Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security(deps): update 🛡️ github.com/hashicorp/go-getter to v1.7.0 [security] #61

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 23, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/hashicorp/go-getter v1.6.2 -> v1.7.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.


Release Notes

hashicorp/go-getter (github.com/hashicorp/go-getter)

v1.7.0

Compare Source

What's Changed

New Contributors

Full Changelog: hashicorp/go-getter@v1.6.2...v1.7.0


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner January 23, 2024 15:23
@renovate renovate bot requested a review from sheldonhull January 23, 2024 15:23
@renovate renovate bot added the security label Jan 23, 2024
@renovate renovate bot enabled auto-merge (squash) January 23, 2024 15:23
@renovate renovate bot force-pushed the renovate/go-github.aaakk.us.kg/hashicorp/go-getter-vulnerability branch 3 times, most recently from 88dfc84 to ee83897 Compare January 23, 2024 17:32
@renovate renovate bot changed the title chore(deps): update ⬆️ gomod github.com/hashicorp/go-getter to v1.7.0 [security] security(deps): update 🛡️ github.com/hashicorp/go-getter to v1.7.0 [security] Jan 23, 2024
@renovate renovate bot force-pushed the renovate/go-github.aaakk.us.kg/hashicorp/go-getter-vulnerability branch 5 times, most recently from 8c21906 to 561bc18 Compare January 23, 2024 21:45
Copy link
Contributor

@sheldonhull sheldonhull left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The commit that removed the dependency on go-getter was: 3e56ecffbe03be81ee1f34dc47dfd6f1dfb3136f which was released in v.2.18.0

@renovate renovate bot force-pushed the renovate/go-github.aaakk.us.kg/hashicorp/go-getter-vulnerability branch from 561bc18 to ccf31b4 Compare January 23, 2024 21:48
@renovate renovate bot merged commit bb2c147 into main Jan 23, 2024
6 of 7 checks passed
@renovate renovate bot deleted the renovate/go-github.aaakk.us.kg/hashicorp/go-getter-vulnerability branch January 23, 2024 21:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant