Bump github.com/hashicorp/vault/api from 1.5.0 to 1.7.2 #80

Merged
dependabot[bot] merged 1 commits from dependabot/go_modules/github.com/hashicorp/vault/api-1.7.2 into v3 2022-06-25 22:42:55 +03:00
dependabot[bot] commented 2022-06-10 11:22:12 +03:00 (Migrated from github.com)

Bumps github.com/hashicorp/vault/api from 1.5.0 to 1.7.2.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.7.2

1.7.2

May 20th, 2021

SECURITY:

  • Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).

CHANGES:

  • agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [GH-11473]
  • auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs [GH-11494]

IMPROVEMENTS:

  • api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [GH-11445]
  • auth/aws: Underlying error included in validation failure message. [GH-11638]
  • http: Add optional HTTP response headers for hostname and raft node ID [GH-11289]
  • secrets/aws: add ability to provide a role session name when generating STS credentials [GH-11345]
  • secrets/database/mongodb: Add ability to customize SocketTimeout, ConnectTimeout, and ServerSelectionTimeout [GH-11600]
  • secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [GH-11600]

BUG FIXES:

  • agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. [GH-11576]
  • agent: Fixed agent templating to use configured tls servername values [GH-11288]
  • core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [GH-11596]
  • core: correct logic for renewal of leases nearing their expiration time. [GH-11650]
  • identity: Use correct mount accessor when refreshing external group memberships. [GH-11506]
  • replication: Fix panic trying to update walState during identity group invalidation. [GH-1865]
  • secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [GH-11451]
  • secrets/database: Fixed minor race condition when rotate-root is called [GH-11600]
  • secrets/database: Fixes issue for V4 database interface where SetCredentials wasn't falling back to using RotateRootCredentials if SetCredentials is Unimplemented [GH-11585]
  • secrets/keymgmt (enterprise): Fixes audit logging for the read key response.
  • storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [GH-11247]
  • ui: Fix entity group membership and metadata not showing [GH-11641]
  • ui: Fix text link URL on database roles list [GH-11597]

v1.7.1

Release vault 1.7.1

v1.7.0

1.7.0

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.7.2

May 20th, 2021

SECURITY:

  • Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).

CHANGES:

  • agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [GH-11473]
  • auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs [GH-11494]

IMPROVEMENTS:

  • api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [GH-11445]
  • auth/aws: Underlying error included in validation failure message. [GH-11638]
  • http: Add optional HTTP response headers for hostname and raft node ID [GH-11289]
  • secrets/aws: add ability to provide a role session name when generating STS credentials [GH-11345]
  • secrets/database/mongodb: Add ability to customize SocketTimeout, ConnectTimeout, and ServerSelectionTimeout [GH-11600]
  • secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [GH-11600]

BUG FIXES:

  • agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. [GH-11576]
  • agent: Fixed agent templating to use configured tls servername values [GH-11288]
  • core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [GH-11596]
  • core: correct logic for renewal of leases nearing their expiration time. [GH-11650]
  • identity: Use correct mount accessor when refreshing external group memberships. [GH-11506]
  • replication: Fix panic trying to update walState during identity group invalidation. [GH-1865]
  • secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [GH-11451]
  • secrets/database: Fixed minor race condition when rotate-root is called [GH-11600]
  • secrets/database: Fixes issue for V4 database interface where SetCredentials wasn't falling back to using RotateRootCredentials if SetCredentials is Unimplemented [GH-11585]
  • secrets/keymgmt (enterprise): Fixes audit logging for the read key response.
  • storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [GH-11247]
  • ui: Fix entity group membership and metadata not showing [GH-11641]
  • ui: Fix text link URL on database roles list [GH-11597]

1.7.1

21 April 2021

SECURITY:

  • The PKI Secrets Engine tidy functionality may cause Vault to exclude revoked-but-unexpired certificates from the

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.5.0 to 1.7.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/releases">github.com/hashicorp/vault/api's releases</a>.</em></p> <blockquote> <h2>v1.7.2</h2> <h2>1.7.2</h2> <h3>May 20th, 2021</h3> <p>SECURITY:</p> <ul> <li>Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).</li> </ul> <p>CHANGES:</p> <ul> <li>agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11473">GH-11473</a>]</li> <li>auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11494">GH-11494</a>]</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11445">GH-11445</a>]</li> <li>auth/aws: Underlying error included in validation failure message. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11638">GH-11638</a>]</li> <li>http: Add optional HTTP response headers for hostname and raft node ID [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11289">GH-11289</a>]</li> <li>secrets/aws: add ability to provide a role session name when generating STS credentials [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11345">GH-11345</a>]</li> <li>secrets/database/mongodb: Add ability to customize <code>SocketTimeout</code>, <code>ConnectTimeout</code>, and <code>ServerSelectionTimeout</code> [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> <li>secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> </ul> <p>BUG FIXES:</p> <ul> <li>agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11576">GH-11576</a>]</li> <li>agent: Fixed agent templating to use configured tls servername values [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11288">GH-11288</a>]</li> <li>core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11596">GH-11596</a>]</li> <li>core: correct logic for renewal of leases nearing their expiration time. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11650">GH-11650</a>]</li> <li>identity: Use correct mount accessor when refreshing external group memberships. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11506">GH-11506</a>]</li> <li>replication: Fix panic trying to update walState during identity group invalidation. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/1865">GH-1865</a>]</li> <li>secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11451">GH-11451</a>]</li> <li>secrets/database: Fixed minor race condition when rotate-root is called [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> <li>secrets/database: Fixes issue for V4 database interface where <code>SetCredentials</code> wasn't falling back to using <code>RotateRootCredentials</code> if <code>SetCredentials</code> is <code>Unimplemented</code> [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11585">GH-11585</a>]</li> <li>secrets/keymgmt (enterprise): Fixes audit logging for the read key response.</li> <li>storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11247">GH-11247</a>]</li> <li>ui: Fix entity group membership and metadata not showing [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11641">GH-11641</a>]</li> <li>ui: Fix text link URL on database roles list [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11597">GH-11597</a>]</li> </ul> <h2>v1.7.1</h2> <p>Release vault 1.7.1</p> <h2>v1.7.0</h2> <h2>1.7.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/blob/main/CHANGELOG.md">github.com/hashicorp/vault/api's changelog</a>.</em></p> <blockquote> <h2>1.7.2</h2> <h3>May 20th, 2021</h3> <p>SECURITY:</p> <ul> <li>Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).</li> </ul> <p>CHANGES:</p> <ul> <li>agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11473">GH-11473</a>]</li> <li>auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11494">GH-11494</a>]</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11445">GH-11445</a>]</li> <li>auth/aws: Underlying error included in validation failure message. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11638">GH-11638</a>]</li> <li>http: Add optional HTTP response headers for hostname and raft node ID [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11289">GH-11289</a>]</li> <li>secrets/aws: add ability to provide a role session name when generating STS credentials [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11345">GH-11345</a>]</li> <li>secrets/database/mongodb: Add ability to customize <code>SocketTimeout</code>, <code>ConnectTimeout</code>, and <code>ServerSelectionTimeout</code> [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> <li>secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> </ul> <p>BUG FIXES:</p> <ul> <li>agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11576">GH-11576</a>]</li> <li>agent: Fixed agent templating to use configured tls servername values [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11288">GH-11288</a>]</li> <li>core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11596">GH-11596</a>]</li> <li>core: correct logic for renewal of leases nearing their expiration time. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11650">GH-11650</a>]</li> <li>identity: Use correct mount accessor when refreshing external group memberships. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11506">GH-11506</a>]</li> <li>replication: Fix panic trying to update walState during identity group invalidation. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/1865">GH-1865</a>]</li> <li>secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11451">GH-11451</a>]</li> <li>secrets/database: Fixed minor race condition when rotate-root is called [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> <li>secrets/database: Fixes issue for V4 database interface where <code>SetCredentials</code> wasn't falling back to using <code>RotateRootCredentials</code> if <code>SetCredentials</code> is <code>Unimplemented</code> [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11585">GH-11585</a>]</li> <li>secrets/keymgmt (enterprise): Fixes audit logging for the read key response.</li> <li>storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11247">GH-11247</a>]</li> <li>ui: Fix entity group membership and metadata not showing [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11641">GH-11641</a>]</li> <li>ui: Fix text link URL on database roles list [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11597">GH-11597</a>]</li> </ul> <h2>1.7.1</h2> <h3>21 April 2021</h3> <p>SECURITY:</p> <ul> <li>The PKI Secrets Engine tidy functionality may cause Vault to exclude revoked-but-unexpired certificates from the</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/vault/commit/db0e4245d5119b5929e611ea4d9bf66e47f3f208"><code>db0e424</code></a> Don't force config regeneration (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11668">#11668</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/055e15ca5ab7644e0c8758fdedb8c600a815f0c5"><code>055e15c</code></a> Upgrade packagespec to 0.2.6 (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11671">#11671</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/fff6f65a0dfe59e203c1bee37eb40c8fa6d7178a"><code>fff6f65</code></a> Reload raft TLS keys on active startup (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11660">#11660</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11663">#11663</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/814ad5639ecb2106c2843b0082908d588faf6c25"><code>814ad56</code></a> go vendor cleanup</li> <li><a href="https://github.com/hashicorp/vault/commit/48c5544c77f458279b016067a2149c3afba5dc84"><code>48c5544</code></a> Vault 1.7.2 Pre-staging (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11651">#11651</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/a671890555c78de61cef44ec1a47fe114ee766ee"><code>a671890</code></a> Patch expiration fix over from ENT (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11650">#11650</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11652">#11652</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/8ade2f9bfafe2f5b61fc627feec44b378a80f00c"><code>8ade2f9</code></a> Backport 11259 changes 1.7.x (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11520">#11520</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/1164f75916248e553bd6f90e0a85563f24286756"><code>1164f75</code></a> UI/fix identity model (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11641">#11641</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11642">#11642</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/f0acfa8d40428c0b0bade2777a3b9e2146701ac3"><code>f0acfa8</code></a> AWS Auth: Update error message to include underlying error (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11638">#11638</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11639">#11639</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/fbff9bbf1be87da0d78a430084af8986f1ffba17"><code>fbff9bb</code></a> Add ability to customize some timeouts in MongoDB database plugin (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11600">#11600</a>) (#...</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/vault/compare/v1.5.0...v1.7.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/vault/api&package-manager=go_modules&previous-version=1.5.0&new-version=1.7.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-actions[bot] (Migrated from github.com) approved these changes 2022-06-10 11:22:31 +03:00
Sign in to join this conversation.
No description provided.