search

ricoberger / vault-secrets-operator

Create Kubernetes secrets from Vault for a secure GitOps based workflow.
MIT License
633 stars 103 forks source link

Bump the gomod group with 6 updates #249

Closed dependabot[bot] closed 10 months ago

dependabot[bot] commented 10 months ago

Bumps the gomod group with 6 updates:

Package From To
github.com/aws/aws-sdk-go 1.49.21 1.50.5
github.com/hashicorp/vault/api 1.10.0 1.11.0
google.golang.org/api 0.156.0 0.159.0
k8s.io/api 0.29.0 0.29.1
k8s.io/client-go 0.29.0 0.29.1
sigs.k8s.io/controller-runtime 0.15.0 0.17.0

Updates github.com/aws/aws-sdk-go from 1.49.21 to 1.50.5

Release notes

Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.50.5 (2024-01-26)

Service Client Updates

  • service/connect: Updates service API
  • service/inspector2: Updates service API and documentation
  • service/sagemaker: Updates service API and documentation
    • Amazon SageMaker Automatic Model Tuning now provides an API to programmatically delete tuning jobs.

Release v1.50.4 (2024-01-25)

Service Client Updates

  • service/acm-pca: Updates service API, documentation, and waiters
  • service/lightsail: Updates service API and documentation
    • This release adds support for IPv6-only instance plans.

Release v1.50.3 (2024-01-24)

Service Client Updates

  • service/ec2: Updates service API and documentation
    • Introduced a new clientToken request parameter on CreateNetworkAcl and CreateRouteTable APIs. The clientToken parameter allows idempotent operations on the APIs.
  • service/ecs: Updates service documentation
    • Documentation updates for Amazon ECS.
  • service/outposts: Updates service API
  • service/rds: Updates service API, documentation, waiters, paginators, and examples
    • This release adds support for Aurora Limitless Database.
  • service/storagegateway: Updates service API and documentation
    • Add DeprecationDate and SoftwareVersion to response of ListGateways.

Release v1.50.2 (2024-01-23)

Service Client Updates

  • service/inspector2: Updates service API, documentation, and paginators

Release v1.50.1 (2024-01-22)

Service Client Updates

  • service/appconfigdata: Adds new service
  • service/cloud9: Updates service documentation
    • Doc-only update around removing AL1 from list of available AMIs for Cloud9
  • service/connectcases: Updates service API, documentation, and paginators
  • service/ec2: Updates service documentation
    • Documentation updates for Amazon EC2.
  • service/ecs: Updates service API and documentation
    • This release adds support for Transport Layer Security (TLS) and Configurable Timeout to ECS Service Connect. TLS facilitates privacy and data security for inter-service communications, while Configurable Timeout allows customized per-request timeout and idle timeout for Service Connect services.
  • service/finspace: Updates service API

... (truncated)

Commits


Updates github.com/hashicorp/vault/api from 1.10.0 to 1.11.0

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.11.0

1.11.0

Unreleased

CHANGES:

  • auth/aws: Add RoleSession to DisplayName when using assumeRole for authentication [GH-14954]
  • auth: Remove support for legacy MFA (https://www.vaultproject.io/docs/v1.10.x/auth/mfa) [GH-14869]
  • core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
  • core: Bump Go version to 1.17.9. [GH-go-ver-1110]
  • licensing (enterprise): Remove support for stored licenses and associated sys/license and sys/license/signed endpoints in favor of autoloaded licenses.
  • replication (enterprise): The /sys/replication/performance/primary/mount-filter endpoint has been removed. Please use Paths Filter instead.
  • ui: Upgrade Ember to version 3.28 [GH-14763]

FEATURES:

  • Non-Disruptive Intermediate/Root Certificate Rotation: This allows import, generation and configuration of any number of keys and/or issuers within a PKI mount, providing operators the ability to rotate certificates in place without affecting existing client configurations. [GH-15277]
  • api/command: Global -output-policy flag to determine minimum required policy HCL for a given operation [GH-14899]
  • nomad: Bootstrap Nomad ACL system if no token is provided [GH-12451]
  • storage/dynamodb: Added AWS_DYNAMODB_REGION environment variable. [GH-15054]

IMPROVEMENTS:

  • agent/auto-auth: Add min_backoff to the method stanza for configuring initial backoff duration. [GH-15204]
  • agent: Update consult-template to v0.29.0 [GH-15293]
  • agent: Upgrade hashicorp/consul-template version for sprig template functions and improved writeTo function [GH-15092]
  • api: Add ability to pass certificate as PEM bytes to api.Client. [GH-14753]
  • api: Add context-aware functions to vault/api for each API wrapper function. [GH-14388]
  • api: Added MFALogin() for handling MFA flow when using login helpers. [GH-14900]
  • api: If the parameters supplied over the API payload are ignored due to not being what the endpoints were expecting, or if the parameters supplied get replaced by the values in the endpoint's path itself, warnings will be added to the non-empty responses listing all the ignored and replaced parameters. [GH-14962]
  • api: Provide a helper method WithNamespace to create a cloned client with a new NS [GH-14963]
  • api: Use the context passed to the api/auth Login helpers. [GH-14775]
  • auth/okta: Add support for Google provider TOTP type in the Okta auth method [GH-14985]
  • auth: enforce a rate limit for TOTP passcode validation attempts [GH-14864]
  • cli/debug: added support for retrieving metrics from DR clusters if unauthenticated_metrics_access is enabled [GH-15316]
  • cli/vault: warn when policy name contains upper-case letter [GH-14670]
  • cli: Alternative flag-based syntax for KV to mitigate confusion from automatically appended /data [GH-14807]
  • cockroachdb: add high-availability support [GH-12965]
  • core (enterprise): Include termination_time in sys/license/status response
  • core (enterprise): Include termination time in license inspect command output
  • core : check uid and permissions of config dir, config file, plugin dir and plugin binaries [GH-14817]
  • core,transit: Allow callers to choose random byte source including entropy augmentation sources for the sys/tools/random and transit/random endpoints. [GH-15213]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.11.0

June 20, 2022

CHANGES:

  • auth/aws: Add RoleSession to DisplayName when using assumeRole for authentication [GH-14954]
  • auth/kubernetes: If kubernetes_ca_cert is unset, and there is no pod-local CA available, an error will be surfaced when writing config instead of waiting for login. [GH-15584]
  • auth: Remove support for legacy MFA (https://www.vaultproject.io/docs/v1.10.x/auth/mfa) [GH-14869]
  • core/fips: Disable and warn about entropy augmentation in FIPS 140-2 Inside mode [GH-15858]
  • core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
  • core: Bump Go version to 1.17.11. [GH-go-ver-1110]
  • database & storage: Change underlying driver library from lib/pq to pgx. This change affects Redshift & Postgres database secrets engines, and CockroachDB & Postgres storage engines [GH-15343]
  • licensing (enterprise): Remove support for stored licenses and associated sys/license and sys/license/signed endpoints in favor of autoloaded licenses.
  • replication (enterprise): The /sys/replication/performance/primary/mount-filter endpoint has been removed. Please use Paths Filter instead.
  • secret/pki: Remove unused signature_bits parameter from intermediate CSR generation; this parameter doesn't control the final certificate's signature algorithm selection as that is up to the signing CA [GH-15478]
  • secrets/kubernetes: Split additional_metadata into extra_annotations and extra_labels parameters [GH-15655]
  • secrets/pki: A new aliased api path (/pki/issuer/:issuer_ref/sign-self-issued) providing the same functionality as the existing API(/pki/root/sign-self-issued) does not require sudo capabilities but the latter still requires it in an effort to maintain backwards compatibility. [GH-15211]
  • secrets/pki: Err on unknown role during sign-verbatim. [GH-15543]
  • secrets/pki: Existing CRL API (/pki/crl) now returns an X.509 v2 CRL instead of a v1 CRL. [GH-15100]
  • secrets/pki: The ca_chain response field within issuing (/pki/issue/:role) and signing APIs will now include the root CA certificate if the mount is aware of it. [GH-15155]
  • secrets/pki: existing Delete Root API (pki/root) will now delete all issuers and keys within the mount path. [GH-15004]
  • secrets/pki: existing Generate Root (pki/root/generate/:type), Set Signed Intermediate (/pki/intermediate/set-signed) APIs will add new issuers/keys to a mount instead of warning that an existing CA exists [GH-14975]
  • secrets/pki: the signed CA certificate from the sign-intermediate api will now appear within the ca_chain response field along with the issuer's ca chain. [GH-15524]
  • ui: Upgrade Ember to version 3.28 [GH-14763]

FEATURES:

  • Autopilot Improvements (Enterprise): Autopilot on Vault Enterprise now supports automated upgrades and redundancy zones when using integrated storage.
  • KeyMgmt UI: Add UI support for managing the Key Management Secrets Engine [GH-15523]
  • Kubernetes Secrets Engine: This new secrets engine generates Kubernetes service account tokens, service accounts, role bindings, and roles dynamically. [GH-15551]
  • Non-Disruptive Intermediate/Root Certificate Rotation: This allows import, generation and configuration of any number of keys and/or issuers within a PKI mount, providing operators the ability to rotate certificates in place without affecting existing client configurations. [GH-15277]
  • Print minimum required policy for any command: The global CLI flag -output-policy can now be used with any command to print out the minimum required policy HCL for that operation, including whether the given path requires the "sudo" capability. [GH-14899]
  • Snowflake Database Plugin: Adds ability to manage RSA key pair credentials for dynamic and static Snowflake users. [GH-15376]
  • Transit BYOK: Allow import of externally-generated keys into the Transit secrets engine. [GH-15414]
  • nomad: Bootstrap Nomad ACL system if no token is provided [GH-12451]

... (truncated)

Commits
  • ea296cc Backport PKI Intermediate Revocation bug fix and test improvements (#16054)
  • d4bf262 backport of commit b0cbc03f00ec19b5bebb2eb5078d8512e2281b1d (#16050)
  • 76b1768 backport of commit 2a69947b3b9f267b15a7c1e64c853d4eeb9846a7 (#16045)
  • 46e0ecc backport of commit 3d01a88e614547a821062ca57957b07a1e6bc557 (#16041)
  • 5f8a2cf Backport PR for 16007 (#16030)
  • 87df46e backport of commit c09ae6ac5e90adc8c1a42b54a905877eb60c18ad (#16027)
  • de6a5c3 backport of commit a58c6ecd9f0d4a148e81af0783d5ecc2f79b31f1 (#16022)
  • 81c4cc5 backport of commit 93eaf3c86019443a3d89891430ef0126667c3bfc (#16014)
  • c52c917 backport of commit e74c45abbd5414819276106d1150205845b608c0 (#16006)
  • 46c19d0 Use new -mount syntax for all KV subcommands in 1.11 docs (#16002) (#16004)
  • Additional commits viewable in compare view


Updates google.golang.org/api from 0.156.0 to 0.159.0

Release notes

Sourced from google.golang.org/api's releases.

v0.159.0

0.159.0 (2024-01-26)

Features

Bug Fixes

v0.158.0

0.158.0 (2024-01-25)

Features

Bug Fixes

  • internal: Support internaloption.WithDefaultUniverseDomain (#2373) (b21a1fa)
  • transport/grpc: Add universe domain verification (#2375) (df17254)
  • transport: Not enable s2a when there is endpoint override (#2368) (73fc7fd)

v0.157.0

0.157.0 (2024-01-18)

Features

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.159.0 (2024-01-26)

Features

Bug Fixes

0.158.0 (2024-01-25)

Features

Bug Fixes

  • internal: Support internaloption.WithDefaultUniverseDomain (#2373) (b21a1fa)
  • transport/grpc: Add universe domain verification (#2375) (df17254)
  • transport: Not enable s2a when there is endpoint override (#2368) (73fc7fd)

0.157.0 (2024-01-18)

Features

Documentation

  • option: Update WithDefaultEndpointTemplate docs (#2356) (74a1558)
Commits
  • ee5c9cc chore(main): release 0.159.0 (#2378)
  • 55b0516 fix(transport): relax universe checks (#2376)
  • a8d9414 feat(all): auto-regenerate discovery clients (#2377)
  • 68b1bc1 chore(main): release 0.158.0 (#2360)
  • df17254 fix(transport/grpc): add universe domain verification (#2375)
  • b21a1fa fix(internal): support internaloption.WithDefaultUniverseDomain (#2373)
  • ddb3a12 chore(google-api-go-generator): replace literal with const (#2363)
  • d266978 feat(all): auto-regenerate discovery clients (#2374)
  • 73fc7fd fix(transport): not enable s2a when there is endpoint override (#2368)
  • 2d69d97 feat(all): auto-regenerate discovery clients (#2372)
  • Additional commits viewable in compare view


Updates k8s.io/api from 0.29.0 to 0.29.1

Commits


Updates k8s.io/client-go from 0.29.0 to 0.29.1

Commits


Updates sigs.k8s.io/controller-runtime from 0.15.0 to 0.17.0

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.17.0

:warning: Breaking Changes

  • Fake client: Only set TypeMeta for unstructured (#2633)
  • Update k8s.io/* deps to 1.29 (#2457 #2500 #2553 #2588 #2612 #2615 #2621)
  • Remove apiutil.NewDiscoveryRESTMapper, use DynamicRESTMapper by default for cache (#2611)
  • RESTMapper: don't treat non-existing GroupVersions as errors (#2571)
  • Webhooks: Deprecate admission.Validator and admission.Defaulter (#2639)
  • Webhooks: Limit size of AdmissionRequests to 7MB and size of TokenReviews to 1MB (#2598)

:sparkles: New Features

  • Cache: Allow defining options that apply to all namespaces without explicit config (#2528)
  • Cache: Allow to remove informers (#2285)
  • Cache: Add option to set WatchErrorHandler on informers (#2494)
  • Client: client.MatchingFields now supports multiple indexes (#2512)
  • Fake client: Add flowcontrol api v1 (#2623)
  • Reconciler: Add reconcile.ObjectReconciler (#2592)

:bug: Bug Fixes

  • Add corev1, coordinationv1 scheme for leader election when LeaderElection manager option is true (#2461)
  • Cache: Default namespace only for namespaced object (#2480)
  • Client: Don't truncate large int64s in MergePatch (#2650)
  • controllerutil: Add RemoveControllerReference and HasControllerReference func (#2509 #2595)
  • controllerutil: Add RemoveOwnerReference func (#2462)
  • Dependencies: Refactor tests to drop hard otel dependency (#2460)
  • Envtest: CRDs that aren't convertible should unset spec.conversion (#2525)
  • Fake client: Correctly identify if patch call was made on status (#2508)
  • Fake client: Do not update anything but status when using subresource client (#2479)
  • Fake client: Fix returning object after status update (#2489)
  • Fake client: Fix status subresource getting updated on Update when it is empty (#2484)
  • Fake client: Handle unstructured status update with fake client (#2495)
  • Manager: Fix goroutine leak (#2527)
  • Manager: Use HTTP client from leaderElectionConfig for leader election recorder provider (#2464)
  • RESTMapper: Return NoResourceMatchError when appropriate for backwards compatibility. (#2472)
  • Webhook: Handle http.NoBody (#2605)

:seedling: Others

  • Client: Make client.MatchingLabels faster (#2529)
  • Envtest: Allow to ignore scheme.Convertible check for CRDs (#2555)
  • Envtest: Improve process cleanup (#2560)
  • Metrics: Add 100/1000s buckets for Prometheus workqueue histograms (#2638)
  • Metrics: Avoid dependency on apiserver/options if metrics/filters are used (#2645)
  • Replace k8s.io/utils/pointer with k8s.io/utils/ptr (#2488)
  • Webhooks: Cleanup webhook variable assignment (#2604)

:seedling: Dependencies

... (truncated)

Commits
  • 11e5a5e Merge pull request #2651 from kubernetes-sigs/dependabot/go_modules/github.co...
  • 66939d4 Merge pull request #2655 from joelanford/bump-apidiff
  • 672d678 bump go-apidiff to v0.8.2
  • d5f5430 Update generated code
  • a23bdc8 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.13.2 to 2.14.0
  • 9e6e3b1 Merge pull request #2650 from alvaroaleman/bump-jsonpatch
  • ea529dd :bug: Don't truncate large int64s in MergePatch
  • 48d9a7b Merge pull request #2647 from fxierh/fix-client-comments
  • f29ed4e Elaborate in which cases the client reads from a cache
  • 7679253 Merge pull request #2649 from sbueringer/pr-bump-ct
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions