search

Mongey / vault-plugin-secrets-kafka

A vault plugin for generating ACLs for dynamic users
28 stars 3 forks source link

Bump github.com/hashicorp/vault from 1.8.2 to 1.10.1 #27

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps github.com/hashicorp/vault from 1.8.2 to 1.10.1.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.10.1

No release notes provided.

v1.10.0

1.10.0

March 23, 2022

CHANGES:

  • core: Changes the unit of default_lease_ttl and max_lease_ttl values returned by the /sys/config/state/sanitized endpoint from nanoseconds to seconds. [GH-14206]
  • core: Bump Go version to 1.17.7. [GH-14232]
  • plugin/database: The return value from POST /database/config/:name has been updated to "204 No Content" [GH-14033]
  • secrets/azure: Changes the configuration parameter use_microsoft_graph_api to use the Microsoft Graph API by default. [GH-14130]
  • storage/etcd: Remove support for v2. [GH-14193]
  • ui: Upgrade Ember to version 3.24 [GH-13443]

FEATURES:

  • Database plugin multiplexing: manage multiple database connections with a single plugin process [GH-14033]
  • Login MFA: Single and two phase MFA is now available when authenticating to Vault. [GH-14025]
  • Mount Migration: Vault supports moving secrets and auth mounts both within and across namespaces.
  • Postgres in the UI: Postgres DB is now supported by the UI [GH-12945]
  • Report in-flight requests: Adding a trace capability to show in-flight requests, and a new gauge metric to show the total number of in-flight requests [GH-13024]
  • Server Side Consistent Tokens: Service tokens have been updated to be longer (a minimum of 95 bytes) and token prefixes for all token types are updated from s., b., and r. to hvs., hvb., and hvr. for service, batch, and recovery tokens respectively. Vault clusters with integrated storage will now have read-after-write consistency by default. [GH-14109]
  • Transit SHA-3 Support: Add support for SHA-3 in the Transit backend. [GH-13367]
  • Transit Time-Based Key Autorotation: Add support for automatic, time-based key rotation to transit secrets engine, including in the UI. [GH-13691]
  • UI Client Count Improvements: Restructures client count dashboard, making use of billing start date to improve accuracy. Adds mount-level distribution and filtering. [GH-client-counts]
  • Agent Telemetry: The Vault Agent can now collect and return telemetry information at the /agent/v1/metrics endpoint.

IMPROVEMENTS:

  • agent: Adds ability to configure specific user-assigned managed identities for Azure auto-auth. [GH-14214]
  • agent: The agent/v1/quit endpoint can now be used to stop the Vault Agent remotely [GH-14223]
  • api: Allow cloning api.Client tokens via api.Config.CloneToken or api.Client.SetCloneToken(). [GH-13515]
  • api: Define constants for X-Vault-Forward and X-Vault-Inconsistent headers [GH-14067]
  • api: Implements Login method in Go client libraries for GCP and Azure auth methods [GH-13022]
  • api: Implements Login method in Go client libraries for LDAP auth methods [GH-13841]
  • api: Trim newline character from wrapping token in logical.Unwrap from the api package [GH-13044]
  • api: add api method for modifying raft autopilot configuration [GH-12428]
  • api: respect WithWrappingToken() option during AppRole login authentication when used with secret ID specified from environment or from string [GH-13241]
  • audit: The audit logs now contain the port used by the client [GH-12790]
  • auth/aws: Enable region detection in the CLI by specifying the region as auto [GH-14051]
  • auth/cert: Add certificate extensions as metadata [GH-13348]
  • auth/jwt: The Authorization Code flow makes use of the Proof Key for Code Exchange (PKCE) extension. [GH-13365]
  • auth/kubernetes: Added support for dynamically reloading short-lived tokens for better Kubernetes 1.21+ compatibility [GH-13595]
  • auth/ldap: Add a response warning and server log whenever the config is accessed if userfilter doesn't consider userattr [GH-14095]
  • auth/ldap: Add username to alias metadata [GH-13669]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.10.1

April 22, 2022

CHANGES:

  • core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
  • core: Bump Go version to 1.17.9. [GH-15044]

IMPROVEMENTS:

  • agent: Upgrade hashicorp/consul-template version for sprig template functions and improved writeTo function [GH-15092]
  • auth: enforce a rate limit for TOTP passcode validation attempts [GH-14864]
  • cli/vault: warn when policy name contains upper-case letter [GH-14670]
  • cockroachdb: add high-availability support [GH-12965]
  • sentinel (enterprise): Upgrade sentinel to v0.18.5 to avoid potential naming collisions in the remote installer

BUG FIXES:

  • Fixed panic when adding or modifying a Duo MFA Method in Enterprise
  • agent: Fix log level mismatch between ERR and ERROR [GH-14424]
  • api/sys/raft: Update RaftSnapshotRestore to use net/http client allowing bodies larger than allocated memory to be streamed [GH-14269]
  • api: Respect increment value in grace period calculations in LifetimeWatcher [GH-14836]
  • auth/approle: Add maximum length for input values that result in SHA56 HMAC calculation [GH-14746]
  • auth: forward requests subject to login MFA from perfStandby to Active node [GH-15009]
  • cassandra: Update gocql Cassandra client to fix "no hosts available in the pool" error [GH-14973]
  • cli: Fix panic caused by parsing key=value fields whose value is a single backslash [GH-14523]
  • core (enterprise): Allow local alias create RPCs to persist alias metadata [GH-changelog:_2747]
  • core/managed-keys (enterprise): Allow PKCS#11 managed keys to use 0 as a slot number
  • core/metrics: Fix incorrect table size metric for local mounts [GH-14755]
  • core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited integers [GH-15072]
  • core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited strings [GH-14522]
  • core: Fix panic caused by parsing policies with empty slice values. [GH-14501]
  • core: Fix panic for help request URL paths without /v1/ prefix [GH-14704]
  • core: fixing excessive unix file permissions [GH-14791]
  • core: fixing excessive unix file permissions on dir, files and archive created by vault debug command [GH-14846]
  • core: report unused or redundant keys in server configuration [GH-14752]
  • core: time.After() used in a select statement can lead to memory leak [GH-14814]
  • raft: Ensure initialMmapSize is set to 0 on Windows [GH-14977]
  • replication (enterprise): fix panic due to missing entity during invalidation of local aliases. [GH-14622]
  • secrets/database: Ensure that a connection_url password is redacted in all cases. [GH-14744]
  • secrets/pki: Fix handling of "any" key type with default zero signature bits value. [GH-14875]
  • secrets/pki: Fixed bug where larger SHA-2 hashes were truncated with shorter ECDSA CA certificates [GH-14943]
  • ui: Fix Generated Token's Policies helpText to clarify that comma separated values are not excepted in this field. [GH-15046]
  • ui: Fixes edit auth method capabilities issue [GH-14966]
  • ui: Fixes issue logging in with OIDC from a listed auth mounts tab [GH-14916]
  • ui: fix search-select component showing blank selections when editing group member entity [GH-15058]
  • ui: masked values no longer give away length or location of special characters [GH-15025]

1.10.0

March 23, 2022

... (truncated)

Commits
  • e452e9b Backport of Upgrade hashicorp/consul-template dependency into release/1.10.x ...
  • 37b2a3f backport of commit 57eba1d02bdf789cc0238de8ea63998a26c9bcee (#15087)
  • 474e38e Backport of fix TypeCommaIntSlice panic caused by json.Number input into rele...
  • 594d1e8 backport of commit 57cd7a41723342273f9abe595a7fa32de4729ddc (#15076)
  • 8346131 Backport of Fix edit capabilities call in auth method into release/1.10.x (#1...
  • 6927659 Backport of Custom tooltip for Generated Token Policies form field on auth me...
  • c704956 Backport of Respect increment value in grace period calculations (api/Lifetim...
  • c5d663f Backport of UI: fix blank selection on search select field into release/1.10....
  • 221cc89 Backport 1.10.1: UI Masked inputs always look the same when value is hidden (...
  • 94d056c VAULT-5422: Add rate limit for TOTP passcode attempts (#14864) (#15049)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

Superseded by #28.