search

johanbrandhorst / certify

Automatic client and server certificate distribution and maintenance
https://jbrandhorst.com/post/certify/
MIT License
465 stars 38 forks source link

Update module github.com/hashicorp/vault/api to v1.7.2 #208

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
github.com/hashicorp/vault/api require patch v1.7.1 -> v1.7.2

Release Notes

hashicorp/vault ### [`v1.7.2`](https://togithub.com/hashicorp/vault/releases/tag/v1.7.2) [Compare Source](https://togithub.com/hashicorp/vault/compare/v1.7.1...v1.7.2) #### 1.7.2 ##### May 20th, 2021 SECURITY: - Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923). CHANGES: - agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method \[[GH-11473](https://togithub.com/hashicorp/vault/pull/11473)] - auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs \[[GH-11494](https://togithub.com/hashicorp/vault/pull/11494)] IMPROVEMENTS: - api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. \[[GH-11445](https://togithub.com/hashicorp/vault/pull/11445)] - auth/aws: Underlying error included in validation failure message. \[[GH-11638](https://togithub.com/hashicorp/vault/pull/11638)] - http: Add optional HTTP response headers for hostname and raft node ID \[[GH-11289](https://togithub.com/hashicorp/vault/pull/11289)] - secrets/aws: add ability to provide a role session name when generating STS credentials \[[GH-11345](https://togithub.com/hashicorp/vault/pull/11345)] - secrets/database/mongodb: Add ability to customize `SocketTimeout`, `ConnectTimeout`, and `ServerSelectionTimeout` \[[GH-11600](https://togithub.com/hashicorp/vault/pull/11600)] - secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB \[[GH-11600](https://togithub.com/hashicorp/vault/pull/11600)] BUG FIXES: - agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. \[[GH-11576](https://togithub.com/hashicorp/vault/pull/11576)] - agent: Fixed agent templating to use configured tls servername values \[[GH-11288](https://togithub.com/hashicorp/vault/pull/11288)] - core (enterprise): Fix plugins mounted in namespaces being unable to use password policies \[[GH-11596](https://togithub.com/hashicorp/vault/pull/11596)] - core: correct logic for renewal of leases nearing their expiration time. \[[GH-11650](https://togithub.com/hashicorp/vault/pull/11650)] - identity: Use correct mount accessor when refreshing external group memberships. \[[GH-11506](https://togithub.com/hashicorp/vault/pull/11506)] - replication: Fix panic trying to update walState during identity group invalidation. \[[GH-1865](https://togithub.com/hashicorp/vault/pull/1865)] - secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. \[[GH-11451](https://togithub.com/hashicorp/vault/pull/11451)] - secrets/database: Fixed minor race condition when rotate-root is called \[[GH-11600](https://togithub.com/hashicorp/vault/pull/11600)] - secrets/database: Fixes issue for V4 database interface where `SetCredentials` wasn't falling back to using `RotateRootCredentials` if `SetCredentials` is `Unimplemented` \[[GH-11585](https://togithub.com/hashicorp/vault/pull/11585)] - secrets/keymgmt (enterprise): Fixes audit logging for the read key response. - storage/raft: Support cluster address change for nodes in a cluster managed by autopilot \[[GH-11247](https://togithub.com/hashicorp/vault/pull/11247)] - ui: Fix entity group membership and metadata not showing \[[GH-11641](https://togithub.com/hashicorp/vault/pull/11641)] - ui: Fix text link URL on database roles list \[[GH-11597](https://togithub.com/hashicorp/vault/pull/11597)]

Configuration

πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

codecov[bot] commented 2 years ago

Codecov Report

Merging #208 (53624d5) into master (38238de) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #208   +/-   ##
=======================================
  Coverage   64.40%   64.40%           
=======================================
  Files          11       11           
  Lines         559      559           
=======================================
  Hits          360      360           
  Misses        132      132           
  Partials       67       67

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 38238de...53624d5. Read the comment docs.