Update dependencies: bump cloud.google.com/go/auth to v0.18.2, cloud.…#13610
Merged
hariom-hashicorp merged 1 commit intomainfrom Apr 17, 2026
Merged
Update dependencies: bump cloud.google.com/go/auth to v0.18.2, cloud.…#13610hariom-hashicorp merged 1 commit intomainfrom
hariom-hashicorp merged 1 commit intomainfrom
Conversation
…google.com/go/storage to v1.61.3, and aws-sdk-go-v2 packages to latest versions; includes various other dependency updates for improved stability and performance.
tanmay-hc
approved these changes
Apr 17, 2026
hariom-hashicorp
added a commit
that referenced
this pull request
Apr 24, 2026
* build(deps): bump github.com/go-jose/go-jose/v4 Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.3 to 4.1.4. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.1.3...v4.1.4) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Update Go version and refresh dependencies Aligns project with Go 1.25.9 and updates several dependencies to incorporate bug fixes, security enhancements, and improved compatibility across packages. Ensures continued stability and support for the latest upstream features by tracking current releases. * build(deps): bump go.opentelemetry.io/otel/sdk Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.41.0 to 1.43.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.41.0...v1.43.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.43.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Update error message in TestSourceNotExisting for clarity (#13616) * Feature/enforced provisioner (#13591) * added the parser for the enforced block * Enhance enforced provisioner parsing to support HCL and JSON formats - Updated ParseProvisionerBlocks to handle both HCL and JSON syntax, including legacy JSON format. - Added comprehensive test cases for JSON provisioner parsing. - Improved ExtractBuildProvisionerHCL to merge inline commands from shell provisioners. - Enhanced logging for enforced block operations in HCP Packer. * Remove PublishEnforcedBlocks function from Bucket struct * Remove ExtractBuildProvisionerHCL function and unused imports * Reverted the version upgrade * Added the internal-sdk for the enforcedProvsioner api changes * Enhance enforced provisioner handling and error reporting - Update error handling in FetchEnforcedBlocks to return detailed errors instead of warnings. - Modify GetCoreBuildProvisionerFromBlock to accept build name for overrides. - Add tests for FetchEnforcedBlocks to ensure correct behavior and error handling. - Implement diagnostics for unsupported legacy JSON templates. * Implement enforced provisioner parsing and handling - Introduced a new package `enforcedparser` to handle parsing of enforced provisioner blocks from HCL and JSON formats. - Refactored existing code to utilize the new `ParseProvisionerBlocks` function from the `enforcedparser` package. - Updated `GetCoreBuildProvisionerFromEnforcedBlock` method to convert enforced provisioner blocks into core build provisioners. - Enhanced error handling and logging during the parsing process. - Added tests for the new parsing functionality and ensured existing tests were updated to reflect changes. - Modified `InjectEnforcedProvisioners` method in JSON registry to utilize the new parsing logic. * Add test case for -skip-enforcement flag in BuildArgs * Refactor sensitive variable handling in provisioners and add related tests * Refactor enforced provisioner handling: remove internal parser, update tests, and streamline API interactions * Enhance provisioner block parsing: add error handling for invalid combinations and expand test coverage * Remove internal SDK replacement for enforced block types in go.mod * Update dependencies in go.mod and go.sum: bump hcp-sdk-go and packer-plugin-sdk versions, adjust syft version, and update OpenTelemetry packages * Update hcp-sdk-go dependency to v0.172.0 in go.mod and go.sum * Fix formatting in TestBuildCommand_ParseArgs and add newline at end of json_enforced_test.go * Refactor testJSONRegistryWithBuilds: remove environment variable setup and streamline registry initialization * Rename injected variable for clarity in InjectEnforcedProvisioners function --------- Co-authored-by: Hari Om <58305594+Madhav008@users.noreply.github.com> * Merge pull request #13610 from hashicorp/vulnerablity-fixes Update dependencies: bump cloud.google.com/go/auth to v0.18.2, cloud.… * Bumps Go version to 1.25.9 for compatibility * Update Go version and refresh dependencies Aligns project with Go 1.25.9 and updates several dependencies to incorporate bug fixes, security enhancements, and improved compatibility across packages. Ensures continued stability and support for the latest upstream features by tracking current releases. * Bump version to 1.15.2 and update changelog for new features and security improvements --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tanmay Jain <tanmay.jain@hashicorp.com> Co-authored-by: Hari Om <58305594+Madhav008@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…google.com/go/storage to v1.61.3, and aws-sdk-go-v2 packages to latest versions; includes various other dependency updates for improved stability and performance.
DELETE THIS PART BEFORE SUBMITTING
In order to have a good experience with our community, we recommend that you
read the contributing guidelines for making a PR, and understand the lifecycle
of a Packer Plugin PR:
Please include tests. Check out these examples:
Description
What code changed, and why?
Resolved Issues
If your PR resolves any open issue(s), please indicate them like this so they
will be closed when your PR is merged:
Closes #xxx
Closes #xxx
Rollback Plan
If a change needs to be reverted, we will roll out an update to the code within
7 days.
Changes to Security Controls
Are there any changes to security controls (access controls, encryption, logging)
in this pull request? If so, explain.