chore: bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 (#24247)

Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.8.4 to 1.8.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/go-getter/releases">github.com/hashicorp/go-getter's releases</a>.</em></p> <blockquote> <h2>v1.8.6</h2> <p>No release notes provided.</p> <h2>v1.8.5</h2> <h2>What's Changed</h2> <ul> <li>[chore] : Bump the go group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/576">hashicorp/go-getter#576</a></li> <li>use %w to wrap error by <a href="https://github.com/Ericwww"><code>@Ericwww</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/475">hashicorp/go-getter#475</a></li> <li>fix: <a href="https://redirect.github.com/hashicorp/go-getter/issues/538">#538</a> http file download skipped if headResp.ContentLength is 0 by <a href="https://github.com/martijnvdp"><code>@martijnvdp</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/539">hashicorp/go-getter#539</a></li> <li>chore: fix error message capitalization in checksum function by <a href="https://github.com/ssagarverma"><code>@ssagarverma</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/578">hashicorp/go-getter#578</a></li> <li>[chore] : Bump the go group with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/577">hashicorp/go-getter#577</a></li> <li>Fix git url with ambiguous ref by <a href="https://github.com/nimasamii"><code>@nimasamii</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/382">hashicorp/go-getter#382</a></li> <li>fix: resolve compilation errors in get_git_test.go by <a href="https://github.com/CreatorHead"><code>@CreatorHead</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/579">hashicorp/go-getter#579</a></li> <li>[chore] : Bump the actions group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/582">hashicorp/go-getter#582</a></li> <li>[chore] : Bump the go group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/583">hashicorp/go-getter#583</a></li> <li>test that arbitrary files cannot be checksummed by <a href="https://github.com/schmichael"><code>@schmichael</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/250">hashicorp/go-getter#250</a></li> <li>[chore] : Bump google.golang.org/api from 0.260.0 to 0.262.0 in the go group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/585">hashicorp/go-getter#585</a></li> <li>[chore] : Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/586">hashicorp/go-getter#586</a></li> <li>[chore] : Bump the go group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/588">hashicorp/go-getter#588</a></li> <li>[chore] : Bump actions/cache from 5.0.2 to 5.0.3 in the actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/589">hashicorp/go-getter#589</a></li> <li>[chore] : Bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in the actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/592">hashicorp/go-getter#592</a></li> <li>[chore] : Bump google.golang.org/api from 0.264.0 to 0.265.0 in the go group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/591">hashicorp/go-getter#591</a></li> <li>[chore] : Bump the go group with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/593">hashicorp/go-getter#593</a></li> <li>IND-6310 - CRT Onboarding by <a href="https://github.com/nasareeny"><code>@nasareeny</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/584">hashicorp/go-getter#584</a></li> <li>Fix crt build path by <a href="https://github.com/ssagarverma"><code>@ssagarverma</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/594">hashicorp/go-getter#594</a></li> <li>[chore] : Bump the go group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/596">hashicorp/go-getter#596</a></li> <li>fix: remove checkout action from set-product-version job by <a href="https://github.com/ssagarverma"><code>@ssagarverma</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/598">hashicorp/go-getter#598</a></li> <li>[chore] : Bump the actions group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/595">hashicorp/go-getter#595</a></li> <li>fix(deps): upgrade go.opentelemetry.io/otel/sdk to v1.40.0 (GO-2026-4394) by <a href="https://github.com/ssagarverma"><code>@ssagarverma</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/599">hashicorp/go-getter#599</a></li> <li>Prepare go-getter for v1.8.5 release