Bump github.com/hashicorp/consul from 0.0.0-20171026175957-610f3c86a089 to 1.14.5

[dependabot[bot]]

Bumps github.com/hashicorp/consul from 0.0.0-20171026175957-610f3c86a089 to 1.14.5.

Release notes

Sourced from github.com/hashicorp/consul's releases.

v1.14.5

1.14.5 (March 7, 2023)

SECURITY:

• Upgrade to use Go 1.20.1. This resolves vulnerabilities CVE-2022-41724 in crypto/tls and CVE-2022-41723 in net/http. [GH-16263]

IMPROVEMENTS:

• container: Upgrade container image to use to Alpine 3.17. [GH-16358]
• mesh: Add ServiceResolver RequestTimeout for route timeouts to make request timeouts configurable [GH-16495]

BUG FIXES:

• mesh: Fix resolution of service resolvers with subsets for external upstreams [GH-16499]
• peering: Fix bug where services were incorrectly imported as connect-enabled. [GH-16339]
• peering: Fix issue where mesh gateways would use the wrong address when contacting a remote peer with the same datacenter name. [GH-16257]
• peering: Fix issue where secondary wan-federated datacenters could not be used as peering acceptors. [GH-16230]
• proxycfg: fix a bug where terminating gateways were not cleaning up deleted service resolvers for their referenced services [GH-16498]

v1.14.4

1.14.4 (January 26, 2023)

BREAKING CHANGES:

• connect: Fix configuration merging for transparent proxy upstreams. Proxy-defaults and service-defaults config entries were not correctly merged for implicit upstreams in transparent proxy mode and would result in some configuration not being applied. To avoid issues when upgrading, ensure that any proxy-defaults or service-defaults have correct configuration for upstreams, since all fields will now be properly used to configure proxies. [GH-16000]
• peering: Newly created peering connections must use only lowercase characters in the name field. Existing peerings with uppercase characters will not be modified, but they may encounter issues in various circumstances. To maintain forward compatibility and avoid issues, it is recommended to destroy and re-create any invalid peering connections so that they do not have a name containing uppercase characters. [GH-15697]

FEATURES:

• connect: add flags envoy-ready-bind-port and envoy-ready-bind-address to the consul connect envoy command that allows configuration of readiness probe on proxy for any service kind. [GH-16015]
• deps: update to latest go-discover to provide ECS auto-discover capabilities. [GH-13782]

IMPROVEMENTS:

• acl: relax permissions on the WatchServers, WatchRoots and GetSupportedDataplaneFeatures gRPC endpoints to accept any valid ACL token [GH-15346]
• connect: Add support for ConsulResolver to specifies a filter expression [GH-15659]
• grpc: Use new balancer implementation to reduce periodic WARN logs when shuffling servers. [GH-15701]
• partition: (Consul Enterprise only) when loading service from on-disk config file or sending API request to agent endpoint, if the partition is unspecified, consul will default the partition in the request to agent's partition [GH-16024]

BUG FIXES:

• agent: Fix assignment of error when auto-reloading cert and key file changes. [GH-15769]
• agent: Fix issue where the agent cache would incorrectly mark protobuf objects as updated. [GH-15866]
• cli: Fix issue where consul connect envoy was unable to configure TLS over unix-sockets to gRPC. [GH-15913]
• connect: (Consul Enterprise only) Fix issue where upstream configuration from proxy-defaults and service-defaults was not properly merged. This could occur when a mixture of empty-strings and "default" were used for the namespace or partition fields.
• connect: Fix issue where service-resolver protocol checks incorrectly errored for failover peer targets. [GH-15833]
• connect: Fix issue where watches on upstream failover peer targets did not always query the correct data. [GH-15865]

... (truncated)

Changelog

Sourced from github.com/hashicorp/consul's changelog.

1.14.5 (March 7, 2023)

SECURITY:

• Upgrade to use Go 1.20.1. This resolves vulnerabilities CVE-2022-41724 in crypto/tls and CVE-2022-41723 in net/http. [GH-16263]

IMPROVEMENTS:

• container: Upgrade container image to use to Alpine 3.17. [GH-16358]
• mesh: Add ServiceResolver RequestTimeout for route timeouts to make request timeouts configurable [GH-16495]

BUG FIXES:

• mesh: Fix resolution of service resolvers with subsets for external upstreams [GH-16499]
• peering: Fix bug where services were incorrectly imported as connect-enabled. [GH-16339]
• peering: Fix issue where mesh gateways would use the wrong address when contacting a remote peer with the same datacenter name. [GH-16257]
• peering: Fix issue where secondary wan-federated datacenters could not be used as peering acceptors. [GH-16230]
• proxycfg: fix a bug where terminating gateways were not cleaning up deleted service resolvers for their referenced services [GH-16498]

1.13.7 (March 7, 2023)

SECURITY:

• Upgrade to use Go 1.19.6. This resolves vulnerabilities CVE-2022-41724 in crypto/tls and CVE-2022-41723 in net/http. [GH-16299]

IMPROVEMENTS:

• xds: Removed a bottleneck in Envoy config generation. [GH-16269]
• container: Upgrade container image to use to Alpine 3.17. [GH-16358]
• mesh: Add ServiceResolver RequestTimeout for route timeouts to make request timeouts configurable [GH-16495]

BUG FIXES:

• mesh: Fix resolution of service resolvers with subsets for external upstreams [GH-16499]
• proxycfg: fix a bug where terminating gateways were not cleaning up deleted service resolvers for their referenced services [GH-16498]

1.15.0 (February 23, 2023)

KNOWN ISSUES:

• connect: A race condition can cause some service instances to lose their ability to communicate in the mesh after 72 hours (LeafCertTTL) due to a problem with leaf certificate rotation. This bug is fixed in Consul v1.15.2 by GH-16818.

BREAKING CHANGES:

• acl errors: Delete and get requests now return descriptive errors when the specified resource cannot be found. Other ACL request errors provide more information about when a resource is missing. Add error for when the ACL system has not been bootstrapped.
  • Delete Token/Policy/AuthMethod/Role/BindingRule endpoints now return 404 when the resource cannot be found.
    • New error formats: "Requested * does not exist: ACL not found", "* not found in namespace $NAMESPACE: ACL not found"
  • Read Token/Policy/Role endpoints now return 404 when the resource cannot be found.

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bridgecrewio/yor/network/alerts).

[JamesWoolfenden]

breaking change

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.