Bump the go-minor-and-patch-updates group across 1 directory with 7 updates

[dependabot]

Bumps the go-minor-and-patch-updates group with 4 updates in the / directory: github.com/go-git/go-git/v5, github.com/hashicorp/go-getter, github.com/zclconf/go-cty and github.com/hashicorp/terraform-exec.

Updates github.com/go-git/go-git/v5 from 5.16.5 to 5.17.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.17.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1839
• git: worktree, optimize infiles function for very large repos by @​k-anshul in go-git/go-git#1853
• git: Add strict checks for supported extensions by @​pjbgf in go-git/go-git#1861
• backport, git: Improve Status() speed with new index.ModTime check by @​cedric-appdirect in go-git/go-git#1862
• storage: filesystem, Avoid overwriting loose obj files by @​pjbgf in go-git/go-git#1864

Full Changelog: go-git/go-git@v5.16.5...v5.17.0

Commits

• bdf0688 Merge pull request #1864 from pjbgf/v5-issue-55
• 5290e52 storage: filesystem, Avoid overwriting loose obj files. Fixes #55
• 5d20a62 storage: filesystem, Fix permissions for loose and packed objs
• 8ed442c backport, git: Improve Status() speed with new index.ModTime check (#1862)
• c7b5960 build: Align test workflow with main
• 8e71edf git: Add strict checks for supported extensions
• 438a37f git: worktree, optimize infiles function for very large repos (#1853)
• 67c7006 Merge pull request #1839 from go-git/renovate/releases/v5.x-go-github.liu-huaimin.workers.dev-go-...
• 4ca3f02 build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY]
• See full diff in compare view

Updates github.com/hashicorp/go-getter from 1.8.4 to 1.8.5

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.8.5

What's Changed

• [chore] : Bump the go group with 2 updates by @​dependabot[bot] in hashicorp/go-getter#576
• use %w to wrap error by @​Ericwww in hashicorp/go-getter#475
• fix: #538 http file download skipped if headResp.ContentLength is 0 by @​martijnvdp in hashicorp/go-getter#539
• chore: fix error message capitalization in checksum function by @​ssagarverma in hashicorp/go-getter#578
• [chore] : Bump the go group with 8 updates by @​dependabot[bot] in hashicorp/go-getter#577
• Fix git url with ambiguous ref by @​nimasamii in hashicorp/go-getter#382
• fix: resolve compilation errors in get_git_test.go by @​CreatorHead in hashicorp/go-getter#579
• [chore] : Bump the actions group with 2 updates by @​dependabot[bot] in hashicorp/go-getter#582
• [chore] : Bump the go group with 3 updates by @​dependabot[bot] in hashicorp/go-getter#583
• test that arbitrary files cannot be checksummed by @​schmichael in hashicorp/go-getter#250
• [chore] : Bump google.golang.org/api from 0.260.0 to 0.262.0 in the go group by @​dependabot[bot] in hashicorp/go-getter#585
• [chore] : Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @​dependabot[bot] in hashicorp/go-getter#586
• [chore] : Bump the go group with 3 updates by @​dependabot[bot] in hashicorp/go-getter#588
• [chore] : Bump actions/cache from 5.0.2 to 5.0.3 in the actions group by @​dependabot[bot] in hashicorp/go-getter#589
• [chore] : Bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in the actions group by @​dependabot[bot] in hashicorp/go-getter#592
• [chore] : Bump google.golang.org/api from 0.264.0 to 0.265.0 in the go group by @​dependabot[bot] in hashicorp/go-getter#591
• [chore] : Bump the go group with 5 updates by @​dependabot[bot] in hashicorp/go-getter#593
• IND-6310 - CRT Onboarding by @​nasareeny in hashicorp/go-getter#584
• Fix crt build path by @​ssagarverma in hashicorp/go-getter#594
• [chore] : Bump the go group with 3 updates by @​dependabot[bot] in hashicorp/go-getter#596
• fix: remove checkout action from set-product-version job by @​ssagarverma in hashicorp/go-getter#598
• [chore] : Bump the actions group with 4 updates by @​dependabot[bot] in hashicorp/go-getter#595
• fix(deps): upgrade go.opentelemetry.io/otel/sdk to v1.40.0 (GO-2026-4394) by @​ssagarverma in hashicorp/go-getter#599
• Prepare go-getter for v1.8.5 release by @​nasareeny in hashicorp/go-getter#597
• [chore] : Bump the actions group with 2 updates by @​dependabot[bot] in hashicorp/go-getter#600
• sec: bump go and xrepos + redact aws tokens in url by @​dduzgun-security in hashicorp/go-getter#604

New Contributors

• @​Ericwww made their first contribution in hashicorp/go-getter#475
• @​martijnvdp made their first contribution in hashicorp/go-getter#539
• @​nimasamii made their first contribution in hashicorp/go-getter#382
• @​nasareeny made their first contribution in hashicorp/go-getter#584

Full Changelog: hashicorp/go-getter@v1.8.4...v1.8.5

Commits

• c56e01f sec: bump go and xrepos + redact aws tokens in url (#604)
• b83a3c7 [chore] : Bump the actions group with 2 updates (#600)
• 90c7d9c Prepare go-getter for v1.8.5 release (#597)
• 09c58f4 Merge pull request #599 from hashicorp/chore/upgrade-otel
• 93c75aa chore: upgrade OpenTelemetry dependencies to v1.40.0
• d567899 Merge pull request #595 from hashicorp/dependabot/github_actions/actions-be91...
• 4d3358c fix: remove checkout action from set-product-version job (#598)
• b9c8eab [chore] : Bump the go group with 3 updates (#596)
• 2ec0046 [chore] : Bump the actions group with 4 updates
• 8fa22a6 Merge pull request #594 from hashicorp/fix-crt-build-path
• Additional commits viewable in compare view

Updates github.com/zclconf/go-cty from 1.17.0 to 1.18.0

Changelog

Sourced from github.com/zclconf/go-cty's changelog.

1.18.0 (February 23, 2026)

cty now requires Go 1.25 or later.

• cty.Value.Equals now has a special case where if a null value is compared with a non-null value then only top-level marks from the non-null value will transfer to the boolean result.

  This is a limited introduction of the idea that only the parts of a nested data structure that were actually relevant to the comparison should transfer to the result. The more general form of that idea might follow in a later release, but that would require some more severe refactoring of this method's implementation that would be far riskier and so this is a pragmatic compromise to support just the relatively-common case of comparing with null in callers like HCL where an equality test is the canonical way to test a value for "null-ness".

• cty.IndexStep.Apply now works for traversing through a set.

  Although cty.Value.Index does not allow looking up a set element due to set elements not having indices, we often use cty.Path to describe a specific location in a nested structure and have a convention of handling traversal through a set as a cty.IndexStep whose "key" is the set element's value.

  To make that work a little better with code that uses cty.Path.Apply on such paths, cty.IndexStep now has a special case where if the given value is a set then it checks whether the index step's key is a member of the set and returns that value if so. If unknown values mean that it's not decidable whether there is a matching element then the result is an unknown value of the set's element type, so that traversal can continue and presumably eventually return an unknown value of the appropriate leaf type.

Commits

• e0c742b v1.18.0 release
• 21d455d Update LICENSE to reflect the current situation
• a6629d6 cty: IndexStep.Apply now works for traversing through a set
• d586d11 cty: Value.Equals only keeps shallow marks when comparing to null
• 2cc7315 go.mod: Require Go 1.25 or later
• See full diff in compare view

Updates github.com/go-git/go-billy/v5 from 5.7.0 to 5.8.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.8.0

What's Changed

• build: Update module golang.org/x/net to v0.45.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-billy#183
• v5: Ensure Chmod behaviour across BoundOS and ChrootOS by @​pjbgf in go-git/go-billy#187

Full Changelog: go-git/go-billy@v5.7.0...v5.8.0

Commits

• 8662784 Merge pull request #187 from pjbgf/windows-rename
• f387d62 build: Update test workflow to rely on oldstable/stable
• 915dae9 polyfill: Add support for Chmod
• f3d5600 osfs: Create dir for BoundOS Tempfiles
• 247a741 Merge pull request #183 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
• 1c0c9d5 build: Update module golang.org/x/net to v0.45.0 [SECURITY]
• See full diff in compare view

Updates github.com/hashicorp/terraform-exec from 0.24.0 to 0.25.0

Release notes

Sourced from github.com/hashicorp/terraform-exec's releases.

v0.25.0

NOTES:

• bump Go compatibility from 1.23 to 1.24 (in-line with Go's support policy) (#548, #557)

ENHANCEMENTS:

• tfexec: Added provider reattach support to all terraform workspace subcommands (#556)
• tfexec: Add -generate-config-out to the (Terraform).Plan() method (#563)
• Add support for providers mirror subcommand (#551)

DEPENDENCIES:

• build(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 (#547)
• build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 (#552)
• build(deps): bump github.com/hashicorp/hc-install from 0.9.2 to 0.9.3 (#566)
• build(deps): bump github.com/hashicorp/terraform-json from 0.27.1 to 0.27.2 (#542)
• build(deps): bump github.com/zclconf/go-cty from 1.16.4 to 1.17.0 (#535)

Changelog

Sourced from github.com/hashicorp/terraform-exec's changelog.

0.25.0 (February 16, 2026)

NOTES:

• bump Go compatibility from 1.23 to 1.24 (in-line with Go's support policy) (#548, #557)

ENHANCEMENTS:

• tfexec: Added provider reattach support to all terraform workspace subcommands (#556)
• tfexec: Add -generate-config-out to the (Terraform).Plan() method (#563)
• Add support for providers mirror subcommand (#551)

DEPENDENCIES:

• build(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 (#547)
• build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 (#552)
• build(deps): bump github.com/hashicorp/hc-install from 0.9.2 to 0.9.3 (#566)
• build(deps): bump github.com/hashicorp/terraform-json from 0.27.1 to 0.27.2 (#542)
• build(deps): bump github.com/zclconf/go-cty from 1.16.4 to 1.17.0 (#535)

Commits

• 02b5829 v0.25.0 [skip ci]
• b5cbff5 Update Changelog in preparation for 0.25.0 (#567)
• d15fcb4 build(deps): bump github.com/zclconf/go-cty from 1.16.4 to 1.17.0 (#535)
• c99d7b5 build(deps): bump github.com/hashicorp/terraform-json from 0.27.1 to 0.27.2 (...
• 77206c5 Simplify buildEnv: use maps.Copy for populating the map. (#546)
• 9495f7b build(deps): bump github.com/hashicorp/hc-install from 0.9.2 to 0.9.3 (#566)
• f1a5a8b Update copyright headers to IBM (#565)
• 9141118 Add providers mirror subcommand (#551)
• e9f5952 init: Add godoc comments for ForceCopy to mention that it's equivalent to `...
• 8c2278b feat: add -generate-config-out option to plan (#563)
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.34.0 to 0.36.0

Commits

• 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
• 89ff2e1 google: add safer credentials JSON loading options.
• See full diff in compare view

Updates golang.org/x/sys from 0.40.0 to 0.42.0

Commits

• eaaaaee windows/registry: correct KeyInfo.ModTime calculation
• 942780b cpu: darwin/arm64 feature detection
• acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
• 3687fbd cpu: better defaults on darwin ARM64
• 48062e9 plan9: change Note to alias syscall.Note
• 4f23f80 windows: change Signal to alias syscall.Signal
• 7548802 all: upgrade go directive to at least 1.25.0 [generated]
• fc646e4 cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows
• f11c7bb windows: add IsProcessorFeaturePresent and processor feature consts
• d25a7aa unix: add IoctlSetString on all platforms
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
github.com/go-git/go-git/v5	[>= 5.5.a, < 5.6]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions