Bug 2091534 - Drop golang-github-BurntSushi-toml and golang-gopkg-yaml
Summary: Drop golang-github-BurntSushi-toml and golang-gopkg-yaml
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: distribution
Version: 17.0 (Wallaby)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: z10
: 16.1 (Train on RHEL 8.2)
Assignee: Miguel Garcia
QA Contact: Lon Hohberger
URL:
Whiteboard:
Depends On: 2091532 2091533
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-30 08:59 UTC by Miguel Garcia
Modified: 2024-09-18 19:25 UTC (History)
7 users (show)

Fixed In Version: golang-github-urfave-cli-1.20.0-6.el8ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2091533
Environment:
Last Closed: 2024-09-18 19:25:09 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker OSP-15432 0 None None None 2022-05-30 09:03:26 UTC

Description Miguel Garcia 2022-05-30 08:59:26 UTC 
+++ This bug was initially created as a clone of Bug #2091533 +++

+++ This bug was initially created as a clone of Bug #2091532 +++

golang-github-BurntSushi-toml and golang-gopkg-yaml were originally added as dependencies of golang-github-urfave-cli, which was added as a dependency of golang-github-vbatts-tar-split.

tar-split doesn't use the toml/yaml functionalities from urfave-cli, and those are very easily severable from the latter.

Patching toml/yaml out allows us to remove both packages, reducing our dependencies and our CVE attack surface.

--- Additional comment from RHEL Program Management on 2022-05-30 08:58:10 UTC ---

This item has been properly Triaged and planned for the release, and Target Release is now set to match the release flag. For details, see https://mojo.redhat.com/docs/DOC-1195410
Comment 3 Lon Hohberger 2024-09-18 19:25:09 UTC 
Red Hat OpenStack Platform 16.1 was retired on April 30, 2024. This issue has been resolved in a later release.
Note You need to log in before you can comment on or make changes to this bug.