build(deps): bump github.com/hashicorp/packer-plugin-sdk from 0.4.0 to 0.5.2

[dependabot]

Bumps github.com/hashicorp/packer-plugin-sdk from 0.4.0 to 0.5.2.

Release notes

Sourced from github.com/hashicorp/packer-plugin-sdk's releases.

v0.5.2

Upgrade Notes

Upgrading to this release may fail until you've applied one of the fixes documented in packer-plugin-sdk#187. Consumers of the Packer plugin SDK require a replace directive within their plugin's go module file to point to a compatible version of go-cty. The replace directive subject to change in future releases can be applied by running the packer-sdc fix sub-command to apply the replace directive to your plugin with a recommended version of the go-cty fork.

Plugins already working with Packer Plugin SDK v0.5.1 are advised to apply the updated SDK fixes by re-running packer-sdc fix against the plugin's root directory. The updated SDK fixes will bump the supported version of the go-cty fork to v1.13.3, which is required for working with hcl/v2 version 2.17.0 and above.

• Bumped github.com/zclconf/go-cty to v1.13.1: to bring in the latest supported changes of zclconf/go-cty and hashicorp/hcl/v2 to the SDK.
• Bumped github.com/hashicorp/hcl/v2 to v2.19.1: to bring in support for the latest HCL/v2 refinements builder and enhancements. Refinements are non-breaking changes but you may see some changed results in your unit test of operations involving unknown values.
• Updated packer-sdc fix: to upgrade the replace version for github.com/nywilken/go-cty from v1.12.1 to v1.13.3.

What's Changed

Exciting New Features 🎉

• Add capability to specify additional build args to be executed when running acceptance tests against builders by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#202
• Bump supported version of go-cty to v1.13.3 by @​nywilken in hashicorp/packer-plugin-sdk#215

Security Changes

• Bump go-getter to v2.2.1 by @​zliang-akamai in hashicorp/packer-plugin-sdk#200
• Address reported CVEs along with Go toolchain vulnerabilities by @​nywilken in hashicorp/packer-plugin-sdk#208, hashicorp/packer-plugin-sdk#213

Bug Fixes🧑‍🔧 🐞

• Fix issue where packer-sdc mapstructure-to-hcl was incorrectly mixing underlying structs for types with similar mapstructure tags by @​nywilken in hashicorp/packer-plugin-sdk#212
• hcl2helper: preemptively panic on nil hcl spec by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#204

Other Changes

• packer-sdc/struct-markdown: Allow packer-internal as project directory for testing purposes by @​nywilken in hashicorp/packer-plugin-sdk#218

New Contributors

• @​zliang-akamai made their first contribution in hashicorp/packer-plugin-sdk#200

Full Changelog: hashicorp/packer-plugin-sdk@v0.5.1...v0.5.2

v0.5.1

Upgrade Notes

This release is a fast follow to v0.5.0, which broke the installation of the packer-sdc command due to an invalid go.mod file. The v0.5.0 release has been retracted and should not be used. Consumers of the Packer Plugin SDK should update to v0.5.1. Upgrading to this release will fail until you've applied one of the fixes documented in packer-plugin-sdk#187. We ask that you carefully review this section for details on the released changes.

• Retracted v0.5.0: the v0.5.0 SDK release was broken because of the replace statement for go-cty. #199
• Gob supported compile time check: we added a Go compile time check to the SDK for validating that a plugins' version of github.com/zclconf/go-cty contains encoding/gob support for cty.Type and cty.Value. #189
• Bumped the github.com/zclconf/go-cty to v1.12.1: to bring in the latest supported changes of zclconf/go-cty and hashicorp/hcl/v2 to the SDK. Consumers of the Packer plugin SDK now require a replace directive within their plugin's go module file to point to a compatible version of go-cty. The packer-sdc command has been updated to help apply these types of fixes. #197
• Added a fix command to packer-sdc: to help with the manual intervention and future changes to the SDK, we've introduced a fix sub-command to apply the replace directive to your plugin with a recommended version of the go-cty fork. #190, #198

What's Changed

Bug fixes🧑‍🔧 🐞

• Fix replace go mod by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#197
• packer-sdc: Remove version specific Go code by @​nywilken in hashicorp/packer-plugin-sdk#198

Other Changes

• go.mod: retract v0.5.0 by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#199

... (truncated)

Commits

• eac3a5f Cut release v0.5.2
• e599745 packer-sdc/struct-markdown: Allow packer-internal as project directory for te...
• 4fb8273 Initial fix for underlying struct mis-match bug
• c170d73 Update go-cty fixer replace directive to github.com/nywilken/go-cty v1.13.3
• fe7beb7 Bump upstream modules to support latest hcl/v2 offerrings
• 3327058 depg: bump golang.org/x/net to 0.17.0 for security fixes
• 530fc82 deps: bump github.com/hashicorp/vault/api to 1.10.0 for security fixes
• 4d8c199 deps: bump github.com/hashicorp/consul/api to v1.25.1 for security fixes
• 9e65ca1 deps: bump github.com/hashicorp/yamux to v0.1.1
• 6961c20 deps: bump github.com/mitchellh/cli to v1.1.5 for security fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[nywilken]

superseded by #12717

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.