morningconsult / docker-credential-vault-login

Automatically gets docker credentials from Hashicorp Vault
Apache License 2.0
77 stars 11 forks source link

chore(deps): bump github.com/hashicorp/vault from 1.11.3 to 1.11.4 #105

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps github.com/hashicorp/vault from 1.11.3 to 1.11.4.

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.12.0

Unreleased

CHANGES:

  • core/entities: Fixed stranding of aliases upon entity merge, and require explicit selection of which aliases should be kept when some must be deleted [GH-16539]
  • core: Bump Go version to 1.19.1.
  • core: Validate input parameters for vault operator init command. Vault 1.12 CLI version is needed to run operator init now. [GH-16379]
  • identity: a request to /identity/group that includes member_group_ids that contains a cycle will now be responded to with a 400 rather than 500 [GH-15912]
  • licensing (enterprise): Terminated licenses will no longer result in shutdown. Instead, upgrades will not be allowed if the license termination time is before the build date of the binary.
  • plugins: GET /sys/plugins/catalog/:type/:name endpoint now returns an additional version field in the response data. [GH-16688]
  • plugins: GET /sys/plugins/catalog endpoint now returns an additional detailed field in the response data with a list of additional plugin metadata. [GH-16688]

FEATURES:

  • Secrets/auth plugin multiplexing: manage multiple plugin configurations with a single plugin process [GH-14946]
  • secrets/database/hana: Add ability to customize dynamic usernames [GH-16631]
  • secrets/pki: Add an OCSP responder that implements a subset of RFC6960, answering single serial number OCSP requests for a specific cluster's revoked certificates in a mount. [GH-16723]
  • ui: UI support for Okta Number Challenge. [GH-15998]

IMPROVEMENTS:

  • activity (enterprise): Added new clients unit tests to test accuracy of estimates
  • agent: Added disable_idle_connections configuration to disable leaving idle connections open in auto-auth, caching and templating. [GH-15986]
  • agent: Added disable_keep_alives configuration to disable keep alives in auto-auth, caching and templating. [GH-16479]
  • agent: JWT auto auth now supports a remove_jwt_after_reading config option which defaults to true. [GH-11969]
  • agent: Send notifications to systemd on start and stop. [GH-9802]
  • api/mfa: Add namespace path to the MFA read/list endpoint [GH-16911]
  • api: Add a sentinel error for missing KV secrets [GH-16699]
  • auth/aws: PKCS7 signatures will now use SHA256 by default in prep for Go 1.18 [GH-16455]
  • auth/cert: Add metadata to identity-alias [GH-14751]
  • auth/gcp: Add support for GCE regional instance groups [GH-16435]
  • auth/jwt: Adds support for Microsoft US Gov L4 to the Azure provider for groups fetching. [GH-16525]
  • auth/jwt: Improves detection of Windows Subsystem for Linux (WSL) for CLI-based logins. [GH-16525]
  • auth/kerberos: add add_group_aliases config to include LDAP groups in Vault group aliases [GH-16890]
  • auth/kerberos: add remove_instance_name parameter to the login CLI and the Kerberos config in Vault. This removes any instance names found in the keytab service principal name. [GH-16594]
  • auth/oidc: Adds support for group membership parsing when using SecureAuth as an OIDC provider. [GH-16274]
  • cli: CLI commands will print a warning if flags will be ignored because they are passed after positional arguments. [GH-16441]
  • command/audit: Improve missing type error message [GH-16409]
  • command/server: add -dev-tls and -dev-tls-cert-dir subcommands to create a Vault dev server with generated certificates and private key. [GH-16421]
  • core (enterprise): Add HTTP PATCH support for namespaces with an associated namespace patch CLI command
  • core (enterprise): Add check to vault server command to ensure configured storage backend is supported.
  • core (enterprise): Add custom metadata support for namespaces
  • core/activity: generate hyperloglogs containing clientIds for each month during precomputation [GH-16146]
  • core/activity: refactor activity log api to reuse partial api functions in activity endpoint when current month is specified [GH-16162]
  • core/activity: use monthly hyperloglogs to calculate new clients approximation for current month [GH-16184]

... (truncated)

Commits
  • b47a9e7 backport of commit 7f22056686b5a8e71c66e73eeaab4403809b791c (#17039)
  • e55f85c backport of commit 6c399c1c3b1c24ee830ef62d7966687a01dc5833 (#17286)
  • 24d357e backport of commit fe3daa411ae09f57c38e648f9a9eec54c073b6ca (#17274)
  • 9064683 resolved conflict (#17262)
  • cd100f9 backport of commit 3eafec8f451625069ca7c08db581df5f7f53e92f (#17207)
  • d3e20ac backport of commit 523e91601376cbde9fc83cea87576f70f2394cb5 (#17191)
  • 9428784 backport of commit 0e84613cc4b231502cadb3fc431f01175d7e7c19 (#17177)
  • 31b7a0f backport of commit 5bc40d1fa9b541d6126f2a218b39f118e2f94ebd (#17169)
  • c304d68 auth/kubernetes: upgrade to v0.13.2 in release/1.11.x (#17162)
  • 4ecf420 backport of commit 8fddccdff0ba3004001a5f96a21a0ae5b69d35ed (#17156)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)