unistack-org/micro-config-vault
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 27 Wiki Activity

Bump github.com/hashicorp/vault/api from 1.1.1 to 1.2.0 #40

Merged
dependabot[bot] merged 2 commits from dependabot/go_modules/github.com/hashicorp/vault/api-1.2.0 into master 2021-10-27 23:18:25 +03:00
Conversation 0 Commits 2 Files Changed 2 +36 -12
dependabot[bot] commented 2021-10-18 11:28:25 +03:00 (Migrated from github.com)
Copy Link

Bumps github.com/hashicorp/vault/api from 1.1.1 to 1.2.0.

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.2.0 (July 30th, 2019)

CHANGES:

  • Token store roles use new, common token fields for the values that overlap with other auth backends. period, explicit_max_ttl, and bound_cidrs will continue to work, with priority being given to the token_ prefixed versions of those parameters. They will also be returned when doing a read on the role if they were used to provide values initially; however, in Vault 1.4 if period or explicit_max_ttl is zero they will no longer be returned. (explicit_max_ttl was already not returned if empty.)
  • Due to underlying changes in Go version 1.12 and Go > 1.11.5, Vault is now stricter about what characters it will accept in path names. Whereas before it would filter out unprintable characters (and this could be turned off), control characters and other invalid characters are now rejected within Go's HTTP library before the request is passed to Vault, and this cannot be disabled. To continue using these (e.g. for already-written paths), they must be properly percent-encoded (e.g. \r becomes %0D, \x00 becomes %00, and so on).
  • The user-configured regions on the AWSKMS seal stanza will now be preferred over regions set in the enclosing environment. This is a breaking change.
  • All values in audit logs now are omitted if they are empty. This helps reduce the size of audit log entries by not reproducing keys in each entry that commonly don't contain any value, which can help in cases where audit log entries are above the maximum UDP packet size and others.
  • Both PeriodicFunc and WALRollback functions will be called if both are provided. Previously WALRollback would only be called if PeriodicFunc was not set. See [GH-6717] for details.
  • Vault now uses Go's official dependency management system, Go Modules, to manage dependencies. As a result to both reduce transitive dependencies for API library users and plugin authors, and to work around various conflicts, we have moved various helpers around, mostly under an sdk/ submodule. A couple of functions have also moved from plugin helper code to the api/ submodule. If you are a plugin author, take a look at some of our official plugins and the paths they are importing for guidance.
  • AppRole uses new, common token fields for values that overlap with other auth backends. period and policies will continue to work, with priority being given to the token_ prefixed versions of those parameters. They will also be returned when doing a read on the role if they were used to provide values initially.
  • In AppRole, "default" is no longer automatically added to the policies parameter. This was a no-op since it would always be added anyways by Vault's core; however, this can now be explicitly disabled with the new token_no_default_policy field.
  • In AppRole, bound_cidr_list is no longer returned when reading a role
  • rollback: Rollback will no longer display log messages when it runs; it will only display messages on error.
  • Database plugins will now default to 4 max_open_connections rather than 2.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.1.1 to 1.2.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/blob/main/CHANGELOG.md">github.com/hashicorp/vault/api's changelog</a>.</em></p> <blockquote> <h2>1.2.0 (July 30th, 2019)</h2> <p>CHANGES:</p> <ul> <li>Token store roles use new, common token fields for the values that overlap with other auth backends. <code>period</code>, <code>explicit_max_ttl</code>, and <code>bound_cidrs</code> will continue to work, with priority being given to the <code>token_</code> prefixed versions of those parameters. They will also be returned when doing a read on the role if they were used to provide values initially; however, in Vault 1.4 if <code>period</code> or <code>explicit_max_ttl</code> is zero they will no longer be returned. (<code>explicit_max_ttl</code> was already not returned if empty.)</li> <li>Due to underlying changes in Go version 1.12 and Go &gt; 1.11.5, Vault is now stricter about what characters it will accept in path names. Whereas before it would filter out unprintable characters (and this could be turned off), control characters and other invalid characters are now rejected within Go's HTTP library before the request is passed to Vault, and this cannot be disabled. To continue using these (e.g. for already-written paths), they must be properly percent-encoded (e.g. <code>\r</code> becomes <code>%0D</code>, <code>\x00</code> becomes <code>%00</code>, and so on).</li> <li>The user-configured regions on the AWSKMS seal stanza will now be preferred over regions set in the enclosing environment. This is a <em>breaking</em> change.</li> <li>All values in audit logs now are omitted if they are empty. This helps reduce the size of audit log entries by not reproducing keys in each entry that commonly don't contain any value, which can help in cases where audit log entries are above the maximum UDP packet size and others.</li> <li>Both PeriodicFunc and WALRollback functions will be called if both are provided. Previously WALRollback would only be called if PeriodicFunc was not set. See [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/6717">GH-6717</a>] for details.</li> <li>Vault now uses Go's official dependency management system, Go Modules, to manage dependencies. As a result to both reduce transitive dependencies for API library users and plugin authors, and to work around various conflicts, we have moved various helpers around, mostly under an <code>sdk/</code> submodule. A couple of functions have also moved from plugin helper code to the <code>api/</code> submodule. If you are a plugin author, take a look at some of our official plugins and the paths they are importing for guidance.</li> <li>AppRole uses new, common token fields for values that overlap with other auth backends. <code>period</code> and <code>policies</code> will continue to work, with priority being given to the <code>token_</code> prefixed versions of those parameters. They will also be returned when doing a read on the role if they were used to provide values initially.</li> <li>In AppRole, <code>&quot;default&quot;</code> is no longer automatically added to the <code>policies</code> parameter. This was a no-op since it would always be added anyways by Vault's core; however, this can now be explicitly disabled with the new <code>token_no_default_policy</code> field.</li> <li>In AppRole, <code>bound_cidr_list</code> is no longer returned when reading a role</li> <li>rollback: Rollback will no longer display log messages when it runs; it will only display messages on error.</li> <li>Database plugins will now default to 4 <code>max_open_connections</code> rather than 2.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/vault/commit/33d368eac2d24501209d6874379c8cc4d4736e3d"><code>33d368e</code></a> Cut version 1.2.0</li> <li><a href="https://github.com/hashicorp/vault/commit/346dadbb3482d215c6c242f5a029565d76d74d34"><code>346dadb</code></a> Revert &quot;Generalize and improve testcluster-building code (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/7177">#7177</a>)&quot; (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/7212">#7212</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/bed75b1d94b615258eed996795c06ee83b3d197e"><code>bed75b1</code></a> Updating plugin deps</li> <li><a href="https://github.com/hashicorp/vault/commit/c0bbaab9d6bd046cb0e438f761062cf2793f357b"><code>c0bbaab</code></a> Update api/sdk</li> <li><a href="https://github.com/hashicorp/vault/commit/746c0b111519166ff2126f55dba7071912c33006"><code>746c0b1</code></a> Update api's sdk</li> <li><a href="https://github.com/hashicorp/vault/commit/0dc007d98cc8657674ab772a891fc70739f7a8be"><code>0dc007d</code></a> Update files for release</li> <li><a href="https://github.com/hashicorp/vault/commit/733c6668c78e802bec1f08784f7992190e0d8d2b"><code>733c666</code></a> changelog++</li> <li><a href="https://github.com/hashicorp/vault/commit/3b693f291b8155950efed1627814859e6766369c"><code>3b693f2</code></a> Pull in updated secrets-ad plugin</li> <li><a href="https://github.com/hashicorp/vault/commit/b5aae722f77d6b704cb442eeaa063da13dd3188c"><code>b5aae72</code></a> Fix tests</li> <li><a href="https://github.com/hashicorp/vault/commit/8a2a3442f0bb07ef795c6680d8465932972d165e"><code>8a2a344</code></a> Add additional raft chunk test (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/7192">#7192</a>)</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/vault/compare/v1.1.1...v1.2.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/vault/api&package-manager=go_modules&previous-version=1.1.1&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Kind/Breaking
Breaking change that won't be backward compatible
Kind/Bug
Something is not working
Kind/Documentation
Documentation changes
Kind/Enhancement
Improve existing functionality
Kind/Feature
New functionality
Kind/Security
This is security issue
Kind/Testing
Issue or pull request related to testing
Priority
Critical
The priority is critical
Priority
High
The priority is high
Priority
Low
The priority is low
Priority
Medium
The priority is medium
Reviewed
Confirmed
Issue has been confirmed
Reviewed
Duplicate
This issue or pull request already exists
Reviewed
Invalid
Invalid issue
Reviewed
Won't Fix
This issue won't be fixed
Status
Abandoned
Somebody has started to work on this but abandoned work
Status
Blocked
Something is blocking this issue or pull request
Status
Need More Info
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unistack-org/micro-config-vault#40
No description provided.
Delete Branch "dependabot/go_modules/github.com/hashicorp/vault/api-1.2.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?