search

seatgeek / hashi-helper

Disaster Recovery and Configuration Management for Consul and Vault
BSD 3-Clause "New" or "Revised" License
187 stars 20 forks source link

Bump github.com/hashicorp/vault from 1.3.2 to 1.7.1 #250

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 3 years ago

Bumps github.com/hashicorp/vault from 1.3.2 to 1.7.1.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.7.1

Release vault 1.7.1

v1.7.0

1.7.0

24 March 2021

CHANGES:

  • go: Update go version to 1.15.8 [GH-11060]

FEATURES:

  • Aerospike Storage Backend: Add support for using Aerospike as a storage backend [GH-10131]
  • agent: Support for persisting the agent cache to disk [GH-10938]
  • auth/jwt: Adds max_age role parameter and auth_time claim validation. [GH-10919]
  • kmip (enterprise): Use entropy augmentation to generate kmip certificates
  • sdk: Private key generation in the certutil package now allows custom io.Readers to be used. [GH-10653]
  • secrets/aws: add IAM tagging support for iam_user roles [GH-10953]
  • secrets/database/cassandra: Add ability to customize dynamic usernames [GH-10906]
  • secrets/database/couchbase: Add ability to customize dynamic usernames [GH-10995]
  • secrets/database/mongodb: Add ability to customize dynamic usernames [GH-10858]
  • secrets/database/mssql: Add ability to customize dynamic usernames [GH-10767]
  • secrets/database/mysql: Add ability to customize dynamic usernames [GH-10834]
  • secrets/database/postgresql: Add ability to customize dynamic usernames [GH-10766]
  • secrets/openldap: Added dynamic roles to OpenLDAP similar to the combined database engine [GH-10996]
  • secrets/terraform: New secret engine for managing Terraform Cloud API tokens [GH-10931]
  • ui: Adds check for feature flag on application, and updates namespace toolbar on login if present [GH-10588]
  • ui: Adds the wizard to the Database Secret Engine [GH-10982]
  • ui: Database secrets engine, supporting MongoDB only [GH-10655]

IMPROVEMENTS:

  • agent: Add template-retry stanza to agent config. [GH-10644]
  • agent: Agent can now run as a Windows service. [GH-10231]
  • agent: Better concurrent request handling on identical requests proxied through Agent. [GH-10705]
  • agent: Route templating server through cache when persistent cache is enabled. [GH-10927]
  • agent: change auto-auth to preload an existing token on start [GH-10850]
  • auth/ldap: Improve consistency in error messages [GH-10537]
  • auth/okta: Adds support for Okta Verify TOTP MFA. [GH-10942]
  • changelog: Add dependencies listed in dependencies/2-25-21 [GH-11015]
  • command/debug: Now collects logs (at level trace) as a periodic output. [GH-10609]
  • core (enterprise): "vault status" command works when a namespace is set. [GH-10725]
  • core (enterprise): Update Trial Enterprise license from 30 minutes to 6 hours
  • core/metrics: Added "vault operator usage" command. [GH-10365]
  • core/metrics: New telemetry metrics reporting lease expirations by time interval and namespace [GH-10375]
  • core: Added active since timestamp to the status output of active nodes. [GH-10489]
  • core: Check audit device with a test message before adding it. [GH-10520]
  • core: Track barrier encryption count and automatically rotate after a large number of operations or on a schedule [GH-10744]
  • core: add metrics for active entity count [GH-10514]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.7.1

21 April 2021

SECURITY:

  • The PKI Secrets Engine tidy functionality may cause Vault to exclude revoked-but-unexpired certificates from the Vault CRL. This vulnerability affects Vault and Vault Enterprise 1.5.1 and newer and was fixed in versions 1.5.8, 1.6.4, and 1.7.1. (CVE-2021-27668)
  • The Cassandra Database and Storage backends were not correctly verifying TLS certificates. This issue affects all versions of Vault and Vault Enterprise and was fixed in versions 1.6.4, and 1.7.1. (CVE-2021-27400)

CHANGES:

IMPROVEMENTS:

  • auth/jwt: Adds ability to directly provide service account JSON in G Suite provider config. [GH-11388]
  • core: Add tls_max_version listener config option. [GH-11226]
  • core: Add metrics for standby node forwarding. [GH-11366]
  • core: allow arbitrary length stack traces upon receiving SIGUSR2 (was 32MB) [GH-11364]

BUG FIXES:

  • core: Fix cleanup of storage entries from cubbyholes within namespaces. [GH-11408]
  • core: Fix goroutine leak when updating rate limit quota [GH-11371]
  • core: Fix storage entry leak when revoking leases created with non-orphan batch tokens. [GH-11377]
  • core: requests forwarded by standby weren't always timed out. [GH-11322]
  • pki: Only remove revoked entry for certificates during tidy if they are past their NotAfter value [GH-11367]
  • replication: Fix: mounts created within a namespace that was part of an Allow filtering rule would not appear on performance secondary if created after rule was defined. [GH-1807]
  • replication: Perf standby nodes on newly enabled DR secondary sometimes couldn't connect to active node with TLS errors. [GH-1823]
  • secrets/database/cassandra: Fixed issue where hostnames were not being validated when using TLS [GH-11365]
  • secrets/database/cassandra: Updated default statement for password rotation to allow for special characters. This applies to root and static credentials. [GH-11262]
  • storage/dynamodb: Handle throttled batch write requests by retrying, without which writes could be lost. [GH-10181]
  • storage/raft: leader_tls_servername wasn't used unless leader_ca_cert_file and/or mTLS were configured. [GH-11252]
  • ui: Add root rotation statements support to appropriate database secret engine plugins [GH-11404]
  • ui: Fix bug where the UI does not recognize version 2 KV until refresh, and fix [object Object] error message [GH-11258]
  • ui: Fix footer URL linking to the correct version changelog. [GH-11283]
  • ui: Fix namespace-bug on login [GH-11182]
  • ui: Fix status menu no showing on login [GH-11213]
  • ui: fix issue where select-one option was not showing in secrets database role creation [GH-11294]

1.7.0

24 March 2021

CHANGES:

  • agent: Failed auto-auth attempts are now throttled by an exponential backoff instead of the

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
dependabot[bot] commented 3 years ago

Dependabot tried to add @jippi and @burdandrei as reviewers to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/seatgeek/hashi-helper/pulls/250/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the seatgeek/hashi-helper repository. // See: https://docs.github.com/rest/reference/pulls#request-reviewers-for-a-pull-request
dependabot[bot] commented 2 years ago

Superseded by #264.