by <a href="https://github.com/nasareeny"><code>@nasareeny</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/597">hashicorp/go-getter#597</a></li> <li>[chore] : Bump the actions group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/600">hashicorp/go-getter#600</a></li> <li>sec: bump go and xrepos + redact aws tokens in url by <a href="https://github.com/dduzgun-security"><code>@dduzgun-security</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/604">hashicorp/go-getter#604</a></li> </ul> <p><strong>NOTES:</strong></p> <p>Binary Distribution Update: To streamline our release process and align with other HashiCorp tools, all release binaries will now be published exclusively to the official HashiCorp <a href="https://releases.hashicorp.com/go-getter/">release</a> site. We will no longer attach release assets to GitHub Releases.</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Ericwww"><code>@Ericwww</code></a> made their first contribution in <a href="https://redirect.github.com/hashicorp/go-getter/pull/475">hashicorp/go-getter#475</a></li> <li><a href="https://github.com/martijnvdp"><code>@martijnvdp</code></a> made their first contribution in <a href="https://redirect.github.com/hashicorp/go-getter/pull/539">hashicorp/go-getter#539</a></li> <li><a href="https://github.com/nimasamii"><code>@nimasamii</code></a> made their first contribution in <a href="https://redirect.github.com/hashicorp/go-getter/pull/382">hashicorp/go-getter#382</a></li> <li><a href="https://github.com/nasareeny"><code>@nasareeny</code></a> made their first contribution in <a href="https://redirect.github.com/hashicorp/go-getter/pull/584">hashicorp/go-getter#584</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.5">https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/go-getter/commit/d23bff48fb87c956bb507a03d35a63ee45470e34"><code>d23bff4</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-getter/issues/608">#608</a> from hashicorp/dependabot/go_modules/go-security-9c51...</li> <li><a href="https://github.com/hashicorp/go-getter/commit/2c4aba8e5286c18bc66358236454a3e3b0aa7421"><code>2c4aba8</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-getter/issues/613">#613</a> from hashicorp/pull/v1.8.6</li> <li><a href="https://github.com/hashicorp/go-getter/commit/fe61ed9454b818721d81328d7e880fc2ed2c8d15"><code>fe61ed9</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-getter/issues/611">#611</a> from hashicorp/SECVULN-41053</li> <li><a href="https://github.com/hashicorp/go-getter/commit/d53365612c5250f7df8d586ba3be70fbd42e613b"><code>d533656</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-getter/issues/606">#606</a> from hashicorp/pull/CRT</li> <li><a href="https://github.com/hashicorp/go-getter/commit/388f23d7d40f1f1e1a9f5b40ee5590c08154cd6d"><code>388f23d</code></a> Additional test for local branch and head</li> <li><a href="https://github.com/hashicorp/go-getter/commit/b7ceaa59b11a203c14cf58e5fcaa8f169c0ced6e"><code>b7ceaa5</code></a> harden checkout ref handling and added regression tests</li> <li><a href="https://github.com/hashicorp/go-getter/commit/769cc14fdb0df5ac548f4ead1193b5c40460f11e"><code>769cc14</code></a> Release version bump up</li> <li><a href="https://github.com/hashicorp/go-getter/commit/6086a6a1f6347f735401c26429d9a0e14ad29444"><code>6086a6a</code></a> Review Comments Addressed</li> <li><a href="https://github.com/hashicorp/go-getter/commit/e02063cd28e97bb8a23a63e72e2a4a4ab6e982cf"><code>e02063c</code></a> Revert "SECVULN Fix for git checkout argument injection enables arbitrary fil...</li> <li><a href="https://github.com/hashicorp/go-getter/commit/c93084dc4306b2c49c54fe6fbfbe79c98956e5f8"><code>c93084d</code></a> [chore] : Bump google.golang.org/grpc</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/go-getter&package-manager=go_modules&previous-version=1.8.4&new-version=1.8.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coder/coder/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-10 15:36:57 +00:00
parent 508114d484
commit b68c14dd04
2 changed files with 11 additions and 11 deletions
@@ -518,7 +518,7 @@ require (
 	cloud.google.com/go/logging v1.13.2 // indirect
 	cloud.google.com/go/longrunning v0.8.0 // indirect
 	cloud.google.com/go/monitoring v1.24.3 // indirect
