Bump github.com/hashicorp/packer-plugin-sdk from 0.2.11 to 0.5.4

[dependabot]

Bumps github.com/hashicorp/packer-plugin-sdk from 0.2.11 to 0.5.4.

Release notes

Sourced from github.com/hashicorp/packer-plugin-sdk's releases.

v0.5.4

Upgrade notes

Upgrading to this release may fail until you've applied one of the fixes documented in hashicorp/packer-plugin-sdk#187. Consumers of the Packer plugin SDK require a replace directive within their plugin's go module file to point to a compatible version of go-cty.

The replace directive subject to change in future releases can be applied by running the packer-sdc fix sub-command to apply the replace directive to your plugin with a recommended version of the go-cty fork.

Plugins already working with Packer Plugin SDK v0.5.2 are advised to apply the updated SDK fixes by re-running packer-sdc fix against the plugin's root directory.

What's Changed

Doc improvements 📚

• communicator: fix reference to ssh_method in docs by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#243

Other Changes

• Release 0.5.3 by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#232
• version: don't remake semVer if not nil by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#233
• [COMPLIANCE] Add Copyright and License Headers by @​hashicorp-copywrite in hashicorp/packer-plugin-sdk#235
• Bump actions/checkout to address Node.js 16 deprecation issues by @​nywilken in hashicorp/packer-plugin-sdk#237
• Bump actions/setup-go to address Node.js 16 deprecation issues by @​nywilken in hashicorp/packer-plugin-sdk#238
• Bump goreleaser action to address Node.js 16 deprecation issues by @​nywilken in hashicorp/packer-plugin-sdk#239
• Update all tsccr approved actions by @​nywilken in hashicorp/packer-plugin-sdk#240
• Bump github.com/hashicorp/go-getter/v2 modules to v2.2.2 by @​nywilken in hashicorp/packer-plugin-sdk#241
• Makefile: replace enumer upstream with dmarkham's by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#242
• Fix ipv6 addresses format by @​jooola in hashicorp/packer-plugin-sdk#246
• Bump vault api dependancy to mitigate go-jose concerns, removes support for go1.20 by @​JenGoldstrich in hashicorp/packer-plugin-sdk#247
• Bump dependencies to address govulncheck reported vulnerabilities by @​nywilken in hashicorp/packer-plugin-sdk#248
• Update Go version must be a concrete installable version by @​nywilken in hashicorp/packer-plugin-sdk#250
• Cut release 0.5.4 by @​nywilken in hashicorp/packer-plugin-sdk#251

New Contributors

• @​jooola made their first contribution in hashicorp/packer-plugin-sdk#246
• @​JenGoldstrich made their first contribution in hashicorp/packer-plugin-sdk#247

Full Changelog: hashicorp/packer-plugin-sdk@v0.5.3...v0.5.4

v0.5.3

Upgrade notes

Upgrading to this release may fail until you've applied one of the fixes documented in hashicorp/packer-plugin-sdk#187. Consumers of the Packer plugin SDK require a replace directive within their plugin's go module file to point to a compatible version of go-cty.

The replace directive subject to change in future releases can be applied by running the packer-sdc fix sub-command to apply the replace directive to your plugin with a recommended version of the go-cty fork.

Plugins already working with Packer Plugin SDK v0.5.2 are advised to apply the updated SDK fixes by re-running packer-sdc fix against the plugin's root directory.

What's Changed

Exciting New Features 🎉

• Ui: add format-string alternatives to functions by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#225
• Version parsing rehaul by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#228

Other Changes

... (truncated)

Changelog

Sourced from github.com/hashicorp/packer-plugin-sdk's changelog.

Latest Release

Please refer to releases for latest CHANGELOG information.

0.3.1 (July 28, 2022)

0.3.0 (June 09, 2022)

• multistep/commonsteps: Add default timeouts to the GitGetter, HgGetter, S3Getter, and GcsGetter getters to mitigate against resource exhaustion when calling out to external command line applications.
• multistep/commonsteps: Disable support for the X-Terraform-Get header to mitigate against protocol switching, endless redirect, and configuration bypass abuse of custom HTTP response header processing.
• multistep/commonsteps: Update settings for the default go-getter client to prevent arbitrary host access via go-getter's path traversal, symlink processing, and command injection flaws.
• sdk: Bump github.com/hashicorp/go-getter/v2, github.com/hashicorp/go- getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2 to address a number of security vulnerabilities as defined in HCSEC-2022-13

0.2.13 (May 11, 2022)

• cmd/packer-sdc: Update golang.org/x/tools to fix internal package errors when running code generation commands with Go 1.18 GH-108

0.2.12 (May 03, 2022)

• provisioner/shell-local: Add env argument to pass env vars through a key value store GH-98
• provisioner/shell: Add env argument to pass env vars through a key value store GH-98
• sdk: Bump github.com/hashicorp/go-getter/v2 to v2.0.2 GH-102
• sdk: Bump github.com/hashicorp/hcl/v2 to v2.12.0 GH-106
• sdk: Update crypto/ssh pkg used by SSH communicator The existing ssh client used by the SSH communicator was relying on legacy key algorithms and could not connect to recent versions of openssh, or servers with a limited set of fips approved algorithms. GH-107

Commits

• 2750448 Cut release 0.5.4
• 7c20306 Update Go version must be a concrete installable version
• da5ece9 Bump google.golang.org/protobuf@v1.33.0
• 4d66cfc remove toolchain
• 02546f8 go 1.21 go mod tidy
• 51a60b4 Remove go 1.20 which is not supported by go-jose v4
• 98e32be Bump vault api dependancy to mitigate go-jose concerns
• 9c1d243 Fix IPv6 addresses formatting
• 1a2b341 communicator: fix reference to ssh_method in docs
• b0fc5d9 Makefile: replace enumer upstream with dmarkham's
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)