unistack-org/micro-config-vault
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 28 Wiki Activity

Bump github.com/hashicorp/vault/api from 1.5.0 to 1.7.2 #80

Merged
dependabot[bot] merged 1 commits from dependabot/go_modules/github.com/hashicorp/vault/api-1.7.2 into v3 2022-06-25 22:42:55 +03:00
Conversation 1 Commits 1 Files Changed 2 +11 -9
dependabot[bot] commented 2022-06-10 11:22:12 +03:00 (Migrated from github.com)
Copy Link

Bumps github.com/hashicorp/vault/api from 1.5.0 to 1.7.2.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.7.2

1.7.2

May 20th, 2021

SECURITY:

  • Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).

CHANGES:

  • agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [GH-11473]
  • auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs [GH-11494]

IMPROVEMENTS:

  • api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [GH-11445]
  • auth/aws: Underlying error included in validation failure message. [GH-11638]
  • http: Add optional HTTP response headers for hostname and raft node ID [GH-11289]
  • secrets/aws: add ability to provide a role session name when generating STS credentials [GH-11345]
  • secrets/database/mongodb: Add ability to customize SocketTimeout, ConnectTimeout, and ServerSelectionTimeout [GH-11600]
  • secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [GH-11600]

BUG FIXES:

  • agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. [GH-11576]
  • agent: Fixed agent templating to use configured tls servername values [GH-11288]
  • core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [GH-11596]
  • core: correct logic for renewal of leases nearing their expiration time. [GH-11650]
  • identity: Use correct mount accessor when refreshing external group memberships. [GH-11506]
  • replication: Fix panic trying to update walState during identity group invalidation. [GH-1865]
  • secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [GH-11451]
  • secrets/database: Fixed minor race condition when rotate-root is called [GH-11600]
  • secrets/database: Fixes issue for V4 database interface where SetCredentials wasn't falling back to using RotateRootCredentials if SetCredentials is Unimplemented [GH-11585]
  • secrets/keymgmt (enterprise): Fixes audit logging for the read key response.
  • storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [GH-11247]
  • ui: Fix entity group membership and metadata not showing [GH-11641]
  • ui: Fix text link URL on database roles list [GH-11597]

v1.7.1

Release vault 1.7.1

v1.7.0

1.7.0

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.7.2

May 20th, 2021

SECURITY:

  • Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).

CHANGES:

  • agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [GH-11473]
  • auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs [GH-11494]

IMPROVEMENTS:

  • api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [GH-11445]
  • auth/aws: Underlying error included in validation failure message. [GH-11638]
  • http: Add optional HTTP response headers for hostname and raft node ID [GH-11289]
  • secrets/aws: add ability to provide a role session name when generating STS credentials [GH-11345]
  • secrets/database/mongodb: Add ability to customize SocketTimeout, ConnectTimeout, and ServerSelectionTimeout [GH-11600]
  • secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [GH-11600]

BUG FIXES:

  • agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. [GH-11576]
  • agent: Fixed agent templating to use configured tls servername values [GH-11288]
  • core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [GH-11596]
  • core: correct logic for renewal of leases nearing their expiration time. [GH-11650]
  • identity: Use correct mount accessor when refreshing external group memberships. [GH-11506]
  • replication: Fix panic trying to update walState during identity group invalidation. [GH-1865]
  • secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [GH-11451]
  • secrets/database: Fixed minor race condition when rotate-root is called [GH-11600]
  • secrets/database: Fixes issue for V4 database interface where SetCredentials wasn't falling back to using RotateRootCredentials if SetCredentials is Unimplemented [GH-11585]
  • secrets/keymgmt (enterprise): Fixes audit logging for the read key response.
  • storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [GH-11247]
  • ui: Fix entity group membership and metadata not showing [GH-11641]
  • ui: Fix text link URL on database roles list [GH-11597]

1.7.1

21 April 2021

SECURITY:

  • The PKI Secrets Engine tidy functionality may cause Vault to exclude revoked-but-unexpired certificates from the

