search

OWASP / wrongsecrets

Vulnerable app with examples showing how to not use secrets
https://owasp.org/www-project-wrongsecrets/
GNU Affero General Public License v3.0
1.24k stars 366 forks source link

chore(deps): update go (major) #1752

Closed renovate[bot] closed 2 weeks ago

renovate[bot] commented 2 weeks ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/apparentlymart/go-textseg/v15 v15.0.0 -> v16.0.0 age adoption passing confidence
github.com/hashicorp/go-getter v1.7.6 -> v2.2.3 age adoption passing confidence

Release Notes

apparentlymart/go-textseg (github.com/apparentlymart/go-textseg/v15) ### [`v16.0.0`](https://redirect.github.com/apparentlymart/go-textseg/compare/v15.0.0...v16.0.0) [Compare Source](https://redirect.github.com/apparentlymart/go-textseg/compare/v15.0.0...v16.0.0)
hashicorp/go-getter (github.com/hashicorp/go-getter) ### [`v2.2.3`](https://redirect.github.com/hashicorp/go-getter/releases/tag/v2.2.3) [Compare Source](https://redirect.github.com/hashicorp/go-getter/compare/v2.2.2...v2.2.3) #### What's Changed - Backport fix to prevent Git config alteration on Git update by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/498](https://redirect.github.com/hashicorp/go-getter/pull/498) ##### Other - \[v2] update s3, and gcs to use most recent v2 module version by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/489](https://redirect.github.com/hashicorp/go-getter/pull/489) - Update cmd/go-getter to use that latest versions of go-getter/v2 by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/490](https://redirect.github.com/hashicorp/go-getter/pull/490) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v2.2.2...v2.2.3 ### [`v2.2.2`](https://redirect.github.com/hashicorp/go-getter/releases/tag/v2.2.2) [Compare Source](https://redirect.github.com/hashicorp/go-getter/compare/v2.2.1...v2.2.2) ##### What's Changed - remove repo-specific codeql action (port from v1) by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/431](https://redirect.github.com/hashicorp/go-getter/pull/431) - gcs/v2: bump cloud.google.com/go/storage to 1.34.0 by [@​lbajolet-hashicorp](https://redirect.github.com/lbajolet-hashicorp) in [https://github.com/hashicorp/go-getter/pull/488](https://redirect.github.com/hashicorp/go-getter/pull/488) - docs: bump version for godocs url by [@​kudla](https://redirect.github.com/kudla) in [https://github.com/hashicorp/go-getter/pull/460](https://redirect.github.com/hashicorp/go-getter/pull/460) - \[v2] update s3, and gcs to use most recent v2 module version by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/489](https://redirect.github.com/hashicorp/go-getter/pull/489) - Update cmd/go-getter to use that latest versions of go-getter/v2 by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/490](https://redirect.github.com/hashicorp/go-getter/pull/490) ##### New Contributors - [@​lbajolet-hashicorp](https://redirect.github.com/lbajolet-hashicorp) made their first contribution in [https://github.com/hashicorp/go-getter/pull/488](https://redirect.github.com/hashicorp/go-getter/pull/488) - [@​kudla](https://redirect.github.com/kudla) made their first contribution in [https://github.com/hashicorp/go-getter/pull/460](https://redirect.github.com/hashicorp/go-getter/pull/460) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v2.2.1...cmd/go-getter/v2.2.2 ### [`v2.2.1`](https://redirect.github.com/hashicorp/go-getter/releases/tag/v2.2.1) [Compare Source](https://redirect.github.com/hashicorp/go-getter/compare/v2.2.0...v2.2.1) #### What's Changed - \[V2] Bump submodules to use most recent v2 module version by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/416](https://redirect.github.com/hashicorp/go-getter/pull/416) - Port Decompression bomb security changes from v1 by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/418](https://redirect.github.com/hashicorp/go-getter/pull/418) - Update Go-Getter test workflow to run on pull requests by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/417](https://redirect.github.com/hashicorp/go-getter/pull/417) - Port bomb.zip test updates from v1 by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/425](https://redirect.github.com/hashicorp/go-getter/pull/425) - \[v2] update s3, gcs and cmd to use most recent v2 module version by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/426](https://redirect.github.com/hashicorp/go-getter/pull/426) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v2.2.0...v2.2.1 ### [`v2.2.0`](https://redirect.github.com/hashicorp/go-getter/releases/tag/v2.2.0) [Compare Source](https://redirect.github.com/hashicorp/go-getter/compare/v2.1.1...v2.2.0) #### What's Changed - \[v2] update s3, gcs and cmd to use most recent v2 module version by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/400](https://redirect.github.com/hashicorp/go-getter/pull/400) - Port Decompression bomb security changes from v1 by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/414](https://redirect.github.com/hashicorp/go-getter/pull/414) - Update Go-Getter V2 to use Go 1.18 by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/381](https://redirect.github.com/hashicorp/go-getter/pull/381) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v2.1.1...v2.2.0 ### [`v2.1.1`](https://redirect.github.com/hashicorp/go-getter/releases/tag/v2.1.1) [Compare Source](https://redirect.github.com/hashicorp/go-getter/compare/v2.1.0...v2.1.1) #### What's Changed - Add Timeout to SmbClientGetter to go-getter/v2 by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/369](https://redirect.github.com/hashicorp/go-getter/pull/369) - Upgrade AWS SDK version by [@​kmoe](https://redirect.github.com/kmoe) in [https://github.com/hashicorp/go-getter/pull/385](https://redirect.github.com/hashicorp/go-getter/pull/385) ##### Other Changes - Fix Go Tests for V2 by [@​claire-labry](https://redirect.github.com/claire-labry) in [https://github.com/hashicorp/go-getter/pull/392](https://redirect.github.com/hashicorp/go-getter/pull/392) - Migrate go-getter v2 to GHA by [@​claire-labry](https://redirect.github.com/claire-labry) in [https://github.com/hashicorp/go-getter/pull/388](https://redirect.github.com/hashicorp/go-getter/pull/388) - - Add Malformed S3 URL test by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/380](https://redirect.github.com/hashicorp/go-getter/pull/380) #### New Contributors - [@​kmoe](https://redirect.github.com/kmoe) made their first contribution in [https://github.com/hashicorp/go-getter/pull/385](https://redirect.github.com/hashicorp/go-getter/pull/385) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v2.1.0...v2.1.1 ### [`v2.1.0`](https://redirect.github.com/hashicorp/go-getter/releases/tag/v2.1.0) [Compare Source](https://redirect.github.com/hashicorp/go-getter/compare/v2.0.2...v2.1.0) #### What's Changed - Multiple fixes for go-getter v2 by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/361](https://redirect.github.com/hashicorp/go-getter/pull/361) - Update X-Terraform-Get error messaging to match v1 by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/364](https://redirect.github.com/hashicorp/go-getter/pull/364) - Update default Getters with known defaults by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/363](https://redirect.github.com/hashicorp/go-getter/pull/363) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v2.0.2...v2.1.0 ### [`v2.0.2`](https://redirect.github.com/hashicorp/go-getter/releases/tag/v2.0.2) [Compare Source](https://redirect.github.com/hashicorp/go-getter/compare/v2.0.1...v2.0.2) #### What's Changed - update s3 gcs and cmd to use most recent v2 module by [@​azr](https://redirect.github.com/azr) in [https://github.com/hashicorp/go-getter/pull/352](https://redirect.github.com/hashicorp/go-getter/pull/352) - Removed ova file type from the list of supported decompressors by [@​nywilken](https://redirect.github.com/nywilken) in [https://github.com/hashicorp/go-getter/pull/354](https://redirect.github.com/hashicorp/go-getter/pull/354) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v2.0.1...v2.0.2 ### [`v2.0.1`](https://redirect.github.com/hashicorp/go-getter/releases/tag/v2.0.1) [Compare Source](https://redirect.github.com/hashicorp/go-getter/compare/v2.0.0...v2.0.1) #### Enhancements - Append tar and ova decompressor in v2 by [@​LeConTesteur](https://redirect.github.com/LeConTesteur) in [https://github.com/hashicorp/go-getter/pull/351](https://redirect.github.com/hashicorp/go-getter/pull/351) #### Bug fixes 🐞 - fixes [#​320](https://redirect.github.com/hashicorp/go-getter/issues/320): Pass context to NewRequestWithContext so HTTP requests can… by [@​zeisss](https://redirect.github.com/zeisss) in [https://github.com/hashicorp/go-getter/pull/324](https://redirect.github.com/hashicorp/go-getter/pull/324) - Ignore comments in checksum files by [@​azr](https://redirect.github.com/azr) in [https://github.com/hashicorp/go-getter/pull/350](https://redirect.github.com/hashicorp/go-getter/pull/350) #### New Contributors - [@​LeConTesteur](https://redirect.github.com/LeConTesteur) made their first contribution in [https://github.com/hashicorp/go-getter/pull/351](https://redirect.github.com/hashicorp/go-getter/pull/351) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v2.0.0...v2.0.1 ### [`v2.0.0`](https://redirect.github.com/hashicorp/go-getter/releases/tag/v2.0.0): with split client/requests and vendored plugins [Compare Source](https://redirect.github.com/hashicorp/go-getter/compare/v1.7.6...v2.0.0)

Configuration

πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

πŸ‘» Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR was generated by Mend Renovate. View the repository job log.