hashicorp · ritikrajdev · Aug 12, 2025 · Aug 12, 2025 · Aug 19, 2025 · Aug 19, 2025
@@ -12,8 +12,7 @@ jobs:
     strategy:
       matrix:
         go-version:
-          - 1.18
-          - 1.19
+          - 1.23
     permissions:
       id-token: write
       contents: read
@@ -91,8 +90,7 @@ jobs:
     strategy:
       matrix:
         go-version:
-          - 1.18
-          - 1.19
+          - 1.23
     permissions:
       id-token: write
       contents: read

@@ -22,7 +22,7 @@ jobs:
       - name: Setup go
         uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
         with:
-          go-version: '^1.15'
+          go-version: '^1.23'
       - name: Setup signore
         uses: hashicorp/setup-signore@v2
         with:

@@ -7,7 +7,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -205,7 +204,7 @@ func (c *Client) Get() error {
 	if decompressor != nil {
 		// Create a temporary directory to store our archive. We delete
 		// this at the end of everything.
-		td, err := ioutil.TempDir("", "getter")
+		td, err := os.MkdirTemp("", "getter")
 		if err != nil {
 			return fmt.Errorf(
 				"Error creating temporary directory for archive: %s", err)

@@ -4,11 +4,11 @@
 package getter
 
 import (
-	"io/ioutil"
+	"os"
 )
 
 func tmpFile(dir, pattern string) (string, error) {
-	f, err := ioutil.TempFile(dir, pattern)
+	f, err := os.CreateTemp(dir, pattern)
 	if err != nil {
 		return "", err
 	}

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 )
 
@@ -16,6 +17,26 @@ func mode(mode, umask os.FileMode) os.FileMode {
 	return mode & ^umask
 }
 
+func safeEvalSymlinks(path string) (string, error) {
+	resolved, err := filepath.EvalSymlinks(path)
+	if err == nil || runtime.GOOS != "windows" {
+		return resolved, err
+	}
+
+	// On Windows with Go 1.23+, EvalSymlinks may not resolve junctions
+	fi, statErr := os.Lstat(path)
+	if statErr != nil {
+		return "", err // fallback to original error
+	}
+
+	if fi.Mode()&os.ModeSymlink != 0 || fi.Mode()&os.ModeIrregular != 0 {
+		return path, nil
+	}
+
+	// It's a normal directory or file — return it as-is
+	return path, nil
+}
+
 // copyDir copies the src directory contents into dst. Both directories
 // should already exist.
 //
@@ -24,7 +45,7 @@ func copyDir(ctx context.Context, dst string, src string, ignoreDot bool, disabl
 	// We can safely evaluate the symlinks here, even if disabled, because they
 	// will be checked before actual use in walkFn and copyFile
 	var err error
-	resolved, err := filepath.EvalSymlinks(src)
+	resolved, err := safeEvalSymlinks(src)
 	if err != nil {
 		return err
 	}

@@ -6,7 +6,6 @@ package getter
 import (
 	"archive/tar"
 	"bytes"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -82,7 +81,7 @@ func TestTarLimits(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	td, err := ioutil.TempDir("", "getter")
+	td, err := os.MkdirTemp("", "getter")
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}
@@ -133,7 +132,7 @@ func TestTarLimits(t *testing.T) {
 
 // testDecompressPermissions decompresses a directory and checks the permissions of the expanded files
 func testDecompressorPermissions(t *testing.T, d Decompressor, input string, expected map[string]int, umask os.FileMode) {
-	td, err := ioutil.TempDir("", "getter")
+	td, err := os.MkdirTemp("", "getter")
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}

@@ -7,7 +7,6 @@ import (
 	"crypto/md5"
 	"encoding/hex"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -36,7 +35,7 @@ func TestDecompressor(t testing.TB, d Decompressor, cases []TestDecompressCase)
 		t.Logf("Testing: %s", tc.Input)
 
 		// Temporary dir to store stuff
-		td, err := ioutil.TempDir("", "getter")
+		td, err := os.MkdirTemp("", "getter")
 		if err != nil {
 			t.Fatalf("err: %s", err)
 		}

@@ -6,7 +6,6 @@ package getter
 import (
 	"archive/zip"
 	"bytes"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -169,7 +168,7 @@ func TestDecompressZipBomb(t *testing.T) {
 		}
 	}
 
-	td, err := ioutil.TempDir("", "go-getter-zip")
+	td, err := os.MkdirTemp("", "go-getter-zip")
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}

@@ -7,7 +7,6 @@
 package getter
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -16,7 +15,7 @@ import (
 // If a relative symlink is passed in as the pwd to Detect, the resulting URL
 // can have an invalid path.
 func TestFileDetector_relativeSymlink(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "go-getter")
+	tmpDir, err := os.MkdirTemp("", "go-getter")
 	if err != nil {
 		t.Fatal(err)
 	}

@@ -84,12 +84,13 @@ func init() {
 // src is a URL, whereas dst is always just a file path to a folder. This
 // folder doesn't need to exist. It will be created if it doesn't exist.
 func Get(dst, src string, opts ...ClientOption) error {
-	return (&Client{
+	result := (&Client{
 		Src:     src,
 		Dst:     dst,
 		Dir:     true,
 		Options: opts,
 	}).Get()
+	return result
 }
 
 // GetAny downloads a URL into the given destination. Unlike Get or

@@ -6,6 +6,7 @@ package getter
 import (
 	"os"
 	"path/filepath"
+	"runtime"
 	"testing"
 )
 
@@ -27,8 +28,15 @@ func TestFileGetter(t *testing.T) {
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}
-	if fi.Mode()&os.ModeSymlink == 0 {
-		t.Fatal("destination is not a symlink")
+
+	if runtime.GOOS == "windows" {
+		if fi.Mode()&os.ModeSymlink == 0 && fi.Mode()&os.ModeIrregular == 0 {
+			t.Fatal("destination is neither a symlink nor a junction (reparse point)")
+		}
+	} else {
+		if fi.Mode()&os.ModeSymlink == 0 {
+			t.Fatal("destination is not a symlink")
+		}
 	}
 
 	// Verify the main file exists

@@ -4,7 +4,6 @@
 package getter
 
 import (
-	"io/ioutil"
 	"net/url"
 	"os"
 	"path/filepath"
@@ -86,7 +85,7 @@ func TestGCSGetter_GetGenerationFile(t *testing.T) {
 	}
 
 	// Verify contents are valid for this generation
-	content, err := ioutil.ReadFile(dst)
+	content, err := os.ReadFile(dst)
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}
@@ -102,7 +101,7 @@ func TestGCSGetter_GetGenerationFile(t *testing.T) {
 	}
 
 	// Verify contents are valid for this generation
-	content, err = ioutil.ReadFile(dst)
+	content, err = os.ReadFile(dst)
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}

@@ -8,7 +8,6 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 	"os/exec"
@@ -101,7 +100,7 @@ func (g *GitGetter) Get(dst string, u *url.URL) error {
 		}
 
 		// Create a temp file for the key and ensure it is removed.
-		fh, err := ioutil.TempFile("", "go-getter")
+		fh, err := os.CreateTemp("", "go-getter")
 		if err != nil {
 			return err
 		}

@@ -9,7 +9,6 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 	"os/exec"
@@ -421,14 +420,14 @@ func TestGitGetter_gitVersion(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		t.Skip("skipping on windows since the test requires sh")
 	}
-	dir, err := ioutil.TempDir("", "go-getter")
+	dir, err := os.MkdirTemp("", "go-getter")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer func() { _ = os.RemoveAll(dir) }()
 
 	script := filepath.Join(dir, "git")
-	err = ioutil.WriteFile(
+	err = os.WriteFile(
 		script,
 		[]byte("#!/bin/sh\necho \"git version 2.0 (Some Metadata Here)\n\""),
 		0700)
@@ -734,7 +733,7 @@ func TestGitGetter_subdirectory_symlink(t *testing.T) {
 	g := new(GitGetter)
 	dst := tempDir(t)
 
