build(deps): bump github.com/hashicorp/packer-plugin-sdk from 0.6.7 to 0.6.8

[dependabot]

Bumps github.com/hashicorp/packer-plugin-sdk from 0.6.7 to 0.6.8.

Release notes

Sourced from github.com/hashicorp/packer-plugin-sdk's releases.

v0.6.8

What's Changed

Breaking Changes

• communicator: WinRMUseNTLM field type changed from bool to config.Trilean (#329)

  Plugins that directly assign or read WinRM.WinRMUseNTLM will fail to compile after upgrading to this version. To migrate:

  • WinRMUseNTLM: true → WinRMUseNTLM: config.TriTrue
  • WinRMUseNTLM: false → WinRMUseNTLM: config.TriFalse
  • if c.WinRMUseNTLM { → if c.WinRMUseNTLM.True() {

  Plugins that only embed communicator.Config without touching this field directly are unaffected. User-facing HCL/JSON configuration (winrm_use_ntlm = true) continues to work without changes.

Other Changes

• updated go.mod by @​sanyaraj2424 in hashicorp/packer-plugin-sdk#322
• [COMPLIANCE] Add/Update Copyright Headers by @​hashicorp-copywrite[bot] in hashicorp/packer-plugin-sdk#327
• version: cut release v0.6.8 by @​tanmay-hc in hashicorp/packer-plugin-sdk#330

New Contributors

• @​sanyaraj2424 made their first contribution in hashicorp/packer-plugin-sdk#322

Full Changelog: hashicorp/packer-plugin-sdk@v0.6.7...v0.6.8

Changelog

Sourced from github.com/hashicorp/packer-plugin-sdk's changelog.

0.6.8 (May 18, 2026)

• sdk: Update module dependencies to address authorization bypass vulnerability GH-322
• sdk: Add and update copyright headers for compliance GH-327

0.3.1 (July 28, 2022)

0.3.0 (June 09, 2022)

• multistep/commonsteps: Add default timeouts to the GitGetter, HgGetter, S3Getter, and GcsGetter getters to mitigate against resource exhaustion when calling out to external command line applications.
• multistep/commonsteps: Disable support for the X-Terraform-Get header to mitigate against protocol switching, endless redirect, and configuration bypass abuse of custom HTTP response header processing.
• multistep/commonsteps: Update settings for the default go-getter client to prevent arbitrary host access via go-getter's path traversal, symlink processing, and command injection flaws.
• sdk: Bump github.com/hashicorp/go-getter/v2, github.com/hashicorp/go- getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2 to address a number of security vulnerabilities as defined in HCSEC-2022-13

0.2.13 (May 11, 2022)

• cmd/packer-sdc: Update golang.org/x/tools to fix internal package errors when running code generation commands with Go 1.18 GH-108

0.2.12 (May 03, 2022)

• provisioner/shell-local: Add env argument to pass env vars through a key value store GH-98
• provisioner/shell: Add env argument to pass env vars through a key value store GH-98
• sdk: Bump github.com/hashicorp/go-getter/v2 to v2.0.2 GH-102
• sdk: Bump github.com/hashicorp/hcl/v2 to v2.12.0 GH-106
• sdk: Update crypto/ssh pkg used by SSH communicator The existing ssh client used by the SSH communicator was relying on legacy key algorithms and could not connect to recent versions of openssh, or servers with a limited set of fips approved algorithms. GH-107

0.2.11 (December 17, 2021)

• sdk: The SourceImageID field for registry/image.Image is now optional; calling Image#Validate will nolonger error if SourceImageID is empty.

... (truncated)

Commits

• 271cd7b Merge pull request #330 from hashicorp/cut-release-0.6.8
• 90635e5 Merge pull request #329 from hashicorp/ntlb-trilean
• e5c50e6 version: cut release v0.6.8
• 634986e Update dependencies and Go version
• 8ead39d communicator: change WinRMUseNTLM from bool to config.Trilean
• d740140 Merge pull request #327 from hashicorp/compliance/add-headers
• d0bdd9f [COMPLIANCE] Add/Update Copyright Headers
• d59add9 Merge pull request #322 from hashicorp/authorization-bypass
• 6143d84 updated go.mod
• ff764b2 Merge pull request #321 from hashicorp/prep-dev
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)