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.5.0 to 1.7.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/releases">github.com/hashicorp/vault/api's releases</a>.</em></p> <blockquote> <h2>v1.7.2</h2> <h2>1.7.2</h2> <h3>May 20th, 2021</h3> <p>SECURITY:</p> <ul> <li>Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).</li> </ul> <p>CHANGES:</p> <ul> <li>agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11473">GH-11473</a>]</li> <li>auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11494">GH-11494</a>]</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11445">GH-11445</a>]</li> <li>auth/aws: Underlying error included in validation failure message. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11638">GH-11638</a>]</li> <li>http: Add optional HTTP response headers for hostname and raft node ID [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11289">GH-11289</a>]</li> <li>secrets/aws: add ability to provide a role session name when generating STS credentials [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11345">GH-11345</a>]</li> <li>secrets/database/mongodb: Add ability to customize <code>SocketTimeout</code>, <code>ConnectTimeout</code>, and <code>ServerSelectionTimeout</code> [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> <li>secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> </ul> <p>BUG FIXES:</p> <ul> <li>agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11576">GH-11576</a>]</li> <li>agent: Fixed agent templating to use configured tls servername values [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11288">GH-11288</a>]</li> <li>core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11596">GH-11596</a>]</li> <li>core: correct logic for renewal of leases nearing their expiration time. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11650">GH-11650</a>]</li> <li>identity: Use correct mount accessor when refreshing external group memberships. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11506">GH-11506</a>]</li> <li>replication: Fix panic trying to update walState during identity group invalidation. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/1865">GH-1865</a>]</li> <li>secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11451">GH-11451</a>]</li> <li>secrets/database: Fixed minor race condition when rotate-root is called [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> <li>secrets/database: Fixes issue for V4 database interface where <code>SetCredentials</code> wasn't falling back to using <code>RotateRootCredentials</code> if <code>SetCredentials</code> is <code>Unimplemented</code> [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11585">GH-11585</a>]</li> <li>secrets/keymgmt (enterprise): Fixes audit logging for the read key response.</li> <li>storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11247">GH-11247</a>]</li> <li>ui: Fix entity group membership and metadata not showing [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11641">GH-11641</a>]</li> <li>ui: Fix text link URL on database roles list [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11597">GH-11597</a>]</li> </ul> <h2>v1.7.1</h2> <p>Release vault 1.7.1</p> <h2>v1.7.0</h2> <h2>1.7.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/blob/main/CHANGELOG.md">github.com/hashicorp/vault/api's changelog</a>.</em></p> <blockquote> <h2>1.7.2</h2> <h3>May 20th, 2021</h3> <p>SECURITY:</p> <ul> <li>Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).</li> </ul> <p>CHANGES:</p> <ul> <li>agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11473">GH-11473</a>]</li> <li>auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11494">GH-11494</a>]</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11445">GH-11445</a>]</li> <li>auth/aws: Underlying error included in validation failure message. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11638">GH-11638</a>]</li> <li>http: Add optional HTTP response headers for hostname and raft node ID [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11289">GH-11289</a>]</li> <li>secrets/aws: add ability to provide a role session name when generating STS credentials [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11345">GH-11345</a>]</li> <li>secrets/database/mongodb: Add ability to customize <code>SocketTimeout</code>, <code>ConnectTimeout</code>, and <code>ServerSelectionTimeout</code> [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> <li>secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> </ul> <p>BUG FIXES:</p> <ul> <li>agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11576">GH-11576</a>]</li> <li>agent: Fixed agent templating to use configured tls servername values [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11288">GH-11288</a>]</li> <li>core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11596">GH-11596</a>]</li> <li>core: correct logic for renewal of leases nearing their expiration time. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11650">GH-11650</a>]</li> <li>identity: Use correct mount accessor when refreshing external group memberships. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11506">GH-11506</a>]</li> <li>replication: Fix panic trying to update walState during identity group invalidation. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/1865">GH-1865</a>]</li> <li>secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11451">GH-11451</a>]</li> <li>secrets/database: Fixed minor race condition when rotate-root is called [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11600">GH-11600</a>]</li> <li>secrets/database: Fixes issue for V4 database interface where <code>SetCredentials</code> wasn't falling back to using <code>RotateRootCredentials</code> if <code>SetCredentials</code> is <code>Unimplemented</code> [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11585">GH-11585</a>]</li> <li>secrets/keymgmt (enterprise): Fixes audit logging for the read key response.</li> <li>storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11247">GH-11247</a>]</li> <li>ui: Fix entity group membership and metadata not showing [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11641">GH-11641</a>]</li> <li>ui: Fix text link URL on database roles list [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/11597">GH-11597</a>]</li> </ul> <h2>1.7.1</h2> <h3>21 April 2021</h3> <p>SECURITY:</p> <ul> <li>The PKI Secrets Engine tidy functionality may cause Vault to exclude revoked-but-unexpired certificates from the</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/vault/commit/db0e4245d5119b5929e611ea4d9bf66e47f3f208"><code>db0e424</code></a> Don't force config regeneration (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11668">#11668</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/055e15ca5ab7644e0c8758fdedb8c600a815f0c5"><code>055e15c</code></a> Upgrade packagespec to 0.2.6 (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11671">#11671</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/fff6f65a0dfe59e203c1bee37eb40c8fa6d7178a"><code>fff6f65</code></a> Reload raft TLS keys on active startup (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11660">#11660</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11663">#11663</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/814ad5639ecb2106c2843b0082908d588faf6c25"><code>814ad56</code></a> go vendor cleanup</li> <li><a href="https://github.com/hashicorp/vault/commit/48c5544c77f458279b016067a2149c3afba5dc84"><code>48c5544</code></a> Vault 1.7.2 Pre-staging (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11651">#11651</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/a671890555c78de61cef44ec1a47fe114ee766ee"><code>a671890</code></a> Patch expiration fix over from ENT (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11650">#11650</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11652">#11652</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/8ade2f9bfafe2f5b61fc627feec44b378a80f00c"><code>8ade2f9</code></a> Backport 11259 changes 1.7.x (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11520">#11520</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/1164f75916248e553bd6f90e0a85563f24286756"><code>1164f75</code></a> UI/fix identity model (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11641">#11641</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11642">#11642</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/f0acfa8d40428c0b0bade2777a3b9e2146701ac3"><code>f0acfa8</code></a> AWS Auth: Update error message to include underlying error (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11638">#11638</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11639">#11639</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/fbff9bbf1be87da0d78a430084af8986f1ffba17"><code>fbff9bb</code></a> Add ability to customize some timeouts in MongoDB database plugin (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/11600">#11600</a>) (#...</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/vault/compare/v1.5.0...v1.7.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/vault/api&package-manager=go_modules&previous-version=1.5.0&new-version=1.7.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-actions[bot] (Migrated from github.com) approved these changes 2022-06-10 11:22:31 +03:00
Sign in to join this conversation.
Reviewers
No Reviewers
github-actions[bot]
Labels
Clear labels
Kind/Breaking
Breaking change that won't be backward compatible
Kind/Bug
Something is not working
Kind/Documentation
Documentation changes
Kind/Enhancement
Improve existing functionality
Kind/Feature
New functionality
Kind/Security
This is security issue
Kind/Testing
Issue or pull request related to testing
Priority
Critical
The priority is critical
Priority
High
The priority is high
Priority
Low
The priority is low
Priority
Medium
The priority is medium
Reviewed
Confirmed
Issue has been confirmed
Reviewed
Duplicate
This issue or pull request already exists
Reviewed
Invalid
Invalid issue
Reviewed
Won't Fix
This issue won't be fixed
Status
Abandoned
Somebody has started to work on this but abandoned work
Status
Blocked
Something is blocking this issue or pull request
Status
Need More Info
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
atolstikhin devstigneev pugnack vtolstov
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unistack-org/micro-config-vault#80
No description provided.
Delete Branch "dependabot/go_modules/github.com/hashicorp/vault/api-1.7.2"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?