chore(deps): bump github.com/hashicorp/vault from 1.8.4 to 1.8.5

[dependabot]

Bumps github.com/hashicorp/vault from 1.8.4 to 1.8.5.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.8.5

1.8.5

November 4, 2021

BUG FIXES:

• auth/aws: fix config/rotate-root to store new key [GH-12715]
• core/identity: Cleanup alias in the in-memory entity after an alias deletion by ID [GH-12834]
• core/identity: Disallow entity alias creation/update if a conflicting alias exists for the target entity and mount combination [GH-12747]
• http (enterprise): Always forward internal/counters endpoints from perf standbys to active node
• identity/token: Adds missing call to unlock mutex in key deletion error handling [GH-12916]
• kmip (enterprise): Fix handling of custom attributes when servicing GetAttributes requests
• kmip (enterprise): Fix handling of invalid role parameters within various vault api calls
• kmip (enterprise): Forward KMIP register operations to the active node
• secrets/keymgmt (enterprise): Fix support for Azure Managed HSM Key Vault instances. [GH-12952]
• transform (enterprise): Fix an error where the decode response of an expired token is an empty result rather than an error.

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.8.5

November 4, 2021

SECURITY:

• core/identity: Templated ACL policies would always match the first-created entity alias if multiple entity aliases existed for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. This vulnerability, CVE-2021-43998, was fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.

BUG FIXES:

• auth/aws: fix config/rotate-root to store new key [GH-12715]
• core/identity: Cleanup alias in the in-memory entity after an alias deletion by ID [GH-12834]
• core/identity: Disallow entity alias creation/update if a conflicting alias exists for the target entity and mount combination [GH-12747]
• http (enterprise): Always forward internal/counters endpoints from perf standbys to active node
• identity/token: Adds missing call to unlock mutex in key deletion error handling [GH-12916]
• kmip (enterprise): Fix handling of custom attributes when servicing GetAttributes requests
• kmip (enterprise): Fix handling of invalid role parameters within various vault api calls
• kmip (enterprise): Forward KMIP register operations to the active node
• secrets/keymgmt (enterprise): Fix support for Azure Managed HSM Key Vault instances. [GH-12952]
• transform (enterprise): Fix an error where the decode response of an expired token is an empty result rather than an error.

Commits

• 647eccf update Go version from 1.16.7 to 1.16.9 (#13029)
• 0f4e4c6 bump to go 1.16.9 (#13028)
• 03a718d go get sdk@release/1.8.x (#12994)
• 6654f4b 1.8.5 version bump (#12986)
• bebf096 Fix go.mod, go.sum after go-kms-wrapping update (#12958)
• 94f2ef9 go-kms-wrapping update for Azure Key Vault's Managed HSM offering [backport 1...
• e777d3b Adds missing unlock of RWMutex in OIDC delete key (#12916) (#12922)
• dd80dbf Backport 12834 18x (#12869)
• 3a186fa Update dependency go-mssqldb to v0.11.0 in release/1.8.x (#12873)
• c4cf784 Backport 1.8.x: Fix auth/aws so that config/rotate-root saves new key pair (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

Merging #356 (fec90fc) into master (1c0af53) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #356   +/-   ##
=======================================
  Coverage   42.01%   42.01%           
=======================================
  Files           7        7           
  Lines         307      307           
=======================================
  Hits          129      129           
  Misses        160      160           
  Partials       18       18           

[kaymckay]

lgtm