chore(deps): update module github.com/hashicorp/go-getter to v1.7.4 [security]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/hashicorp/go-getter	`v1.7.1` -> `v1.7.4`

Before merging, always check with the release notes if any other changes need to be done.

GitHub Vulnerability Alerts

CVE-2024-3817

When go-getter is performing a Git operation, go-getter will try to clone the given repository. If a Git reference is not passed along with the Git url, go-getter will then try to check the remote repository’s HEAD reference of its default branch by passing arguments to the Git binary on the host it is executing on.

An attacker may format a Git URL in order to inject additional Git arguments to the Git call.

Consumers of the go-getter library should evaluate the risk associated with these issues in the context of their go-getter usage and upgrade go-getter to 1.7.4 or later.

Release Notes

hashicorp/go-getter (github.com/hashicorp/go-getter)

### [`v1.7.4`](https://togithub.com/hashicorp/go-getter/releases/tag/v1.7.4) [Compare Source](https://togithub.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4) #### What's Changed - Escape user-provided strings in `git` commands [https://github.com/hashicorp/go-getter/pull/483](https://togithub.com/hashicorp/go-getter/pull/483) - Fixed a bug in `.netrc` handling if the file does not exist [https://github.com/hashicorp/go-getter/pull/433](https://togithub.com/hashicorp/go-getter/pull/433) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4 ### [`v1.7.3`](https://togithub.com/hashicorp/go-getter/releases/tag/v1.7.3) [Compare Source](https://togithub.com/hashicorp/go-getter/compare/v1.7.2...v1.7.3) #### What's Changed - SEC-090: Automated trusted workflow pinning (2023-04-21) by [@hashicorp-tsccr](https://togithub.com/hashicorp-tsccr) in [https://github.com/hashicorp/go-getter/pull/432](https://togithub.com/hashicorp/go-getter/pull/432) - SEC-090: Automated trusted workflow pinning (2023-09-11) by [@hashicorp-tsccr](https://togithub.com/hashicorp-tsccr) in [https://github.com/hashicorp/go-getter/pull/454](https://togithub.com/hashicorp/go-getter/pull/454) - SEC-090: Automated trusted workflow pinning (2023-09-18) by [@hashicorp-tsccr](https://togithub.com/hashicorp-tsccr) in [https://github.com/hashicorp/go-getter/pull/458](https://togithub.com/hashicorp/go-getter/pull/458) - don't change GIT_SSH_COMMAND when there is no sshKeyFile by [@jbardin](https://togithub.com/jbardin) in [https://github.com/hashicorp/go-getter/pull/459](https://togithub.com/hashicorp/go-getter/pull/459) #### New Contributors - [@hashicorp-tsccr](https://togithub.com/hashicorp-tsccr) made their first contribution in [https://github.com/hashicorp/go-getter/pull/432](https://togithub.com/hashicorp/go-getter/pull/432) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v1.7.2...v1.7.3 ### [`v1.7.2`](https://togithub.com/hashicorp/go-getter/releases/tag/v1.7.2) [Compare Source](https://togithub.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2) #### What's Changed - Don't override `GIT_SSH_COMMAND` when not needed by [@nl-brett-stime](https://togithub.com/nl-brett-stime) [https://github.com/hashicorp/go-getter/pull/300](https://togithub.com/hashicorp/go-getter/pull/300) **Full Changelog**: https://github.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

camunda / camunda-tf-eks-module