Upgrade to use golang.org/x/net v0.24.0. This resolves CVE
CVE-2023-45288 (x/net). [GH-20956]
IMPROVEMENTS:
gateways: service defaults configuration entries can now be used to set default upstream limits for mesh-gateways [GH-20945]
connect: Add ability to disable Auto Host Header Rewrite on Terminating Gateway at the service level [GH-20802]
BUG FIXES:
dns: fix a bug with sameness group queries in DNS where responses did not respect DefaultForFailover.
DNS requests against sameness groups without this field set will now error as intended.
error running consul server in 1.18.0: failed to configure SCADA provider user's home directory path: $HOME is not defined [GH-20926]
server: fix Ent snapshot restore on CE when CE downgrade is enabled [GH-20977]
xds: Make TCP external service registered with terminating gateway reachable from peered cluster [GH-19881]
1.17.5 Enterprise (May 14, 2024)
SECURITY:
Bump Dockerfile base image to alpine:3.19. [GH-20897]
Update vault/api to v1.12.2 to address CVE-2024-28180
(removes indirect dependency on impacted go-jose.v2) [GH-20910]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/consul/api from 1.28.2 to 1.28.3.
Changelog
Sourced from github.com/hashicorp/consul/api's changelog.
... (truncated)
Commits
fd6d38eBackport of build: update gha to latest approved tsccr into release/1.18.x (#...6716981Backport of Fixed broken link in the ECS documentation into release/1.18.x (#...4c9a4aaBackport of docs: Add fault injection to Envoy extensions list into release/1...8145cf0Backport of docs: fix typo in security/acl into release/1.18.x (#21086)a683be0Backport of docs: Fix docs for-ui-content-pathCLI flag into release/1.18....a15c9c3Backport of [NET-8601] security: upgrade vault/api to remove go-jose.v2 into ...8d167eeBackport of NET-9143 - sameness group queries in DNS do not respect DefaultFo...c52e8faBackport of security: Upgrade Go to 1.21.10 into release/1.18.x (#21077)8341e96Backport of [NET-9141] ci: skip LICENSE copy for Ent linux packages into rele...537b50eBackport of [NET-9098] Narrow scope of peering config on terminating gw filte...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show