golang-github-BurntSushi-toml and golang-gopkg-yaml were originally added as dependencies of golang-github-urfave-cli, which was added as a dependency of golang-github-vbatts-tar-split. tar-split doesn't use the toml/yaml functionalities from urfave-cli, and those are very easily severable from the latter. Patching toml/yaml out allows us to remove both packages, reducing our dependencies and our CVE attack surface.
verified not in advisory or latest compose
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2022:6543