fix(deps): update module github.com/hashicorp/go-getter to v1.7.9 [security]

[renovate-coveooss]

Jira: DT-4929

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/hashicorp/go-getter	v1.7.6 → v1.7.9

GitHub Vulnerability Alerts

CVE-2025-8959

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.

---

Release Notes

hashicorp/go-getter (github.com/hashicorp/go-getter)

v1.7.9

Compare Source

What's Changed

• Speed up XZ decompression by 5x with bufio wrapper by @​vsarunas in #​520
• Fix CI Workflow by @​mohanmanikanta2299 in #​522
• test: Remove use of "mitchellh/go-testing-interface" for stdlib by @​jrasell in #​523
• fix: url redact of multiple sshkey by @​dduzgun-security in #​528
• Publish arm binaries by @​sethvargo in #​525
• fix errcheck lint errors and run it as part of pr checks by @​abhijeetviswa in #​530
• fix additional lint errors and increase linter scope by @​abhijeetviswa in #​531
• IND-3728 enabling dependabot by @​KaushikiAnand in #​529
• fix: go-getter subdir paths by @​dduzgun-security in #​540

New Contributors

• @​vsarunas made their first contribution in #​520
• @​jrasell made their first contribution in #​523
• @​sethvargo made their first contribution in #​525
• @​abhijeetviswa made their first contribution in #​530
• @​KaushikiAnand made their first contribution in #​529

Full Changelog: hashicorp/go-getter@v1.7.8...v1.7.9

v1.7.8

Compare Source

What's Changed

• sec: fix s3 and gcs host checks by @​dduzgun-security in #​512

Full Changelog: hashicorp/go-getter@v1.7.7...v1.7.8

v1.7.7

Compare Source

What's Changed

• Clean up git repo on disk when the ref checkout fails by @​james-warren0 in #​504
• [COMPLIANCE] Add Copyright and License Headers by @​hashicorp-copywrite in #​409
• Add CODEOWNERS file in .github/CODEOWNERS by @​mukeshjc in #​505
• IND-1804 Bump up dependencies to remediate vulnerabiities by @​mohanmanikanta2299 in #​513
• Updating arguments in github release CI by @​mohanmanikanta2299 in #​514
• Updating .goreleaser.yml file with valid version by @​mohanmanikanta2299 in #​515

New Contributors

• @​james-warren0 made their first contribution in #​504
• @​mukeshjc made their first contribution in #​505
• @​mohanmanikanta2299 made their first contribution in #​513

Full Changelog: hashicorp/go-getter@v1.7.6...v1.7.7

---

Configuration

📅 Schedule: Branch creation - "" in timezone America/Toronto, Automerge - "after 9:00am and before 12:00pm on tuesday, wednesday, thursday" in timezone America/Toronto.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[renovate-coveooss]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 4 additional dependencies were updated

Details:

Package	Change
golang.org/x/crypto	v0.31.0 -> v0.32.0
golang.org/x/net	v0.33.0 -> v0.34.0
golang.org/x/sys	v0.28.0 -> v0.29.0
golang.org/x/term	v0.27.0 -> v0.28.0

[renovate-coveooss]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 4 additional dependencies were updated

Details:

Package	Change
golang.org/x/crypto	v0.31.0 -> v0.32.0
golang.org/x/net	v0.33.0 -> v0.34.0
golang.org/x/sys	v0.28.0 -> v0.29.0
golang.org/x/term	v0.27.0 -> v0.28.0