Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump sirupsen/logrus from 1.9.0 to 1.9.3 to fix vulnerability PRISMA-2023-0056 #21932

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

tian-ma
Copy link

@tian-ma tian-ma commented Nov 7, 2024

Description

Twistlock scan reports PRISMA-2023-0056
caused by sirupsen/logrus as described here sirupsen/logrus#1370

The fix is upgrade of logrus to 1.9.3
https://github.com/sirupsen/logrus/releases/tag/v1.9.3

This fixes issue #20605

Testing & Reproduction steps

Links

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

Copy link

hashicorp-cla-app bot commented Nov 7, 2024

CLA assistant check
All committers have signed the CLA.

Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

@github-actions github-actions bot added the pr/dependencies PR specifically updates dependencies of project label Nov 7, 2024
@tian-ma tian-ma changed the title upgrade sirupsen/logrus to 1.9.3 to fix CVE: PRISMA-2023-0056 upgrade sirupsen/logrus to 1.9.3 to fix vulnerability PRISMA-2023-0056 Nov 7, 2024
@tian-ma tian-ma changed the title upgrade sirupsen/logrus to 1.9.3 to fix vulnerability PRISMA-2023-0056 bump sirupsen/logrus to 1.9.3 to fix vulnerability PRISMA-2023-0056 Nov 8, 2024
@tian-ma tian-ma changed the title bump sirupsen/logrus to 1.9.3 to fix vulnerability PRISMA-2023-0056 Bump sirupsen/logrus from 1.9.0 to 1.9.3 to fix vulnerability PRISMA-2023-0056 Nov 8, 2024
@tian-ma tian-ma requested a review from a team as a code owner November 21, 2024 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pr/dependencies PR specifically updates dependencies of project
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant