search

getsops / sops

Simple and flexible tool for managing secrets
https://getsops.io/
Mozilla Public License 2.0
15.77k stars 842 forks source link

build(deps): Bump the go group across 1 directory with 24 updates #1511

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the go group with 11 updates in the / directory:

Package From To
cloud.google.com/go/kms 1.15.7 1.17.0
github.com/Azure/azure-sdk-for-go/sdk/azcore 1.9.2 1.11.1
github.com/Azure/azure-sdk-for-go/sdk/azidentity 1.5.1 1.5.2
github.com/ProtonMail/go-crypto 1.1.0-alpha.0-proton 1.1.0-alpha.2
github.com/aws/aws-sdk-go-v2 1.25.0 1.27.0
github.com/aws/aws-sdk-go-v2/config 1.27.0 1.27.15
github.com/aws/aws-sdk-go-v2/feature/s3/manager 1.16.0 1.16.20
github.com/aws/aws-sdk-go-v2/service/kms 1.28.1 1.31.3
github.com/fatih/color 1.16.0 1.17.0
github.com/hashicorp/vault/api 1.12.0 1.13.0
github.com/urfave/cli 1.22.14 1.22.15

Updates cloud.google.com/go/kms from 1.15.7 to 1.17.0

Release notes

Sourced from cloud.google.com/go/kms's releases.

datastore: v1.17.0

1.17.0 (2024-05-08)

Features

kms: v1.17.0

1.17.0 (2024-05-16)

Features

  • kms: Add client library for KMS Autokey service, which enables automated KMS key provision and management (292e812)

retail: v1.16.2

1.16.2 (2024-05-01)

Bug Fixes

  • retail: Bump x/net to v0.24.0 (ba31ed5)

security: v1.16.1

1.16.1 (2024-05-01)

Bug Fixes

  • security: Bump x/net to v0.24.0 (ba31ed5)

dataplex: v1.16.0

1.16.0 (2024-05-08)

Features

  • dataplex: Updated client libraries for Dataplex Catalog (a4a8fbc)

kms: v1.16.0

1.16.0 (2024-05-08)

Features

  • kms: Introduce Long-Running Operations (LRO) for KMS (3e25053)
  • kms: Support the ED25519 asymmetric signing algorithm (3e25053)
Changelog

Sourced from cloud.google.com/go/kms's changelog.

1.17.0 (2023-03-15)

Features

  • documentai: Added hints.language_hints field in OcrConfig (#7522) (b2c40c3)

1.16.0 (2023-02-22)

Features

1.15.0 (2023-02-14)

⚠ BREAKING CHANGES

  • documentai: The TrainProcessorVersion parent was incorrectly annotated.

Features

  • documentai: Add REST client (06a54a1)
  • documentai: Added advanced_ocr_options field in OcrConfig (45c70e3)
  • documentai: Added EvaluationReference to evaluation.proto (#7290) (4623db8)
  • documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
  • documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
  • documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
  • documentai: Exposed GetProcessorType to v1 (447afdd)
  • documentai: Exposed GetProcessorType to v1beta3 (447afdd)
  • documentai: Rewrite signatures in terms of new location (3c4b2b3)
  • documentai: Start generating stubs dir (de2d180)

Miscellaneous Chores

1.8.0 (2023-02-14)

Features

  • documentai: Add REST client (06a54a1)
  • documentai: Added advanced_ocr_options field in OcrConfig (45c70e3)
  • documentai: Added EvaluationReference to evaluation.proto (#7290) (4623db8)
  • documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
  • documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)

... (truncated)

Commits


Updates cloud.google.com/go/storage from 1.38.0 to 1.39.1

Commits
  • 71dc4c6 chore(main): release storage 1.39.1 (#9524)
  • ae7dc65 chore(apphub): add config to generate apiv1 (#9550)
  • 50fcc6e chore(main): release bigtable 1.22.0 (#9551)
  • 74dcd1f chore(securitycenter): add config to generate apiv2 (#9549)
  • 3f4d7c2 chore(cloudcontrolspartner): add config to generate apiv1 (#9548)
  • 48614ab chore(bigtable): release 1.22.0 (#9547)
  • 511d9b2 fix(vertexai): clarify Client.GenerativeModel documentation (#9533)
  • f0a2781 chore: re-drop weak refs to parent modules and tag (#9545)
  • bdf2f17 chore(main): release auth 0.1.1 (#8920)
  • 9b97ce7 feat(spanner/spansql): support Table rename & Table synonym (#9275)
  • Additional commits viewable in compare view


Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.2 to 1.11.1

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.11.1

1.11.1 (2024-04-02)

Bugs Fixed

  • Pollers that use the Location header won't consider http.StatusRequestTimeout a terminal failure.
  • runtime.Poller[T].Result won't consider non-terminal error responses as terminal.

sdk/azcore/v1.11.0

1.11.0 (2024-04-01)

Features Added

  • Added StatusCodes to arm/policy.RegistrationOptions to allow supporting non-standard HTTP status codes during registration.
  • Added field InsecureAllowCredentialWithHTTP to azcore.ClientOptions and dependent authentication pipeline policies.
  • Added type MultipartContent to the streaming package to support multipart/form payloads with custom Content-Type and file name.

Bugs Fixed

  • runtime.SetMultipartFormData won't try to stringify []byte values.
  • Pollers that use the Location header won't consider http.StatusTooManyRequests a terminal failure.

Other Changes

  • Update dependencies.

sdk/azcore/v1.10.0

1.10.0 (2024-02-29)

Features Added

  • Added logging event log.EventResponseError that will contain the contents of ResponseError.Error() whenever an azcore.ResponseError is created.
  • Added runtime.NewResponseErrorWithErrorCode for creating an azcore.ResponseError with a caller-supplied error code.
  • Added type MatchConditions for use in conditional requests.

Bugs Fixed

  • Fixed a potential race condition between NullValue and IsNullValue.
  • runtime.EncodeQueryParams will escape semicolons before calling url.ParseQuery.

Other Changes

  • Update dependencies.
Commits
  • 76e5495 Prep azcore@v1.11.1 for release (#22680)
  • 2650473 Increment package version after release of messaging/azeventhubs (#22677)
  • 51ef615 runtime.Poller.Result won't be done on non-terminal error (#22675)
  • aef7678 Increment package version after release of messaging/azservicebus (#22678)
  • a67b4de Increment package version after release of messaging/eventgrid/azeventgrid (#...
  • e978d51 [azopenai] Updating doc comments based on feedback from an issue, as well as ...
  • 4116d5d Don't consider 408 as terminal failure for Location poller (#22674)
  • e036aea Sync eng/common directory with azure-sdk-tools for PR 7989 (#22673)
  • 53f73ad Sync eng/common directory with azure-sdk-tools for PR 7988 (#22672)
  • 9e78ee2 [azeventgrid] Prepping for first GA of the Event Grid Basic package. (#22667)
  • Additional commits viewable in compare view


Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.1 to 1.5.2

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.

sdk/azidentity/v1.5.2

1.5.2 (2024-04-09)

Bugs Fixed

  • ManagedIdentityCredential now specifies resource IDs correctly for Azure Container Instances

Other Changes

  • Restored v1.4.0 error behavior for empty tenant IDs
  • Upgraded dependencies
Commits
  • 299ebfe Prepare internal for release (#22339)
  • d00123d Update packages (#22338)
  • 0a332e3 Fix issue in Verify-Link.ps1 after PS 7.4 update (#22336)
  • c8ae7ed Sync eng/common directory with azure-sdk-tools for PR 7615 (#22335)
  • 9ae828c Replace ErrAuthenticationRequired with AuthenticationRequiredError (#22317)
  • 7c50f09 [Release] sdk/resourcemanager/springappdiscovery/armspringappdiscovery/0.1.0 ...
  • b36de61 Added spec location verification to the release pipeline (#22301)
  • 00f2b8b Go SDK for Azure Web PubSub Data plane (#21929)
  • 0aa2409 Sync eng/common directory with azure-sdk-tools for PR 7585 (#22312)
  • 572ba1f JSON marshaling helpers will preserve Content-Type (#22309)
  • Additional commits viewable in compare view


Updates github.com/ProtonMail/go-crypto from 1.1.0-alpha.0-proton to 1.1.0-alpha.2

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

v1.1.0-alpha.1

What's Changed

Removes the openpgp.VerifyDetachedSignatureAndSaltedHash function and the packet.SaltedHashSpecifier as they are no longer required. They were introduced for verifying the headers in cleartext messages. However, in the latest crypto-refresh specification, cleartext message headers were dropped.

Full Changelog: v1.1.0-alpha.0...v1.1.0-alpha.1

v1.1.0-alpha.1-proton

This pre-release is v1.1.0-alpha.1 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

Commits


Updates github.com/aws/aws-sdk-go-v2 from 1.25.0 to 1.27.0

Commits


Updates github.com/aws/aws-sdk-go-v2/config from 1.27.0 to 1.27.15

Commits


Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.0 to 1.17.15

Commits


Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.0 to 1.16.20

Commits


Updates github.com/aws/aws-sdk-go-v2/service/kms from 1.28.1 to 1.31.3

Commits
  • fcc0f5d Release 2023-04-10
  • cd750e0 Regenerated Clients
  • 1bc2f05 Update endpoints model
  • b964f5c Update API model
  • fd69015 fix APIGW exports nullability exceptions
  • fae239a Merge pull request #2089 from aws/auditAccessibility
  • acf33a2 Update aws-sdk-go-v2's comment codegened from Smithy Go's updated document sm...
  • 27360c1 fix APIGW exports nullability exceptions
  • 30383d5 Release 2023-04-07
  • 352f89c Regenerated Clients
  • Additional commits viewable in compare view


Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.49.0 to 1.54.2

Commits


Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.27.0 to 1.28.9

Commits


Updates github.com/fatih/color from 1.16.0 to 1.17.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.17.0

What's Changed

New Contributors

Full Changelog: https://github.com/fatih/color/compare/v1.16.0...v1.17.0

Commits
  • b6598b1 Merge pull request #228 from klauspost/fix-println-issue-218
  • 00b1811 Fix multi-parameter println spacing
  • 04994a8 Merge pull request #224 from fatih/dependabot/go_modules/golang.org/x/sys-0.18.0
  • 7526cad Merge branch 'main' into dependabot/go_modules/golang.org/x/sys-0.18.0
  • 8d058ca Merge pull request #222 from fatih/ci-updates
  • 2ac809f Bump golang.org/x/sys from 0.17.0 to 0.18.0
  • 51a7bbf ci: update Go and Staticcheck versions
  • 799c49c Merge pull request #217 from fatih/dependabot/github_actions/actions/setup-go-5
  • f8e0ec9 Merge branch 'main' into dependabot/github_actions/actions/setup-go-5
  • 298abd8 Merge pull request #221 from fatih/dependabot/go_modules/golang.org/x/sys-0.17.0
  • Additional commits viewable in compare view


Updates github.com/golang/protobuf from 1.5.3 to 1.5.4

Release notes

Sourced from github.com/golang/protobuf's releases.

v1.5.4

Notable changes

  • update descriptor.proto to latest version
Commits


Updates github.com/hashicorp/vault/api from 1.12.0 to 1.13.0

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.13.0

1.13.0

March 01, 2023

SECURITY:

  • secrets/ssh: removal of the deprecated dynamic keys mode. When any remaining dynamic key leases expire, an error stating secret is unsupported by this backend will be thrown by the lease manager. [GH-18874]

CHANGES:

  • auth/alicloud: require the role field on login [GH-19005]
  • auth/approle: Add maximum length of 4096 for approle role_names, as this value results in HMAC calculation [GH-17768]
  • auth: Returns invalid credentials for ldap, userpass and approle when wrong credentials are provided for existent users. This will only be used internally for implementing user lockout. [GH-17104]
  • core: Bump Go version to 1.20.1.
  • core: Vault version has been moved out of sdk and into main vault module. Plugins using sdk/useragent.String must instead use sdk/useragent.PluginString. [GH-14229]
  • logging: Removed legacy environment variable for log format ('LOGXI_FORMAT'), should use 'VAULT_LOG_FORMAT' instead [GH-17822]
  • plugins: Mounts can no longer be pinned to a specific builtin version. Mounts previously pinned to a specific builtin version will now automatically upgrade to the latest builtin version, and may now be overridden if an unversioned plugin of the same name and type is registered. Mounts using plugin versions without builtin in their metadata remain unaffected. [GH-18051]
  • plugins: GET /database/config/:name endpoint now returns an additional plugin_version field in the response data. [GH-16982]
  • plugins: GET /sys/auth/:path/tune and GET /sys/mounts/:path/tune endpoints may now return an additional plugin_version field in the response data if set. [GH-17167]
  • plugins: GET for /sys/auth, /sys/auth/:path, /sys/mounts, and /sys/mounts/:path paths now return additional plugin_version, running_plugin_version and running_sha256 fields in the response data for each mount. [GH-17167]
  • sdk: Remove version package, make useragent.String versionless. [GH-19068]
  • secrets/aws: do not create leases for non-renewable/non-revocable STS credentials to reduce storage calls [GH-15869]
  • secrets/gcpkms: Updated plugin from v0.13.0 to v0.14.0 [GH-19063]
  • sys/internal/inspect: Turns of this endpoint by default. A SIGHUP can now be used to reload the configs and turns this endpoint on.
  • ui: Upgrade Ember to version 4.4.0 [GH-17086]

FEATURES:

  • Azure Auth Managed Identities: Allow any Azure resource that supports managed identities to authenticate with Vault [GH-19077]
  • Azure Auth Rotate Root: Add support for rotate root in Azure Auth engine [GH-19077]
  • Event System (Alpha): Vault has a new opt-in experimental event system. Not yet suitable for production use. Events are currently only generated on writes to the KV secrets engine, but external plugins can also be updated to start generating events. [GH-19194]
  • GCP Secrets Impersonated Account Support: Add support for GCP service account impersonation, allowing callers to generate a GCP access token without requiring Vault to store or retrieve a GCP service account key for each role. [GH-19018]
  • Kubernetes Secrets Engine UI: Kubernetes is now available in the UI as a supported secrets engine. [GH-17893]
  • New PKI UI: Add beta support for new and improved PKI UI [GH-18842]
  • PKI Cross-Cluster Revocations: Revocation information can now be synchronized across primary and performance replica clusters offering a unified CRL/OCSP view of revocations across cluster boundaries. [GH-19196]
  • Server UDS Listener: Adding listener to Vault server to serve http request via unix domain socket [GH-18227]
  • Transit managed keys: The transit secrets engine now supports configuring and using managed keys
  • User Lockout: Adds support to configure the user-lockout behaviour for failed logins to prevent brute force attacks for userpass, approle and ldap auth methods. [GH-19230]
  • VMSS Flex Authentication: Adds support for Virtual Machine Scale Set Flex Authentication [GH-19077]
  • Namespaces (enterprise): Added the ability to allow access to secrets and more to be shared across namespaces that do not share a namespace hierarchy. Using the new sys/config/group-policy-application API, policies can be configured to apply outside of namespace hierarchy, allowing this kind of cross-namespace sharing.
  • OpenAPI-based Go & .NET Client Libraries (Beta): We have now made available two new OpenAPI-based Go & .NET Client libraries (beta). You can use them to perform various secret management operations easily from your applications.

IMPROVEMENTS:

  • Redis ElastiCache DB Engine: Renamed configuration parameters for disambiguation; old parameters still supported for compatibility. [GH-18752]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.13.0

March 01, 2023

SECURITY:

  • secrets/ssh: removal of the deprecated dynamic keys mode. When any remaining dynamic key leases expire, an error stating secret is unsupported by this backend will be thrown by the lease manager. [GH-18874]
  • auth/approle: When using the Vault and Vault Enterprise (Vault) approle auth method, any authenticated user with access to the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999 has been fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. [HSEC-2023-07]

CHANGES:

  • auth/alicloud: require the role field on login [GH-19005]
  • auth/approle: Add maximum length of 4096 for approle role_names, as this value results in HMAC calculation [GH-17768]
  • auth: Returns invalid credentials for ldap, userpass and approle when wrong credentials are provided for existent users. This will only be used internally for implementing user lockout. [GH-17104]
  • core: Bump Go version to 1.20.1.
  • core: Vault version has been moved out of sdk and into main vault module. Plugins using sdk/useragent.String must instead use sdk/useragent.PluginString. [GH-14229]
  • logging: Removed legacy environment variable for log format ('LOGXI_FORMAT'), should use 'VAULT_LOG_FORMAT' instead [GH-17822]
  • plugins: Mounts can no longer be pinned to a specific builtin version. Mounts previously pinned to a specific builtin version will now automatically upgrade to the latest builtin version, and may now be overridden if an unversioned plugin of the same name and type is registered. Mounts using plugin versions without builtin in their metadata remain unaffected. [GH-18051]
  • plugins: GET /database/config/:name endpoint now returns an additional plugin_version field in the response data. [GH-16982]
  • plugins: GET /sys/auth/:path/tune and GET /sys/mounts/:path/tune endpoints may now return an additional plugin_version field in the response data if set. [GH-17167]
  • plugins: GET for /sys/auth, /sys/auth/:path, /sys/mounts, and /sys/mounts/:path paths now return additional plugin_version, running_plugin_version and running_sha256 fields in the response data for each mount. [GH-17167]
  • sdk: Remove version package, make useragent.String versionless. [GH-19068]
  • secrets/aws: do not create leases for non-renewable/non-revocable STS credentials to reduce storage calls [GH-15869]
  • secrets/gcpkms: Updated plugin from v0.13.0 to v0.14.0 [GH-19063]
  • sys/internal/inspect: Turns of this endpoint by default. A SIGHUP can now be used to reload the configs and turns this endpoint on.
  • ui: Upgrade Ember to version 4.4.0 [GH-17086]

FEATURES:

  • User lockout: Ignore repeated bad credentials from the same user for a configured period of time. Enabled by default.
  • Azure Auth Managed Identities: Allow any Azure resource that supports managed identities to authenticate with Vault [GH-19077]
  • Azure Auth Rotate Root: Add support for rotate root in Azure Auth engine [GH-19077]
  • Event System (Alpha): Vault has a new opt-in experimental event system. Not yet suitable for production use. Events are currently only generated on writes to the KV secrets engine, but external plugins can also be updated to start generating events. [GH-19194]
  • GCP Secrets Impersonated Account Support: Add support for GCP service account impersonation, allowing callers to generate a GCP access token without requiring Vault to store or retrieve a GCP service account key for each role. [GH-19018]
  • Kubernetes Secrets Engine UI: Kubernetes is now available in the UI as a supported secrets engine. [GH-17893]
  • New PKI UI: Add beta support for new and improved PKI UI [GH-18842]
  • PKI Cross-Cluster Revocations: Revocation information can now be synchronized across primary and performance replica clusters offering a unified CRL/OCSP view of revocations across cluster boundaries. [GH-19196]
  • Server UDS Listener: Adding listener to Vault server to serve http request via unix domain socket [GH-18227]
  • Transit managed keys: The transit secrets engine now supports configuring and using managed keys
  • User Lockout: Adds support to configure the user-lockout behaviour for failed logins to prevent brute force attacks for userpass, approle and ldap auth methods. [GH-19230]
  • VMSS Flex Authentication: Adds support for Virtual Machine Scale Set Flex Authentication [GH-19077]
  • Namespaces (enterprise): Added the ability to allow access to secrets and more to be shared across namespaces that do not share a namespace hierarchy. Using the new sys/config/group-policy-application API, policies can be configured to apply outside of namespace hierarchy, allowing this kind of cross-namespace sharing.
  • OpenAPI-based Go & .NET Client Libraries (Beta): We have now made available two new [OpenAPI-based Go] & [OpenAPI-based .NET] Client libraries (beta). You can use them to perform various secret management operations easily from your applications.

IMPROVEMENTS:

... (truncated)

Commits
  • a4cf0dc Remove rc1 prerelease tag. (#19417)
  • 0a42f2a backport of commit 9bb8321a5bf5b26beae865eb6290bd17aabc159f (#19409)
  • 75f1ea2 backport of commit eb70bfdc5bfb0dd4c47326e1933b94bd93602c56 (#19407)
  • 20e201b backport of commit da31528fdc0d9b043a21b1676694eecfaef130db (#19405)
  • 7383b52 backport of commit 52bbf65ae7232e9306c8c8d7d392399f82d24f04 (#19397)
  • b3dc15f backport of commit ba013912b1b2fd75fd7776fecb5e5f0329cb21e4 (#19396)
  • 1240c8c backport of commit 538bb799e49ba12e6b6fec9877d7a03b2225d239 (#19381)
  • 478b6f1 backport of commit 7b2ff1f111b95786528bd578fea5f25b88afb119 (#19382)
  • a5edc66 backport of commit d35be2d0de3d1c036248570c538c2051c4c1dc57 (#19375)
  • a0beacd Backport of add nil check for secret id entry on delete via accessor into rel...
  • Additional commits viewable in compare view


Updates github.com/stretchr/testify from 1.8.4 to 1.9.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.9.0

What's Changed

dependabot[bot] commented 1 month ago

Superseded by #1515.