Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump various dependencies for the plugin SDK #213

Merged
merged 7 commits into from
Oct 20, 2023

Conversation

@nywilken nywilken changed the title nywilken/bump dependencies 1.20 Bump various dependencies for the plugin SDK Oct 19, 2023
@nywilken nywilken added tech-debt Issues and pull requests related to addressing technical debt or improving the codebase security labels Oct 19, 2023
@nywilken nywilken marked this pull request as ready for review October 19, 2023 18:17
@nywilken nywilken requested a review from a team as a code owner October 19, 2023 18:17
@nywilken nywilken force-pushed the nywilken/bump-dependencies-1.20 branch from 1555a23 to 7702a43 Compare October 19, 2023 18:38
Copy link
Contributor

@lbajolet-hashicorp lbajolet-hashicorp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Big list of updates!
LGTM overall, I believe this solves the non-deterministic generation for Azure, correct? Did you find the cause for the generation problems?

@nywilken
Copy link
Contributor Author

Big list of updates! LGTM overall,

Yeah - I took the opportunity to bump a few old dependencies that hand open vulnerabilities. They with the exception of vault and consul are pretty light weight things.

I believe this solves the non-deterministic generation for Azure, correct? Did you find the cause for the generation problems?

I have a separate PR for this still marked as a WIP as I can no reproduce outside of Azure. I validated the fix but there is something about the Azure code structure that confuses golang.org/x/tools/go/packages

The fix is in #212

@nywilken nywilken merged commit 3327058 into main Oct 20, 2023
8 checks passed
@nywilken nywilken deleted the nywilken/bump-dependencies-1.20 branch October 20, 2023 15:21
jooola referenced this pull request in hetznercloud/packer-plugin-hcloud Nov 28, 2023
…123)

[![Mend Renovate logo
banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[github.com/hashicorp/packer-plugin-sdk](https://togithub.com/hashicorp/packer-plugin-sdk)
| require | patch | `v0.5.1` -> `v0.5.2` |

---

### Release Notes

<details>
<summary>hashicorp/packer-plugin-sdk
(github.com/hashicorp/packer-plugin-sdk)</summary>

###
[`v0.5.2`](https://togithub.com/hashicorp/packer-plugin-sdk/releases/tag/v0.5.2)

[Compare
Source](https://togithub.com/hashicorp/packer-plugin-sdk/compare/v0.5.1...v0.5.2)

<!-- Release notes generated using configuration in .github/release.yml
at v0.5.2 -->

#### Upgrade Notes

Upgrading to this release may fail until you've applied one of the fixes
documented in
[packer-plugin-sdk#187](https://togithub.com/hashicorp/packer-plugin-sdk/issues/187#user-content-available-fixes).
Consumers of the Packer plugin SDK require a replace directive within
their plugin's go module file to point to a compatible version of
go-cty. The replace directive subject to change in future releases can
be applied by running the `packer-sdc fix` sub-command to apply the
replace directive to your plugin with a recommended version of the
go-cty fork.

Plugins already working with Packer Plugin SDK v0.5.1 are advised to
apply the updated SDK fixes by re-running `packer-sdc fix` against the
plugin's root directory. The updated SDK fixes will bump the supported
version of the go-cty fork to v1.13.3, which is required for working
with hcl/v2 version 2.17.0 and above.

- **Bumped github.com/zclconf/go-cty to v1.13.1**: to bring in the
latest supported changes of zclconf/go-cty and hashicorp/hcl/v2 to the
SDK.
- **Bumped github.com/hashicorp/hcl/v2 to v2.19.1**: to bring in support
for the latest HCL/v2 refinements builder and enhancements. Refinements
are non-breaking changes but you may see some changed results in your
unit test of operations involving unknown values.
- **Updated `packer-sdc fix`**: to upgrade the replace version for
github.com/nywilken/go-cty from v1.12.1 to v1.13.3.

#### What's Changed

##### Exciting New Features 🎉

- Add capability to specify additional build args to be executed when
running acceptance tests against builders by
[@&#8203;lbajolet-hashicorp](https://togithub.com/lbajolet-hashicorp) in
[https://github.com/hashicorp/packer-plugin-sdk/pull/202](https://togithub.com/hashicorp/packer-plugin-sdk/pull/202)
- Bump supported version of go-cty to v1.13.3 by
[@&#8203;nywilken](https://togithub.com/nywilken) in
[https://github.com/hashicorp/packer-plugin-sdk/pull/215](https://togithub.com/hashicorp/packer-plugin-sdk/pull/215)

##### Security Changes

- Bump go-getter to v2.2.1 by
[@&#8203;zliang-akamai](https://togithub.com/zliang-akamai) in
[https://github.com/hashicorp/packer-plugin-sdk/pull/200](https://togithub.com/hashicorp/packer-plugin-sdk/pull/200)
- Address reported CVEs along with Go toolchain vulnerabilities by
[@&#8203;nywilken](https://togithub.com/nywilken) in
[https://github.com/hashicorp/packer-plugin-sdk/pull/208](https://togithub.com/hashicorp/packer-plugin-sdk/pull/208),
[https://github.com/hashicorp/packer-plugin-sdk/pull/213](https://togithub.com/hashicorp/packer-plugin-sdk/pull/213)

##### Bug Fixes🧑‍🔧 🐞

- Fix issue where packer-sdc mapstructure-to-hcl was incorrectly mixing
underlying structs for types with similar mapstructure tags by
[@&#8203;nywilken](https://togithub.com/nywilken) in
[https://github.com/hashicorp/packer-plugin-sdk/pull/212](https://togithub.com/hashicorp/packer-plugin-sdk/pull/212)
- hcl2helper: preemptively panic on nil hcl spec by
[@&#8203;lbajolet-hashicorp](https://togithub.com/lbajolet-hashicorp) in
[https://github.com/hashicorp/packer-plugin-sdk/pull/204](https://togithub.com/hashicorp/packer-plugin-sdk/pull/204)

##### Other Changes

- packer-sdc/struct-markdown: Allow packer-internal as project directory
for testing purposes by
[@&#8203;nywilken](https://togithub.com/nywilken) in
[https://github.com/hashicorp/packer-plugin-sdk/pull/218](https://togithub.com/hashicorp/packer-plugin-sdk/pull/218)

#### New Contributors

- [@&#8203;zliang-akamai](https://togithub.com/zliang-akamai) made their
first contribution in
[https://github.com/hashicorp/packer-plugin-sdk/pull/200](https://togithub.com/hashicorp/packer-plugin-sdk/pull/200)

**Full Changelog**:
hashicorp/packer-plugin-sdk@v0.5.1...v0.5.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/hetznercloud/packer-plugin-hcloud).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security tech-debt Issues and pull requests related to addressing technical debt or improving the codebase
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants