search

seatgeek / hashi-helper

Disaster Recovery and Configuration Management for Consul and Vault
BSD 3-Clause "New" or "Revised" License
187 stars 20 forks source link

Bump github.com/hashicorp/consul/api from 1.8.0 to 1.8.1 #255

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps github.com/hashicorp/consul/api from 1.8.0 to 1.8.1.

Release notes

Sourced from github.com/hashicorp/consul/api's releases.

v1.8.1

1.8.1 (July 30, 2020)

FEATURES:

IMPROVEMENTS:

  • acl: allow auth methods created in the primary datacenter to optionally create global tokens [GH-7899]
  • agent: Allow to restrict servers that can join a given Serf Consul cluster. [GH-7628]
  • agent: new configuration options allow ratelimiting of the agent-cache: cache.entry_fetch_rate and cache.entry_fetch_max_burst. [GH-8226]
  • cli: Output message on success when writing/deleting config entries. [GH-7806]
  • connect: Append port number to expected ingress hosts [GH-8190]
  • dns: Improve RCODE of response when query targets a non-existent datacenter. [GH-8102],[GH-8218]
  • version: The version CLI subcommand was altered to always show the git revision the binary was built from on the second line of output. Additionally the command gained a -format flag with the option now of outputting the version information in JSON form. NOTE This change has the potential to break any parsing done by users of the version commands output. In many cases nothing will need to be done but it is possible depending on how the output is parsed. [GH-8268]

BUGFIXES:

  • agent: Fixed a bug where Consul could crash when verify_outgoing was set to true but no client certificate was used. [GH-8211]
  • agent: Fixed an issue with lock contention during RPCs when under load while using the Prometheus metrics sink. [GH-8372]
  • auto_encrypt: Fixed an issue where auto encrypt certificate signing wasn't using the connect signing rate limiter. [GH-8211]
  • auto_encrypt: Fixed several issues around retrieving the first TLS certificate where it would have the wrong CN and SANs. This was being masked by a second bug (also fixed) causing that certificate to immediately be discarded with a second certificate request being made afterwards. [GH-8211]
  • auto_encrypt: Fixed an issue that caused auto encrypt certificates to not be updated properly if the agents token was changed and the old token was deleted. [GH-8311]
  • connect: fix crash that would result if a mesh or terminating gateway's upstream has a hostname as an address and no healthy service instances available [GH-8158]
  • connect: Fixed issue where specifying a prometheus bind address would cause ingress gateways to fail to start up [GH-8371](hashicorp/consul#8371)
  • gossip: Avoid issue where two unique leave events for the same node could lead to infinite rebroadcast storms [GH-8343]
  • snapshot: (Consul Enterprise only) Fixed a regression when using Azure blob storage.
  • xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions [GH-8265]
Changelog

Sourced from github.com/hashicorp/consul/api's changelog.

1.8.10 (April 15, 2021)

SECURITY:

  • Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864 [GH-10023]
  • audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156

BUG FIXES:

  • areas: Fixes a bug which would prevent newer servers in a network areas from connecting to servers running a version of Consul prior to 1.7.3.
  • audit-logging: (Enterprise only) Fixed an issue that resulted in usage of the agent master token or managed service provider tokens from being resolved properly. [GH-10013]
  • command: when generating envoy bootstrap configs to stdout do not mix informational logs into the json [GH-9980]
  • config: correct config key from advertise_addr_ipv6 to advertise_addr_wan_ipv6 [GH-9851]
  • snapshot: fixes a bug that would cause snapshots to be missing all but the first ACL Auth Method. [GH-10025]

1.8.9 (March 04, 2021)

IMPROVEMENTS:

  • cli: Add new -cluster-id and common-name to consul tls ca create to support creating a CA for Consul Connect. [GH-9585]
  • connect: if the token given to the vault provider returns no data avoid a panic [GH-9806]
  • connect: update supported envoy point releases to 1.14.6, 1.13.7, 1.12.7, 1.11.2 [GH-9739]
  • license: (Enterprise only) Temporary client license duration was increased from 30m to 6h.
  • server: use the presense of stored federation state data as a sign that we already activated the federation state feature flag [GH-9519]
  • xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel [GH-9765]

BUG FIXES:

  • api: Remove trailing periods from the gateway internal HTTP API endpoint [GH-9752]
  • cache: Prevent spamming the logs for days when a cached request encounters an "ACL not found" error. [GH-9738]
  • connect: connect CA Roots in the primary datacenter should use a SigningKeyID derived from their local intermediate [GH-9428]
  • proxycfg: avoid potential deadlock in delivering proxy snapshot to watchers. [GH-9689]
  • server: When wan federating via mesh gateways after initial federation default to using the local mesh gateways unless the heuristic indicates a bypass is required. [GH-9528]
  • server: When wan federating via mesh gateways only do heuristic primary DC bypass on the leader. [GH-9366]
  • xds: deduplicate mesh gateway listeners by address in a stable way to prevent some LDS churn [GH-9650]
  • xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists; also prevent some flaps in terminating gateways as well [GH-9651]

1.8.8 (January 22, 2021)

BUG FIXES:

  • connect: Fixed a bug in the AWS PCA Connect CA provider that could cause the intermediate PKI path to be deleted after reconfiguring the CA [GH-9498]
  • connect: Fixed a bug in the Vault Connect CA provider that could cause the intermediate PKI path to be deleted after reconfiguring the CA [GH-9498]
  • connect: Fixed an issue that would prevent updating the Connect CA configuration if the CA provider didn't complete initialization previously. [GH-9498]
  • leader: Fixed a bug that could cause Connect CA initialization failures from allowing leader establishment to complete resulting in potentially infinite leader elections. [GH-9498]
  • rpc: Prevent misleading RPC error claiming the lack of a leader when Raft is ok but there are issues with client agents gossiping with the leader. [GH-9487]
  • ui: ensure namespace is used for node API requests [GH-9488]

1.8.7 (December 10, 2020)

... (truncated)

Commits
  • 12f574c Release v1.8.1
  • d510c62 update bindata_assetfs.go
  • 622495f Update CHANGELOG.md
  • b5e858d Avoid panics during shutdown routine
  • 5658fae Update CHANGELOG.md
  • e9b07c5 Add some auto-config docs (#8410)
  • d6c35dd Update CHANGELOG.md
  • c9b6615 Ensure certificates retrieved through the cache get persisted with auto-confi...
  • 4f98af0 Allow setting verify_incoming* when using auto_encrypt or auto_config (#8394)
  • ab71058 Mention agent-caching ratelimiting.
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
dependabot[bot] commented 3 years ago

Dependabot tried to add @jippi and @burdandrei as reviewers to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/seatgeek/hashi-helper/pulls/255/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the seatgeek/hashi-helper repository. // See: https://docs.github.com/rest/reference/pulls#request-reviewers-for-a-pull-request
dependabot[bot] commented 3 years ago

Superseded by #257.