10000 chore(deps): update dependency gruntwork-io/terragrunt to v0.80.2 by uniget-bot · Pull Request #12473 · uniget-org/tools · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

chore(deps): update dependency gruntwork-io/terragrunt to v0.80.2 #12473

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 23, 2025
Merged

chore(deps): update dependency gruntwork-io/terragrunt to v0.80.2 #12473

merged 1 commit into from
May 23, 2025

Conversation

uniget-bot
Copy link

This PR contains the following updates:

Package Update Change
gruntwork-io/terragrunt patch 0.80.1 -> 0.80.2

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

gruntwork-io/terragrunt (gruntwork-io/terragrunt)

v0.80.2

Compare Source

✨ New Features

find adds support for --include

The find command now supports the --include flag to allow for fine grained control over the discovery of units that include other partial configurations.

e.g.

$ terragrunt find --include --format=json | jq
[
  {
    "type": "unit",
    "path": "bar",
    "include": {
      "cloud": "cloud.hcl"
    }
  },
  {
    "type": "unit",
    "path": "foo"
  }
]

Combining the flag with tools like jq allows for simple discovery of configurations that include other partial configurations.

$ terragrunt find --include --format=json | jq '[.[] | select(.include.cloud == "cloud.hcl")]'
[
  {
    "type": "unit",
    "path": "bar",
    "include": {
      "cloud": "cloud.hcl"
    }
  }
]

🐛 Bug Fixes

--tf-path now correctly overrides terraform_binary

A bug in the precedence logic for Terragrunt configuration parsing resulted in the CLI flag --tf-path from being ignored when the terraform_binary attribute was set.

Terragrunt will now correctly respect the terraform_binary attribute when set, and allow --tf-path to override the value when it is set.

What's Changed

Full Changelog: gruntwork-io/terragrunt@v0.80.1...v0.80.2

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

nicholasdille-bot
nicholasdille-bot approved these changes May 23, 2025
View reviewed changes
Copy link
@nicholasdille-bot nicholasdille-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved because label type/renovate is present.

@github-actions GitHub Actions
Copy link

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/terragrunt:0.80.2

📦 Image Reference ghcr.io/uniget-org/tools/terragrunt:0.80.2
digestsha256:1dfe79d2d177cf4af5cde1bfb1c90c8c00a8e1956acb02fd4577a1a85dda54f3
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 1
platformlinux/amd64
size44 MB
packages242
critical: 0 high: 0 medium: 1 low: 1 github.com/aws/aws-sdk-go 1.55.7 (golang)

pkg:golang/github.com/aws/aws-sdk-go@1.55.7

medium : CVE--2020--8911

Affected range>=0
Fixed versionNot Fixed
Description

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files.

low : CVE--2020--8912

Affected range>=0
Fixed versionNot Fixed
Description

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.

@github-actions GitHub Actions
Copy link

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/15200863435.

@github-actions GitHub Actions
Copy link

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/15200863435.

@github-actions github-actions bot merged commit 7bffe35 into main May 23, 2025
11 checks passed
@github-actions github-actions bot deleted the renovate/gruntwork-io-terragrunt-0.80.x branch May 23, 2025 02:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicholasdille-bot nicholasdille-bot nicholasdille-bot approved these changes

Assignees
No one assigned
Labels
bump/patch type/renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@uniget-bot @nicholasdille-bot @renovate-bot
0