Upgrade to use Go 1.20.6.
This resolves CVE-2023-29406(net/http) for uses of the standard library.
A separate change updates dependencies on golang.org/x/net to use 0.12.0. [GH-18190]
Upgrade to use Go 1.20.7.
This resolves vulnerability CVE-2023-29409(crypto/tls). [GH-18358]
FEATURES:
cli: consul members command uses -filter expression to filter members based on bexpr. [GH-18223]
cli: consul operator raft list-peers command shows the number of commits each follower is trailing the leader by to aid in troubleshooting. [GH-17582]
cli: consul watch command uses -filter expression to filter response from checks, services, nodes, and service. [GH-17780]
reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true [GH-17565]
ui: consul version is displayed in nodes list with filtering and sorting based on versions [GH-17754]
Fix a bug that wrongly trims domains when there is an overlap with DC name. [GH-17160]
api-gateway: fix race condition in proxy config generation when Consul is notified of the bound-api-gateway config entry before it is notified of the api-gateway config entry. [GH-18291]
api: Fix client deserialization errors by marking new Enterprise-only prepared query fields as omit empty [GH-18184]
ca: Fixes a Vault CA provider bug where updating RootPKIPath but not IntermediatePKIPath would not renew leaf signing certificates [GH-18112]
connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters [GH-17846]
connect: (Enterprise only) Fix bug where intentions referencing sameness groups would not always apply to members properly.
connect: Removes the default health check from the consul connect envoy command when starting an API Gateway.
This health check would always fail. [GH-18011]
... (truncated)
Commits
c920b29 release: sdk version bump to v0.14.1 in api module
1d431de Backport of Add redirects for mesh-gateway docs into release/1.16.x (#18380)
82160a7 Backport of ui: fix typos for peer service imports into release/1.16.x (#18074)
e6e7ad7 Backport of NET-4897 - update comment to include the current issue url from t...
53355c8 Backport of Fix policy lookup to allow for slashes into release/1.16.x (#18372)
a014854 Backport of [NET-5146] security: Update Go version to 1.20.7 and x/net to 0...
c56781a Backport of [HCP Telemetry] Periodic Refresh for Dynamic Telemetry Configurat...
61cf766 Backport of NET-4240 - Snapshots are failing on Windows into release/1.16.x ...
afcd8bf Backport of api gw 1.16 updates into release/1.16.x (#18348)
fa0746e Backport of [CC-5719] Add support for builtin global-read-only policy into re...
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/consul/api from 1.20.0 to 1.24.0.
Changelog
Sourced from github.com/hashicorp/consul/api's changelog.
... (truncated)
Commits
c920b29
release: sdk version bump to v0.14.1 in api module1d431de
Backport of Add redirects for mesh-gateway docs into release/1.16.x (#18380)82160a7
Backport of ui: fix typos for peer service imports into release/1.16.x (#18074)e6e7ad7
Backport of NET-4897 - update comment to include the current issue url from t...53355c8
Backport of Fix policy lookup to allow for slashes into release/1.16.x (#18372)a014854
Backport of [NET-5146] security: Update Go version to 1.20.7 andx/net
to 0...c56781a
Backport of [HCP Telemetry] Periodic Refresh for Dynamic Telemetry Configurat...61cf766
Backport of NET-4240 - Snapshots are failing on Windows into release/1.16.x ...afcd8bf
Backport of api gw 1.16 updates into release/1.16.x (#18348)fa0746e
Backport of [CC-5719] Add support for builtin global-read-only policy into re...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show