and the golang builtin versioning system to pin the exact
version/commit we want to use in go.mod.
PR #5992 was merged without a bump in the kvdb version which results in
an error when trying to pull in lnd 0.14.0-beta as a library in other
projects.
We'll need to push the kvdb/v1.2.1 tag _after_ merging this PR.
The latest version of btcd allows its stall handler to be disabled. We
use that new config option to make sure the mining btcd node and the lnd
chain backend btcd node aren't disconnected if some test takes too long
and no new p2p messages are exchanged.
A stray version of lnd was pushed out waaaay back in 2016 that can trip
up `pkg.go.dev` and things like `go get`. Using the new Go 1.16 feature,
we can now "retract" this version, which marks it as being unavailable.
This commit updates call-sites to use the proper dust limits for
various script types. This also updates the default dust limit used
in the funding flow to be 354 satoshis instead of 573 satoshis.
