-
Notifications
You must be signed in to change notification settings - Fork 627
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sec vul CVE-2022-28948 from sirupsen/logrus > stretchr/testify > yaml.v3 #1932
Comments
Note it doesn't look promising for logrus doing this as I also found the following old issue which got auto-closed: sirupsen/logrus#1399 |
It seems it's solely used for functional testing. How about replacing it with |
ferhatelmas
added a commit
to ferhatelmas/minio-go
that referenced
this issue
Feb 20, 2024
Related to minio#1932
ferhatelmas
added a commit
to ferhatelmas/minio-go
that referenced
this issue
Feb 20, 2024
Drop logrus in favor of slog. Bump testify and use in healthcheck test to make it direct dependency. Fixes minio#1932.
Merged
harshavardhana
pushed a commit
that referenced
this issue
Feb 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are using minio-go/v7 and are getting the following security hit:
https://nvd.nist.gov/vuln/detail/CVE-2022-28948
Via the following dep tree:
I've opened an issue with sirupsen/logrus here:
sirupsen/logrus#1419
But as logrus doesn't seem to be frequently maintained, possibly you may want to look at removing it?
The text was updated successfully, but these errors were encountered: