Bump various dependencies for the plugin SDK #213
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
nywilken
commented
Oct 18, 2023
•
nywilken
commented
- Bump dev version
- Bump golang.org/x/tools for Go 1.20 fixes
- deps: bump github.com/mitchellh/cli to v1.1.5 for security fix
- deps: bump github.com/hashicorp/yamux to v0.1.1
- deps: bump github.com/hashicorp/consul/api to v1.25.1 for security fixes
added 5 commits
October 17, 2023 13:47
nywilken
changed the title
nywilken
added
tech-debt
nywilken
force-pushed
the
nywilken/bump-dependencies-1.20
branch
from
1555a23
to
7702a43
Compare
lbajolet-hashicorp
approved these changes
Oct 19, 2023
Yeah - I took the opportunity to bump a few old dependencies that hand open vulnerabilities. They with the exception of vault and consul are pretty light weight things.
I have a separate PR for this still marked as a WIP as I can no reproduce outside of Azure. I validated the fix but there is something about the Azure code structure that confuses golang.org/x/tools/go/packages The fix is in #212 |
jooola
referenced
this pull request
in hetznercloud/packer-plugin-hcloud
Nov 28, 2023
…123) [](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/hashicorp/packer-plugin-sdk](https://togithub.com/hashicorp/packer-plugin-sdk) | require | patch | `v0.5.1` -> `v0.5.2` | --- ### Release Notes <details> <summary>hashicorp/packer-plugin-sdk (github.com/hashicorp/packer-plugin-sdk)</summary> ### [`v0.5.2`](https://togithub.com/hashicorp/packer-plugin-sdk/releases/tag/v0.5.2) [Compare Source](https://togithub.com/hashicorp/packer-plugin-sdk/compare/v0.5.1...v0.5.2) <!-- Release notes generated using configuration in .github/release.yml at v0.5.2 --> #### Upgrade Notes Upgrading to this release may fail until you've applied one of the fixes documented in [packer-plugin-sdk#187](https://togithub.com/hashicorp/packer-plugin-sdk/issues/187#user-content-available-fixes). Consumers of the Packer plugin SDK require a replace directive within their plugin's go module file to point to a compatible version of go-cty. The replace directive subject to change in future releases can be applied by running the `packer-sdc fix` sub-command to apply the replace directive to your plugin with a recommended version of the go-cty fork. Plugins already working with Packer Plugin SDK v0.5.1 are advised to apply the updated SDK fixes by re-running `packer-sdc fix` against the plugin's root directory. The updated SDK fixes will bump the supported version of the go-cty fork to v1.13.3, which is required for working with hcl/v2 version 2.17.0 and above. - **Bumped github.com/zclconf/go-cty to v1.13.1**: to bring in the latest supported changes of zclconf/go-cty and hashicorp/hcl/v2 to the SDK. - **Bumped github.com/hashicorp/hcl/v2 to v2.19.1**: to bring in support for the latest HCL/v2 refinements builder and enhancements. Refinements are non-breaking changes but you may see some changed results in your unit test of operations involving unknown values. - **Updated `packer-sdc fix`**: to upgrade the replace version for github.com/nywilken/go-cty from v1.12.1 to v1.13.3. #### What's Changed ##### Exciting New Features 🎉 - Add capability to specify additional build args to be executed when running acceptance tests against builders by [@​lbajolet-hashicorp](https://togithub.com/lbajolet-hashicorp) in [https://github.com/hashicorp/packer-plugin-sdk/pull/202](https://togithub.com/hashicorp/packer-plugin-sdk/pull/202) - Bump supported version of go-cty to v1.13.3 by [@​nywilken](https://togithub.com/nywilken) in [https://github.com/hashicorp/packer-plugin-sdk/pull/215](https://togithub.com/hashicorp/packer-plugin-sdk/pull/215) ##### Security Changes - Bump go-getter to v2.2.1 by [@​zliang-akamai](https://togithub.com/zliang-akamai) in [https://github.com/hashicorp/packer-plugin-sdk/pull/200](https://togithub.com/hashicorp/packer-plugin-sdk/pull/200) - Address reported CVEs along with Go toolchain vulnerabilities by [@​nywilken](https://togithub.com/nywilken) in [https://github.com/hashicorp/packer-plugin-sdk/pull/208](https://togithub.com/hashicorp/packer-plugin-sdk/pull/208), [https://github.com/hashicorp/packer-plugin-sdk/pull/213](https://togithub.com/hashicorp/packer-plugin-sdk/pull/213) ##### Bug Fixes🧑🔧 🐞 - Fix issue where packer-sdc mapstructure-to-hcl was incorrectly mixing underlying structs for types with similar mapstructure tags by [@​nywilken](https://togithub.com/nywilken) in [https://github.com/hashicorp/packer-plugin-sdk/pull/212](https://togithub.com/hashicorp/packer-plugin-sdk/pull/212) - hcl2helper: preemptively panic on nil hcl spec by [@​lbajolet-hashicorp](https://togithub.com/lbajolet-hashicorp) in [https://github.com/hashicorp/packer-plugin-sdk/pull/204](https://togithub.com/hashicorp/packer-plugin-sdk/pull/204) ##### Other Changes - packer-sdc/struct-markdown: Allow packer-internal as project directory for testing purposes by [@​nywilken](https://togithub.com/nywilken) in [https://github.com/hashicorp/packer-plugin-sdk/pull/218](https://togithub.com/hashicorp/packer-plugin-sdk/pull/218) #### New Contributors - [@​zliang-akamai](https://togithub.com/zliang-akamai) made their first contribution in [https://github.com/hashicorp/packer-plugin-sdk/pull/200](https://togithub.com/hashicorp/packer-plugin-sdk/pull/200) **Full Changelog**: hashicorp/packer-plugin-sdk@v0.5.1...v0.5.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/hetznercloud/packer-plugin-hcloud). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: jo <[email protected]>
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.