Skip to content

Bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.6#596

Merged
kaidaguerre merged 1 commit into
developfrom
dependabot/go_modules/github.com/hashicorp/go-getter-1.8.6
Jun 8, 2026
Merged

Bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.6#596
kaidaguerre merged 1 commit into
developfrom
dependabot/go_modules/github.com/hashicorp/go-getter-1.8.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 10, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/hashicorp/go-getter from 1.7.9 to 1.8.6.

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.8.6

No release notes provided.

v1.8.5

What's Changed

NOTES:

Binary Distribution Update: To streamline our release process and align with other HashiCorp tools, all release binaries will now be published exclusively to the official HashiCorp release site. We will no longer attach release assets to GitHub Releases.

New Contributors

Full Changelog: hashicorp/go-getter@v1.8.4...v1.8.5

v1.8.4

What's Changed

... (truncated)

Commits
  • d23bff4 Merge pull request #608 from hashicorp/dependabot/go_modules/go-security-9c51...
  • 2c4aba8 Merge pull request #613 from hashicorp/pull/v1.8.6
  • fe61ed9 Merge pull request #611 from hashicorp/SECVULN-41053
  • d533656 Merge pull request #606 from hashicorp/pull/CRT
  • 388f23d Additional test for local branch and head
  • b7ceaa5 harden checkout ref handling and added regression tests
  • 769cc14 Release version bump up
  • 6086a6a Review Comments Addressed
  • e02063c Revert "SECVULN Fix for git checkout argument injection enables arbitrary fil...
  • c93084d [chore] : Bump google.golang.org/grpc
  • Additional commits viewable in compare view

@dependabot
dependabot Bot force-pushed the dependabot/go_modules/github.com/hashicorp/go-getter-1.8.6 branch from 8cb54f5 to bdb3a8e Compare April 10, 2026 18:22
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 10, 2026
@kaidaguerre

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.9 to 1.8.6.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Commits](hashicorp/go-getter@v1.7.9...v1.8.6)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-version: 1.8.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/go_modules/github.com/hashicorp/go-getter-1.8.6 branch from bdb3a8e to 55c9c08 Compare June 8, 2026 15:47

@kaidaguerre kaidaguerre left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving: Dependabot security bump (go-getter CVE-2026-4660 / docker), rebased onto develop, CI green.

@kaidaguerre
kaidaguerre merged commit 951aa94 into develop Jun 8, 2026
15 checks passed
@kaidaguerre
kaidaguerre deleted the dependabot/go_modules/github.com/hashicorp/go-getter-1.8.6 branch June 8, 2026 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant