Bump github.com/hashicorp/consul from 1.14.3 to 1.17.1

[dependabot[bot]]

Bumps github.com/hashicorp/consul from 1.14.3 to 1.17.1.

Release notes

Sourced from github.com/hashicorp/consul's releases.

v1.17.1

1.17.1 (December 12, 2023)

SECURITY:

• Update github.com/golang-jwt/jwt/v4 to v4.5.0 to address PRISMA-2022-0270. [GH-19705]
• Upgrade to use Go 1.20.12. This resolves CVEs CVE-2023-45283: (path/filepath) recognize ??\ as a Root Local Device path prefix (Windows) CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows) CVE-2023-39326: (net/http) limit chunked data overhead CVE-2023-45285: (cmd/go) go get may unexpectedly fallback to insecure git [GH-19840]
• connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address CVE-2023-44487 [GH-19274]

FEATURES:

• acl: Adds nomad client templated policy [GH-19827]
• cli: Adds new subcommand peering exported-services to list services exported to a peer . Refer to the CLI docs for more information. [GH-19821]

IMPROVEMENTS:

• mesh: parse the proxy-defaults protocol when write the config-entry to avoid parsing it when compiling the discovery chain. [GH-19829]
• wan-federation: use a hash to diff config entries when replicating in the secondary DC to avoid unnecessary writes.. [GH-19795]
• Replaces UI Side Nav with Helios Design System Side Nav. Adds dc/partition/namespace searching in Side Nav. [GH-19342]
• acl: add api-gateway templated policy [GH-19728]
• acl: add templated policy descriptions [GH-19735]
• api: Add support for listing ACL tokens by service name when using templated policies. [GH-19666]
• cli: stop simultaneous usage of -templated-policy and -templated-policy-file when creating a role or token. [GH-19389]
• cloud: push additional server TLS metadata to HCP [GH-19682]
• connect: Default stats_flush_interval to 60 seconds when using the Consul Telemetry Collector, unless custom stats sink are present or an explicit flush interval is configured. [GH-19663]
• metrics: increment consul.client.rpc.failed if RPC fails because no servers are accessible [GH-19721]
• metrics: modify consul.client.rpc metric to exclude internal retries for consistency with consul.client.rpc.exceeded and consul.client.rpc.failed [GH-19721]
• ui: move nspace and partitions requests into their selector menus [GH-19594]

BUG FIXES:

• CLI: fix a panic when deleting a non existing policy by name. [GH-19679]
• Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. [GH-19268]
• ca: Fix bug with Vault CA provider where renewing a retracted token would cause retries in a tight loop, degrading performance. [GH-19285]
• ca: Fix bug with Vault CA provider where token renewal goroutines could leak if CA failed to initialize. [GH-19285]
• connect: Solves an issue where two upstream services with the same name in different namespaces were not getting routed to correctly by API Gateways. [GH-19860]
• federation: (Enterprise Only) Fixed an issue where namespace reconciliation could result into the secondary having dangling instances of namespaces marked for deletion
• ui: clear peer on home logo link [GH-19549]
• ui: fix being able to view peered services from non-default namnespaces [GH-19586]
• ui: stop manually reconciling services if peering is enabled [GH-19907]
• wan-federation: Fix a bug where servers wan-federated through mesh-gateways could crash due to overlapping LAN IP addresses. [GH-19503]
• xds: Add configurable xds_fetch_timeout_ms option to proxy registrations that allows users to prevent endpoints from dropping when they have proxies with a large number of upstreams. [GH-19871]
• xds: ensure child resources are re-sent to Envoy when the parent is updated even if the child already has pending updates. [GH-19866]

v1.17.0

1.17.0 (October 31, 2023)

... (truncated)

Changelog

Sourced from github.com/hashicorp/consul's changelog.

1.17.1 (December 12, 2023)

SECURITY:

• Update github.com/golang-jwt/jwt/v4 to v4.5.0 to address PRISMA-2022-0270. [GH-19705]
• Upgrade to use Go 1.20.12. This resolves CVEs CVE-2023-45283: (path/filepath) recognize ??\ as a Root Local Device path prefix (Windows) CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows) CVE-2023-39326: (net/http) limit chunked data overhead CVE-2023-45285: (cmd/go) go get may unexpectedly fallback to insecure git [GH-19840]
• connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address CVE-2023-44487 [GH-19274]

FEATURES:

• acl: Adds nomad client templated policy [GH-19827]
• cli: Adds new subcommand peering exported-services to list services exported to a peer . Refer to the CLI docs for more information. [GH-19821]

IMPROVEMENTS:

• mesh: parse the proxy-defaults protocol when write the config-entry to avoid parsing it when compiling the discovery chain. [GH-19829]
• wan-federation: use a hash to diff config entries when replicating in the secondary DC to avoid unnecessary writes.. [GH-19795]
• Replaces UI Side Nav with Helios Design System Side Nav. Adds dc/partition/namespace searching in Side Nav. [GH-19342]
• acl: add api-gateway templated policy [GH-19728]
• acl: add templated policy descriptions [GH-19735]
• api: Add support for listing ACL tokens by service name when using templated policies. [GH-19666]
• cli: stop simultaneous usage of -templated-policy and -templated-policy-file when creating a role or token. [GH-19389]
• cloud: push additional server TLS metadata to HCP [GH-19682]
• connect: Default stats_flush_interval to 60 seconds when using the Consul Telemetry Collector, unless custom stats sink are present or an explicit flush interval is configured. [GH-19663]
• metrics: increment consul.client.rpc.failed if RPC fails because no servers are accessible [GH-19721]
• metrics: modify consul.client.rpc metric to exclude internal retries for consistency with consul.client.rpc.exceeded and consul.client.rpc.failed [GH-19721]
• ui: move nspace and partitions requests into their selector menus [GH-19594]

BUG FIXES:

• CLI: fix a panic when deleting a non existing policy by name. [GH-19679]
• Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. [GH-19268]
• ca: Fix bug with Vault CA provider where renewing a retracted token would cause retries in a tight loop, degrading performance. [GH-19285]
• ca: Fix bug with Vault CA provider where token renewal goroutines could leak if CA failed to initialize. [GH-19285]
• connect: Solves an issue where two upstream services with the same name in different namespaces were not getting routed to correctly by API Gateways. [GH-19860]
• federation: (Enterprise Only) Fixed an issue where namespace reconciliation could result into the secondary having dangling instances of namespaces marked for deletion
• ui: clear peer on home logo link [GH-19549]
• ui: fix being able to view peered services from non-default namnespaces [GH-19586]
• ui: stop manually reconciling services if peering is enabled [GH-19907]
• wan-federation: Fix a bug where servers wan-federated through mesh-gateways could crash due to overlapping LAN IP addresses. [GH-19503]
• xds: Add configurable xds_fetch_timeout_ms option to proxy registrations that allows users to prevent endpoints from dropping when they have proxies with a large number of upstreams. [GH-19871]
• xds: ensure child resources are re-sent to Envoy when the parent is updated even if the child already has pending updates. [GH-19866]

1.17.0 (October 31, 2023)

BREAKING CHANGES:

... (truncated)

Commits

• 9bcafa2 Stage 1.17.1
• 38074d0 Backport of fix: token list in Role details page is updated with tokens linke...
• c4caa31 Backport of Hash based config entry replication into release/1.17.x (#19916)
• 6c6d978 Backport of Remove warning for consul 1.17 deprecation into release/1.17.x (#...
• a896e58 Backport of NET-6900: stop reconciling services when peering is enabled into ...
• 9cb44f6 Backport of fix: remove test to unblock CI into release/1.17.x (#19911)
• 1f7e425 Backport of docs: Updates to required ports into release/1.17.x (#19898)
• b11ccb9 Backport of Add documentation for proxy-config-map and xds_fetch_timeout_ms. ...
• b24acb6 Backport of [NET-6842] splitting go version on different lines into release/1...
• 2124855 Backport of: Fix ClusterLoadAssignment timeouts dropping endpoints. into 1.17...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #253.