activity (enterprise): filter all fields in client count responses by the request namespace [GH-27790]
activity (enterprise): remove deprecated fields distinct_entities and non_entity_tokens [GH-27830]
activity log: Deprecated the field "default_report_months". Instead, the billing start time will be used to determine the start time
when querying the activity log endpoints. [GH-27350]
activity log: Deprecates the current_billing_period field for /sys/internal/counters/activity. The default start time
will automatically be set the billing period start date. [GH-27426]
activity: The activity export API now responds with a status of 204 instead 400 when no data exists within the time range specified by start_time and end_time. [GH-28064]
activity: The startTime will be set to the start of the current billing period by default.
The endTime will be set to the end of the current month. This applies to /sys/internal/counters/activity,
/sys/internal/counters/activity/export, and the vault operator usage command that utilizes /sys/internal/counters/activity. [GH-27379]
api: Update backoff/v3 to backoff/v4.3.0 [GH-26868]
auth/alicloud: Update plugin to v0.19.0 [GH-28263]
cli: The undocumented -dev-three-node and -dev-four-cluster CLI options have been removed. [GH-27578]
consul-template: updated to version 0.39.1 [GH-27799]
core(enterprise): Updated the following two control group related errors responses to respond with response code 400 instead of 500: control group: could not find token, and control group: token is not a valid control group token.
core: Bump Go version to 1.22.7
database/couchbase: Update plugin to v0.12.0 [GH-28327]
database/elasticsearch: Update plugin to v0.16.0 [GH-28277]
database/mongodbatlas: Update plugin to v0.13.0 [GH-28268]
database/redis-elasticache: Update plugin to v0.5.0 [GH-28293]
database/redis: Update plugin to v0.4.0 [GH-28404]
database/snowflake: Update plugin to v0.12.0 [GH-28275]
sdk: Upgrade to go-secure-stdlib/plugincontainer@v0.4.0, which also bumps github.com/docker/docker to v26.1.5+incompatible [GH-28269]
secrets/identity: A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their privileges to Vault's root policy (CVE-2024-9180) HCSEC-2024-21
CHANGES:
activity (enterprise): filter all fields in client count responses by the request namespace [GH-27790]
activity (enterprise): remove deprecated fields distinct_entities and non_entity_tokens [GH-27830]
activity log: Deprecated the field "default_report_months". Instead, the billing start time will be used to determine the start time
when querying the activity log endpoints. [GH-27350]
activity log: Deprecates the current_billing_period field for /sys/internal/counters/activity. The default start time
will automatically be set the billing period start date. [GH-27426]
activity: The activity export API now responds with a status of 204 instead 400 when no data exists within the time range specified by start_time and end_time. [GH-28064]
activity: The startTime will be set to the start of the current billing period by default.
The endTime will be set to the end of the current month. This applies to /sys/internal/counters/activity,
/sys/internal/counters/activity/export, and the vault operator usage command that utilizes /sys/internal/counters/activity. [GH-27379]
api: Update backoff/v3 to backoff/v4.3.0 [GH-26868]
auth/alicloud: Update plugin to v0.19.0 [GH-28263]
cli: The undocumented -dev-three-node and -dev-four-cluster CLI options have been removed. [GH-27578]
consul-template: updated to version 0.39.1 [GH-27799]
core(enterprise): Updated the following two control group related errors responses to respond with response code 400 instead of 500: control group: could not find token, and control group: token is not a valid control group token.
core: Bump Go version to 1.22.7
database/couchbase: Update plugin to v0.12.0 [GH-28327]
database/elasticsearch: Update plugin to v0.16.0 [GH-28277]
database/mongodbatlas: Update plugin to v0.13.0 [GH-28268]
database/redis-elasticache: Update plugin to v0.5.0 [GH-28293]
database/redis: Update plugin to v0.4.0 [GH-28404]
database/snowflake: Update plugin to v0.12.0 [GH-28275]
sdk: Upgrade to go-secure-stdlib/plugincontainer@v0.4.0, which also bumps github.com/docker/docker to v26.1.5+incompatible [GH-28269]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/argoproj-labs/argocd-vault-plugin/network/alerts).
dependabot[bot]
commented
4 weeks ago
Bumps github.com/hashicorp/vault from 1.17.6 to 1.18.0.
Release notes
Sourced from github.com/hashicorp/vault's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/vault's changelog.
... (truncated)
Commits
77f26ba[VAULT-31571] This is an automated pull request to build all artifacts for a ...3d01c8acontainerize: use latest docker action (#28612)552b7c7VAULT-31402: Add verification for all container images (#28605) (#28610)92ad805backport of commit bae00721d2a07299f50cdbaf3dc5348d26cc92a3 (#28602)5edfee5backport of commit 6a145af82a5b0e3c64ab659d99c14d165e647af8 (#28599)3c48f23backport of commit 1eaca82bbd7ab52cb10b4b1b7f8fd3f8f46a7638 (#28588)6eb4053backport of commit c7b029eb01d4839b0c8d1460f3f993d75fd3478a (#28595)7739a6ebackport of commit 287f5606b02a7099bbf246e9d76990f16551bc5c (#28591)e00633abackport of commit e8a432c4f881eb401368ee350161aa9e2b916b57 (#28584)e1a0787backport of commit baf794b6218e4c1490b97438f16eff06db3b69d3 (#28582)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show