+++ This bug was initially created as a clone of Bug #2091532 +++ golang-github-BurntSushi-toml and golang-gopkg-yaml were originally added as dependencies of golang-github-urfave-cli, which was added as a dependency of golang-github-vbatts-tar-split. tar-split doesn't use the toml/yaml functionalities from urfave-cli, and those are very easily severable from the latter. Patching toml/yaml out allows us to remove both packages, reducing our dependencies and our CVE attack surface.
golang-github-urfave-cli-1.20.0-6.el8ost, which drops the dependency on toml & BurntSushi, was used to build golang-github-vbatts-tar-split-0.11.1-7.1.el8ost, which is included in z3.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 16.2.3 (Train)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:4793