Skip to content

Update module github.com/hashicorp/go-getter/v2 to v2.2.0 [SECURITY] #1230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update module github.com/hashicorp/go-getter/v2 to v2.2.0 [SECURITY] #1230

renovate-bot wants to merge 1 commit into from

Conversation

@renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Sep 19, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
github.com/hashicorp/go-getter/v2 v2.1.0v2.2.0 age confidence

GitHub Vulnerability Alerts

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

Release Notes

hashicorp/go-getter (github.com/hashicorp/go-getter/v2)

v2.2.0

Compare Source

What's Changed

Full Changelog: hashicorp/go-getter@v2.1.1...v2.2.0

v2.1.1

Compare Source

What's Changed

Other Changes

New Contributors

Full Changelog: hashicorp/go-getter@v2.1.0...v2.1.1

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot force-pushed the renovate/go-github.com-hashicorp-go-getter-v2-vulnerability branch 20 times, most recently from fc563b4 to d547637 Compare September 26, 2025 06:48
@renovate-bot renovate-bot force-pushed the renovate/go-github.com-hashicorp-go-getter-v2-vulnerability branch 8 times, most recently from dcb0fc4 to 6a6a531 Compare September 28, 2025 22:27
@renovate-bot renovate-bot force-pushed the renovate/go-github.com-hashicorp-go-getter-v2-vulnerability branch 19 times, most recently from 4a6e2f5 to 4f7ace1 Compare October 6, 2025 03:32
@renovate-bot renovate-bot force-pushed the renovate/go-github.com-hashicorp-go-getter-v2-vulnerability branch 6 times, most recently from 11db787 to 0f49e03 Compare October 8, 2025 20:04
@renovate-bot renovate-bot force-pushed the renovate/go-github.com-hashicorp-go-getter-v2-vulnerability branch from 0f49e03 to 10bef6e Compare October 9, 2025 02:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yeweidaniel yeweidaniel Awaiting requested review from yeweidaniel yeweidaniel is a code owner

@alextumanov alextumanov Awaiting requested review from alextumanov alextumanov is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@renovate-bot