search

argoproj-labs / argocd-vault-plugin

An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
https://argocd-vault-plugin.readthedocs.io
Apache License 2.0
784 stars 184 forks source link

chore(deps): bump github.com/hashicorp/vault from 1.15.2 to 1.15.5 #603

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 5 months ago

Bumps github.com/hashicorp/vault from 1.15.2 to 1.15.5.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.15.5

1.15.5

January 31, 2024

CHANGES:

  • core: Bump Go version to 1.21.5.
  • database/snowflake: Update plugin to v0.9.1 [GH-25020]
  • secrets/ad: Update plugin to v0.16.2 [GH-25058]
  • secrets/openldap: Update plugin to v0.11.3 [GH-25040]

IMPROVEMENTS:

  • command/server: display logs on startup immediately if disable-gated-logs flag is set [GH-24280]
  • core/activity: Include secret_syncs in activity log responses [GH-24710]
  • oidc/provider: Adds code_challenge_methods_supported to OpenID Connect Metadata [GH-24979]
  • storage/raft: Upgrade to bbolt 1.3.8, along with an extra patch to reduce time scanning large freelist maps. [GH-24010]
  • sys (enterprise): Adds the chroot_namespace field to this sys/internal/ui/resultant-acl endpoint, which exposes the value of the chroot namespace from the listener config.
  • ui: latest version of chrome does not automatically redirect back to the app after authentication unless triggered by the user, hence added a link to redirect back to the app. [GH-18513]

BUG FIXES:

  • audit/socket: Provide socket based audit backends with 'prefix' configuration option when supplied. [GH-25004]
  • audit: Fix bug where use of 'log_raw' option could result in other devices logging raw audit data [GH-24968]
  • auth/saml (enterprise): Fixes support for Microsoft Entra ID enterprise applications
  • core (enterprise): fix a potential deadlock if an error is received twice from underlying storage for the same key
  • core: upgrade github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 to support azure workload identities. [GH-24954]
  • helper/pkcs7: Fix slice out-of-bounds panic [GH-24891]
  • kmip (enterprise): Only return a Server Correlation Value to clients using KMIP version 1.4.
  • plugins: fix panic when registering containerized plugin with a custom runtime on a perf standby
  • ui: Allows users to dismiss the resultant-acl banner. [GH-25106]
  • ui: Correctly handle redirects from pre 1.15.0 Kv v2 edit, create, and show urls. [GH-24339]
  • ui: Fixed minor bugs with database secrets engine [GH-24947]
  • ui: Fixes input for jwks_ca_pem when configuring a JWT auth method [GH-24697]
  • ui: Fixes policy input toolbar scrolling by default [GH-23297]
  • ui: The UI can now be used to create or update database roles by operator without permission on the database connection. [GH-24660]
  • ui: fix KV v2 details view defaulting to JSON view when secret value includes { [GH-24513]
  • ui: fix incorrectly calculated capabilities on PKI issuer endpoints [GH-24686]
  • ui: fix issue where kv v2 capabilities checks were not passing in the full secret path if secret was inside a directory. [GH-24404]
  • ui: fix navigation items shown to user when chroot_namespace configured [GH-24492]

v1.15.4

1.15.4

SECURITY:

  • core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. Upgrading is strongly recommended.(see CVE-2023-6337 & HCSEC-2023-34)

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.15.5

January 31, 2024

CHANGES:

  • core: Bump Go version to 1.21.5.
  • database/snowflake: Update plugin to v0.9.1 [GH-25020]
  • secrets/ad: Update plugin to v0.16.2 [GH-25058]
  • secrets/openldap: Update plugin to v0.11.3 [GH-25040]

IMPROVEMENTS:

  • command/server: display logs on startup immediately if disable-gated-logs flag is set [GH-24280]
  • core/activity: Include secret_syncs in activity log responses [GH-24710]
  • oidc/provider: Adds code_challenge_methods_supported to OpenID Connect Metadata [GH-24979]
  • storage/raft: Upgrade to bbolt 1.3.8, along with an extra patch to reduce time scanning large freelist maps. [GH-24010]
  • sys (enterprise): Adds the chroot_namespace field to this sys/internal/ui/resultant-acl endpoint, which exposes the value of the chroot namespace from the listener config.
  • ui: latest version of chrome does not automatically redirect back to the app after authentication unless triggered by the user, hence added a link to redirect back to the app. [GH-18513]

BUG FIXES:

  • audit/socket: Provide socket based audit backends with 'prefix' configuration option when supplied. [GH-25004]
  • audit: Fix bug where use of 'log_raw' option could result in other devices logging raw audit data [GH-24968]
  • auth/saml (enterprise): Fixes support for Microsoft Entra ID enterprise applications
  • core (enterprise): fix a potential deadlock if an error is received twice from underlying storage for the same key
  • core: upgrade github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 to support azure workload identities. [GH-24954]
  • helper/pkcs7: Fix slice out-of-bounds panic [GH-24891]
  • kmip (enterprise): Only return a Server Correlation Value to clients using KMIP version 1.4.
  • plugins: fix panic when registering containerized plugin with a custom runtime on a perf standby
  • ui: Allows users to dismiss the resultant-acl banner. [GH-25106]
  • ui: Correctly handle redirects from pre 1.15.0 Kv v2 edit, create, and show urls. [GH-24339]
  • ui: Fixed minor bugs with database secrets engine [GH-24947]
  • ui: Fixes input for jwks_ca_pem when configuring a JWT auth method [GH-24697]
  • ui: Fixes policy input toolbar scrolling by default [GH-23297]
  • ui: The UI can now be used to create or update database roles by operator without permission on the database connection. [GH-24660]
  • ui: fix KV v2 details view defaulting to JSON view when secret value includes { [GH-24513]
  • ui: fix incorrectly calculated capabilities on PKI issuer endpoints [GH-24686]
  • ui: fix issue where kv v2 capabilities checks were not passing in the full secret path if secret was inside a directory. [GH-24404]
  • ui: fix navigation items shown to user when chroot_namespace configured [GH-24492]

1.15.4

December 06, 2023

SECURITY:

  • core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see CVE-2023-6337 & HCSEC-2023-34)

CHANGES:

... (truncated)

Commits
  • 0d8b67e backport of UI: JSON editor styling fix (#23306)
  • c395e8c backport of UI: make resultant-acl banner dismissable (#25108)
  • 4fd9977 Go update to 1.21.5 on 1.15 (#25101)
  • fab8268 Revert licese reporting 1.15 (#25087)
  • f03bb90 Update 1.15 to Go 1.21.6 (#25077)
  • 1ad6fa2 backport of commit afe599145dda0a3fa1ddce0bf2853c8d07a12bb5 (#25092)
  • 79aaafd Backport of UI: Database fixes (#24947) into release/1.15 (#25042)
  • 970bc26 bump github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 version t...
  • 72c0fa3 Backport of Update vault-plugin-secrets-ad to v0.16.2 into release/1.15.x (#2...
  • 400b3b3 backport of commit 49a59bda5ebdc8beb0a85af25c7be46b270ad4fe (#25072)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/argoproj-labs/argocd-vault-plugin/network/alerts).
dependabot[bot] commented 3 months ago

Superseded by #624.