Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump github.com/hashicorp/vault from 1.15.5 to 1.18.1 #10

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 12, 2024

Bumps github.com/hashicorp/vault from 1.15.5 to 1.18.1.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.18.1

1.18.1

October 30, 2024

CHANGES:

  • auth/azure: Update plugin to v0.19.1 [GH-28712]
  • secrets/azure: Update plugin to v0.20.1 [GH-28699]
  • secrets/openldap: Update plugin to v0.14.1 [GH-28479]
  • secrets/openldap: Update plugin to v0.14.2 [GH-28704]
  • secrets/openldap: Update plugin to v0.14.3 [GH-28780]

IMPROVEMENTS:

  • core: Add a mount tuneable that trims trailing slashes of request paths during POST. Needed to support CMPv2 in PKI. [GH-28752]
  • raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241003195753-88fef418d705
  • ui: Add button to copy secret path in kv v1 and v2 secrets engines [GH-28629]
  • ui: Adds copy button to identity entity, alias and mfa method IDs [GH-28742]

BUG FIXES:

  • agent: Fix chown error running agent on Windows with an auto-auth file sinks. [GH-28748]
  • audit: Prevent users from enabling multiple audit devices of file type with the same file_path to write to. [GH-28751]
  • cli: Fixed a CLI precedence issue where -agent-address didn't override VAULT_AGENT_ADDR as it should [GH-28574]
  • core/seal (enterprise): Fix bug that caused seal generation information to be replicated, which prevented disaster recovery and performance replication clusters from using their own seal high-availability configuration.
  • core/seal: Fix an issue that could cause reading from sys/seal-backend-status to return stale information. [GH-28631]
  • core: Fixed panic seen when performing help requests without /v1/ in the URL. [GH-28669]
  • kmip (enterprise): Use the default KMIP port for IPv6 addresses missing a port, for the listen_addrs configuration field, in order to match the existing IPv4 behavior
  • namespaces (enterprise): Fix issue where namespace patch requests to a performance secondary would not patch the namespace's metadata.
  • proxy: Fix chown error running proxy on Windows with an auto-auth file sink. [GH-28748]
  • secrets/pki: Address issue with ACME HTTP-01 challenges failing for IPv6 IPs due to improperly formatted URLs [GH-28718]
  • ui: No longer running decodeURIComponent on KVv2 list view allowing percent encoded data-octets in path name. [GH-28698]

v1.18.0

CHANGES:

  • activity (enterprise): filter all fields in client count responses by the request namespace [GH-27790]
  • activity (enterprise): remove deprecated fields distinct_entities and non_entity_tokens [GH-27830]
  • activity log: Deprecated the field "default_report_months". Instead, the billing start time will be used to determine the start time when querying the activity log endpoints. [GH-27350]
  • activity log: Deprecates the current_billing_period field for /sys/internal/counters/activity. The default start time will automatically be set the billing period start date. [GH-27426]
  • activity: The activity export API now requires the sudo ACL capability. [GH-27846]
  • activity: The activity export API now responds with a status of 204 instead 400 when no data exists within the time range specified by start_time and end_time. [GH-28064]
  • activity: The startTime will be set to the start of the current billing period by default. The endTime will be set to the end of the current month. This applies to /sys/internal/counters/activity, /sys/internal/counters/activity/export, and the vault operator usage command that utilizes /sys/internal/counters/activity. [GH-27379]
  • api: Update backoff/v3 to backoff/v4.3.0 [GH-26868]
  • auth/alicloud: Update plugin to v0.19.0 [GH-28263]
  • auth/azure: Update plugin to v0.19.0 [GH-28294]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.15.16 Enterprise

October 09, 2024

SECURITY:

  • secrets/identity: A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their privileges to Vault's root policy (CVE-2024-9180) HCSEC-2024-21

IMPROVEMENTS:

  • core: log at level ERROR rather than INFO when all seals are unhealthy. [GH-28564]

BUG FIXES:

  • auth/cert: When using ocsp_ca_certificates, an error was produced though extra certs validation succeeded. [GH-28597]
  • auth/token: Fix token TTL calculation so that it uses max_lease_ttl tune value for tokens created via auth/token/create. [GH-28498]

1.15.15 Enterprise

September 25, 2024

SECURITY:

CHANGES:

  • core: Bump Go version to 1.22.7.
  • secrets/ssh: Add a flag, allow_empty_principals to allow keys or certs to apply to any user/principal. [GH-28466]

BUG FIXES:

  • secret/aws: Fixed potential panic after step-down and the queue has not repopulated. [GH-28330]
  • auth/cert: During certificate validation, OCSP requests are debug logged even if Vault's log level is above DEBUG. [GH-28450]
  • auth/cert: ocsp_ca_certificates field was not honored when validating OCSP responses signed by a CA that did not issue the certificate. [GH-28309]
  • auth: Updated error handling for missing login credentials in AppRole and UserPass auth methods to return a 400 error instead of a 500 error. [GH-28441]
  • core: Fixed an issue where maximum request duration timeout was not being added to all requests containing strings sys/monitor and sys/events. With this change, timeout is now added to all requests except monitor and events endpoint. [GH-28230]

1.15.14 Enterprise

August 29, 2024

CHANGES:

  • activity (enterprise): filter all fields in client count responses by the request namespace [GH-27790]
  • core: Bump Go version to 1.22.6

IMPROVEMENTS:

  • activity log: Changes how new client counts in the current month are estimated, in order to return more visibly sensible totals. [GH-27547]
  • activity: /sys/internal/counters/activity will now include a warning if the specified usage period contains estimated client counts. [GH-28068]
  • cli: vault operator usage will now include a warning if the specified usage period contains estimated client counts. [GH-28068]
  • core/activity: Ensure client count queries that include the current month return consistent results by sorting the clients before performing estimation [GH-28062]

... (truncated)

Commits
  • f479e5c [VAULT-32181] This is an automated pull request to build all artifacts for a ...
  • d92fac4 backport of commit 195dfca433028887973f5bd82d173d91fe9dab4a (#28791)
  • 328fbc2 backport of commit 2eaae5e87bc926d61a02554425f3e815ff5ee3ab (#28787)
  • 72c3a8e backport of commit 4688583754ef1e6cc6533ee9677a92b4651a1673 (#28785)
  • e8c74b6 backport of commit c62d24dfc76dde52710b5645ed9318decc7943e6 (#28784)
  • 2e9cc4d backport of commit a384eac192d362692d6600b5021239b36b799b53 (#28783)
  • d45d044 backport of commit cccad7d53f8901aee84f4cac23f46384bff5d8ac (#28777)
  • 24d1f9f backport of commit f439a1eece9e27d787ebc1ae187c0ca19de8800d (#28776)
  • 337b222 backport of commit dec3bcc1aafec8c355f5435e5bc4953ce794eeb7 (#28774)
  • 1ca2e01 backport of commit b4c332626f8d67cc970db5b8990b5ce9b1e1d5c9 (#28768)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 12, 2024
@olastor
Copy link
Owner

olastor commented Dec 12, 2024

@dependabot rebase

Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.15.5 to 1.18.1.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v1.10-v1.15.md)
- [Commits](hashicorp/vault@v1.15.5...v1.18.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.18.1 branch from 04c2109 to e8693e0 Compare December 12, 2024 16:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant