autoscaler
autoscaler copied to clipboard
cloudspannerecosystem
fix(deps): update module github.com/hashicorp/go-getter to v1.7.9 [security]
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| github.com/hashicorp/go-getter | v1.7.6 -> v1.7.9 |
||
| github.com/hashicorp/go-getter | v1.7.5 -> v1.7.9 |
GitHub Vulnerability Alerts
CVE-2025-8959
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.
Release Notes
hashicorp/go-getter (github.com/hashicorp/go-getter)
v1.7.9
What's Changed
- Speed up XZ decompression by 5x with bufio wrapper by @vsarunas in #520
- Fix CI Workflow by @mohanmanikanta2299 in #522
- test: Remove use of "mitchellh/go-testing-interface" for stdlib by @jrasell in #523
- fix: url redact of multiple sshkey by @dduzgun-security in #528
- Publish arm binaries by @sethvargo in #525
- fix errcheck lint errors and run it as part of pr checks by @abhijeetviswa in #530
- fix additional lint errors and increase linter scope by @abhijeetviswa in #531
- IND-3728 enabling dependabot by @KaushikiAnand in #529
- fix: go-getter subdir paths by @dduzgun-security in #540
New Contributors
- @vsarunas made their first contribution in #520
- @jrasell made their first contribution in #523
- @sethvargo made their first contribution in #525
- @abhijeetviswa made their first contribution in #530
- @KaushikiAnand made their first contribution in #529
Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9
v1.7.8
What's Changed
- sec: fix s3 and gcs host checks by @dduzgun-security in #512
Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.7...v1.7.8
v1.7.7
What's Changed
- Clean up git repo on disk when the ref checkout fails by @james-warren0 in #504
- [COMPLIANCE] Add Copyright and License Headers by @hashicorp-copywrite in #409
- Add CODEOWNERS file in .github/CODEOWNERS by @mukeshjc in #505
- IND-1804 Bump up dependencies to remediate vulnerabiities by @mohanmanikanta2299 in #513
- Updating arguments in github release CI by @mohanmanikanta2299 in #514
- Updating .goreleaser.yml file with valid version by @mohanmanikanta2299 in #515
New Contributors
- @james-warren0 made their first contribution in #504
- @mukeshjc made their first contribution in #505
- @mohanmanikanta2299 made their first contribution in #513
Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.6...v1.7.7
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
