Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/hashicorp/vault/api from 1.8.2 to 1.9.0 #407

Merged
merged 1 commit into from
Feb 14, 2023
Merged

Bump github.com/hashicorp/vault/api from 1.8.2 to 1.9.0 #407

merged 1 commit into from
Feb 14, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 10, 2023
edited
Loading

Bumps github.com/hashicorp/vault/api from 1.8.2 to 1.9.0.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.9.0

1.9.0

November 17, 2021

CHANGES:

  • expiration: VAULT_16_REVOKE_PERMITPOOL environment variable has been removed. [GH-12888]
  • expiration: VAULT_LEASE_USE_LEGACY_REVOCATION_STRATEGY environment variable has been removed. [GH-12888]
  • go: Update go version to 1.17.2
  • secrets/ssh: Roles with empty allowed_extensions will now forbid end-users specifying extensions when requesting ssh key signing. Update roles setting allowed_extensions to * to permit any extension to be specified by an end-user. [GH-12847]

FEATURES:

  • Customizable HTTP Headers: Add support to define custom HTTP headers for root path (/) and also on API endpoints (/v1/*) [GH-12485]
  • Deduplicate Token With Entities in Activity Log: Vault tokens without entities are now tracked with client IDs and deduplicated in the Activity Log [GH-12820]
  • Elasticsearch Database UI: The UI now supports adding and editing Elasticsearch connections in the database secret engine. [GH-12672]
  • KV Custom Metadata: Add ability in kv-v2 to specify version-agnostic custom key metadata via the metadata endpoint. The data will be present in responses made to the data endpoint independent of the calling token's read access to the metadata endpoint. [GH-12907]
  • KV patch (Tech Preview): Add partial update support for the /<mount>/data/:path kv-v2 endpoint through HTTP PATCH. A new patch ACL capability has been added and is required to make such requests. [GH-12687]
  • Key Management Secrets Engine (Enterprise): Adds support for distributing and managing keys in GCP Cloud KMS.
  • Local Auth Mount Entities (enterprise): Logins on local auth mounts will generate identity entities for the tokens issued. The aliases of the entity resulting from local auth mounts (local-aliases), will be scoped by the cluster. This means that the local-aliases will never leave the geographical boundary of the cluster where they were issued. This is something to be mindful about for those who have implemented local auth mounts for complying with GDPR guidelines.
  • Namespaces (Enterprise): Adds support for locking Vault API for particular namespaces.
  • OIDC Identity Provider (Tech Preview): Adds support for Vault to be an OpenID Connect (OIDC) provider. [GH-12932]
  • Oracle Database UI: The UI now supports adding and editing Oracle connections in the database secret engine. [GH-12752]
  • Postgres Database UI: The UI now supports adding and editing Postgres connections in the database secret engine. [GH-12945]

IMPROVEMENTS:

  • agent/cache: Process persistent cache leases in dependency order during restore to ensure child leases are always correctly restored [GH-12843]
  • agent/cache: Use an in-process listener between consul-template and vault-agent when caching is enabled and either templates or a listener is defined [GH-12762]
  • agent/cache: tolerate partial restore failure from persistent cache [GH-12718]
  • agent/template: add support for new 'writeToFile' template function [GH-12505]
  • api: Add configuration option for ensuring isolated read-after-write semantics for all Client requests. [GH-12814]
  • api: adds native Login method to Go client module with different auth method interfaces to support easier authentication [GH-12796]
  • api: Move mergeStates and other required utils from agent to api module [GH-12731]
  • api: Support VAULT_HTTP_PROXY environment variable to allow overriding the Vault client's HTTP proxy [GH-12582]
  • auth/approle: The role/:name/secret-id-accessor/lookup endpoint now returns a 404 status code when the secret_id_accessor cannot be found [GH-12788]
  • auth/approle: expose secret_id_accessor as WrappedAccessor when creating wrapped secret-id. [GH-12425]
  • auth/aws: add profile support for AWS credentials when using the AWS auth method [GH-12621]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.9.0

November 17, 2021

CHANGES:

  • auth/kubernetes: disable_iss_validation defaults to true. #127 [GH-12975]
  • expiration: VAULT_16_REVOKE_PERMITPOOL environment variable has been removed. [GH-12888]
  • expiration: VAULT_LEASE_USE_LEGACY_REVOCATION_STRATEGY environment variable has been removed. [GH-12888]
  • go: Update go version to 1.17.2
  • secrets/ssh: Roles with empty allowed_extensions will now forbid end-users specifying extensions when requesting ssh key signing. Update roles setting allowed_extensions to * to permit any extension to be specified by an end-user. [GH-12847]

FEATURES:

  • Customizable HTTP Headers: Add support to define custom HTTP headers for root path (/) and also on API endpoints (/v1/*) [GH-12485]
  • Deduplicate Token With Entities in Activity Log: Vault tokens without entities are now tracked with client IDs and deduplicated in the Activity Log [GH-12820]
  • Elasticsearch Database UI: The UI now supports adding and editing Elasticsearch connections in the database secret engine. [GH-12672]
  • KV Custom Metadata: Add ability in kv-v2 to specify version-agnostic custom key metadata via the metadata endpoint. The data will be present in responses made to the data endpoint independent of the calling token's read access to the metadata endpoint. [GH-12907]
  • KV patch (Tech Preview): Add partial update support for the /<mount>/data/:path kv-v2 endpoint through HTTP PATCH. A new patch ACL capability has been added and is required to make such requests. [GH-12687]
  • Key Management Secrets Engine (Enterprise): Adds support for distributing and managing keys in GCP Cloud KMS.
  • Local Auth Mount Entities (enterprise): Logins on local auth mounts will generate identity entities for the tokens issued. The aliases of the entity resulting from local auth mounts (local-aliases), will be scoped by the cluster. This means that the local-aliases will never leave the geographical boundary of the cluster where they were issued. This is something to be mindful about for those who have implemented local auth mounts for complying with GDPR guidelines.
  • Namespaces (Enterprise): Adds support for locking Vault API for particular namespaces.
  • OIDC Identity Provider (Tech Preview): Adds support for Vault to be an OpenID Connect (OIDC) provider. [GH-12932]
  • Oracle Database UI: The UI now supports adding and editing Oracle connections in the database secret engine. [GH-12752]
  • Postgres Database UI: The UI now supports adding and editing Postgres connections in the database secret engine. [GH-12945]

SECURITY:

  • core/identity: A Vault user with write permission to an entity alias ID sharing a mount accessor with another user may acquire this other user’s policies by merging their identities. This vulnerability, CVE-2021-41802, was fixed in Vault and Vault Enterprise 1.7.5, 1.8.4, and 1.9.0.
  • core/identity: Templated ACL policies would always match the first-created entity alias if multiple entity aliases existed for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. This vulnerability, CVE-2021-43998, was fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.

IMPROVEMENTS:

  • agent/cache: Process persistent cache leases in dependency order during restore to ensure child leases are always correctly restored [GH-12843]
  • agent/cache: Use an in-process listener between consul-template and vault-agent when caching is enabled and either templates or a listener is defined [GH-12762]
  • agent/cache: tolerate partial restore failure from persistent cache [GH-12718]
  • agent/template: add support for new 'writeToFile' template function [GH-12505]
  • api: Add configuration option for ensuring isolated read-after-write semantics for all Client requests. [GH-12814]
  • api: adds native Login method to Go client module with different auth method interfaces to support easier authentication [GH-12796]

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from lingrino as a code owner February 10, 2023 17:05
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Feb 10, 2023
edited
Loading

Deploying with  Cloudflare Pages  Cloudflare Pages

Latest commit: c12bcbc
Status: ✅  Deploy successful!
Preview URL: https://3e9601d8.vaku.pages.dev
Branch Preview URL: https://dependabot-go-modules-github-5llb.vaku.pages.dev

View logs

@lingrino lingrino enabled auto-merge (squash) February 14, 2023 07:58
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault/api-1.9.0 branch 5 times, most recently from c0cb5c1 to 900b13b Compare February 14, 2023 09:15
@dependabot
Bump github.com/hashicorp/vault/api from 1.8.2 to 1.9.0
c12bcbc 
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.8.2 to 1.9.0.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.8.2...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault/api-1.9.0 branch from 900b13b to c12bcbc Compare February 14, 2023 09:24
@lingrino lingrino merged commit ee30c2a into main Feb 14, 2023
@lingrino lingrino deleted the dependabot/go_modules/github.com/hashicorp/vault/api-1.9.0 branch February 14, 2023 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lingrino lingrino lingrino approved these changes

Assignees

@lingrino lingrino

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lingrino