search

philips-labs / dct-notary-admin

To manage Docker Content Trust and Notary certificates
MIT License
12 stars 1 forks source link

Bump github.com/hashicorp/vault/api from 1.9.2 to 1.10.0 #749

Closed dependabot[bot] closed 9 months ago

dependabot[bot] commented 1 year ago

Bumps github.com/hashicorp/vault/api from 1.9.2 to 1.10.0.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.10.0

1.10.0

March 23, 2022

CHANGES:

  • core: Changes the unit of default_lease_ttl and max_lease_ttl values returned by the /sys/config/state/sanitized endpoint from nanoseconds to seconds. [GH-14206]
  • core: Bump Go version to 1.17.7. [GH-14232]
  • plugin/database: The return value from POST /database/config/:name has been updated to "204 No Content" [GH-14033]
  • secrets/azure: Changes the configuration parameter use_microsoft_graph_api to use the Microsoft Graph API by default. [GH-14130]
  • storage/etcd: Remove support for v2. [GH-14193]
  • ui: Upgrade Ember to version 3.24 [GH-13443]

FEATURES:

  • Database plugin multiplexing: manage multiple database connections with a single plugin process [GH-14033]
  • Login MFA: Single and two phase MFA is now available when authenticating to Vault. [GH-14025]
  • Mount Migration: Vault supports moving secrets and auth mounts both within and across namespaces.
  • Postgres in the UI: Postgres DB is now supported by the UI [GH-12945]
  • Report in-flight requests: Adding a trace capability to show in-flight requests, and a new gauge metric to show the total number of in-flight requests [GH-13024]
  • Server Side Consistent Tokens: Service tokens have been updated to be longer (a minimum of 95 bytes) and token prefixes for all token types are updated from s., b., and r. to hvs., hvb., and hvr. for service, batch, and recovery tokens respectively. Vault clusters with integrated storage will now have read-after-write consistency by default. [GH-14109]
  • Transit SHA-3 Support: Add support for SHA-3 in the Transit backend. [GH-13367]
  • Transit Time-Based Key Autorotation: Add support for automatic, time-based key rotation to transit secrets engine, including in the UI. [GH-13691]
  • UI Client Count Improvements: Restructures client count dashboard, making use of billing start date to improve accuracy. Adds mount-level distribution and filtering. [GH-client-counts]
  • Agent Telemetry: The Vault Agent can now collect and return telemetry information at the /agent/v1/metrics endpoint.

IMPROVEMENTS:

  • agent: Adds ability to configure specific user-assigned managed identities for Azure auto-auth. [GH-14214]
  • agent: The agent/v1/quit endpoint can now be used to stop the Vault Agent remotely [GH-14223]
  • api: Allow cloning api.Client tokens via api.Config.CloneToken or api.Client.SetCloneToken(). [GH-13515]
  • api: Define constants for X-Vault-Forward and X-Vault-Inconsistent headers [GH-14067]
  • api: Implements Login method in Go client libraries for GCP and Azure auth methods [GH-13022]
  • api: Implements Login method in Go client libraries for LDAP auth methods [GH-13841]
  • api: Trim newline character from wrapping token in logical.Unwrap from the api package [GH-13044]
  • api: add api method for modifying raft autopilot configuration [GH-12428]
  • api: respect WithWrappingToken() option during AppRole login authentication when used with secret ID specified from environment or from string [GH-13241]
  • audit: The audit logs now contain the port used by the client [GH-12790]
  • auth/aws: Enable region detection in the CLI by specifying the region as auto [GH-14051]
  • auth/cert: Add certificate extensions as metadata [GH-13348]
  • auth/jwt: The Authorization Code flow makes use of the Proof Key for Code Exchange (PKCE) extension. [GH-13365]
  • auth/kubernetes: Added support for dynamically reloading short-lived tokens for better Kubernetes 1.21+ compatibility [GH-13595]
  • auth/ldap: Add a response warning and server log whenever the config is accessed if userfilter doesn't consider userattr [GH-14095]
  • auth/ldap: Add username to alias metadata [GH-13669]
  • auth/ldap: Add username_as_alias configurable to change how aliases are named [GH-14324]
  • auth/okta: Update okta-sdk-golang dependency to version v2.9.1 for improved request backoff handling [GH-13439]
  • auth/token: The auth/token/revoke-accessor endpoint is now idempotent and will

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.10.0

Unreleased

CHANGES:

  • go: Update go version to 1.17.5 [GH-13408]
  • ui: Upgrade Ember to version 3.24 [GH-13443]

FEATURES:

  • Report in-flight requests: Adding a trace capability to show in-flight requests, and a new gauge metric to show the total number of in-flight requests [GH-13024]
  • Transit SHA-3 Support: Add support for SHA-3 in the Transit backend. [GH-13367]
  • Transit Time-Based Key Autorotation: Add support for automatic, time-based key rotation to transit secrets engine. [GH-13691]

IMPROVEMENTS:

  • api: Allow cloning api.Client tokens via api.Config.CloneToken or api.Client.SetCloneToken(). [GH-13515]
  • api: Implements Login method in Go client libraries for GCP and Azure auth methods [GH-13022]
  • api: Trim newline character from wrapping token in logical.Unwrap from the api package [GH-13044]
  • api: add api method for modifying raft autopilot configuration [GH-12428]
  • api: respect WithWrappingToken() option during AppRole login authentication when used with secret ID specified from environment or from string [GH-13241]
  • audit: The audit logs now contain the port used by the client [GH-12790]
  • auth: reading sys/auth/:path now returns the configuration for the auth engine mounted at the given path [GH-12793]
  • auth/cert: Add certificate extensions as metadata [GH-13348]
  • auth/jwt: The Authorization Code flow makes use of the Proof Key for Code Exchange (PKCE) extension. [GH-13365]
  • auth/kubernetes: Added support for dynamically reloading short-lived tokens for better Kubernetes 1.21+ compatibility [GH-13595]
  • auth/ldap: Add username to alias metadata [GH-13669]
  • auth/okta: Update okta-sdk-golang dependency to version v2.9.1 for improved request backoff handling [GH-13439]
  • auth/token: The auth/token/revoke-accessor endpoint is now idempotent and will not error out if the token has already been revoked. [GH-13661]
  • command (enterprise): "vault license get" now uses non-deprecated endpoint /sys/license/status
  • core/ha: Add new mechanism for keeping track of peers talking to active node, and new 'operator members' command to view them. [GH-13292]
  • core/identity: Support updating an alias' custom_metadata to be empty. [GH-13395]
  • core/pki: Support Y10K value in notAfter field to be compliant with IEEE 802.1AR-2018 standard [GH-12795]
  • core: Add duration and start_time to completed requests log entries [GH-13682]
  • core: Add support to list password policies at sys/policies/password [GH-12787]
  • core: Fixes code scanning alerts [GH-13667]
  • core: Periodically test the health of connectivity to auto-seal backends [GH-13078]
  • core: Reading sys/mounts/:path now returns the configuration for the secret engine at the given path [GH-12792]
  • core: Replace "master key" terminology with "root key" [GH-13324]
  • http (enterprise): Serve /sys/license/status endpoint within namespaces
  • sdk: Add helper for decoding root tokens [GH-10505]
  • secrets/database/influxdb: Switch/upgrade to the influxdb1-client module [GH-12262]
  • secrets/database: Add database configuration parameter 'disable_escaping' for username and password when connecting to a database. [GH-13414]
  • secrets/kv: add patch support for KVv2 key metadata [GH-13215]
  • secrets/pki: Allow URI SAN templates in allowed_uri_sans when allowed_uri_sans_template is set to true. [GH-10249]
  • secrets/transit: Don't abort transit encrypt or decrypt batches on single item failure. [GH-13111]
  • storage/aerospike: Upgrade aerospike-client-go to v5.6.0. [GH-12165]
  • storage/raft: Set InitialMmapSize to 100GB on 64bit architectures [GH-13178]
  • storage/raft: When using retry_join stanzas, join against all of them in parallel. [GH-13606]

... (truncated)

Commits


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] commented 9 months ago

Superseded by #792.