v4.3.0
Enforce the usage of modern TLS versions (1.2 or higher) for S3 connections @amontalban (#237)
what
This variables adds a policy to the bucket to deny connections that do not use TLS 1.2 or higher.
why
This is required by our security team.
references
🚀 Enhancements
Bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.4 in /test/src @dependabot (#230)
Bumps github.com/hashicorp/go-getter from 1.7.1 to 1.7.4.
Release notes
Sourced from github.com/hashicorp/go-getter's releases.
v1.7.4
What's Changed
- Escape user-provided strings in
git
commands hashicorp/go-getter#483- Fixed a bug in
.netrc
handling if the file does not exist hashicorp/go-getter#433Full Changelog: hashicorp/go-getter@v1.7.3...v1.7.4
v1.7.3
What's Changed
- SEC-090: Automated trusted workflow pinning (2023-04-21) by
@hashicorp-tsccr
in hashicorp/go-getter#432- SEC-090: Automated trusted workflow pinning (2023-09-11) by
@hashicorp-tsccr
in hashicorp/go-getter#454- SEC-090: Automated trusted workflow pinning (2023-09-18) by
@hashicorp-tsccr
in hashicorp/go-getter#458- don't change GIT_SSH_COMMAND when there is no sshKeyFile by
@jbardin
in hashicorp/go-getter#459New Contributors
@hashicorp-tsccr
made their first contribution in hashicorp/go-getter#432Full Changelog: hashicorp/go-getter@v1.7.2...v1.7.3
v1.7.2
What's Changed
- Don't override
GIT_SSH_COMMAND
when not needed by@nl-brett-stime
hashicorp/go-getter#300Full Changelog: hashicorp/go-getter@v1.7.1...v1.7.2
Commits
268c11c
escape user provide string to git (#483)975961f
Merge pull request #433 from adrian-bl/netrc-fix0298a22
Merge pull request #459 from hashicorp/jbardin/setup-git-envc70d9c9
don't change GIT_SSH_COMMAND if there's no keyfile3d5770f
Merge pull request #458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-180688979
Result of tsccr-helper -log-level=info -pin-all-workflows .e66f244
Merge pull request #454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11e80b3dc
Result of tsccr-helper -log-level=info -pin-all-workflows .2d49e24
Merge pull request #432 from hashicorp/tsccr-auto-pinning/trusted/2023-04-215ccb39a
Make addAuthFromNetrc ignore ENOTDIR errors- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
🤖 Automatic Updates
Bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.4 in /test/src @dependabot (#230)
Bumps github.com/hashicorp/go-getter from 1.7.1 to 1.7.4.
Release notes
Sourced from github.com/hashicorp/go-getter's releases.
v1.7.4
What's Changed
- Escape user-provided strings in
git
commands hashicorp/go-getter#483- Fixed a bug in
.netrc
handling if the file does not exist hashicorp/go-getter#433Full Changelog: hashicorp/go-getter@v1.7.3...v1.7.4
v1.7.3
What's Changed
- SEC-090: Automated trusted workflow pinning (2023-04-21) by
@hashicorp-tsccr
in hashicorp/go-getter#432- SEC-090: Automated trusted workflow pinning (2023-09-11) by
@hashicorp-tsccr
in hashicorp/go-getter#454- SEC-090: Automated trusted workflow pinning (2023-09-18) by
@hashicorp-tsccr
in hashicorp/go-getter#458- don't change GIT_SSH_COMMAND when there is no sshKeyFile by
@jbardin
in hashicorp/go-getter#459New Contributors
@hashicorp-tsccr
made their first contribution in hashicorp/go-getter#432Full Changelog: hashicorp/go-getter@v1.7.2...v1.7.3
v1.7.2
What's Changed
- Don't override
GIT_SSH_COMMAND
when not needed by@nl-brett-stime
hashicorp/go-getter#300Full Changelog: hashicorp/go-getter@v1.7.1...v1.7.2
Commits
268c11c
escape user provide string to git (#483)975961f
Merge pull request #433 from adrian-bl/netrc-fix0298a22
Merge pull request #459 from hashicorp/jbardin/setup-git-envc70d9c9
don't change GIT_SSH_COMMAND if there's no keyfile3d5770f
Merge pull request #458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-180688979
Result of tsccr-helper -log-level=info -pin-all-workflows .e66f244
Merge pull request #454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11e80b3dc
Result of tsccr-helper -log-level=info -pin-all-workflows .2d49e24
Merge pull request #432 from hashicorp/tsccr-auto-pinning/trusted/2023-04-215ccb39a
Make addAuthFromNetrc ignore ENOTDIR errors- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Update release workflow to allow pull-requests: write @osterman (#234)
what
- Update workflow (
.github/workflows/release.yaml
) to have permission to comment on PR
why
- So we can support commenting on PRs with a link to the release
Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#233)
what
- Update workflows (
.github/workflows
) to use shared workflows from.github
repo
why
- Reduce nested levels of reusable workflows
Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#232)
what
- Update workflows (
.github/workflows
) to addissue: write
permission needed by ReviewDogtflint
action
why
- The ReviewDog action will comment with line-level suggestions based on linting failures
Update GitHub workflows @osterman (#231)
what
- Update workflows (
.github/workflows/settings.yaml
)
why
- Support new readme generation workflow.
- Generate banners
Bump golang.org/x/net from 0.8.0 to 0.23.0 in /test/src @dependabot (#229)
Bumps golang.org/x/net from 0.8.0 to 0.23.0.
Commits
c48da13
http2: fix TestServerContinuationFlood flakes762b58d
http2: fix tipos in commentba87210
http2: close connections when receiving too many headersebc8168
all: fix some typos3678185
http2: make TestCanonicalHeaderCacheGrowth faster448c44f
http2: remove clientTesterc7877ac
http2: convert the remaining clientTester tests to testClientConnd8870b0
http2: use synthetic time in TestIdleConnTimeoutd73acff
http2: only set up deadline when Server.IdleTimeout is positive89f602b
http2: validate client/outgoing trailers- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#227)
what
- Install latest GitHub Action Workflows
why
- Use shared workflows from
cldouposse/.github
repository - Simplify management of workflows from centralized hub of configuration
Add GitHub Settings @osterman (#221)
what
- Install a repository config (
.github/settings.yaml
)
why
- Programmatically manage GitHub repo settings
Update README.md and docs @cloudpossebot (#218)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates