This commit upgrades to the latest version of btcwallet that fixes an
issue that would cause us to not properly sign a validate populated PSBT
in certain scenarios.
Fixes https://github.com/lightningnetwork/lnd/issues/6579
This commit bumps the btcwallet version to the latest master branch that
contains the fixes to add Taproot related fields to a PSBT in the
FundPsbt method.
Because the original dcrec secp256k1 library that is used for the
Schnorr signature primitives uses different hash algorithms than the
btcd secp256k1 library. Therefore pulling in the wrong library can lead
to weird and unexpected errors. We try to make it harder to make the
mistake by not using the library directly in lnd in the first place.
Note that it is still indirectly needed by the btcd secp256k1 library,
therefore the module dependency is still expected to be there, just
moved to the indirect section.
Fixes#6386.
Bumps the btcutil/psbt library to the latest version v1.1.3 that fixes
an issue with de-serializing a PSBT that contains an unsigned
transaction with no inputs.
The newest version of aez points directly to
gitlab.com/yawning/bsaes.git instead of the unreachable
git.schwanenlied.me/yawning/bsaes.git that required the replace
directive.
With the recent PR #6285 merged that bumped the btcd dependency, we no
longer need to bump the github.com/onsi/ginkgo package with a replace
directive. Instead it was bumped indirectly by merging
https://github.com/btcsuite/btcd/pull/1780 which is included in the btcd
version we reference.
With the dependency to lnd@v0.14.2-beta removed, we no longer depend on
the mongo-driver indirectly so we can remove the security related
replace directive.
This commit was previously split into the following parts to ease
review:
- 2d746f68: replace imports
- 4008f0fd: use ecdsa.Signature
- 849e33d1: remove btcec.S256()
- b8f6ebbd: use v2 library correctly
- fa80bca9: bump go modules
In this commit we update go-pretty to use the latest v6 version of the
library. The existing version we used had a reported vulnerability.
Updating to this newest version also helped to shrink our set of
indirect dependencies.
In the future we can use
https://github.com/lightningnetwork/lnd/pull/5870 to detect/flag these
issues automatically.
Fixes#6293
Apparently we already pushed a tag named tlv/v1.0.0 a while ago (which
points to a commit not in master)...
We need to bump the version of the tag to v1.0.1 since we cannot replace
old tags (without causing a lot of caching problems).
urfave/cli added functionality for generating Fish shell tab-completions
a few releases ago. We bump the dependency version to get access to
this functionality.
Instead of hard coding a commit to use for a binary tool that we use
during the build process, we now only use "go install" to install the
binaries and the golang builtin versioning system to pin the exact
version/commit we want to use in go.mod.
PR #5992 was merged without a bump in the kvdb version which results in
an error when trying to pull in lnd 0.14.0-beta as a library in other
projects.
We'll need to push the kvdb/v1.2.1 tag _after_ merging this PR.
