Skip to content

Commit 8b3a9ce

Browse files
hc-github-team-secure-vault-coreraskchankyryancragun
authored
Backport bump go-getter to 1.7.9 into release/1.20.x+ent (#8930) (#8948)
* bump go-getter to 1.7.9 (#8899) * bump go-getter to 1.7.9 * add changelog * go mod tidy --------- Signed-off-by: Ryan Cragun <[email protected]> Co-authored-by: Josh Black <[email protected]> Co-authored-by: Ryan Cragun <[email protected]>
1 parent c66baf5 commit 8b3a9ce

File tree

5 files changed

+183
-161
lines changed

5 files changed

+183
-161
lines changed

changelog/_8899.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:security
2+
core: Update github.com/hashicorp/go-getter to fix security vulnerability GHSA-wjrx-6529-hcj3.
3+
```

go.mod

Lines changed: 47 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,8 @@ replace github.com/99designs/keyring => github.com/Jeffail/keyring v1.2.3
3232
require (
3333
cloud.google.com/go/cloudsqlconn v1.4.3
3434
cloud.google.com/go/monitoring v1.24.2
35-
cloud.google.com/go/spanner v1.82.0
36-
cloud.google.com/go/storage v1.52.0
35+
cloud.google.com/go/spanner v1.84.1
36+
cloud.google.com/go/storage v1.56.1
3737
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0
3838
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0
3939
github.com/Azure/azure-storage-blob-go v0.15.0
@@ -50,15 +50,15 @@ require (
5050
github.com/armon/go-metrics v0.4.1
5151
github.com/armon/go-radix v1.0.0
5252
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
53-
github.com/aws/aws-sdk-go v1.55.7
53+
github.com/aws/aws-sdk-go v1.55.8
5454
github.com/aws/aws-sdk-go-v2/config v1.29.14
5555
github.com/cenkalti/backoff/v4 v4.3.0
5656
github.com/chrismalek/oktasdk-go v0.0.0-20181212195951-3430665dfaa0
5757
github.com/cockroachdb/cockroach-go/v2 v2.3.8
5858
github.com/coder/websocket v1.8.12
5959
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
6060
github.com/denisenkom/go-mssqldb v0.12.3
61-
github.com/docker/docker v28.0.1+incompatible
61+
github.com/docker/docker v28.3.3+incompatible
6262
github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74
6363
github.com/dustin/go-humanize v1.0.1
6464
github.com/fatih/color v1.18.0
@@ -88,7 +88,6 @@ require (
8888
github.com/hashicorp/eventlogger v0.2.10
8989
github.com/hashicorp/go-bexpr v0.1.12
9090
github.com/hashicorp/go-cleanhttp v0.5.2
91-
github.com/hashicorp/go-cmp v0.0.0-20250414215908-521c6e5d9c1c
9291
github.com/hashicorp/go-discover v1.1.1-0.20250822114713-cd0e09c8e096
9392
github.com/hashicorp/go-gcp-common v0.9.2
9493
github.com/hashicorp/go-hclog v1.6.3
@@ -175,7 +174,7 @@ require (
175174
github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f
176175
github.com/jefferai/jsonx v1.0.1
177176
github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f
178-
github.com/klauspost/compress v1.17.11
177+
github.com/klauspost/compress v1.18.0
179178
github.com/kr/pretty v0.3.1
180179
github.com/kr/text v0.2.0
181180
github.com/mattn/go-colorable v0.1.14
@@ -215,35 +214,42 @@ require (
215214
go.etcd.io/etcd/client/v3 v3.5.17
216215
go.mongodb.org/atlas v0.38.0
217216
go.mongodb.org/mongo-driver v1.17.3
218-
go.opentelemetry.io/otel v1.35.0
219-
go.opentelemetry.io/otel/sdk v1.35.0
220-
go.opentelemetry.io/otel/trace v1.35.0
217+
go.opentelemetry.io/otel v1.37.0
218+
go.opentelemetry.io/otel/sdk v1.37.0
219+
go.opentelemetry.io/otel/trace v1.37.0
221220
go.uber.org/atomic v1.11.0
222221
go.uber.org/goleak v1.3.0
223-
golang.org/x/crypto v0.40.0
222+
golang.org/x/crypto v0.41.0
224223
golang.org/x/exp v0.0.0-20250711185948-6ae5c78190dc
225-
golang.org/x/net v0.42.0
224+
golang.org/x/net v0.43.0
226225
golang.org/x/oauth2 v0.30.0
227226
golang.org/x/sync v0.16.0
228-
golang.org/x/sys v0.34.0
229-
golang.org/x/term v0.33.0
230-
golang.org/x/text v0.27.0
227+
golang.org/x/sys v0.35.0
228+
golang.org/x/term v0.34.0
229+
golang.org/x/text v0.28.0
231230
golang.org/x/tools v0.35.0
232-
google.golang.org/api v0.235.0
233-
google.golang.org/grpc v1.72.2
234-
google.golang.org/protobuf v1.36.6
231+
google.golang.org/api v0.248.0
232+
google.golang.org/grpc v1.75.0
233+
google.golang.org/protobuf v1.36.8
235234
gopkg.in/ory-am/dockertest.v3 v3.3.4
236235
k8s.io/apimachinery v0.33.1
237236
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
238237
layeh.com/radius v0.0.0-20231213012653-1006025d24f8
239238
)
240239

241240
require (
242-
cel.dev/expr v0.20.0 // indirect
243-
cloud.google.com/go v0.121.0 // indirect
244-
cloud.google.com/go/auth v0.16.1 // indirect
241+
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
242+
github.com/containerd/errdefs v1.0.0 // indirect
243+
github.com/containerd/errdefs/pkg v0.3.0 // indirect
244+
github.com/moby/go-archive v0.1.0 // indirect
245+
)
246+
247+
require (
248+
cel.dev/expr v0.24.0 // indirect
249+
cloud.google.com/go v0.121.6 // indirect
250+
cloud.google.com/go/auth v0.16.5 // indirect
245251
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
246-
cloud.google.com/go/compute/metadata v0.7.0 // indirect
252+
cloud.google.com/go/compute/metadata v0.8.0 // indirect
247253
cloud.google.com/go/iam v1.5.2 // indirect
248254
cloud.google.com/go/kms v1.22.0 // indirect; indirect\
249255
cloud.google.com/go/longrunning v0.6.7 // indirect
@@ -274,10 +280,10 @@ require (
274280
github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect
275281
github.com/BurntSushi/toml v1.5.0 // indirect
276282
github.com/DataDog/datadog-go v3.2.0+incompatible // indirect
277-
github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.2 // indirect
278-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect
279-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect
280-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 // indirect
283+
github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.3 // indirect
284+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0 // indirect
285+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 // indirect
286+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 // indirect
281287
github.com/Jeffail/gabs/v2 v2.1.0 // indirect
282288
github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c // indirect
283289
github.com/Masterminds/goutils v1.1.1 // indirect
@@ -323,7 +329,7 @@ require (
323329
github.com/circonus-labs/circonusllhist v0.1.3 // indirect
324330
github.com/cloudflare/circl v1.6.2-0.20250618153321-aa837fd1539d // indirect
325331
github.com/cloudfoundry-community/go-cfclient v0.0.0-20220930021109-9c4e6c59ccf1 // indirect
326-
github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 // indirect
332+
github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect
327333
github.com/containerd/continuity v0.4.5 // indirect
328334
github.com/containerd/log v0.1.0 // indirect
329335
github.com/coreos/etcd v3.3.27+incompatible // indirect
@@ -361,9 +367,9 @@ require (
361367
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
362368
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
363369
github.com/go-git/go-billy/v5 v5.6.2 // indirect
364-
github.com/go-jose/go-jose/v4 v4.1.1 // indirect
370+
github.com/go-jose/go-jose/v4 v4.1.2 // indirect
365371
github.com/go-ldap/ldif v0.0.0-20200320164324-fd88d9b715b3 // indirect
366-
github.com/go-logr/logr v1.4.2 // indirect
372+
github.com/go-logr/logr v1.4.3 // indirect
367373
github.com/go-logr/stdr v1.2.2 // indirect
368374
github.com/go-ole/go-ole v1.2.6 // indirect
369375
github.com/go-openapi/analysis v0.23.0 // indirect
@@ -392,7 +398,7 @@ require (
392398
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
393399
github.com/google/uuid v1.6.0
394400
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
395-
github.com/googleapis/gax-go/v2 v2.14.2 // indirect
401+
github.com/googleapis/gax-go/v2 v2.15.0 // indirect
396402
github.com/gophercloud/gophercloud v0.1.0 // indirect
397403
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
398404
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
@@ -469,8 +475,8 @@ require (
469475
github.com/mitchellh/pointerstructure v1.2.1 // indirect
470476
github.com/moby/docker-image-spec v1.3.1 // indirect
471477
github.com/moby/patternmatcher v0.6.0 // indirect
472-
github.com/moby/sys/sequential v0.5.0 // indirect
473-
github.com/moby/sys/user v0.3.0 // indirect
478+
github.com/moby/sys/sequential v0.6.0 // indirect
479+
github.com/moby/sys/user v0.4.0 // indirect
474480
github.com/moby/sys/userns v0.1.0 // indirect
475481
github.com/moby/term v0.5.0 // indirect
476482
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -512,7 +518,7 @@ require (
512518
github.com/sony/gobreaker v0.5.0 // indirect
513519
github.com/spf13/cast v1.7.1 // indirect
514520
github.com/spf13/pflag v1.0.5 // indirect
515-
github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
521+
github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
516522
github.com/std-uritemplate/std-uritemplate/go/v2 v2.0.3 // indirect
517523
github.com/stretchr/objx v0.5.2 // indirect
518524
github.com/tencentcloud/tencentcloud-sdk-go v1.0.162 // indirect
@@ -532,25 +538,24 @@ require (
532538
github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
533539
github.com/yuin/gopher-lua v0.0.0-20210529063254-f4c35e4016d9 // indirect
534540
github.com/yusufpapurcu/wmi v1.2.4 // indirect
535-
github.com/zclconf/go-cty v1.12.1 // indirect
536-
github.com/zeebo/errs v1.4.0 // indirect
541+
github.com/zclconf/go-cty v1.15.0 // indirect
537542
github.com/zeebo/xxh3 v1.0.2 // indirect
538543
go.etcd.io/etcd/api/v3 v3.5.17 // indirect
539544
go.opencensus.io v0.24.0 // indirect
540545
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
541-
go.opentelemetry.io/contrib/detectors/gcp v1.35.0 // indirect
542-
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
543-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
544-
go.opentelemetry.io/otel/metric v1.35.0 // indirect
545-
go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
546+
go.opentelemetry.io/contrib/detectors/gcp v1.37.0 // indirect
547+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0 // indirect
548+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect
549+
go.opentelemetry.io/otel/metric v1.37.0 // indirect
550+
go.opentelemetry.io/otel/sdk/metric v1.37.0 // indirect
546551
go.uber.org/multierr v1.11.0 // indirect
547552
go.uber.org/zap v1.27.0 // indirect
548553
golang.org/x/mod v0.26.0 // indirect
549554
golang.org/x/time v0.12.0
550555
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
551-
google.golang.org/genproto v0.0.0-20250528174236-200df99c418a // indirect
552-
google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237 // indirect
553-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237 // indirect; indirect\
556+
google.golang.org/genproto v0.0.0-20250825161204-c5933d9347a5 // indirect
557+
google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect
558+
google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 // indirect; indirect\
554559
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
555560
gopkg.in/inf.v0 v0.9.1 // indirect
556561
gopkg.in/ini.v1 v1.67.0 // indirect

0 commit comments

Comments
 (0)