Sourced from github.com/zclconf/go-cty's releases.

v1.11.1

• convert: Fix for error when converting empty sets and lists with nested optional attributes by explicitly removing optional attribute information from collections.

Sourced from github.com/zclconf/go-cty's changelog.

1.12.0 (October 27, 2022)

• function: Each function can now have an English-language description summarizing its behavior. This is intended as a default string to use when an application wants to provide code hover tips or similar development aids. However, these descriptions are basic and only available in English, so applications may still prefer to provide their own descriptions and ignore those encoded in this module. (#137)

• convert: When running in "unsafe mode" (which allows additional conversions that can potentially fail with certain input values), we'll now allow converting from a map type to an object type with optional attributes as long as all of the present map elements are compatible with their corresponding optional attributes.

  It's still a dynamic error to convert a map whose element type is incompatible with any of the attributes that do have corresponding keys in the given map. (#139)

• convert: Will now produce correct type constraints when the input value is null and the target type has optional attributes. In this case the conversion process must remove the optional attribute annotations because those are only for type conversion purposes and have no meaning when used in the type constraint for a null or unknown value. (#140, #141)

1.11.1 (October 17, 2022)

• convert: Fix for error when converting empty sets and lists with nested optional attributes by explicitly removing optional attribute information from collections.

1.11.0 (August 22, 2022)

Upgrade Notes

This release contains some changes to some aspects of the API that are either legacy or de-facto internal (from before the Go toolchain had an explicit idea of that). Any external module using these will experience these as breaking changes, but we know of no such caller and so are admitting these without a major release in the interests of not creating churn for users of the main API.

• encoding/gob support utilities removed: we added these as a concession to HashiCorp who wanted to try to send cty values over some legacy protocols/formats used by legacy versions of HashiCorp Terraform. In the end those efforts were not successful for other reasons and so no Terraform release ever relied on this functionality.

  encoding/gob support has been burdensome due to how its unmarshaler interface is defined and so cty values and types are no longer automatically compatible with encoding/gob. Callers should instead use explicitly-implemented encodings, such as the built-in JSON and msgpack encodings or external libraries which use the public cty API to encode and decode.

• cty now requires Go 1.18: although the main API is not yet making any use of type parameters, we've begun to adopt it in the hope of improving the maintainability of some internal details, starting with the backing implementation of set types.

  Since type parameters are not supported by earlier versions of the Go compiler, callers must upgrade to Go 1.18 before using cty v1.11.0 or later.

Other changes in this release

• cty: Improved performance when comparing nonzero numbers to zero, by performing a relatively-cheap sign check on both numbers before falling back on the more expensive general equality implementation. (#125)
• cty: It's now possible to use capsule types in the elements of sets. Previously cty would panic if asked to construct a value of a set type whose element type either is or contains a capsule type, but there is now explicit support for storing encapsulated values in sets and optional (but recommended) support for a custom hashing function per type in order to improve performance for sets with a large number of elements.
• convert: Unify will no longer panic when asked to find a common base type for a tuple type and a list of unknown element type, and will instead just signal that such a unification is not possible. (#126)
• stdlib: FlattenFunc will no longer panic if it encounters a null value of a type that would normally be subject to flattening. Instead, it will treat it in the same way as a null value of any non-flattenable type. (#129)

• e15627f Release v1.12.0
• 4566e66 function: Allow overriding function descriptions
• 0e3fb70 Update CHANGELOG.md
• c15c700 Update CHANGELOG.md
• 36f1b4d Update CHANGELOG.md
• 2d26b96 function/stdlib: English-language descriptions for all of the functions
• 7a922bc Annotate string functions
• 31869a5 function: Allow functions and function parameters to have English-language de...
• d271633 Update CHANGELOG.md
• f331651 convert: Handle null results correctly for collections of object types with o...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/zclconf/go-cty's releases.

v1.11.1

• convert: Fix for error when converting empty sets and lists with nested optional attributes by explicitly removing optional attribute information from collections.

Sourced from github.com/zclconf/go-cty's changelog.

1.11.1 (October 17, 2022)

• convert: Fix for error when converting empty sets and lists with nested optional attributes by explicitly removing optional attribute information from collections.

1.11.0 (August 22, 2022)

Upgrade Notes

This release contains some changes to some aspects of the API that are either legacy or de-facto internal (from before the Go toolchain had an explicit idea of that). Any external module using these will experience these as breaking changes, but we know of no such caller and so are admitting these without a major release in the interests of not creating churn for users of the main API.

• encoding/gob support utilities removed: we added these as a concession to HashiCorp who wanted to try to send cty values over some legacy protocols/formats used by legacy versions of HashiCorp Terraform. In the end those efforts were not successful for other reasons and so no Terraform release ever relied on this functionality.

  encoding/gob support has been burdensome due to how its unmarshaler interface is defined and so cty values and types are no longer automatically compatible with encoding/gob. Callers should instead use explicitly-implemented encodings, such as the built-in JSON and msgpack encodings or external libraries which use the public cty API to encode and decode.

• cty now requires Go 1.18: although the main API is not yet making any use of type parameters, we've begun to adopt it in the hope of improving the maintainability of some internal details, starting with the backing implementation of set types.

  Since type parameters are not supported by earlier versions of the Go compiler, callers must upgrade to Go 1.18 before using cty v1.11.0 or later.

Other changes in this release

• cty: Improved performance when comparing nonzero numbers to zero, by performing a relatively-cheap sign check on both numbers before falling back on the more expensive general equality implementation. (#125)
• cty: It's now possible to use capsule types in the elements of sets. Previously cty would panic if asked to construct a value of a set type whose element type either is or contains a capsule type, but there is now explicit support for storing encapsulated values in sets and optional (but recommended) support for a custom hashing function per type in order to improve performance for sets with a large number of elements.
• convert: Unify will no longer panic when asked to find a common base type for a tuple type and a list of unknown element type, and will instead just signal that such a unification is not possible. (#126)
• stdlib: FlattenFunc will no longer panic if it encounters a null value of a type that would normally be subject to flattening. Instead, it will treat it in the same way as a null value of any non-flattenable type. (#129)

• e77fead Release v1.11.1
• 12a03f2 function/stdlib: "Chunklist" test assumed it was running on a 64-bit architec...
• 8548fbb README: Some extra hints for pronunciation of the project name
• 213b8de convert: Don't produce list and set type constraints with nested optional att...
• be97162 Prepare for a future v1.11.1 release
• 3792a7b v1.11.0
• f16c240 Update CHANGELOG.md
• 4d209ea stdlib: Don't panic if flatten finds a null list/set/tuple value
• 834994b Update CHANGELOG.md
• 24404ad convert: Fix panic when unifying tuple element types
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/hashicorp/hcl/v2's releases.

v2.14.1

Bugs Fixed

• ext/typeexpr: Type convert defaults for optional object attributes when applying them. This prevents crashes in certain cases when the objects in question are part of a collection. (#555)

v2.14.0

Enhancements

• ext/typeexpr: Added support for optional object attributes to TypeConstraint. Attributes can be wrapped in the special optional(…) modifier, allowing the attribute to be omitted while still meeting the type constraint. For more information, cty's documentation on conversion between object types. (#549)
• ext/typeexpr: New function: TypeConstraintWithDefaults. In this mode, the optional(…) modifier accepts a second argument which can be used as the default value for omitted object attributes. The function returns both a cty.Type and associated Defaults, the latter of which has an Apply method to apply defaults to a given value. (#549)

v2.12.0

Enhancements

• hclsyntax: Evaluation of conditional expressions will now produce more precise error messages about inconsistencies between the types of the true and false result expressions, particularly in cases where both are of the same structural type kind but differ in their nested elements. (#530)
• hclsyntax: The lexer will no longer allocate a small object on the heap for each token. Instead, in that situation it will allocate only when needed to return a diagnostic message with source location information. (#490)
• hclwrite: New functions TokensForTuple, TokensForObject, and TokensForFunctionCall allow for more easily constructing the three constructs which are supported for static analysis and which HCL-based languages typically use in contexts where an expression is used only for its syntax, and not evaluated to produce a real value. For example, these new functions together are sufficient to construct all valid type constraint expressions from the Type Expressions Extension, which is the basis of variable type constraints in the Terraform language at the time of writing. (#502)
• json: New functions IsJSONExpression and IsJSONBody to determine if a given expression or body was created by the JSON syntax parser. In normal situations it's better not to worry about what syntax a particular expression/body originated in, but this can be useful in some trickier cases where an application needs to shim for backwards-compatibility or for static analysis that needs to have special handling of the JSON syntax's embedded expression/template conventions. (#524)

Bugs Fixed

• gohcl: Fix docs about supported types for blocks. (#507)

Sourced from github.com/hashicorp/hcl/v2's changelog.

v2.14.1 (September 23, 2022)

Bugs Fixed

• ext/typeexpr: Type convert defaults for optional object attributes when applying them. This prevents crashes in certain cases when the objects in question are part of a collection. (#555)

v2.14.0 (September 1, 2022)

Enhancements

• ext/typeexpr: Added support for optional object attributes to TypeConstraint. Attributes can be wrapped in the special optional(…) modifier, allowing the attribute to be omitted while still meeting the type constraint. For more information, cty's documentation on conversion between object types. (#549)
• ext/typeexpr: New function: TypeConstraintWithDefaults. In this mode, the optional(…) modifier accepts a second argument which can be used as the default value for omitted object attributes. The function returns both a cty.Type and associated Defaults, the latter of which has an Apply method to apply defaults to a given value. (#549)

v2.13.0 (June 22, 2022)

Enhancements

• hcl: hcl.Diagnostic now has an additional field Extra which is intended for carrying arbitrary supporting data ("extra information") related to the diagnostic message, intended to allow diagnostic renderers to optionally tailor the presentation of messages for particular situations. (#539)
• hclsyntax: When an error occurs during a function call, the returned diagnostics will include extra information (as described in the previous point) about which function was being called and, if the message is about an error returned by the function itself, that raw error value without any post-processing. (#539)

Bugs Fixed

• hclwrite: Fixed a potential data race for any situation where hclwrite.Format runs concurrently with itself. (#534)

v2.12.0 (April 22, 2022)

Enhancements

• hclsyntax: Evaluation of conditional expressions will now produce more precise error messages about inconsistencies between the types of the true and false result expressions, particularly in cases where both are of the same structural type kind but differ in their nested elements. (#530)
• hclsyntax: The lexer will no longer allocate a small object on the heap for each token. Instead, in that situation it will allocate only when needed to return a diagnostic message with source location information. (#490)
• hclwrite: New functions TokensForTuple, TokensForObject, and TokensForFunctionCall allow for more easily constructing the three constructs which are supported for static analysis and which HCL-based languages typically use in contexts where an expression is used only for its syntax, and not evaluated to produce a real value. For example, these new functions together are sufficient to construct all valid type constraint expressions from the Type Expressions Extension, which is the basis of variable type constraints in the Terraform language at the time of writing. (#502)
• json: New functions IsJSONExpression and IsJSONBody to determine if a given expression or body was created by the JSON syntax parser. In normal situations it's better not to worry about what syntax a particular expression/body originated in, but this can be useful in some trickier cases where an application needs to shim for backwards-compatibility or for static analysis that needs to have special handling of the JSON syntax's embedded expression/template conventions. (#524)

Bugs Fixed

• gohcl: Fix docs about supported types for blocks. (#507)

• 197ef76 Update CHANGELOG.md
• 68124d5 Merge pull request #555 from hashicorp/pre-convert-optional-defaults
• b857322 ext/typeexpr: Convert defaults for optional attrs
• 85e45c5 Update CHANGELOG.md
• 74d03f3 Update CHANGELOG.md
• c4381b5 Release v2.14.0
• 8f2d3d7 Update CHANGELOG.md
• 75d5692 Merge pull request #549 from hashicorp/typeexpr-optional-defaults
• 47464b2 typeexpr: Optional object attributes with defaults
• 3186414 Prepare for a possible future v2.13.1 release
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/hashicorp/hcl/v2's releases.

v2.14.0

Enhancements

• ext/typeexpr: Added support for optional object attributes to TypeConstraint. Attributes can be wrapped in the special optional(…) modifier, allowing the attribute to be omitted while still meeting the type constraint. For more information, cty's documentation on conversion between object types. (#549)
• ext/typeexpr: New function: TypeConstraintWithDefaults. In this mode, the optional(…) modifier accepts a second argument which can be used as the default value for omitted object attributes. The function returns both a cty.Type and associated Defaults, the latter of which has an Apply method to apply defaults to a given value. (#549)

v2.12.0

Enhancements

• hclsyntax: Evaluation of conditional expressions will now produce more precise error messages about inconsistencies between the types of the true and false result expressions, particularly in cases where both are of the same structural type kind but differ in their nested elements. (#530)
• hclsyntax: The lexer will no longer allocate a small object on the heap for each token. Instead, in that situation it will allocate only when needed to return a diagnostic message with source location information. (#490)
• hclwrite: New functions TokensForTuple, TokensForObject, and TokensForFunctionCall allow for more easily constructing the three constructs which are supported for static analysis and which HCL-based languages typically use in contexts where an expression is used only for its syntax, and not evaluated to produce a real value. For example, these new functions together are sufficient to construct all valid type constraint expressions from the Type Expressions Extension, which is the basis of variable type constraints in the Terraform language at the time of writing. (#502)
• json: New functions IsJSONExpression and IsJSONBody to determine if a given expression or body was created by the JSON syntax parser. In normal situations it's better not to worry about what syntax a particular expression/body originated in, but this can be useful in some trickier cases where an application needs to shim for backwards-compatibility or for static analysis that needs to have special handling of the JSON syntax's embedded expression/template conventions. (#524)

Bugs Fixed

• gohcl: Fix docs about supported types for blocks. (#507)

Sourced from github.com/hashicorp/hcl/v2's changelog.

v2.14.0 (September 1, 2022)

Enhancements

• ext/typeexpr: Added support for optional object attributes to TypeConstraint. Attributes can be wrapped in the special optional(…) modifier, allowing the attribute to be omitted while still meeting the type constraint. For more information, cty's documentation on conversion between object types. (#549)
• ext/typeexpr: New function: TypeConstraintWithDefaults. In this mode, the optional(…) modifier accepts a second argument which can be used as the default value for omitted object attributes. The function returns both a cty.Type and associated Defaults, the latter of which has an Apply method to apply defaults to a given value. (#549)

v2.13.0 (June 22, 2022)

Enhancements

• hcl: hcl.Diagnostic now has an additional field Extra which is intended for carrying arbitrary supporting data ("extra information") related to the diagnostic message, intended to allow diagnostic renderers to optionally tailor the presentation of messages for particular situations. (#539)
• hclsyntax: When an error occurs during a function call, the returned diagnostics will include extra information (as described in the previous point) about which function was being called and, if the message is about an error returned by the function itself, that raw error value without any post-processing. (#539)

Bugs Fixed

• hclwrite: Fixed a potential data race for any situation where hclwrite.Format runs concurrently with itself. (#534)

v2.12.0 (April 22, 2022)

Enhancements

• hclsyntax: Evaluation of conditional expressions will now produce more precise error messages about inconsistencies between the types of the true and false result expressions, particularly in cases where both are of the same structural type kind but differ in their nested elements. (#530)
• hclsyntax: The lexer will no longer allocate a small object on the heap for each token. Instead, in that situation it will allocate only when needed to return a diagnostic message with source location information. (#490)
• hclwrite: New functions TokensForTuple, TokensForObject, and TokensForFunctionCall allow for more easily constructing the three constructs which are supported for static analysis and which HCL-based languages typically use in contexts where an expression is used only for its syntax, and not evaluated to produce a real value. For example, these new functions together are sufficient to construct all valid type constraint expressions from the Type Expressions Extension, which is the basis of variable type constraints in the Terraform language at the time of writing. (#502)
• json: New functions IsJSONExpression and IsJSONBody to determine if a given expression or body was created by the JSON syntax parser. In normal situations it's better not to worry about what syntax a particular expression/body originated in, but this can be useful in some trickier cases where an application needs to shim for backwards-compatibility or for static analysis that needs to have special handling of the JSON syntax's embedded expression/template conventions. (#524)

Bugs Fixed

• gohcl: Fix docs about supported types for blocks. (#507)

• 85e45c5 Update CHANGELOG.md
• 74d03f3 Update CHANGELOG.md
• c4381b5 Release v2.14.0
• 8f2d3d7 Update CHANGELOG.md
• 75d5692 Merge pull request #549 from hashicorp/typeexpr-optional-defaults
• 47464b2 typeexpr: Optional object attributes with defaults
• 3186414 Prepare for a possible future v2.13.1 release
• bc4516e Release v2.13.0
• ee5af8c Update CHANGELOG.md
• 88ecd13 hcl: Allow individual diagnostics to carry extra information
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/zclconf/go-cty's changelog.

1.11.0 (August 22, 2022)

Upgrade Notes

This release contains some changes to some aspects of the API that are either legacy or de-facto internal (from before the Go toolchain had an explicit idea of that). Any external module using these will experience these as breaking changes, but we know of no such caller and so are admitting these without a major release in the interests of not creating churn for users of the main API.

• encoding/gob support utilities removed: we added these as a concession to HashiCorp who wanted to try to send cty values over some legacy protocols/formats used by legacy versions of HashiCorp Terraform. In the end those efforts were not successful for other reasons and so no Terraform release ever relied on this functionality.

  encoding/gob support has been burdensome due to how its unmarshaler interface is defined and so cty values and types are no longer automatically compatible with encoding/gob. Callers should instead use explicitly-implemented encodings, such as the built-in JSON and msgpack encodings or external libraries which use the public cty API to encode and decode.

• cty now requires Go 1.18: although the main API is not yet making any use of type parameters, we've begun to adopt it in the hope of improving the maintainability of some internal details, starting with the backing implementation of set types.

  Since type parameters are not supported by earlier versions of the Go compiler, callers must upgrade to Go 1.18 before using cty v1.11.0 or later.

Other changes in this release

• cty: Improved performance when comparing nonzero numbers to zero, by performing a relatively-cheap sign check on both numbers before falling back on the more expensive general equality implementation. (#125)
• cty: It's now possible to use capsule types in the elements of sets. Previously cty would panic if asked to construct a value of a set type whose element type either is or contains a capsule type, but there is now explicit support for storing encapsulated values in sets and optional (but recommended) support for a custom hashing function per type in order to improve performance for sets with a large number of elements.
• convert: Unify will no longer panic when asked to find a common base type for a tuple type and a list of unknown element type, and will instead just signal that such a unification is not possible. (#126)
• stdlib: FlattenFunc will no longer panic if it encounters a null value of a type that would normally be subject to flattening. Instead, it will treat it in the same way as a null value of any non-flattenable type. (#129)

• 3792a7b v1.11.0
• f16c240 Update CHANGELOG.md
• 4d209ea stdlib: Don't panic if flatten finds a null list/set/tuple value
• 834994b Update CHANGELOG.md
• 24404ad convert: Fix panic when unifying tuple element types
• 97a685d go.mod: go get golang.org/x/[email protected]
• da78a28 Update CHANGELOG.md
• 3c2818f cty: Optimize equality check for numbers of differing signs
• b66d00a cty: Allow capsule types inside set values
• 74095df set: Use type parameters for the Set, Rules, and Iterator types
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/hashicorp/packer-plugin-sdk's releases.

v0.3.1

NOTES

There's been a change in the way the ssh_timeout option and the ssh_handshake_attempts work together, the behaviour is unchanged if both or none are specified, however if only one of the two is set, the other won't have a default value anymore and will be ignored.

What's Changed

Other Changes

• release: move to goreleaser/actions for releases by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#113
• Bump github.com/hashicorp/hcl/v2 from 2.12.0 to 2.13.0 by @​dependabot in hashicorp/packer-plugin-sdk#112
• Change step_create_cdrom_tests to pass on Windows by @​tempora-mutantur in hashicorp/packer-plugin-sdk#114
• ssh: only rely on timeout/retries if one is set by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#116

New Contributors

• @​tempora-mutantur made their first contribution in hashicorp/packer-plugin-sdk#114

Full Changelog: https://github.com/hashicorp/packer-plugin-sdk/compare/v0.3.0...v0.3.1

Sourced from github.com/hashicorp/packer-plugin-sdk's changelog.

0.3.1 (July 28, 2022)

0.3.0 (June 09, 2022)

• multistep/commonsteps: Add default timeouts to the GitGetter, HgGetter, S3Getter, and GcsGetter getters to mitigate against resource exhaustion when calling out to external command line applications.
• multistep/commonsteps: Disable support for the X-Terraform-Get header to mitigate against protocol switching, endless redirect, and configuration bypass abuse of custom HTTP response header processing.
• multistep/commonsteps: Update settings for the default go-getter client to prevent arbitrary host access via go-getter's path traversal, symlink processing, and command injection flaws.
• sdk: Bump github.com/hashicorp/go-getter/v2, github.com/hashicorp/go- getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2 to address a number of security vulnerabilities as defined in HCSEC-2022-13

0.2.13 (May 11, 2022)

• cmd/packer-sdc: Update golang.org/x/tools to fix internal package errors when running code generation commands with Go 1.18 GH-108

0.2.12 (May 03, 2022)

• provisioner/shell-local: Add env argument to pass env vars through a key value store GH-98
• provisioner/shell: Add env argument to pass env vars through a key value store GH-98
• sdk: Bump github.com/hashicorp/go-getter/v2 to v2.0.2 GH-102
• sdk: Bump github.com/hashicorp/hcl/v2 to v2.12.0 GH-106
• sdk: Update crypto/ssh pkg used by SSH communicator The existing ssh client used by the SSH communicator was relying on legacy key algorithms and could not connect to recent versions of openssh, or servers with a limited set of fips approved algorithms. GH-107

• 32bc92f v0.3.1 [skip ci]
• 4e46000 Bump version to v0.3.1
• b81b86f ssh: only rely on timeout/retries is one is set
• d177a80 Change step_create_cdrom_tests to pass on Windows (#114)
• e6c35e7 Bump github.com/hashicorp/hcl/v2 from 2.12.0 to 2.13.0 (#112)
• 36e1c0b release: move to goreleaser/actions for releases (#113)
• 2ed727c Update CHANGELOG.md
• c829677 v0.3.0 [skip ci]
• 9d151c7 Bump version to v0.3.0
• 73f8475 Update go-getter client options (#111)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/hashicorp/hcl/v2's releases.

v2.12.0

Enhancements

• hclsyntax: Evaluation of conditional expressions will now produce more precise error messages about inconsistencies between the types of the true and false result expressions, particularly in cases where both are of the same structural type kind but differ in their nested elements. (#530)
• hclsyntax: The lexer will no longer allocate a small object on the heap for each token. Instead, in that situation it will allocate only when needed to return a diagnostic message with source location information. (#490)
• hclwrite: New functions TokensForTuple, TokensForObject, and TokensForFunctionCall allow for more easily constructing the three constructs which are supported for static analysis and which HCL-based languages typically use in contexts where an expression is used only for its syntax, and not evaluated to produce a real value. For example, these new functions together are sufficient to construct all valid type constraint expressions from the Type Expressions Extension, which is the basis of variable type constraints in the Terraform language at the time of writing. (#502)
• json: New functions IsJSONExpression and IsJSONBody to determine if a given expression or body was created by the JSON syntax parser. In normal situations it's better not to worry about what syntax a particular expression/body originated in, but this can be useful in some trickier cases where an application needs to shim for backwards-compatibility or for static analysis that needs to have special handling of the JSON syntax's embedded expression/template conventions. (#524)

Bugs Fixed

• gohcl: Fix docs about supported types for blocks. (#507)

Sourced from github.com/hashicorp/hcl/v2's changelog.

v2.13.0 (June 22, 2022)

Enhancements

• hcl: hcl.Diagnostic how has an additional field Extra which is intended for carrying arbitrary supporting data ("extra information") related to the diagnostic message, intended to allow diagnostic renderers to optionally tailor the presentation of messages for particular situations. (#539)
• hclsyntax: When an error occurs during a function call, the returned diagnostics will include extra information (as described in the previous point) about which function was being called and, if the message is about an error returned by the function itself, that raw error value without any post-processing. (#539)

Bugs Fixed

• hclwrite: Fixed a potential data race for any situation where hclwrite.Format runs concurrently with itself. (#534)

v2.12.0 (April 22, 2022)

Enhancements

• hclsyntax: Evaluation of conditional expressions will now produce more precise error messages about inconsistencies between the types of the true and false result expressions, particularly in cases where both are of the same structural type kind but differ in their nested elements. (#530)
• hclsyntax: The lexer will no longer allocate a small object on the heap for each token. Instead, in that situation it will allocate only when needed to return a diagnostic message with source location information. (#490)
• hclwrite: New functions TokensForTuple, TokensForObject, and TokensForFunctionCall allow for more easily constructing the three constructs which are supported for static analysis and which HCL-based languages typically use in contexts where an expression is used only for its syntax, and not evaluated to produce a real value. For example, these new functions together are sufficient to construct all valid type constraint expressions from the Type Expressions Extension, which is the basis of variable type constraints in the Terraform language at the time of writing. (#502)
• json: New functions IsJSONExpression and IsJSONBody to determine if a given expression or body was created by the JSON syntax parser. In normal situations it's better not to worry about what syntax a particular expression/body originated in, but this can be useful in some trickier cases where an application needs to shim for backwards-compatibility or for static analysis that needs to have special handling of the JSON syntax's embedded expression/template conventions. (#524)

Bugs Fixed

• gohcl: Fix docs about supported types for blocks. (#507)

• bc4516e Release v2.13.0
• ee5af8c Update CHANGELOG.md
• 88ecd13 hcl: Allow individual diagnostics to carry extra information
• 986b881 Merge pull request #508 from hashicorp/go118fuzz
• c020cb9 go fmt
• c3b6715 go.mod: Specify that we use the Go 1.17 language in this module
• efb710f Update CHANGELOG.md
• 63d288b hclwrite: fix data race modifying the internal "nilToken" variable
• d0c4fa8 Merge pull request #522 from hashicorp/update-deps-for-macos
• 8927e75 deps: update crypto dependency for macOS support
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/hashicorp/packer-plugin-sdk's changelog.

0.3.0 (June 09, 2022)

• multistep/commonsteps: Add default timeouts to the GitGetter, HgGetter, S3Getter, and GcsGetter getters to mitigate against resource exhaustion when calling out to external command line applications.
• multistep/commonsteps: Disable support for the X-Terraform-Get header to mitigate against protocol switching, endless redirect, and configuration bypass abuse of custom HTTP response header processing.
• multistep/commonsteps: Update settings for the default go-getter client to prevent arbitrary host access via go-getter's path traversal, symlink processing, and command injection flaws.
• sdk: Bump github.com/hashicorp/go-getter/v2, github.com/hashicorp/go- getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2 to address a number of security vulnerabilities as defined in [HCSEC-2022-13](https://discuss.hashicorp.com/t/hcsec-2022-13-multiple- vulnerabilities-in-go-getter-library/39930)

0.2.13 (May 11, 2022)

• cmd/packer-sdc: Update golang.org/x/tools to fix internal package errors when running code generation commands with Go 1.18 GH-108

0.2.12 (May 03, 2022)

• provisioner/shell-local: Add env argument to pass env vars through a key value store GH-98
• provisioner/shell: Add env argument to pass env vars through a key value store GH-98
• sdk: Bump github.com/hashicorp/go-getter/v2 to v2.0.2 GH-102
• sdk: Bump github.com/hashicorp/hcl/v2 to v2.12.0 GH-106
• sdk: Update crypto/ssh pkg used by SSH communicator The existing ssh client used by the SSH communicator was relying on legacy key algorithms and could not connect to recent versions of openssh, or servers with a limited set of fips approved algorithms. [GH-107](https://github.com/hashicorp/packer- plugin- sdk/pull/107)

• c829677 v0.3.0 [skip ci]
• 9d151c7 Bump version to v0.3.0
• 73f8475 Update go-getter client options (#111)
• 45a145e Bump go-getter to address vulnerabilities described in HCSEC-2022-13 (#110)
• 895d67a v0.2.13 [skip ci]
• 3e8e90a Bump version to v0.2.13
• 9fbf7de Update CHANGELOG
• 3ef8de5 Update generate dependencies to fix Go 1.18 packer-sec cmd install (#108)
• 46e4c64 Update exit_code.go (#109)
• bcfe28e v0.2.12 [skip ci]
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/hashicorp/packer-plugin-sdk's changelog.

0.2.13 (May 11, 2022)

• cmd/packer-sdc: Update golang.org/x/tools to fix internal package errors when running code generation commands with Go 1.18 GH-108

0.2.12 (May 03, 2022)

• provisioner/shell-local: Add env argument to pass env vars through a key value store GH-98
• provisioner/shell: Add env argument to pass env vars through a key value store GH-98
• sdk: Bump github.com/hashicorp/go-getter/v2 to v2.0.2 GH-102
• sdk: Bump github.com/hashicorp/hcl/v2 to v2.12.0 GH-106
• sdk: Update crypto/ssh pkg used by SSH communicator The existing ssh client used by the SSH communicator was relying on legacy key algorithms and could not connect to recent versions of openssh, or servers with a limited set of fips approved algorithms. [GH-107](https://github.com/hashicorp/packer- plugin- sdk/pull/107)

• 895d67a v0.2.13 [skip ci]
• 3e8e90a Bump version to v0.2.13
• 9fbf7de Update CHANGELOG
• 3ef8de5 Update generate dependencies to fix Go 1.18 packer-sec cmd install (#108)
• 46e4c64 Update exit_code.go (#109)
• bcfe28e v0.2.12 [skip ci]
• 0ca2128 Remove deprectated GPG install step
• 7ca7749 Remove outdated GPG step
• c375407 Update CHANGELOG
• 745860a Update golang.org/x/crypto/ssh (#107)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/hashicorp/packer-plugin-sdk's changelog.

0.2.12 (May 03, 2022)

• provisioner/shell-local: Add env argument to pass env vars through a key value store GH-98
• provisioner/shell: Add env argument to pass env vars through a key value store GH-98
• sdk: Bump github.com/hashicorp/go-getter/v2 to v2.0.2 GH-102
• sdk: Bump github.com/hashicorp/hcl/v2 to v2.12.0 GH-106
• sdk: Update crypto/ssh pkg used by SSH communicator The existing ssh client used by the SSH communicator was relying on legacy key algorithms and could not connect to recent versions of openssh, or servers with a limited set of fips approved algorithms. [GH-107](https://github.com/hashicorp/packer- plugin- sdk/pull/107)

• bcfe28e v0.2.12 [skip ci]
• 0ca2128 Remove deprectated GPG install step
• 7ca7749 Remove outdated GPG step
• c375407 Update CHANGELOG
• 745860a Update golang.org/x/crypto/ssh (#107)
• cf7b4e1 Bump github.com/hashicorp/hcl/v2 from 2.11.1 to 2.12.0 (#106)
• 2e22282 Fix file path in comments for windows (#105)
• 3ceaa41 Get go-getter v2.0.2, to avoid untaring OVA files (#102)
• f7d4bf8 all shells: Pass env vars through a key value store (#98)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/hashicorp/hcl/v2's releases.

v2.12.0

Enhancements

• hclsyntax: Evaluation of conditional expressions will now produce more precise error messages about inconsistencies between the types of the true and false result expressions, particularly in cases where both are of the same structural type kind but differ in their nested elements. (#530)
• hclsyntax: The lexer will no longer allocate a small object on the heap for each token. Instead, in that situation it will allocate only when needed to return a diagnostic message with source location information. (#490)
• hclwrite: New functions TokensForTuple, TokensForObject, and TokensForFunctionCall allow for more easily constructing the three constructs which are supported for static analysis and which HCL-based languages typically use in contexts where an expression is used only for its syntax, and not evaluated to produce a real value. For example, these new functions together are sufficient to construct all valid type constraint expressions from the Type Expressions Extension, which is the basis of variable type constraints in the Terraform language at the time of writing. (#502)
• json: New functions IsJSONExpression and IsJSONBody to determine if a given expression or body was created by the JSON syntax parser. In normal situations it's better not to worry about what syntax a particular expression/body originated in, but this can be useful in some trickier cases where an application needs to shim for backwards-compatibility or for static analysis that needs to have special handling of the JSON syntax's embedded expression/template conventions. (#524)

Bugs Fixed

• gohcl: Fix docs about supported types for blocks. (#507)

Sourced from github.com/hashicorp/hcl/v2's changelog.

v2.12.0 (April 22, 2022)

Enhancements

• hclsyntax: Evaluation of conditional expressions will now produce more precise error messages about inconsistencies between the types of the true and false result expressions, particularly in cases where both are of the same structural type kind but differ in their nested elements. (#530)
• hclsyntax: The lexer will no longer allocate a small object on the heap for each token. Instead, in that situation it will allocate only when needed to return a diagnostic message with source location information. (#490)
• hclwrite: New functions TokensForTuple, TokensForObject, and TokensForFunctionCall allow for more easily constructing the three constructs which are supported for static analysis and which HCL-based languages typically use in contexts where an expression is used only for its syntax, and not evaluated to produce a real value. For example, these new functions together are sufficient to construct all valid type constraint expressions from the Type Expressions Extension, which is the basis of variable type constraints in the Terraform language at the time of writing. (#502)
• json: New functions IsJSONExpression and IsJSONBody to determine if a given expression or body was created by the JSON syntax parser. In normal situations it's better not to worry about what syntax a particular expression/body originated in, but this can be useful in some trickier cases where an application needs to shim for backwards-compatibility or for static analysis that needs to have special handling of the JSON syntax's embedded expression/template conventions. (#524)

Bugs Fixed

• gohcl: Fix docs about supported types for blocks. (#507)

• c135030 v2.12.0 release
• e01e7c6 Update CHANGELOG.md
• 357a7fd hclsyntax: Update style for new version of "go fmt"
• 97d54a9 hclsyntax: Improve conditional type mismatch errors (somewhat)
• 2ef09d1 Merge pull request #524 from hashicorp/f-json-is-json
• 8fc6794 json: Functions for determining if an expression or body is a JSON one
• 8c86d68 Update CHANGELOG.md
• 91152ab Update CHANGELOG.md
• 0d9c1da Merge pull request #507 from jmalloc/remove-hcl-block-decode
• 163105d gohcl: Fix docs about supported types for blocks.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/hashicorp/hcl/v2's releases.

v2.15.0

Bugs Fixed

• ext/typeexpr: Skip null objects when applying defaults. This prevents crashes when null objects are creating inside collections, and stops incomplete objects being created with only optional attributes set. (#567)
• ext/typeexpr: Ensure default values do not have optional metadata attached. This prevents crashes when default values are inserted into concrete go-cty values that have also been stripped of their optional metadata. (#568)

Enhancements

• ext/typeexpr: With the go-cty upstream depenendency updated to v1.12.0, the Defaults struct and associated functions can apply additional and more flexible 'unsafe' conversions (examples include tuples into collections such as lists and sets, and additional safety around null and dynamic values). (#564)
• ext/typeexpr: With the go-cty upstream depenendency updated to v1.12.0, users should now apply the go-cty convert functionality before setting defaults on a given cty.Value, rather than after, if they require a specific cty.Type. (#564)

v2.14.1

Bugs Fixed

• ext/typeexpr: Type convert defaults for optional object attributes when applying them. This prevents crashes in certain cases when the objects in question are part of a collection. (#555)

v2.14.0

Enhancements

• ext/typeexpr: Added support for optional object attributes to TypeConstraint. Attributes can be wrapped in the special optional(…) modifier, allowing the attribute to be omitted while still meeting the type constraint. For more information, cty's documentation on conversion between object types. (#549)
• ext/typeexpr: New function: TypeConstraintWithDefaults. In this mode, the optional(…) modifier accepts a second argument which can be used as the default value for omitted object attributes. The function returns both a cty.Type and associated Defaults, the latter of which has an Apply method to apply defaults to a given value. (#549)

v2.12.0

Enhancements

• hclsyntax: Evaluation of conditional expressions will now produce more precise error messages about inconsistencies between the types of the true and false result expressions, particularly in cases where both are of the same structural type kind but differ in their nested elements. (#530)
• hclsyntax: The lexer will no longer allocate a small object on the heap for each token. Instead, in that situation it will allocate only when needed to return a diagnostic message with source location information. (#490)
• hclwrite: New functions TokensForTuple, TokensForObject, and TokensForFunctionCall allow for more easily constructing the three constructs which are supported for static analysis and which HCL-based languages typically use in contexts where an expression is used only for its syntax, and not evaluated to produce a real value. For example, these new functions together are sufficient to construct all valid type constraint expressions from the Type Expressions Extension, which is the basis of variable type constraints in the Terraform language at the time of writing. (#502)
• json: New functions IsJSONExpression and IsJSONBody to determine if a given expression or body was created by the JSON syntax parser. In normal situations it's better not to worry about what syntax a particular expression/body originated in, but this can be useful in some trickier cases where an application needs to shim for backwards-compatibility or for static analysis that needs to have special handling of the JSON syntax's embedded expression/template conventions. (#524)

Bugs Fixed

• gohcl: Fix docs about supported types for blocks. (#507)

Sourced from github.com/hashicorp/hcl/v2's changelog.

v2.15.0 (November 10, 2022)

Bugs Fixed

• ext/typeexpr: Skip null objects when applying defaults. This prevents crashes when null objects are creating inside collections, and stops incomplete objects being created with only optional attributes set. (#567)
• ext/typeexpr: Ensure default values do not have optional metadata attached. This prevents crashes when default values are inserted into concrete go-cty values that have also been stripped of their optional metadata. (#568)

Enhancements

• ext/typeexpr: With the go-cty upstream depenendency updated to v1.12.0, the Defaults struct and associated functions can apply additional and more flexible 'unsafe' conversions (examples include tuples into collections such as lists and sets, and additional safety around null and dynamic values). (#564)
• ext/typeexpr: With the go-cty upstream depenendency updated to v1.12.0, users should now apply the go-cty convert functionality before setting defaults on a given cty.Value, rather than after, if they require a specific cty.Type. (#564)

v2.14.1 (September 23, 2022)

Bugs Fixed

• ext/typeexpr: Type convert defaults for optional object attributes when applying them. This prevents crashes in certain cases when the objects in question are part of a collection. (#555)

v2.14.0 (September 1, 2022)

Enhancements

• ext/typeexpr: Added support for optional object attributes to TypeConstraint. Attributes can be wrapped in the special optional(…) modifier, allowing the attribute to be omitted while still meeting the type constraint. For more information, cty's documentation on conversion between object types. (#549)
• ext/typeexpr: New function: TypeConstraintWithDefaults. In this mode, the optional(…) modifier accepts a second argument which can be used as the default value for omitted object attributes. The function returns both a cty.Type and associated Defaults, the latter of which has an Apply method to apply defaults to a given value. (#549)

v2.13.0 (June 22, 2022)

Enhancements

• hcl: hcl.Diagnostic now has an additional field Extra which is intended for carrying arbitrary supporting data ("extra information") related to the diagnostic message, intended to allow diagnostic renderers to optionally tailor the presentation of messages for particular situations. (#539)
• hclsyntax: When an error occurs during a function call, the returned diagnostics will include extra information (as described in the previous point) about which function was being called and, if the message is about an error returned by the function itself, that raw error value without any post-processing. (#539)

Bugs Fixed

• hclwrite: Fixed a potential data race for any situation where hclwrite.Format runs concurrently with itself. (#534)

v2.12.0 (April 22, 2022)

Enhancements

• hclsyntax: Evaluation of conditional expressions will now produce more precise error messages about inconsistencies between the types of the true and false result expressions, particularly in cases where both are of the same structural type kind but differ in their nested elements. (#530)
• hclsyntax: The lexer will no longer allocate a small object on the heap for each token. Instead, in that situation it will allocate only when needed to return a diagnostic message with source location information. (#490)
• hclwrite: New functions TokensForTuple, TokensForObject, and TokensForFunctionCall allow for more easily constructing the three constructs which are supported for static analysis and which HCL-based languages typically use in contexts where an expression is used only for its syntax, and not evaluated to produce a real value. For example, these new functions together are sufficient to construct all valid type constraint expressions from the Type Expressions Extension, which is the basis of variable type constraints in the Terraform language at the time of writing. (#502)
• json: New functions IsJSONExpression and IsJSONBody to determine if a given expression or body was created by the JSON syntax parser. In normal situations it's better not to worry about what syntax a particular expression/body originated in, but this can be useful in some trickier cases where an application needs to shim for backwards-compatibility or for static analysis that needs to have special handling of the JSON syntax's embedded expression/template conventions. (#524)

Bugs Fixed

• gohcl: Fix docs about supported types for blocks. (#507)

• 31e2c60 Release v2.15.0
• 07502d3 Update CHANGELOG.md
• bcff50c Strip optional metadata from empty default collections (#568)
• fa90633 Update CHANGELOG.md
• b6727bf Merge pull request #567 from liamcervante/terraform/32157
• 233ef62 add test cases that verify behaviour from the forums
• c7cfb6a remove previous complex test cases
• d29499f don't insert default values into null objects
• e86af16 Merge pull request #566 from hashicorp/liamcervante/changelog
• ba75ecb Update CHANGELOG.md
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/zclconf/go-cty's releases.

v1.11.1

• convert: Fix for error when converting empty sets and lists with nested optional attributes by explicitly removing optional attribute information from collections.

Sourced from github.com/zclconf/go-cty's changelog.

1.12.1 (November 8, 2022)

• convert: Will now produce correct type constraints when the input value is an empty collection and the target element type has optional attributes. In this case the conversion process must remove the optional attribute annotations because those are only for type conversion purposes and have no meaning when used in the type constraint for an empty collection. (#143)
• convert: Will now prefer to retain a concrete type in the input value when the input is either null or unknown and the target type is cty.DynamicPseudoType, which represents "any type". (#144)

1.12.0 (October 27, 2022)

• function: Each function can now have an English-language description summarizing its behavior. This is intended as a default string to use when an application wants to provide code hover tips or similar development aids. However, these descriptions are basic and only available in English, so applications may still prefer to provide their own descriptions and ignore those encoded in this module. (#137)

• convert: When running in "unsafe mode" (which allows additional conversions that can potentially fail with certain input values), we'll now allow converting from a map type to an object type with optional attributes as long as all of the present map elements are compatible with their corresponding optional attributes.

  It's still a dynamic error to convert a map whose element type is incompatible with any of the attributes that do have corresponding keys in the given map. (#139)

• convert: Will now produce correct type constraints when the input value is null and the target type has optional attributes. In this case the conversion process must remove the optional attribute annotations because those are only for type conversion purposes and have no meaning when used in the type constraint for a null or unknown value. (#140, #141)

1.11.1 (October 17, 2022)

• convert: Fix for error when converting empty sets and lists with nested optional attributes by explicitly removing optional attribute information from collections.

1.11.0 (August 22, 2022)

Upgrade Notes

This release contains some changes to some aspects of the API that are either legacy or de-facto internal (from before the Go toolchain had an explicit idea of that). Any external module using these will experience these as breaking changes, but we know of no such caller and so are admitting these without a major release in the interests of not creating churn for users of the main API.

• encoding/gob support utilities removed: we added these as a concession to HashiCorp who wanted to try to send cty values over some legacy protocols/formats used by legacy versions of HashiCorp Terraform. In the end those efforts were not successful for other reasons and so no Terraform release ever relied on this functionality.

  encoding/gob support has been burdensome due to how its unmarshaler interface is defined and so cty values and types are no longer automatically compatible with encoding/gob. Callers should instead use explicitly-implemented encodings, such as the built-in JSON and msgpack encodings or external libraries which use the public cty API to encode and decode.

• cty now requires Go 1.18: although the main API is not yet making any use of type parameters, we've begun to adopt it in the hope of improving the maintainability of some internal details, starting with the backing implementation of set types.

  Since type parameters are not supported by earlier versions of the Go compiler, callers must upgrade to Go 1.18 before using cty v1.11.0 or later.

Other changes in this release

• cty: Improved performance when comparing nonzero numbers to zero, by performing a relatively-cheap sign check on both numbers before falling back on the more expensive general equality implementation. (#125)
• cty: It's now possible to use capsule types in the elements of sets. Previously cty would panic if asked to construct a value of a set type whose element type either is or contains a capsule type, but there is now explicit support for storing encapsulated values in sets and optional (but recommended) support for a custom hashing function per type in order to improve performance for sets with a large number of elements.
• convert: Unify will no longer panic when asked to find a common base type for a tuple type and a list of unknown element type, and will instead just signal that such a unification is not possible. (#126)
• stdlib: FlattenFunc will no longer panic if it encounters a null value of a type that would normally be subject to flattening. Instead, it will treat it in the same way as a null value of any non-flattenable type. (#129)

• 65607d4 v1.12.1
• 4ecde43 Update CHANGELOG.md
• 5a9fd44 convert: Retain concrete types when converting from cty.DynamicPseudoType to ...
• 81703b1 Update CHANGELOG.md
• 70f5af8 convert: Return a valid type constraint when target is an empty collection of...
• 463952f Prepare for a possible later v1.12.1 release
• e15627f Release v1.12.0
• 4566e66 function: Allow overriding function descriptions
• 0e3fb70 Update CHANGELOG.md
• c15c700 Update CHANGELOG.md
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/hashicorp/packer-plugin-sdk's releases.

v0.3.2

What's Changed

Exciting New Features 🎉

• sdk: Bump SDK to Go 1.18 by @​nywilken in hashicorp/packer-plugin-sdk#121
• Provision SSHPublicKey while use custom SSH Private key by @​GennadySpb in hashicorp/packer-plugin-sdk#101

Bug fixes🧑‍🔧 🐞

• Fix support for forward slashes with nested folders in cd_files for Windows by @​tempora-mutantur in hashicorp/packer-plugin-sdk#115

Doc improvements 📚

• communicator: fix SSH config typo by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#124

Other Changes

• Remove release script in favor of goreleaser by @​nywilken in hashicorp/packer-plugin-sdk#118
• Update Xcode version for Darwin test builds by @​nywilken in hashicorp/packer-plugin-sdk#122
• Make ed25519 keys generated by Packer serialize in the format usable by ssh by @​nikolaymatrosov in hashicorp/packer-plugin-sdk#120
• Logging ssh bastion by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#123
• Update release version v0.3.2 by @​nywilken in hashicorp/packer-plugin-sdk#129

New Contributors

• @​nikolaymatrosov made their first contribution in hashicorp/packer-plugin-sdk#120
• @​GennadySpb made their first contribution in hashicorp/packer-plugin-sdk#101

Full Changelog: https://github.com/hashicorp/packer-plugin-sdk/compare/v0.3.1...v0.3.2

v0.3.1

NOTES

There's been a change in the way the ssh_timeout option and the ssh_handshake_attempts work together, the behaviour is unchanged if both or none are specified, however if only one of the two is set, the other won't have a default value anymore and will be ignored.

What's Changed

Other Changes

• release: move to goreleaser/actions for releases by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#113
• Bump github.com/hashicorp/hcl/v2 from 2.12.0 to 2.13.0 by @​dependabot in hashicorp/packer-plugin-sdk#112
• Change step_create_cdrom_tests to pass on Windows by @​tempora-mutantur in hashicorp/packer-plugin-sdk#114
• ssh: only rely on timeout/retries if one is set by @​lbajolet-hashicorp in hashicorp/packer-plugin-sdk#116

New Contributors

• @​tempora-mutantur made their first contribution in hashicorp/packer-plugin-sdk#114

Full Changelog: https://github.com/hashicorp/packer-plugin-sdk/compare/v0.3.0...v0.3.1

Sourced from github.com/hashicorp/packer-plugin-sdk's changelog.

See Releases for latest CHANGELOG information.

0.3.1 (July 28, 2022)

0.3.0 (June 09, 2022)

• multistep/commonsteps: Add default timeouts to the GitGetter, HgGetter, S3Getter, and GcsGetter getters to mitigate against resource exhaustion when calling out to external command line applications.
• multistep/commonsteps: Disable support for the X-Terraform-Get header to mitigate against protocol switching, endless redirect, and configuration bypass abuse of custom HTTP response header processing.
• multistep/commonsteps: Update settings for the default go-getter client to prevent arbitrary host access via go-getter's path traversal, symlink processing, and command injection flaws.
• sdk: Bump github.com/hashicorp/go-getter/v2, github.com/hashicorp/go- getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2 to address a number of security vulnerabilities as defined in HCSEC-2022-13

0.2.13 (May 11, 2022)

• cmd/packer-sdc: Update golang.org/x/tools to fix internal package errors when running code generation commands with Go 1.18 GH-108

0.2.12 (May 03, 2022)

• provisioner/shell-local: Add env argument to pass env vars through a key value store GH-98
• provisioner/shell: Add env argument to pass env vars through a key value store GH-98
• sdk: Bump github.com/hashicorp/go-getter/v2 to v2.0.2 GH-102
• sdk: Bump github.com/hashicorp/hcl/v2 to v2.12.0 GH-106
• sdk: Update crypto/ssh pkg used by SSH communicator The existing ssh client used by the SSH communicator was relying on legacy key algorithms and could not connect to recent versions of openssh, or servers with a limited set of fips approved algorithms. GH-107

• 7f67d2c Update release version v0.3.2 (#129)
• ae46818 Provision SSHPublicKey while use custom SSH Private key (#101)
• f0d8f56 Fix support for forward slashes in cd_files for Windows (#115)
• 2d9e9f3 sdk: Bump SDK to Go 1.18 (#121)
• ad89271 ssh: add more logging when connecting with bastion
• 28533d7 ssh: make ssh bastion error message more precise
• 42da5e2 communicator: fix SSH config typo (#124)
• 62ac7b7 Make ed25519 keys generated by Packer serialize in the format usable by ssh.
• 762ec6e Update Xcode version for Darwin test builds (#122)
• 80d2587 Remove release script in favor of goreleaser (#118)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)