chore(deps): update ⬆️ gomod github.com/hashicorp/go-getter to v1.7.0

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/hashicorp/go-getter	`v1.6.2` -> `v1.7.0`

GitHub Vulnerability Alerts

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

Denial of service in github.com/hashicorp/go-getter/v2

CVE-2023-0475 / GHSA-jpxj-2jvg-6jv9 / GO-2023-1578

More information

#### Details HashiCorp go-getter is vulnerable to decompression bombs. This can lead to excessive memory consumption and denial-of-service attacks. #### Severity Unknown #### References - [https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125](https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125) - [https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6](https://togithub.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6) - [https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc](https://togithub.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2023-1578) and the [Go Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY 4.0](https://togithub.com/golang/vulndb#license)).

Data Amplification in HashiCorp go-getter

CVE-2023-0475 / GHSA-jpxj-2jvg-6jv9 / GO-2023-1578

More information

#### Details HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. #### Severity - CVSS Score: 4.2 / 10 (Medium) - Vector String: `CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2023-0475](https://nvd.nist.gov/vuln/detail/CVE-2023-0475) - [https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6](https://togithub.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6) - [https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc](https://togithub.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc) - [https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125](https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125) - [https://github.com/hashicorp/go-getter](https://togithub.com/hashicorp/go-getter) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-jpxj-2jvg-6jv9) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).

Release Notes

hashicorp/go-getter (github.com/hashicorp/go-getter)

### [`v1.7.0`](https://togithub.com/hashicorp/go-getter/releases/tag/v1.7.0) [Compare Source](https://togithub.com/hashicorp/go-getter/compare/v1.6.2...v1.7.0) #### What's Changed - docs: provide logging recommendations by [@mickael-hc](https://togithub.com/mickael-hc) in [https://github.com/hashicorp/go-getter/pull/371](https://togithub.com/hashicorp/go-getter/pull/371) - Update aws sdk version by [@Jukie](https://togithub.com/Jukie) in [https://github.com/hashicorp/go-getter/pull/384](https://togithub.com/hashicorp/go-getter/pull/384) - Update S3 URL in README by [@twelvelabs](https://togithub.com/twelvelabs) in [https://github.com/hashicorp/go-getter/pull/378](https://togithub.com/hashicorp/go-getter/pull/378) - Migrate to GHA by [@claire-labry](https://togithub.com/claire-labry) in [https://github.com/hashicorp/go-getter/pull/379](https://togithub.com/hashicorp/go-getter/pull/379) - \[COMPLIANCE] Update MPL 2.0 LICENSE by [@hashicorp-copywrite](https://togithub.com/hashicorp-copywrite) in [https://github.com/hashicorp/go-getter/pull/386](https://togithub.com/hashicorp/go-getter/pull/386) - remove codesign entirely from go-getter by [@claire-labry](https://togithub.com/claire-labry) in [https://github.com/hashicorp/go-getter/pull/408](https://togithub.com/hashicorp/go-getter/pull/408) - Add decompression bomb mitigation options for v1 by [@picatz](https://togithub.com/picatz) in [https://github.com/hashicorp/go-getter/pull/412](https://togithub.com/hashicorp/go-getter/pull/412) - v1: decompressors: add LimitedDecompressors helper by [@shoenig](https://togithub.com/shoenig) in [https://github.com/hashicorp/go-getter/pull/413](https://togithub.com/hashicorp/go-getter/pull/413) #### New Contributors - [@mickael-hc](https://togithub.com/mickael-hc) made their first contribution in [https://github.com/hashicorp/go-getter/pull/371](https://togithub.com/hashicorp/go-getter/pull/371) - [@Jukie](https://togithub.com/Jukie) made their first contribution in [https://github.com/hashicorp/go-getter/pull/384](https://togithub.com/hashicorp/go-getter/pull/384) - [@twelvelabs](https://togithub.com/twelvelabs) made their first contribution in [https://github.com/hashicorp/go-getter/pull/378](https://togithub.com/hashicorp/go-getter/pull/378) - [@hashicorp-copywrite](https://togithub.com/hashicorp-copywrite) made their first contribution in [https://github.com/hashicorp/go-getter/pull/386](https://togithub.com/hashicorp/go-getter/pull/386) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v1.6.2...v1.7.0

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

[ ] If you want to rebase/retry this PR, check this box

DelineaXPM / terraform-provider-dsv