morningconsult / docker-credential-vault-login

Automatically gets docker credentials from Hashicorp Vault
Apache License 2.0
77 stars 11 forks source link

chore(deps): bump github.com/hashicorp/vault from 1.3.2 to 1.3.4 #40

Closed dependabot-preview[bot] closed 4 years ago

dependabot-preview[bot] commented 4 years ago

Bumps github.com/hashicorp/vault from 1.3.2 to 1.3.4.

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.3.4 (March 19th, 2020)

SECURITY:

  • A vulnerability was identified in Vault and Vault Enterprise such that, under certain circumstances, an Entity's Group membership may inadvertently include Groups the Entity no longer has permissions to. This vulnerability, CVE-2020-10660, affects Vault and Vault Enterprise versions 0.9.0 and newer, and is fixed in 1.3.4.
  • A vulnerability was identified in Vault Enterprise such that, under certain circumstances, existing nested-path policies may give access to Namespaces created after-the-fact. This vulnerability, CVE-2020-10661, affects Vault Enterprise versions 0.11 and newer, and is fixed in 1.3.4.

1.3.3 (March 5th, 2020)

BUG FIXES:

  • approle: Fix excessive locking during tidy, which could potentially block new approle logins for long enough to cause an outage [GH-8418]
  • cli: Fix issue where Raft snapshots from standby nodes created an empty backup file [GH-8097]
  • identity: Fix incorrect caching of identity token JWKS responses [GH-8412]
  • kmip: role read now returns tls_client_ttl
  • kmip: fix panic when templateattr not provided in rekey request
  • secrets/database/influxdb: Fix potential panic if connection to the InfluxDB database cannot be established [GH-8282]
  • storage/mysql: Fix potential crash when using MySQL as coordination for high availability [GH-8300]
  • storage/raft: Fix potential crash when using Raft as coordination for high availability [GH-8356]
  • ui: Fix missing License menu item [GH-8230]
  • ui: Fix bug where default auth method on login is defaulted to auth method that is listing-visibility=unauth instead of “other” [GH-8218]
  • ui: Fix bug where KMIP details were not shown in the UI Wizard [GH-8255]
  • ui: Show Error messages on Auth Configuration page when you hit permission errors [GH-8500]
  • ui: Remove duplicate form inputs for the GitHub config [GH-8519]
  • ui: Correct HMAC capitalization [GH-8528]
  • ui: Fix danger message in DR [GH-8555]
  • ui: Fix certificate field for LDAP config [GH-8573]
Commits
  • 3af4987 release: stage v1.3.4
  • 6cab925 Update version to 1.3.4
  • d6e0c53 Merge pull request #2 from hashicorp/fix-identity-external-group-updates-1.3
  • 18485ee Fix for the issue with not removing users from external groups on login/renew.
  • 199ef39 ci: bump to go1.12.17
  • 8388c59 Update SDK
  • 03a3749 Prep for 1.3.3
  • 165670c show kmip details in wizard (#8255) (#8470)
  • a8e8a33 Fix for missing License nav item in menu (#8230) (#8468)
  • a7076fd Allow default auth method to be either "other" or auth of the enabled listing...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)