morningconsult / docker-credential-vault-login

Automatically gets docker credentials from Hashicorp Vault
Apache License 2.0
77 stars 11 forks source link

chore(deps): bump github.com/hashicorp/vault/sdk from 0.5.3-0.20220826205147-7caf353e8124 to 0.9.0 #121

Closed dependabot[bot] closed 2 weeks ago

dependabot[bot] commented 1 year ago

Bumps github.com/hashicorp/vault/sdk from 0.5.3-0.20220826205147-7caf353e8124 to 0.9.0.

Changelog

Sourced from github.com/hashicorp/vault/sdk's changelog.

0.9.0 (November 14th, 2017)

DEPRECATIONS/CHANGES:

  • HSM config parameter requirements: When using Vault with an HSM, a new parameter is required: hmac_key_label. This performs a similar function to key_label but for the HMAC key Vault will use. Vault will generate a suitable key if this value is specified and generate_key is set true.
  • API HTTP client behavior: When calling NewClient the API no longer modifies the provided client/transport. In particular this means it will no longer enable redirection limiting and HTTP/2 support on custom clients. It is suggested that if you want to make changes to an HTTP client that you use one created by DefaultConfig as a starting point.
  • AWS EC2 client nonce behavior: The client nonce generated by the backend that gets returned along with the authentication response will be audited in plaintext. If this is undesired, the clients can choose to supply a custom nonce to the login endpoint. The custom nonce set by the client will from now on, not be returned back with the authentication response, and hence not audit logged.
  • AWS Auth role options: The API will now error when trying to create or update a role with the mutually-exclusive options disallow_reauthentication and allow_instance_migration.
  • SSH CA role read changes: When reading back a role from the ssh backend, the TTL/max TTL values will now be an integer number of seconds rather than a string. This better matches the API elsewhere in Vault.
  • SSH role list changes: When listing roles from the ssh backend via the API, the response data will additionally return a key_info map that will contain a map of each key with a corresponding object containing the key_type.
  • More granularity in audit logs: Audit request and response entries are still in RFC3339 format but now have a granularity of nanoseconds.
  • High availability related values have been moved out of the storage and ha_storage stanzas, and into the top-level configuration. redirect_addr has been renamed to api_addr. The stanzas still support accepting HA-related values to maintain backward compatibility, but top-level values will take precedence.
  • A new seal stanza has been added to the configuration file, which is optional and enables configuration of the seal type to use for additional data protection, such as using HSM or Cloud KMS solutions to encrypt and decrypt data.

FEATURES:

  • RSA Support for Transit Backend: Transit backend can now generate RSA keys which can be used for encryption and signing. [GH-3489]
  • Identity System: Now in open source and with significant enhancements, Identity is an integrated system for understanding users across tokens and enabling easier management of users directly and via groups.
  • External Groups in Identity: Vault can now automatically assign users and systems to groups in Identity based on their membership in external groups.

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 weeks ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.