When fetching files from Google Cloud Storage, go-getter will now consider the GOOGLE_OAUTH_ACCESS_TOKEN environment variable as a potential source of a Google Cloud Platform access token. (#302)
Fixed a regression from v1.5.9 where git:: sources would no longer accept direct commit ids in the optional ref argument, and would instead only allow named refs from the remote. As a compromise, go-getter will now accept for ref anything that git checkout would accept as a valid tree selector, unless you also set depth to activate shallow clone mode in which case ref must be a named ref due to requirements of the Git protocol in that case. (#345)
v1.5.9
Fix git shallow clone (depth parameter) for any ref. See #266
v1.5.8
No release notes provided.
v1.5.7
In 1.5.7, we moved to using signore, an internal tool, for GPG signing.
v1.5.5
... (truncated)
Commits
0edab85 Merge pull request #413 from hashicorp/limited-decompressors-helper
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mrolla/terraform-provider-circleci/network/alerts).
Bumps github.com/hashicorp/go-getter from 1.5.3 to 1.7.0.
Release notes
Sourced from github.com/hashicorp/go-getter's releases.
... (truncated)
Commits
0edab85
Merge pull request #413 from hashicorp/limited-decompressors-helperb38771f
decompressors: add LimitedDecompressors helper78e6721
Merge pull request #412 from hashicorp/mitigate-decompression-bombcf15d84
Add decompression bomb mitigation optionsd229395
Merge pull request #408 from hashicorp/remove-codesignb55f8f7
remove codesign entirely from go-getter611343a
Merge pull request #386 from hashicorp/compliance/add-license7220a3d
Merge pull request #379 from hashicorp/migrate-to-gha2daac52
Update get_gcs_test.go95c5f2d
Update get_s3_test.goDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mrolla/terraform-provider-circleci/network/alerts).