fix(deps): update module github.com/hashicorp/go-getter to v1.7.9 [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/hashicorp/go-getter	v1.7.6 -> v1.7.9
github.com/hashicorp/go-getter	v1.7.5 -> v1.7.9

GitHub Vulnerability Alerts

CVE-2025-8959

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.

---

Release Notes

hashicorp/go-getter (github.com/hashicorp/go-getter)

v1.7.9

Compare Source

What's Changed

• Speed up XZ decompression by 5x with bufio wrapper by @​vsarunas in #​520
• Fix CI Workflow by @​mohanmanikanta2299 in #​522
• test: Remove use of "mitchellh/go-testing-interface" for stdlib by @​jrasell in #​523
• fix: url redact of multiple sshkey by @​dduzgun-security in #​528
• Publish arm binaries by @​sethvargo in #​525
• fix errcheck lint errors and run it as part of pr checks by @​abhijeetviswa in #​530
• fix additional lint errors and increase linter scope by @​abhijeetviswa in #​531
• IND-3728 enabling dependabot by @​KaushikiAnand in #​529
• fix: go-getter subdir paths by @​dduzgun-security in #​540

New Contributors

• @​vsarunas made their first contribution in #​520
• @​jrasell made their first contribution in #​523
• @​sethvargo made their first contribution in #​525
• @​abhijeetviswa made their first contribution in #​530
• @​KaushikiAnand made their first contribution in #​529

Full Changelog: hashicorp/go-getter@v1.7.8...v1.7.9

v1.7.8

Compare Source

What's Changed

• sec: fix s3 and gcs host checks by @​dduzgun-security in #​512

Full Changelog: hashicorp/go-getter@v1.7.7...v1.7.8

v1.7.7

Compare Source

What's Changed

• Clean up git repo on disk when the ref checkout fails by @​james-warren0 in #​504
• [COMPLIANCE] Add Copyright and License Headers by @​hashicorp-copywrite in #​409
• Add CODEOWNERS file in .github/CODEOWNERS by @​mukeshjc in #​505
• IND-1804 Bump up dependencies to remediate vulnerabiities by @​mohanmanikanta2299 in #​513
• Updating arguments in github release CI by @​mohanmanikanta2299 in #​514
• Updating .goreleaser.yml file with valid version by @​mohanmanikanta2299 in #​515

New Contributors

• @​james-warren0 made their first contribution in #​504
• @​mukeshjc made their first contribution in #​505
• @​mohanmanikanta2299 made their first contribution in #​513

Full Changelog: hashicorp/go-getter@v1.7.6...v1.7.7

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[forking-renovate]

ℹ Artifact update notice

File name: terraform/cloud-functions/per-project/test/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/boombuler/barcode	v1.0.1-0.20190219062509-6c824513bacc -> v1.0.1

File name: terraform/gke/unified/test/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/boombuler/barcode	v1.0.1-0.20190219062509-6c824513bacc -> v1.0.1