fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.7 [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/hashicorp/go-retryablehttp	v0.7.4 → v0.7.7

GitHub Vulnerability Alerts

CVE-2024-6104

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

---

Release Notes

hashicorp/go-retryablehttp (github.com/hashicorp/go-retryablehttp)

v0.7.7

Compare Source

v0.7.6

Compare Source

v0.7.5

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dpebot]

/gcbrun

[gemini-code-assist]

Code Review

This pull request updates the github.com/hashicorp/go-retryablehttp dependency from version 0.7.4 to 0.7.7. The reviewer identified that this dependency appears to be unused within the module and recommended removing it entirely via go mod tidy to reduce the application's dependency footprint and attack surface.

[gemini-code-assist]

The dependency github.com/hashicorp/go-retryablehttp appears to be unused in this module as it is not imported in main.go. Since this is a server-side application and go-retryablehttp is a client library, consider removing it entirely to reduce the dependency footprint and attack surface. Running go mod tidy would clean up both go.mod and go.sum automatically by removing unused dependencies and stale checksums.