From d0a7f777e8177a8b6164ab171f6d300aa8982229 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 12:42:17 -0500
Subject: [PATCH] build(deps): bump github.com/hashicorp/go-getter from 1.7.0
 to 1.7.5 (#85)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter)
from 1.7.0 to 1.7.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/go-getter/releases">github.com/hashicorp/go-getter's
releases</a>.</em></p>
<blockquote>
<h2>v1.7.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Prevent Git Config Alteration on Git Update by <a
href="https://github.com/dduzgun-security"><code>@​dduzgun-security</code></a>
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/497">hashicorp/go-getter#497</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/dduzgun-security"><code>@​dduzgun-security</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/497">hashicorp/go-getter#497</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/hashicorp/go-getter/compare/v1.7.4...v1.7.5">https://github.com/hashicorp/go-getter/compare/v1.7.4...v1.7.5</a></p>
<h2>v1.7.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Escape user-provided strings in <code>git</code> commands <a
href="https://redirect.github.com/hashicorp/go-getter/pull/483">hashicorp/go-getter#483</a></li>
<li>Fixed a bug in <code>.netrc</code> handling if the file does not
exist <a
href="https://redirect.github.com/hashicorp/go-getter/pull/433">hashicorp/go-getter#433</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4">https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4</a></p>
<h2>v1.7.3</h2>
<h2>What's Changed</h2>
<ul>
<li>SEC-090: Automated trusted workflow pinning (2023-04-21) by <a
href="https://github.com/hashicorp-tsccr"><code>@​hashicorp-tsccr</code></a>
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/432">hashicorp/go-getter#432</a></li>
<li>SEC-090: Automated trusted workflow pinning (2023-09-11) by <a
href="https://github.com/hashicorp-tsccr"><code>@​hashicorp-tsccr</code></a>
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/454">hashicorp/go-getter#454</a></li>
<li>SEC-090: Automated trusted workflow pinning (2023-09-18) by <a
href="https://github.com/hashicorp-tsccr"><code>@​hashicorp-tsccr</code></a>
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/458">hashicorp/go-getter#458</a></li>
<li>don't change GIT_SSH_COMMAND when there is no sshKeyFile by <a
href="https://github.com/jbardin"><code>@​jbardin</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/459">hashicorp/go-getter#459</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/hashicorp-tsccr"><code>@​hashicorp-tsccr</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/432">hashicorp/go-getter#432</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/hashicorp/go-getter/compare/v1.7.2...v1.7.3">https://github.com/hashicorp/go-getter/compare/v1.7.2...v1.7.3</a></p>
<h2>v1.7.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Don't override <code>GIT_SSH_COMMAND</code> when not needed by <a
href="https://github.com/nl-brett-stime"><code>@​nl-brett-stime</code></a>
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/300">hashicorp/go-getter#300</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2">https://github.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2</a></p>
<h2>v1.7.1</h2>
<p>No release notes provided.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/hashicorp/go-getter/commit/5a63fd9c0d5b8da8a6805e8c283f46f0dacb30b3"><code>5a63fd9</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/497">#497</a>
from hashicorp/fix-git-update</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/5b7ec5f039197dd363e912c8367329f8399557c6"><code>5b7ec5f</code></a>
fetch tags on update and fix tests</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/9906874a23919a81eff097d84fdb8f98525ac880"><code>9906874</code></a>
recreate git config during update to prevent config alteration</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9"><code>268c11c</code></a>
escape user provide string to git (<a
href="https://redirect.github.com/hashicorp/go-getter/issues/483">#483</a>)</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/975961f5f06346ccc282cd0d9aa16e160d26f9e3"><code>975961f</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/433">#433</a>
from adrian-bl/netrc-fix</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/0298a221674f629339295fa8a1e6a938e28506e0"><code>0298a22</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/459">#459</a>
from hashicorp/jbardin/setup-git-env</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/c70d9c915b8e823c44dd591088d15cde70d5e813"><code>c70d9c9</code></a>
don't change GIT_SSH_COMMAND if there's no keyfile</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/3d5770fe3ae127b90f54d825ef1772f0b4e86621"><code>3d5770f</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/458">#458</a>
from hashicorp/tsccr-auto-pinning/trusted/2023-09-18</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/06889794ed3f360b24e8ef7169294ccc59abc044"><code>0688979</code></a>
Result of tsccr-helper -log-level=info -pin-all-workflows .</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/e66f244d9206aca1ce0dee4823c833fecb2f77fc"><code>e66f244</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/454">#454</a>
from hashicorp/tsccr-auto-pinning/trusted/2023-09-11</li>
<li>Additional commits viewable in <a
href="https://github.com/hashicorp/go-getter/compare/v1.7.0...v1.7.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/go-getter&package-manager=go_modules&previous-version=1.7.0&new-version=1.7.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/DelineaXPM/terraform-provider-dsv/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod                                        |   2 +-
 go.sum                                        |   4 +-
 .../github.com/hashicorp/go-getter/get_git.go | 102 ++++++++++++++----
 .../github.com/hashicorp/go-getter/netrc.go   |   3 +-
 vendor/modules.txt                            |   2 +-
 5 files changed, 85 insertions(+), 28 deletions(-)

diff --git a/go.mod b/go.mod
index ade108bf..b74e6bba 100644
--- a/go.mod
+++ b/go.mod
@@ -53,7 +53,7 @@ require (
 	github.com/gookit/color v1.5.4 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-getter v1.7.0 // indirect
+	github.com/hashicorp/go-getter v1.7.5 // indirect
 	github.com/hashicorp/go-hclog v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.4.5 // indirect
diff --git a/go.sum b/go.sum
index 54fe82d2..f1530285 100644
--- a/go.sum
+++ b/go.sum
@@ -429,8 +429,8 @@ github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-getter v1.5.3/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI=
-github.com/hashicorp/go-getter v1.7.0 h1:bzrYP+qu/gMrL1au7/aDvkoOVGUJpeKBgbqRHACAFDY=
-github.com/hashicorp/go-getter v1.7.0/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
+github.com/hashicorp/go-getter v1.7.5 h1:dT58k9hQ/vbxNMwoI5+xFYAJuv6152UNvdHokfI5wE4=
+github.com/hashicorp/go-getter v1.7.5/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
 github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v1.3.1 h1:vDwF1DFNZhntP4DAjuTpOw3uEgMUpXh1pB5fW9DqHpo=
diff --git a/vendor/github.com/hashicorp/go-getter/get_git.go b/vendor/github.com/hashicorp/go-getter/get_git.go
index db89edef..f38e0d29 100644
--- a/vendor/github.com/hashicorp/go-getter/get_git.go
+++ b/vendor/github.com/hashicorp/go-getter/get_git.go
@@ -125,7 +125,7 @@ func (g *GitGetter) Get(dst string, u *url.URL) error {
 		return err
 	}
 	if err == nil {
-		err = g.update(ctx, dst, sshKeyFile, ref, depth)
+		err = g.update(ctx, dst, sshKeyFile, u, ref, depth)
 	} else {
 		err = g.clone(ctx, dst, sshKeyFile, u, ref, depth)
 	}
@@ -200,7 +200,7 @@ func (g *GitGetter) clone(ctx context.Context, dst, sshKeyFile string, u *url.UR
 		args = append(args, "--depth", strconv.Itoa(depth))
 		args = append(args, "--branch", ref)
 	}
-	args = append(args, u.String(), dst)
+	args = append(args, "--", u.String(), dst)
 
 	cmd := exec.CommandContext(ctx, "git", args...)
 	setupGitEnv(cmd, sshKeyFile)
@@ -228,28 +228,64 @@ func (g *GitGetter) clone(ctx context.Context, dst, sshKeyFile string, u *url.UR
 	return nil
 }
 
-func (g *GitGetter) update(ctx context.Context, dst, sshKeyFile, ref string, depth int) error {
-	// Determine if we're a branch. If we're NOT a branch, then we just
-	// switch to master prior to checking out
-	cmd := exec.CommandContext(ctx, "git", "show-ref", "-q", "--verify", "refs/heads/"+ref)
+func (g *GitGetter) update(ctx context.Context, dst, sshKeyFile string, u *url.URL, ref string, depth int) error {
+	// Remove all variations of .git directories
+	err := removeCaseInsensitiveGitDirectory(dst)
+	if err != nil {
+		return err
+	}
+
+	// Initialize the git repository
+	cmd := exec.CommandContext(ctx, "git", "init")
+	cmd.Dir = dst
+	err = getRunCommand(cmd)
+	if err != nil {
+		return err
+	}
+
+	// Add the git remote
+	cmd = exec.CommandContext(ctx, "git", "remote", "add", "origin", "--", u.String())
+	cmd.Dir = dst
+	err = getRunCommand(cmd)
+	if err != nil {
+		return err
+	}
+
+	// Fetch the remote ref
+	cmd = exec.CommandContext(ctx, "git", "fetch", "--tags")
+	cmd.Dir = dst
+	err = getRunCommand(cmd)
+	if err != nil {
+		return err
+	}
+
+	// Fetch the remote ref
+	cmd = exec.CommandContext(ctx, "git", "fetch", "origin", "--", ref)
 	cmd.Dir = dst
+	err = getRunCommand(cmd)
+	if err != nil {
+		return err
+	}
 
-	if getRunCommand(cmd) != nil {
-		// Not a branch, switch to default branch. This will also catch
-		// non-existent branches, in which case we want to switch to default
-		// and then checkout the proper branch later.
-		ref = findDefaultBranch(ctx, dst)
+	// Reset the branch to the fetched ref
+	cmd = exec.CommandContext(ctx, "git", "reset", "--hard", "FETCH_HEAD")
+	cmd.Dir = dst
+	err = getRunCommand(cmd)
+	if err != nil {
+		return err
 	}
 
-	// We have to be on a branch to pull
-	if err := g.checkout(ctx, dst, ref); err != nil {
+	// Checkout ref branch
+	err = g.checkout(ctx, dst, ref)
+	if err != nil {
 		return err
 	}
 
+	// Pull the latest changes from the ref branch
 	if depth > 0 {
-		cmd = exec.CommandContext(ctx, "git", "pull", "--depth", strconv.Itoa(depth), "--ff-only")
+		cmd = exec.CommandContext(ctx, "git", "pull", "origin", "--depth", strconv.Itoa(depth), "--ff-only", "--", ref)
 	} else {
-		cmd = exec.CommandContext(ctx, "git", "pull", "--ff-only")
+		cmd = exec.CommandContext(ctx, "git", "pull", "origin", "--ff-only", "--", ref)
 	}
 
 	cmd.Dir = dst
@@ -289,7 +325,7 @@ func findDefaultBranch(ctx context.Context, dst string) string {
 // default branch. "master" is returned if no HEAD symref exists.
 func findRemoteDefaultBranch(ctx context.Context, u *url.URL) string {
 	var stdoutbuf bytes.Buffer
-	cmd := exec.CommandContext(ctx, "git", "ls-remote", "--symref", u.String(), "HEAD")
+	cmd := exec.CommandContext(ctx, "git", "ls-remote", "--symref", "--", u.String(), "HEAD")
 	cmd.Stdout = &stdoutbuf
 	err := cmd.Run()
 	matches := lsRemoteSymRefRegexp.FindStringSubmatch(stdoutbuf.String())
@@ -302,6 +338,11 @@ func findRemoteDefaultBranch(ctx context.Context, u *url.URL) string {
 // setupGitEnv sets up the environment for the given command. This is used to
 // pass configuration data to git and ssh and enables advanced cloning methods.
 func setupGitEnv(cmd *exec.Cmd, sshKeyFile string) {
+	// If there's no sshKeyFile argument to deal with, we can skip this
+	// entirely.
+	if sshKeyFile == "" {
+		return
+	}
 	const gitSSHCommand = "GIT_SSH_COMMAND="
 	var sshCmd []string
 
@@ -323,15 +364,13 @@ func setupGitEnv(cmd *exec.Cmd, sshKeyFile string) {
 		sshCmd = []string{gitSSHCommand + "ssh"}
 	}
 
-	if sshKeyFile != "" {
-		// We have an SSH key temp file configured, tell ssh about this.
-		if runtime.GOOS == "windows" {
-			sshKeyFile = strings.Replace(sshKeyFile, `\`, `/`, -1)
-		}
-		sshCmd = append(sshCmd, "-i", sshKeyFile)
+	// We have an SSH key temp file configured, tell ssh about this.
+	if runtime.GOOS == "windows" {
+		sshKeyFile = strings.Replace(sshKeyFile, `\`, `/`, -1)
 	}
-
+	sshCmd = append(sshCmd, "-i", sshKeyFile)
 	env = append(env, strings.Join(sshCmd, " "))
+
 	cmd.Env = env
 }
 
@@ -374,3 +413,20 @@ func checkGitVersion(ctx context.Context, min string) error {
 
 	return nil
 }
+
+// removeCaseInsensitiveGitDirectory removes all .git directory variations
+func removeCaseInsensitiveGitDirectory(dst string) error {
+	files, err := os.ReadDir(dst)
+	if err != nil {
+		return fmt.Errorf("Failed to read the destination directory %s during git update", dst)
+	}
+	for _, f := range files {
+		if strings.EqualFold(f.Name(), ".git") && f.IsDir() {
+			err := os.RemoveAll(filepath.Join(dst, f.Name()))
+			if err != nil {
+				return fmt.Errorf("Failed to remove the .git directory in the destination directory %s during git update", dst)
+			}
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/hashicorp/go-getter/netrc.go b/vendor/github.com/hashicorp/go-getter/netrc.go
index c7f6a3fb..2fe868ad 100644
--- a/vendor/github.com/hashicorp/go-getter/netrc.go
+++ b/vendor/github.com/hashicorp/go-getter/netrc.go
@@ -5,6 +5,7 @@ import (
 	"net/url"
 	"os"
 	"runtime"
+	"syscall"
 
 	"github.com/bgentry/go-netrc/netrc"
 	"github.com/mitchellh/go-homedir"
@@ -38,7 +39,7 @@ func addAuthFromNetrc(u *url.URL) error {
 	// If the file is not a file, then do nothing
 	if fi, err := os.Stat(path); err != nil {
 		// File doesn't exist, do nothing
-		if os.IsNotExist(err) {
+		if serr, ok := err.(*os.PathError); ok && (os.IsNotExist(serr.Err) || serr.Err == syscall.ENOTDIR) {
 			return nil
 		}
 
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 22079152..e8fe31c8 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -168,7 +168,7 @@ github.com/hashicorp/errwrap
 # github.com/hashicorp/go-cleanhttp v0.5.2
 ## explicit; go 1.13
 github.com/hashicorp/go-cleanhttp
-# github.com/hashicorp/go-getter v1.7.0
+# github.com/hashicorp/go-getter v1.7.5
 ## explicit; go 1.13
 github.com/hashicorp/go-getter
 github.com/hashicorp/go-getter/helper/url