-	target, err := ioutil.TempFile("", "link-target")
+	target, err := os.CreateTemp("", "link-target")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -1088,7 +1087,7 @@ type gitRepo struct {
 
 // testGitRepo creates a new test git repository.
 func testGitRepo(t *testing.T, name string) *gitRepo {
-	dir, err := ioutil.TempDir("", "go-getter")
+	dir, err := os.MkdirTemp("", "go-getter")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -1130,7 +1129,7 @@ func (r *gitRepo) git(args ...string) {
 // commitFile writes and commits a text file to the repo.
 func (r *gitRepo) commitFile(file, content string) {
 	path := filepath.Join(r.dir, file)
-	if err := ioutil.WriteFile(path, []byte(content), 0600); err != nil {
+	if err := os.WriteFile(path, []byte(content), 0600); err != nil {
 		r.t.Fatal(err)
 	}
 	r.git("add", file)

@@ -264,7 +264,9 @@ func (g *HttpGetter) Get(dst string, u *url.URL) error {
 	if err != nil {
 		return err
 	}
-	defer func() { _ = resp.Body.Close() }()
+	defer func() {
+		_ = resp.Body.Close()
+	}()
 
 	body := resp.Body
 

@@ -9,13 +9,13 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
 	"os"
 	"path/filepath"
+	"runtime/debug"
 	"strconv"
 	"strings"
 	"testing"
@@ -156,9 +156,13 @@ func TestHttpGetter_metaSubdir(t *testing.T) {
 	u.Scheme = "http"
 	u.Host = ln.Addr().String()
 	u.Path = "/meta-subdir"
+	t.Logf("dst: %s", dst)
 
 	// Get it!
 	if err := g.Get(dst, &u); err != nil {
+		t.Logf("runtime stack %v", string(debug.Stack()))
+		t.Logf("error details %+v", err)
+		t.Logf("error type %T", err)
 		t.Fatalf("err: %s", err)
 	}
 
@@ -253,7 +257,7 @@ func TestHttpGetter_resume(t *testing.T) {
 		t.Fatalf("finishing download should not error: %v", err)
 	}
 
-	b, err := ioutil.ReadFile(dst)
+	b, err := os.ReadFile(dst)
 	if err != nil {
 		t.Fatalf("readfile failed: %v", err)
 	}
@@ -309,7 +313,7 @@ func TestHttpGetter_resumeNoRange(t *testing.T) {
 		t.Fatalf("finishing download should not error: %v", err)
 	}
 
-	b, err := ioutil.ReadFile(dst)
+	b, err := os.ReadFile(dst)
 	if err != nil {
 		t.Fatalf("readfile failed: %v", err)
 	}
@@ -761,7 +765,7 @@ func TestHttpGetter_subdirLink(t *testing.T) {
 	defer func() { _ = ln.Close() }()
 
 	httpGetter := new(HttpGetter)
-	dst, err := ioutil.TempDir("", "tf")
+	dst, err := os.MkdirTemp("", "tf")
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}
@@ -829,7 +833,7 @@ func testHttpServerWithXTerraformGetDetected(t *testing.T) net.Listener {
 		w.Header().Set("X-Terraform-Get", first)
 	})
 	mux.HandleFunc("/archive.tar.gz", func(w http.ResponseWriter, r *http.Request) {
-		f, err := ioutil.ReadFile("testdata/archive.tar.gz")
+		f, err := os.ReadFile("testdata/archive.tar.gz")
 		if err != nil {
 			t.Fatal(err)
 		}