forked from hashicorp/packer-plugin-sdk
-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
upgrade dependencies #32
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We used to check if a ssh server returns an empty payload with a len(fi) < 0, which can never succeed as len never returns negative values. This commit changes the condition to an == instead.
Recently, an update to Windows's default SSH implementation added an extra check for the mark-of-the-web to their code, which if in verbose mode, ends-up producing an error log, and terminates the process with a non-zero error code, even if the transfer is successful. Because of this, scp transfers fail all the time in such an environment, and the recommended workaround for now is to set sftp as the transfer protocol, as this one sets the mark-of-the-web successfully, and therefore ends with a 0 error code. Since this is surprising behaviour to users, we add a paragraph to the docs, so they know about this workaround.
- Migrates the formats of links in Markdown content as part of the [Docs Content Link Rewrites project](https://docs.google.com/document/d/1WaSyvoVPS-YCNiSPX0ynGpvc1gySEcpbrRoQVhimQCA/edit)
Commit 34ed5d9 which consists of linting fixes essentially had an error in the code and the error check for `supported_os' was inverted in this commit, making shell-local fail on all supported OSes now. We re-invert this condition so it behaves as it used to.
The DSA signature algorithm is not considered secure anymore, and is actively deprecated in the Go crypto libs. To let users know that they should not use that anymore, we add a notice in the comments for the SSH private key options.
…from linting as the warning is not relevant.
Co-authored-by: Lucas Bajolet <[email protected]>
Go 1.19 has different formatting directives that appears to be causing conflicts with 1.18.
When generating the flattened structures for a HCL2-compatible config, we didn't prevent users from defining duplicate fields or tags, instead warning them. The warning in itself did not prevent the resulting structures from being generated, leading into a situation where the first definition of the arg/tag would have precedence over the subsequent definitions, leading to shadowing their definitions. To prevent this in the future, we immediately return an error when such a conflict is introduced, and signal to the user which attribute is problematic.
* Remove directory from matrix build for Windows config
Since FormatedVersion was essentially the same thing as `String` with the extra GitCommit if defined, we change its implementation to rely on the code committed for String.
The go-version library we use for parsing versions from the plugin supports 4-segmented versions. This may not be ideal for us, as we want to limit the sprawling nature of plugin installations, which if we start accepting sub-patch version bumps, may become quite strange. The release workflows we offer as template does not take that into account, and I'm not sure our docs do as well. Since there are many unknowns here, 4-segmented version numbers are not semver-valid, and we do not know how tooling will react, we ultimately decide not to allow those in the SDK. If a developer tries to define a 4-segmented version number, the plugin will crash instantly, at least giving users a message quickly that the version number is invalid, and that they need to limit themselves to a 3-segment version number.
…ashicorp/hcl/v2-2.20.1 Bump github.com/hashicorp/hcl/v2 from 2.13.0 to 2.20.1
…cty-1.14.4 Signed-off-by: RodrigoCMoraes <[email protected]>
…clconf/go-cty-1.14.4 Bump github.com/zclconf/go-cty from 1.10.0 to 1.14.4
upgrade: fix security issues
The SemVer function of a PluginVersion returns the version.Version instance bound to the PluginVersion. In former implementations of the structure, this could be nil in some cases, as only the version components were being registered, and the code would make sure that they were a valid semver version. Recent changes reorganised this code by making the semVer attribute always present, so while theoretically it could be nil, this would indicate a manipulation error. Therefore, we don't need to perform this check to re-create the semVer attribute, and by that change we fix the underlying issue that made semVer drop its pre-release/metadata parts when doing so.
…curity/upgrade-dependencies
…curity/upgrade-dependencies
Security/upgrade dependencies
panic: interface conversion: interface {} is big.Float, not *big.Float
fix: ci macami error
fix: missing method
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.