Bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.6#146
Bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.6#146dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.9 to 1.8.6. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Commits](hashicorp/go-getter@v1.7.9...v1.8.6) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-version: 1.8.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
AssigneesThe following users could not be added as assignees: Please fix the above issues or remove invalid values from |
b089384 to
8652ddd
Compare
|
This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days. |
|
This PR was closed because it has been stalled for 90 days with no activity. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps github.com/hashicorp/go-getter from 1.7.9 to 1.8.6.
Release notes
Sourced from github.com/hashicorp/go-getter's releases.
... (truncated)
Commits
d23bff4Merge pull request #608 from hashicorp/dependabot/go_modules/go-security-9c51...2c4aba8Merge pull request #613 from hashicorp/pull/v1.8.6fe61ed9Merge pull request #611 from hashicorp/SECVULN-41053d533656Merge pull request #606 from hashicorp/pull/CRT388f23dAdditional test for local branch and headb7ceaa5harden checkout ref handling and added regression tests769cc14Release version bump up6086a6aReview Comments Addressede02063cRevert "SECVULN Fix for git checkout argument injection enables arbitrary fil...c93084d[chore] : Bump google.golang.org/grpcDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.