Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Bump github.com/hashicorp/packer-plugin-sdk from 0.2.11 to 0.5.2 #52

Merged
merged 2 commits into from
Feb 23, 2024
Merged

chore: Bump github.com/hashicorp/packer-plugin-sdk from 0.2.11 to 0.5.2 #52

merged 2 commits into from
Feb 23, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 26, 2024
edited
Loading

Bumps github.com/hashicorp/packer-plugin-sdk from 0.2.11 to 0.5.2.

Release notes

Sourced from github.com/hashicorp/packer-plugin-sdk's releases.

v0.5.2

Upgrade Notes

Upgrading to this release may fail until you've applied one of the fixes documented in packer-plugin-sdk#187. Consumers of the Packer plugin SDK require a replace directive within their plugin's go module file to point to a compatible version of go-cty. The replace directive subject to change in future releases can be applied by running the packer-sdc fix sub-command to apply the replace directive to your plugin with a recommended version of the go-cty fork.

Plugins already working with Packer Plugin SDK v0.5.1 are advised to apply the updated SDK fixes by re-running packer-sdc fix against the plugin's root directory. The updated SDK fixes will bump the supported version of the go-cty fork to v1.13.3, which is required for working with hcl/v2 version 2.17.0 and above.

  • Bumped github.com/zclconf/go-cty to v1.13.1: to bring in the latest supported changes of zclconf/go-cty and hashicorp/hcl/v2 to the SDK.
  • Bumped github.com/hashicorp/hcl/v2 to v2.19.1: to bring in support for the latest HCL/v2 refinements builder and enhancements. Refinements are non-breaking changes but you may see some changed results in your unit test of operations involving unknown values.
  • Updated packer-sdc fix: to upgrade the replace version for github.com/nywilken/go-cty from v1.12.1 to v1.13.3.

What's Changed

Exciting New Features 🎉

Security Changes

Bug Fixes🧑‍🔧 🐞

Other Changes

New Contributors

Full Changelog: hashicorp/packer-plugin-sdk@v0.5.1...v0.5.2

v0.5.1

Upgrade Notes

This release is a fast follow to v0.5.0, which broke the installation of the packer-sdc command due to an invalid go.mod file. The v0.5.0 release has been retracted and should not be used. Consumers of the Packer Plugin SDK should update to v0.5.1. Upgrading to this release will fail until you've applied one of the fixes documented in packer-plugin-sdk#187. We ask that you carefully review this section for details on the released changes.

  • Retracted v0.5.0: the v0.5.0 SDK release was broken because of the replace statement for go-cty. #199
  • Gob supported compile time check: we added a Go compile time check to the SDK for validating that a plugins' version of github.com/zclconf/go-cty contains encoding/gob support for cty.Type and cty.Value. #189
  • Bumped the github.com/zclconf/go-cty to v1.12.1: to bring in the latest supported changes of zclconf/go-cty and hashicorp/hcl/v2 to the SDK. Consumers of the Packer plugin SDK now require a replace directive within their plugin's go module file to point to a compatible version of go-cty. The packer-sdc command has been updated to help apply these types of fixes. #197
  • Added a fix command to packer-sdc: to help with the manual intervention and future changes to the SDK, we've introduced a fix sub-command to apply the replace directive to your plugin with a recommended version of the go-cty fork. #190, #198

What's Changed

Bug fixes🧑‍🔧 🐞

Other Changes

... (truncated)

Changelog

Sourced from github.com/hashicorp/packer-plugin-sdk's changelog.

Latest Release

Please refer to releases for latest CHANGELOG information.

0.3.1 (July 28, 2022)

0.3.0 (June 09, 2022)

  • multistep/commonsteps: Add default timeouts to the GitGetter, HgGetter, S3Getter, and GcsGetter getters to mitigate against resource exhaustion when calling out to external command line applications.
  • multistep/commonsteps: Disable support for the X-Terraform-Get header to mitigate against protocol switching, endless redirect, and configuration bypass abuse of custom HTTP response header processing.
  • multistep/commonsteps: Update settings for the default go-getter client to prevent arbitrary host access via go-getter's path traversal, symlink processing, and command injection flaws.
  • sdk: Bump github.com/hashicorp/go-getter/v2, github.com/hashicorp/go- getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2 to address a number of security vulnerabilities as defined in HCSEC-2022-13

0.2.13 (May 11, 2022)

  • cmd/packer-sdc: Update golang.org/x/tools to fix internal package errors when running code generation commands with Go 1.18 GH-108

0.2.12 (May 03, 2022)

  • provisioner/shell-local: Add env argument to pass env vars through a key value store GH-98
  • provisioner/shell: Add env argument to pass env vars through a key value store GH-98
  • sdk: Bump github.com/hashicorp/go-getter/v2 to v2.0.2 GH-102
  • sdk: Bump github.com/hashicorp/hcl/v2 to v2.12.0 GH-106
  • sdk: Update crypto/ssh pkg used by SSH communicator The existing ssh client used by the SSH communicator was relying on legacy key algorithms and could not connect to recent versions of openssh, or servers with a limited set of fips approved algorithms. GH-107
Commits
  • eac3a5f Cut release v0.5.2
  • e599745 packer-sdc/struct-markdown: Allow packer-internal as project directory for te...
  • 4fb8273 Initial fix for underlying struct mis-match bug
  • c170d73 Update go-cty fixer replace directive to github.com/nywilken/go-cty v1.13.3
  • fe7beb7 Bump upstream modules to support latest hcl/v2 offerrings
  • 3327058 depg: bump golang.org/x/net to 0.17.0 for security fixes
  • 530fc82 deps: bump github.com/hashicorp/vault/api to 1.10.0 for security fixes
  • 4d8c199 deps: bump github.com/hashicorp/consul/api to v1.25.1 for security fixes
  • 9e65ca1 deps: bump github.com/hashicorp/yamux to v0.1.1
  • 6961c20 deps: bump github.com/mitchellh/cli to v1.1.5 for security fix
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file minor labels Jan 26, 2024
@dependabot dependabot bot mentioned this pull request Jan 26, 2024
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/packer-plugin-sdk-0.5.2 branch 3 times, most recently from 3274910 to cec5b01 Compare February 23, 2024 16:11
@gardar
Copy link
Collaborator

gardar commented Feb 23, 2024

@dependabot rebase

@dependabot
chore: Bump github.com/hashicorp/packer-plugin-sdk from 0.2.11 to 0.5.2
e84ac8d 
Bumps [github.com/hashicorp/packer-plugin-sdk](https://github.com/hashicorp/packer-plugin-sdk) from 0.2.11 to 0.5.2.
- [Release notes](https://github.com/hashicorp/packer-plugin-sdk/releases)
- [Changelog](https://github.com/hashicorp/packer-plugin-sdk/blob/main/CHANGELOG.md)
- [Commits](hashicorp/packer-plugin-sdk@v0.2.11...v0.5.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/packer-plugin-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/packer-plugin-sdk-0.5.2 branch from cec5b01 to e84ac8d Compare February 23, 2024 16:15
gardar
gardar approved these changes Feb 23, 2024
View reviewed changes
Copy link
Collaborator

@gardar gardar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Applied fixes from: hashicorp/packer-plugin-sdk#187

@gardar gardar merged commit f148c64 into main Feb 23, 2024
14 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/hashicorp/packer-plugin-sdk-0.5.2 branch February 23, 2024 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gardar gardar gardar approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@gardar