Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump sirupsen/logrus from 1.9.0 to 1.9.3 to fix vulnerability PRISMA-2023-0056 #21932

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Bump sirupsen/logrus from 1.9.0 to 1.9.3 to fix vulnerability PRISMA-2023-0056 #21932

wants to merge 7 commits into from
+3 −3

Conversation

tian-ma
Copy link

@tian-ma tian-ma commented Nov 7, 2024
edited
Loading

Description

Twistlock scan reports PRISMA-2023-0056
caused by sirupsen/logrus as described here sirupsen/logrus#1370

The fix is upgrade of logrus to 1.9.3
https://github.com/sirupsen/logrus/releases/tag/v1.9.3

This fixes issue #20605

Testing & Reproduction steps

Links

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

@hashicorp-cla-app HashiCorp CLA App
Copy link

hashicorp-cla-app bot commented Nov 7, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@hashicorp-cla-app HashiCorp CLA App
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

@github-actions github-actions bot added the pr/dependencies PR specifically updates dependencies of project label Nov 7, 2024
@tian-ma tian-ma changed the title upgrade sirupsen/logrus to 1.9.3 to fix CVE: PRISMA-2023-0056 upgrade sirupsen/logrus to 1.9.3 to fix vulnerability PRISMA-2023-0056 Nov 7, 2024
@tian-ma tian-ma changed the title upgrade sirupsen/logrus to 1.9.3 to fix vulnerability PRISMA-2023-0056 bump sirupsen/logrus to 1.9.3 to fix vulnerability PRISMA-2023-0056 Nov 8, 2024
@tian-ma tian-ma changed the title bump sirupsen/logrus to 1.9.3 to fix vulnerability PRISMA-2023-0056 Bump sirupsen/logrus from 1.9.0 to 1.9.3 to fix vulnerability PRISMA-2023-0056 Nov 8, 2024
@tian-ma tian-ma requested a review from a team as a code owner November 21, 2024 18:34
@tian-ma tian-ma mentioned this pull request Dec 27, 2024
Open
@zffocussss
Copy link

who can look at this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NiniOak NiniOak NiniOak approved these changes

Assignees
No one assigned
Labels
pr/dependencies PR specifically updates dependencies of project
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tian-ma @zffocussss @NiniOak