lrstanley / vault-unseal

auto-unseal utility for Hashicorp Vault
MIT License
238 stars 32 forks source link

build(deps): bump github.com/hashicorp/vault/api from 1.8.0 to 1.8.1 #22

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps github.com/hashicorp/vault/api from 1.8.0 to 1.8.1.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.8.1

1.8.1

August 5th, 2021

CHANGES:

  • go: Update go version to 1.16.6 [GH-12245]

IMPROVEMENTS:

  • serviceregistration: add external-source: "vault" metadata value for Consul registration. [GH-12163]

BUG FIXES:

  • auth/aws: Remove warning stating AWS Token TTL will be capped by the Default Lease TTL. [GH-12026]
  • auth/jwt: Fixes OIDC auth from the Vault UI when using form_post as the oidc_response_mode. [GH-12258]
  • core (enterprise): Disallow autogenerated licenses to be used in diagnose even when config is specified
  • core: fix byte printing for diagnose disk checks [GH-12229]
  • identity: do not allow a role's token_ttl to be longer than the signing key's verification_ttl [GH-12151]
Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.8.12

June 10, 2022

BUG FIXES:

  • agent: Redact auto auth token from renew endpoints [GH-15380]
  • core: Prevent changing file permissions of audit logs when mode 0000 is used. [GH-15759]
  • core: fixed systemd reloading notification [GH-15041]
  • core: pre-calculate namespace specific paths when tainting a route during postUnseal [GH-15067]
  • storage/raft (enterprise): Auto-snapshot configuration now forbids slashes in file prefixes for all types, and "/" in path prefix for local storage type. Strip leading prefix in path prefix for AWS. Improve error handling/reporting.
  • transform (enterprise): Fix non-overridable column default value causing tokenization tokens to expire prematurely when using the MySQL storage backend.

1.8.11

April 29, 2022

BUG FIXES:

  • raft: fix Raft TLS key rotation panic that occurs if active key is more than 24 hours old [GH-15156]
  • sdk: Fix OpenApi spec generator to properly convert TypeInt64 to OAS supported int64 [GH-15104]

1.8.10

April 22, 2022

CHANGES:

  • core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
  • core: Bump Go version to 1.16.15. [GH-go-ver-1810]

IMPROVEMENTS:

  • auth/ldap: Add username_as_alias configurable to change how aliases are named [GH-14324]
  • core: Systemd unit file included with the Linux packages now sets the service type to notify. [GH-14385]
  • sentinel (enterprise): Upgrade sentinel to v0.18.5 to avoid potential naming collisions in the remote installer

BUG FIXES:

  • api/sys/raft: Update RaftSnapshotRestore to use net/http client allowing bodies larger than allocated memory to be streamed [GH-14269]
  • auth/approle: Add maximum length for input values that result in SHA56 HMAC calculation [GH-14746]
  • cassandra: Update gocql Cassandra client to fix "no hosts available in the pool" error [GH-14973]
  • cli: Fix panic caused by parsing key=value fields whose value is a single backslash [GH-14523]
  • core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited integers [GH-15072]
  • core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited strings [GH-14522]
  • core: Fix panic caused by parsing policies with empty slice values. [GH-14501]
  • core: Fix panic for help request URL paths without /v1/ prefix [GH-14704]
  • core: fixing excessive unix file permissions [GH-14791]
  • core: fixing excessive unix file permissions on dir, files and archive created by vault debug command [GH-14846]
  • core: report unused or redundant keys in server configuration [GH-14752]
  • core: time.After() used in a select statement can lead to memory leak [GH-14814]
  • metrics/autosnapshots (enterprise) : Fix bug that could cause vault.autosnapshots.save.errors to not be incremented when there is an

... (truncated)

Commits
  • 4b0264f Updates vault-plugin-auth-jwt to v0.10.1 (#12258)
  • 21ecd7d Backport 1.8.1: identity: allow creating a role with a non-existent key (#122...
  • d4269f3 [VAULT-1986] Cap AWS Token TTL based on Default Lease TTL (#12026) (#12252)
  • 062842a Updating SDK version for 1.8.1 (#12247)
  • bd35cc7 Updating go version to 1.16.6 for security fix (#12245) (#12249)
  • c48b322 Forward cert signing requests to the primary on perf secondaries as well as p...
  • 436d893 serviceregistration: add external-source meta value (#12163) (#12241)
  • 7f2cfd0 Backport: Don't use autogenerated licenses in diagnose when config is specifi...
  • 6748c7d backport disk usage print fixes (#12232)
  • f882564 identity: do not allow a role's token_ttl to be longer than verification_ttl ...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)