-	cloud.google.com/go/storage v1.60.0 // indirect
+	cloud.google.com/go/storage v1.61.3 // indirect
 	git.sr.ht/~jackmordaunt/go-toast v1.1.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
@@ -576,8 +576,8 @@ require (
 	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/google/go-containerregistry v0.20.7 // indirect
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
-	github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.70 // indirect
-	github.com/hashicorp/go-getter v1.8.4 // indirect
+	github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.72 // indirect
+	github.com/hashicorp/go-getter v1.8.6 // indirect
 	github.com/hexops/gotextdiff v1.0.3 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jackmordaunt/icns/v3 v3.0.1 // indirect
@@ -18,8 +18,8 @@ cloud.google.com/go/longrunning v0.8.0 h1:LiKK77J3bx5gDLi4SMViHixjD2ohlkwBi+mKA7
 cloud.google.com/go/longrunning v0.8.0/go.mod h1:UmErU2Onzi+fKDg2gR7dusz11Pe26aknR4kHmJJqIfk=
 cloud.google.com/go/monitoring v1.24.3 h1:dde+gMNc0UhPZD1Azu6at2e79bfdztVDS5lvhOdsgaE=
 cloud.google.com/go/monitoring v1.24.3/go.mod h1:nYP6W0tm3N9H/bOw8am7t62YTzZY+zUeQ+Bi6+2eonI=
-cloud.google.com/go/storage v1.60.0 h1:oBfZrSOCimggVNz9Y/bXY35uUcts7OViubeddTTVzQ8=
-cloud.google.com/go/storage v1.60.0/go.mod h1:q+5196hXfejkctrnx+VYU8RKQr/L3c0cBIlrjmiAKE0=
+cloud.google.com/go/storage v1.61.3 h1:VS//ZfBuPGDvakfD9xyPW1RGF1Vy3BWUoVZXgW1KMOg=
+cloud.google.com/go/storage v1.61.3/go.mod h1:JtqK8BBB7TWv0HVGHubtUdzYYrakOQIsMLffZ2Z/HWk=
 cloud.google.com/go/trace v1.11.7 h1:kDNDX8JkaAG3R2nq1lIdkb7FCSi1rCmsEtKVsty7p+U=
 cloud.google.com/go/trace v1.11.7/go.mod h1:TNn9d5V3fQVf6s4SCveVMIBS2LJUqo73GACmq/Tky0s=
 dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
@@ -687,8 +687,8 @@ github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c=
 github.com/hairyhenderson/go-codeowners v0.7.0 h1:s0W4wF8bdsBEjTWzwzSlsatSthWtTAF2xLgo4a4RwAo=
 github.com/hairyhenderson/go-codeowners v0.7.0/go.mod h1:wUlNgQ3QjqC4z8DnM5nnCYVq/icpqXJyJOukKx5U8/Q=
-github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.70 h1:0HADrxxqaQkGycO1JoUUA+B4FnIkuo8d2bz/hSaTFFQ=
-github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.70/go.mod h1:fm2FdDCzJdtbXF7WKAMvBb5NEPouXPHFbGNYs9ShFns=
+github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.72 h1:vTCWu1wbdYo7PEZFem/rlr01+Un+wwVmI7wiegFdRLk=
+github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.72/go.mod h1:Vn+BBgKQHVQYdVQ4NZDICE1Brb+JfaONyDHr3q07oQc=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -698,8 +698,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-cty v1.5.0 h1:EkQ/v+dDNUqnuVpmS5fPqyY71NXVgT5gf32+57xY8g0=
 github.com/hashicorp/go-cty v1.5.0/go.mod h1:lFUCG5kd8exDobgSfyj4ONE/dc822kiYMguVKdHGMLM=
-github.com/hashicorp/go-getter v1.8.4 h1:hGEd2xsuVKgwkMtPVufq73fAmZU/x65PPcqH3cb0D9A=
-github.com/hashicorp/go-getter v1.8.4/go.mod h1:x27pPGSg9kzoB147QXI8d/nDvp2IgYGcwuRjpaXE9Yg=
+github.com/hashicorp/go-getter v1.8.6 h1:9sQboWULaydVphxc4S64oAI4YqpuCk7nPmvbk131ebY=
+github.com/hashicorp/go-getter v1.8.6/go.mod h1:nVH12eOV2P58dIiL3rsU6Fh3wLeJEKBOJzhMmzlSWoo=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
@@ -1322,8 +1322,8 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0 h1:DvJDO
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0/go.mod h1:EtekO9DEJb4/jRyN4v4Qjc2yA7AtfCBuz2FynRUWTXs=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 h1:aTL7F04bJHUlztTsNGJ2l+6he8c+y/b//eR0jjjemT4=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0/go.mod h1:kldtb7jDTeol0l3ewcmd8SDvx3EmIE7lyvqbasU3QC4=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.39.0 h1:5gn2urDL/FBnK8OkCfD1j3/ER79rUuTYmCvlXBKeYL8=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.39.0/go.mod h1:0fBG6ZJxhqByfFZDwSwpZGzJU671HkwpWaNe2t4VUPI=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.40.0 h1:ZrPRak/kS4xI3AVXy8F7pipuDXmDsrO8Lg+yQjBLjw0=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.40.0/go.mod h1:3y6kQCWztq6hyW8Z9YxQDDm0Je9AJoFar2G0yDcmhRk=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.37.0 h1:SNhVp/9q4Go/XHBkQ1/d5u9P/U+L1yaGPoi0x+mStaI=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.37.0/go.mod h1:tx8OOlGH6R4kLV67YaYO44GFXloEjGPZuMjEkaaqIp4=
 go.opentelemetry.io/otel/metric v1.42.0 h1:2jXG+3oZLNXEPfNmnpxKDeZsFI5o4J+nz6xUlaFdF/4=