Bump github.com/hashicorp/consul from 1.14.3 to 1.17.0

[dependabot[bot]]

Bumps github.com/hashicorp/consul from 1.14.3 to 1.17.0.

Release notes

Sourced from github.com/hashicorp/consul's releases.

v1.17.0

1.17.0 (October 31, 2023)

BREAKING CHANGES:

• api: RaftLeaderTransfer now requires an id string. An empty string can be specified to keep the old behavior. [GH-17107]
• audit-logging: (Enterprise only) allowing timestamp based filename only on rotation. initially the filename will be just file.json [GH-18668]

SECURITY:

• Update golang.org/x/net to v0.17.0 to address CVE-2023-39325 / CVE-2023-44487(x/net/http2). [GH-19225]
• Upgrade Go to 1.20.10. This resolves vulnerability CVE-2023-39325 / CVE-2023-44487(net/http). [GH-19225]
• Upgrade google.golang.org/grpc to 1.56.3. This resolves vulnerability CVE-2023-44487. [GH-19414]
• connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address CVE-2023-44487 [GH-19275]

FEATURE PREVIEW: Catalog v2

This release provides the ability to preview Consul's v2 Catalog and Resource API if enabled. The new model supports multi-port application deployments with only a single Envoy proxy. Note that the v1 and v2 catalogs are not cross compatible, and not all Consul features are available within this v2 feature preview. See the v2 Catalog and Resource API documentation for more information. The v2 Catalog and Resources API should be considered a feature preview within this release and should not be used in production environments.

Limitations

• The v2 catalog API feature preview does not support connections with client agents. As a result, it is only available for Kubernetes deployments, which use Consul dataplanes instead of client agents.
• The v1 and v2 catalog APIs cannot run concurrently.
• The Consul UI does not support multi-port services or the v2 catalog API in this release.
• HCP Consul does not support multi-port services or the v2 catalog API in this release.

Significant Pull Requests

• [Catalog resource controllers]
• [Mesh resource controllers]
• [Auth resource controllers]
• [V2 Protobufs]

FEATURES:

• Support custom watches on the Consul Controller framework. [GH-18439]
• Windows: support consul connect envoy command on Windows [GH-17694]
• acl: Add BindRule support for templated policies. Add new BindType: templated-policy and BindVar field for templated policy variables. [GH-18719]
• acl: Add new acl.tokens.dns config field which specifies the token used implicitly during dns checks. [GH-17936]
• acl: Added ACL Templated policies to simplify getting the right ACL token. [GH-18708]
• acl: Adds a new ACL rule for workload identities [GH-18769]
• acl: Adds workload identity templated policy [GH-19077]
• api-gateway: Add support for response header modifiers on http-route configuration entry [GH-18646]

... (truncated)

Changelog

Sourced from github.com/hashicorp/consul's changelog.

1.17.0 (October 31, 2023)

BREAKING CHANGES:

• api: RaftLeaderTransfer now requires an id string. An empty string can be specified to keep the old behavior. [GH-17107]
• audit-logging: (Enterprise only) allowing timestamp based filename only on rotation. initially the filename will be just file.json [GH-18668]

SECURITY:

• Update golang.org/x/net to v0.17.0 to address CVE-2023-39325 / CVE-2023-44487(x/net/http2). [GH-19225]
• Upgrade Go to 1.20.10. This resolves vulnerability CVE-2023-39325 / CVE-2023-44487(net/http). [GH-19225]
• Upgrade google.golang.org/grpc to 1.56.3. This resolves vulnerability CVE-2023-44487. [GH-19414]
• connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address CVE-2023-44487 [GH-19275]

FEATURE PREVIEW: Catalog v2

This release provides the ability to preview Consul's v2 Catalog and Resource API if enabled. The new model supports multi-port application deployments with only a single Envoy proxy. Note that the v1 and v2 catalogs are not cross compatible, and not all Consul features are available within this v2 feature preview. See the v2 Catalog and Resource API documentation for more information. The v2 Catalog and Resources API should be considered a feature preview within this release and should not be used in production environments.

Limitations

• The v2 catalog API feature preview does not support connections with client agents. As a result, it is only available for Kubernetes deployments, which use Consul dataplanes instead of client agents.
• The v1 and v2 catalog APIs cannot run concurrently.
• The Consul UI does not support multi-port services or the v2 catalog API in this release.
• HCP Consul does not support multi-port services or the v2 catalog API in this release.

Significant Pull Requests

• [Catalog resource controllers]
• [Mesh resource controllers]
• [Auth resource controllers]
• [V2 Protobufs]

FEATURES:

• Support custom watches on the Consul Controller framework. [GH-18439]
• Windows: support consul connect envoy command on Windows [GH-17694]
• acl: Add BindRule support for templated policies. Add new BindType: templated-policy and BindVar field for templated policy variables. [GH-18719]
• acl: Add new acl.tokens.dns config field which specifies the token used implicitly during dns checks. [GH-17936]
• acl: Added ACL Templated policies to simplify getting the right ACL token. [GH-18708]
• acl: Adds a new ACL rule for workload identities [GH-18769]
• acl: Adds workload identity templated policy [GH-19077]
• api-gateway: Add support for response header modifiers on http-route configuration entry [GH-18646]
• api-gateway: add retry and timeout filters [GH-18324]

... (truncated)

Commits

• 4e3f428 Dans/release 1.17.0 prep (#19445)
• adc6f73 Backport of [NET-5916] Fix locality-aware routing config and tests (CE) to re...
• 96eb977 update changelog 1.17.0 (#19447)
• 731898e Backport of [NET-6138] security: Bump google.golang.org/grpc to 1.56.3 (CVE-2...
• 54799b9 Manual Backport of NET-6294 - v1 Agentless proxycfg datasource errors after v...
• 312a38e [1.17.0 backport] [NET-6305] xds: Ensure v2 route match and protocol are popu...
• 7ff7649 1.17.0 backport: bump raft-wal version to 0.4.1 (#19314) (#19357)
• fe5e19c [NET-6295] Backport of Add grpc keepalive configuration. (#19339) (#19355)
• c20aa58 [1.17.0 manual backport] mesh: ensure route configs are named uniquely per p...
• bdcfbea Backport/net-5930/fix/rate limit config entry snake case (#19297)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #244.