Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump github.com/hashicorp/vault from 0.10.4 to 1.14.10 #1852

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 6, 2024

Bumps github.com/hashicorp/vault from 0.10.4 to 1.14.10.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.14.10

1.14.10

February 29, 2024

SECURITY:

  • auth/cert: compare public keys of trusted non-CA certificates with incoming client certificates to prevent trusting certs with the same serial number but not the same public/private key. [GH-25649]

CHANGES:

  • core: Bump Go version to 1.20.14.

FEATURES:

  • Manual License Utilization Reporting: Added manual license utilization reporting, which allows users to create manual exports of product-license [metering data] to report to Hashicorp.

IMPROVEMENTS:

  • auth/cert: Cache trusted certs to reduce memory usage and improve performance of logins. [GH-25421]
  • ui: redirect back to current route after reauthentication when token expires [GH-25335]
  • ui: remove unnecessary OpenAPI calls for unmanaged auth methods [GH-25364]

BUG FIXES:

  • core (enterprise): Fix a deadlock that can occur on performance secondary clusters when there are many mounts and a mount is deleted or filtered [GH-25448]
  • core/quotas: Deleting a namespace that contains a rate limit quota no longer breaks replication [GH-25439]
  • secrets/transform (enterprise): guard against a panic looking up a token in exportable mode with barrier storage.
  • secrets/transit: When provided an invalid input with hash_algorithm=none, a lock was not released properly before reporting an error leading to deadlocks on a subsequent key configuration update. [GH-25336]
  • storage/file: Fixing spuriously deleting storage keys ending with .temp [GH-25395]

v1.14.9

1.14.9

January 31, 2024

CHANGES:

  • core: Bump Go version to 1.20.12.
  • database/snowflake: Update plugin to v0.9.2 [GH-25057]

IMPROVEMENTS:

  • command/server: display logs on startup immediately if disable-gated-logs flag is set [GH-24280]
  • oidc/provider: Adds code_challenge_methods_supported to OpenID Connect Metadata [GH-24979]
  • storage/raft: Upgrade to bbolt 1.3.8, along with an extra patch to reduce time scanning large freelist maps. [GH-24010]
  • ui: latest version of chrome does not automatically redirect back to the app after authentication unless triggered by the user, hence added a link to redirect back to the app. [GH-18513]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

0.11.6 (December 14th, 2018)

This release contains the three security fixes from 1.0.0 and 1.0.1 and the following bug fixes from 1.0.0/1.0.1:

  • namespaces: Correctly reload the proper mount when tuning or reloading the mount [GH-5937]
  • replication/perfstandby: Fix audit table upgrade on standbys [GH-5811]
  • replication/perfstandby: Fix redirect on approle update [GH-5820]
  • secrets/kv: Fix issue where storage version would get incorrectly downgraded [GH-5809]

It is otherwise identical to 0.11.5.

0.11.5 (November 13th, 2018)

BUG FIXES:

  • agent: Fix issue when specifying two file sinks [GH-5610]
  • auth/userpass: Fix minor timing issue that could leak the presence of a username [GH-5614]
  • autounseal/alicloud: Fix issue interacting with the API (Enterprise)
  • autounseal/azure: Fix key version tracking (Enterprise)
  • cli: Fix panic that could occur if parameters were not provided [GH-5603]
  • core: Fix buggy behavior if trying to remount into a namespace
  • identity: Fix duplication of entity alias entity during alias transfer between entities [GH-5733]
  • namespaces: Fix tuning of auth mounts in a namespace
  • ui: Fix bug where editing secrets as JSON doesn't save properly [GH-5660]
  • ui: Fix issue where IE 11 didn't render the UI and also had a broken form when trying to use tool/hash [GH-5714]

0.11.4 (October 23rd, 2018)

CHANGES:

  • core: HA lock file is no longer copied during operator migrate [GH-5503]. We've categorized this as a change, but generally this can be considered just a bug fix, and no action is needed.

FEATURES:

  • Transit Key Trimming: Keys in transit secret engine can now be trimmed to remove older unused key versions
  • Web UI support for KV Version 2: Browse, delete, undelete and destroy individual secret versions in the UI
  • Azure Existing Service Principal Support: Credentials can now be generated against an existing service principal

IMPROVEMENTS:

... (truncated)

Commits
  • 7d15950 [VAULT-24502] This is an automated pull request to build all artifacts for a ...
  • 17a3dc2 backport of commit e0b1b87ca684425a38855ac2cbd4436b7945a406 (#25701)
  • 9eeac45 Bump go version to 1.20.14 (#25662)
  • 612a54f backport of commit 773911494e767482207674b5e7bdb9608693c8c0 (#25654)
  • 6a45d27 Backport of identity/oidc: fix flakey key rotation test into release/1.14.x (...
  • d3028e6 backport of commit 5f0638aa8bcb3e6188d4b92fabca29f15460203a (#25448) (#25552)
  • dd5a783 backport of commit e5c6e4cf138282119efb60bb67f1b6b3bee5dc6f (#25527)
  • 35bb12a Cache trusted cert values, invalidating when anything changes (#25421) (#25464)
  • de9f7a8 UI: stabilize flaky ns test (#25488) (#25495)
  • 19e5992 Backport of PSA-714 - update ubi-minimal to 8.9 for security fixes into relea...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 0.10.4 to 1.14.10.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v0.md)
- [Commits](hashicorp/vault@v0.10.4...v1.14.10)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 6, 2024
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 4, 2024

Superseded by #1860.

@dependabot dependabot bot closed this Apr 4, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/hashicorp/vault-1.14.10 branch April 4, 2024 22:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants