unistack-org/micro-config-vault
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 28 Wiki Activity

Bump github.com/hashicorp/vault/api from 1.5.0 to 1.6.0 #77

Closed
dependabot[bot] wants to merge 1 commits from dependabot/go_modules/github.com/hashicorp/vault/api-1.6.0 into v3
pull from: dependabot/go_modules/github.com/hashicorp/vault/api-1.6.0
merge into: unistack-org:v3
Conversation 2 Commits 1 Files Changed 2 +11 -9
dependabot[bot] commented 2022-05-26 11:19:10 +03:00 (Migrated from github.com)
Copy Link

Bumps github.com/hashicorp/vault/api from 1.5.0 to 1.6.0.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.6.0

Release vault v1.6.0

v1.6.0-rc

Release vault v1.6.0-rc

v1.5.9

1.5.9

May 20th, 2021

SECURITY:

  • Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).

CHANGES:

  • agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [GH-11473]
  • auth/gcp: Update to v0.7.2 to use IAM Service Account Credentials API for signing JWTs [GH-11499]

BUG FIXES:

  • core: correct logic for renewal of leases nearing their expiration time. [GH-11650]

v1.5.8

Release vault v1.5.8

v1.5.7

SECURITY:

  • IP Address Disclosure: We fixed a vulnerability where, under some error conditions, Vault would return an error message disclosing internal IP addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in 1.6.2 and 1.5.7 (CVE-2021-3024).
  • Mount Path Disclosure: Vault previously returned different HTTP status codes for existent and non-existent mount paths. This behavior would allow unauthenticated brute force attacks to reveal which paths had valid mounts. This issue affects Vault and Vault Enterprise and is fixed in 1.6.2 and 1.5.7 (CVE-2020-25594).

IMPROVEMENTS:

  • storage/raft (enterprise): Listing of peers is now allowed on DR secondary cluster nodes, as an update operation that takes in DR operation token for authenticating the request.

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.6.0

November 11th, 2020

NOTE:

Binaries for 32-bit macOS (i.e. the darwin_386 build) will no longer be published. This target was dropped in the latest version of the Go compiler.

CHANGES:

  • agent: Agent now properly returns a non-zero exit code on error, such as one due to template rendering failure. Using error_on_missing_key in the template config will cause agent to immediately exit on failure. In order to make agent properly exit due to continuous failure from template rendering errors, the old behavior of indefinitely restarting the template server is now changed to exit once the default retry attempt of 12 times (with exponential backoff) gets exhausted. [GH-9670]
  • token: Periodic tokens generated by auth methods will have the period value stored in its token entry. [GH-7885]
  • core: New telemetry metrics reporting mount table size and number of entries [GH-10201]
  • go: Updated Go version to 1.15.4 [GH-10366]

FEATURES:

  • Couchbase Secrets: Vault can now manage static and dynamic credentials for Couchbase. [GH-9664]
  • Expanded Password Policy Support: Custom password policies are now supported for all database engines.
  • Integrated Storage Auto Snapshots (Enterprise): This feature enables an operator to schedule snapshots of the integrated storage backend and ensure those snapshots are persisted elsewhere.
  • Integrated Storage Cloud Auto Join: This feature for integrated storage enables Vault nodes running in the cloud to automatically discover and join a Vault cluster via operator-supplied metadata.
  • Key Management Secrets Engine (Enterprise; Tech Preview): This new secret engine allows securely distributing and managing keys to Azure cloud KMS services.
  • Seal Migration: With Vault 1.6, we will support migrating from an auto unseal mechanism to a different mechanism of the same type. For example, if you were using an AWS KMS key to automatically unseal, you can now migrate to a different AWS KMS key.
  • Tokenization (Enterprise; Tech Preview): Tokenization supports creating irreversible “tokens” from sensitive data. Tokens can be used in less secure environments, protecting the original data.
  • Vault Client Count: Vault now counts the number of active entities (and non-entity tokens) per month and makes this information available via the "Metrics" section of the UI.

IMPROVEMENTS:

  • auth/approle: Role names can now be referenced in templated policies through the approle.metadata.role_name property [GH-9529]
  • auth/aws: Improve logic check on wildcard BoundIamPrincipalARNs and include role name on error messages on check failure [GH-10036]
  • auth/jwt: Add support for fetching groups and user information from G Suite during authentication. [GH-123]
  • auth/jwt: Adding EdDSA (ed25519) to supported algorithms [GH-129]
  • auth/jwt: Improve cli authorization error [GH-137]
  • auth/jwt: Add OIDC namespace_in_state option [GH-140]
  • secrets/transit: fix missing plaintext in bulk decrypt response [GH-9991]
  • command/server: Delay informational messages in -dev mode until logs have settled. [GH-9702]
  • command/server: Add environment variable support for disable_mlock. [GH-9931]
  • core/metrics: Add metrics for storage cache [GH_10079]
  • core/metrics: Add metrics for leader status [GH 10147]
  • physical/azure: Add the ability to use Azure Instance Metadata Service to set the credentials for Azure Blob storage on the backend. [GH-10189]
  • sdk/framework: Add a time type for API fields. [GH-9911]
  • secrets/database: Added support for password policies to all databases [GH-9641, and more]
  • secrets/database/cassandra: Added support for static credential rotation [GH-10051]
  • secrets/database/elasticsearch: Added support for static credential rotation [GH-19]
  • secrets/database/hanadb: Added support for root credential & static credential rotation [GH-10142]
  • secrets/database/hanadb: Default password generation now includes dashes. Custom statements may need to be updated to include quotes around the password field [GH-10142]
  • secrets/database/influxdb: Added support for static credential rotation [GH-10118]
  • secrets/database/mongodbatlas: Added support for root credential rotation [GH-14]
  • secrets/database/mongodbatlas: Support scopes field in creations statements for MongoDB Atlas database plugin [GH-15]

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.5.0 to 1.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/releases">github.com/hashicorp/vault/api's releases</a>.</em></p> <blockquote> <h2>v1.6.0</h2> <p>Release vault v1.6.0</p> <h2>v1.6.0-rc</h2> <p>Release vault v1.6.0-rc</p> <h2>v1.5.9</h2> <h2>1.5.9</h2> <h3>May 20th, 2021</h3> <p>SECURITY:</p> <ul> <li>Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).</li> </ul> <p>CHANGES:</p> <ul> <li>agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11473">GH-11473</a>]</li> <li>auth/gcp: Update to v0.7.2 to use IAM Service Account Credentials API for signing JWTs [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11499">GH-11499</a>]</li> </ul> <p>BUG FIXES:</p> <ul> <li>core: correct logic for renewal of leases nearing their expiration time. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11650">GH-11650</a>]</li> </ul> <h2>v1.5.8</h2> <p>Release vault v1.5.8</p> <h2>v1.5.7</h2> <p>SECURITY:</p> <ul> <li>IP Address Disclosure: We fixed a vulnerability where, under some error conditions, Vault would return an error message disclosing internal IP addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in 1.6.2 and 1.5.7 (CVE-2021-3024).</li> <li>Mount Path Disclosure: Vault previously returned different HTTP status codes for existent and non-existent mount paths. This behavior would allow unauthenticated brute force attacks to reveal which paths had valid mounts. This issue affects Vault and Vault Enterprise and is fixed in 1.6.2 and 1.5.7 (CVE-2020-25594).</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>storage/raft (enterprise): Listing of peers is now allowed on DR secondary cluster nodes, as an update operation that takes in DR operation token for authenticating the request.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/blob/main/CHANGELOG.md">github.com/hashicorp/vault/api's changelog</a>.</em></p> <blockquote> <h2>1.6.0</h2> <h3>November 11th, 2020</h3> <p>NOTE:</p> <p>Binaries for 32-bit macOS (i.e. the <code>darwin_386</code> build) will no longer be published. This target was dropped in the latest version of the Go compiler.</p> <p>CHANGES:</p> <ul> <li>agent: Agent now properly returns a non-zero exit code on error, such as one due to template rendering failure. Using <code>error_on_missing_key</code> in the template config will cause agent to immediately exit on failure. In order to make agent properly exit due to continuous failure from template rendering errors, the old behavior of indefinitely restarting the template server is now changed to exit once the default retry attempt of 12 times (with exponential backoff) gets exhausted. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9670">GH-9670</a>]</li> <li>token: Periodic tokens generated by auth methods will have the period value stored in its token entry. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/7885">GH-7885</a>]</li> <li>core: New telemetry metrics reporting mount table size and number of entries [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/10201">GH-10201</a>]</li> <li>go: Updated Go version to 1.15.4 [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/10366">GH-10366</a>]</li> </ul> <p>FEATURES:</p> <ul> <li><strong>Couchbase Secrets</strong>: Vault can now manage static and dynamic credentials for Couchbase. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9664">GH-9664</a>]</li> <li><strong>Expanded Password Policy Support</strong>: Custom password policies are now supported for all database engines.</li> <li><strong>Integrated Storage Auto Snapshots (Enterprise)</strong>: This feature enables an operator to schedule snapshots of the integrated storage backend and ensure those snapshots are persisted elsewhere.</li> <li><strong>Integrated Storage Cloud Auto Join</strong>: This feature for integrated storage enables Vault nodes running in the cloud to automatically discover and join a Vault cluster via operator-supplied metadata.</li> <li><strong>Key Management Secrets Engine (Enterprise; Tech Preview)</strong>: This new secret engine allows securely distributing and managing keys to Azure cloud KMS services.</li> <li><strong>Seal Migration</strong>: With Vault 1.6, we will support migrating from an auto unseal mechanism to a different mechanism of the same type. For example, if you were using an AWS KMS key to automatically unseal, you can now migrate to a different AWS KMS key.</li> <li><strong>Tokenization (Enterprise; Tech Preview)</strong>: Tokenization supports creating irreversible “tokens” from sensitive data. Tokens can be used in less secure environments, protecting the original data.</li> <li><strong>Vault Client Count</strong>: Vault now counts the number of active entities (and non-entity tokens) per month and makes this information available via the &quot;Metrics&quot; section of the UI.</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>auth/approle: Role names can now be referenced in templated policies through the <code>approle.metadata.role_name</code> property [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9529">GH-9529</a>]</li> <li>auth/aws: Improve logic check on wildcard <code>BoundIamPrincipalARNs</code> and include role name on error messages on check failure [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/10036">GH-10036</a>]</li> <li>auth/jwt: Add support for fetching groups and user information from G Suite during authentication. [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-auth-jwt/pull/123">GH-123</a>]</li> <li>auth/jwt: Adding EdDSA (ed25519) to supported algorithms [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-auth-jwt/pull/129">GH-129</a>]</li> <li>auth/jwt: Improve cli authorization error [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-auth-jwt/pull/137">GH-137</a>]</li> <li>auth/jwt: Add OIDC namespace_in_state option [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-auth-jwt/pull/140">GH-140</a>]</li> <li>secrets/transit: fix missing plaintext in bulk decrypt response [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9991">GH-9991</a>]</li> <li>command/server: Delay informational messages in -dev mode until logs have settled. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9702">GH-9702</a>]</li> <li>command/server: Add environment variable support for <code>disable_mlock</code>. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9931">GH-9931</a>]</li> <li>core/metrics: Add metrics for storage cache [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/10079">GH_10079</a>]</li> <li>core/metrics: Add metrics for leader status [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/10147">GH 10147</a>]</li> <li>physical/azure: Add the ability to use Azure Instance Metadata Service to set the credentials for Azure Blob storage on the backend. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/10189">GH-10189</a>]</li> <li>sdk/framework: Add a time type for API fields. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9911">GH-9911</a>]</li> <li>secrets/database: Added support for password policies to all databases [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9641">GH-9641</a>, <a href="https://github.com/hashicorp/vault/pulls?q=is%3Apr+is%3Amerged+dbpw">and more</a>]</li> <li>secrets/database/cassandra: Added support for static credential rotation [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/10051">GH-10051</a>]</li> <li>secrets/database/elasticsearch: Added support for static credential rotation [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-database-elasticsearch/pull/19">GH-19</a>]</li> <li>secrets/database/hanadb: Added support for root credential &amp; static credential rotation [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/10142">GH-10142</a>]</li> <li>secrets/database/hanadb: Default password generation now includes dashes. Custom statements may need to be updated to include quotes around the password field [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/10142">GH-10142</a>]</li> <li>secrets/database/influxdb: Added support for static credential rotation [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/10118">GH-10118</a>]</li> <li>secrets/database/mongodbatlas: Added support for root credential rotation [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-database-mongodbatlas/pull/14">GH-14</a>]</li> <li>secrets/database/mongodbatlas: Support scopes field in creations statements for MongoDB Atlas database plugin [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-database-mongodbatlas/pull/15">GH-15</a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/vault/commit/7ce0bd9691998e0443bc77e98b1e2a4ab1e965d4"><code>7ce0bd9</code></a> Update sdk and go mod vendor (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10366">#10366</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/5e6e24692b3295a9942ebbf185fff2037afb969c"><code>5e6e246</code></a> Remove rc version (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10364">#10364</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/0ab9ef00ffa70d935628351dd43b44dc6f9070b2"><code>0ab9ef0</code></a> Ui/test metrics mirage (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10341">#10341</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10355">#10355</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/68c653d6105d88dfebaea5e160a7a0aa9d73bc8b"><code>68c653d</code></a> Error on root rotation when username is empty (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10344">#10344</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10354">#10354</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/82e4a890b084dad3f462bd9711a03e87251dcd7b"><code>82e4a89</code></a> Backport 10285 10335 1.6.x (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10340">#10340</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/11c30952d865101f971dddd7466f2e1ecdc738fb"><code>11c3095</code></a> Move &quot;counters&quot; path to the logical system's local path list. (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10314">#10314</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10316">#10316</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/942903f94f22edf528bafcd18acf59f17db4ebb2"><code>942903f</code></a> Fix inner link on transform item (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10324">#10324</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10325">#10325</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/d1ca4e6b2d017dc0f3e49185cc4b3bbdb08864ad"><code>d1ca4e6</code></a> Update query params sent to activity endpoint so that they aren't rounded inc...</li> <li><a href="https://github.com/hashicorp/vault/commit/daadba9e8d78b17e4afa826c7fce0123cedf2ffc"><code>daadba9</code></a> Remove darwin/386 since Go 1.15 doesn't support it. (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10312">#10312</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/664bde2f254ce9856cc6dddbdd9a6e181c37a5cf"><code>664bde2</code></a> Fix docker image name. (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/10311">#10311</a>)</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/vault/compare/v1.5.0...v1.6.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/vault/api&package-manager=go_modules&previous-version=1.5.0&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-actions[bot] (Migrated from github.com) approved these changes 2022-05-26 11:19:24 +03:00
dependabot[bot] commented 2022-06-09 11:18:04 +03:00 (Migrated from github.com)
Copy Link

Superseded by #79.

Superseded by #79.

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No Reviewers
github-actions[bot]
Labels
Clear labels
Kind/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
The priority is critical
Priority
High
The priority is high
Priority
Low
The priority is low
Priority
Medium
The priority is medium
Reviewed
Confirmed
Issue has been confirmed
Reviewed
Duplicate
This issue or pull request already exists
Reviewed
Invalid
Invalid issue
Reviewed
Won't Fix
This issue won't be fixed
Status
Abandoned
Somebody has started to work on this but abandoned work
Status
Blocked
Something is blocking this issue or pull request
Status
Need More Info
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
atolstikhin devstigneev pugnack vtolstov
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unistack-org/micro-config-vault#77
Delete Branch "dependabot/go_modules/github.com/hashicorp/vault/api-1.6.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?