Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump github.com/hashicorp/vault from 1.13.12 to 1.14.10 #244

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 6, 2024

Bumps github.com/hashicorp/vault from 1.13.12 to 1.14.10.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.14.10

1.14.10

February 29, 2024

SECURITY:

  • auth/cert: compare public keys of trusted non-CA certificates with incoming client certificates to prevent trusting certs with the same serial number but not the same public/private key. [GH-25649]

CHANGES:

  • core: Bump Go version to 1.20.14.

FEATURES:

  • Manual License Utilization Reporting: Added manual license utilization reporting, which allows users to create manual exports of product-license [metering data] to report to Hashicorp.

IMPROVEMENTS:

  • auth/cert: Cache trusted certs to reduce memory usage and improve performance of logins. [GH-25421]
  • ui: redirect back to current route after reauthentication when token expires [GH-25335]
  • ui: remove unnecessary OpenAPI calls for unmanaged auth methods [GH-25364]

BUG FIXES:

  • core (enterprise): Fix a deadlock that can occur on performance secondary clusters when there are many mounts and a mount is deleted or filtered [GH-25448]
  • core/quotas: Deleting a namespace that contains a rate limit quota no longer breaks replication [GH-25439]
  • secrets/transform (enterprise): guard against a panic looking up a token in exportable mode with barrier storage.
  • secrets/transit: When provided an invalid input with hash_algorithm=none, a lock was not released properly before reporting an error leading to deadlocks on a subsequent key configuration update. [GH-25336]
  • storage/file: Fixing spuriously deleting storage keys ending with .temp [GH-25395]

v1.14.9

1.14.9

January 31, 2024

CHANGES:

  • core: Bump Go version to 1.20.12.
  • database/snowflake: Update plugin to v0.9.2 [GH-25057]

IMPROVEMENTS:

  • command/server: display logs on startup immediately if disable-gated-logs flag is set [GH-24280]
  • oidc/provider: Adds code_challenge_methods_supported to OpenID Connect Metadata [GH-24979]
  • storage/raft: Upgrade to bbolt 1.3.8, along with an extra patch to reduce time scanning large freelist maps. [GH-24010]
  • ui: latest version of chrome does not automatically redirect back to the app after authentication unless triggered by the user, hence added a link to redirect back to the app. [GH-18513]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.14.10

February 29, 2024

SECURITY:

  • auth/cert: compare public keys of trusted non-CA certificates with incoming client certificates to prevent trusting certs with the same serial number but not the same public/private key. [GH-25649]

CHANGES:

  • core: Bump Go version to 1.20.14.

FEATURES:

  • Manual License Utilization Reporting: Added manual license utilization reporting, which allows users to create manual exports of product-license [metering data] to report to Hashicorp.

IMPROVEMENTS:

  • auth/cert: Cache trusted certs to reduce memory usage and improve performance of logins. [GH-25421]
  • ui: redirect back to current route after reauthentication when token expires [GH-25335]
  • ui: remove unnecessary OpenAPI calls for unmanaged auth methods [GH-25364]

BUG FIXES:

  • core (enterprise): Fix a deadlock that can occur on performance secondary clusters when there are many mounts and a mount is deleted or filtered [GH-25448]
  • core/quotas: Deleting a namespace that contains a rate limit quota no longer breaks replication [GH-25439]
  • secrets/transform (enterprise): guard against a panic looking up a token in exportable mode with barrier storage.
  • secrets/transit: When provided an invalid input with hash_algorithm=none, a lock was not released properly before reporting an error leading to deadlocks on a subsequent key configuration update. [GH-25336]
  • storage/file: Fixing spuriously deleting storage keys ending with .temp [GH-25395]

1.14.9

January 31, 2024

CHANGES:

  • core: Bump Go version to 1.20.12.
  • database/snowflake: Update plugin to v0.9.2 [GH-25057]

IMPROVEMENTS:

  • command/server: display logs on startup immediately if disable-gated-logs flag is set [GH-24280]
  • oidc/provider: Adds code_challenge_methods_supported to OpenID Connect Metadata [GH-24979]
  • storage/raft: Upgrade to bbolt 1.3.8, along with an extra patch to reduce time scanning large freelist maps. [GH-24010]
  • ui: latest version of chrome does not automatically redirect back to the app after authentication unless triggered by the user, hence added a link to redirect back to the app. [GH-18513]

BUG FIXES:

... (truncated)

Commits
  • 7d15950 [VAULT-24502] This is an automated pull request to build all artifacts for a ...
  • 17a3dc2 backport of commit e0b1b87ca684425a38855ac2cbd4436b7945a406 (#25701)
  • 9eeac45 Bump go version to 1.20.14 (#25662)
  • 612a54f backport of commit 773911494e767482207674b5e7bdb9608693c8c0 (#25654)
  • 6a45d27 Backport of identity/oidc: fix flakey key rotation test into release/1.14.x (...
  • d3028e6 backport of commit 5f0638aa8bcb3e6188d4b92fabca29f15460203a (#25448) (#25552)
  • dd5a783 backport of commit e5c6e4cf138282119efb60bb67f1b6b3bee5dc6f (#25527)
  • 35bb12a Cache trusted cert values, invalidating when anything changes (#25421) (#25464)
  • de9f7a8 UI: stabilize flaky ns test (#25488) (#25495)
  • 19e5992 Backport of PSA-714 - update ubi-minimal to 8.9 for security fixes into relea...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.13.12 to 1.14.10.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.13.12...v1.14.10)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 6, 2024
@dependabot dependabot bot requested a review from brandon-welsch March 6, 2024 17:05
@github-actions github-actions bot enabled auto-merge March 6, 2024 17:05
@github-actions github-actions bot merged commit d6c4b71 into master Mar 6, 2024
1 check passed
@github-actions github-actions bot deleted the dependabot/go_modules/github.com/hashicorp/vault-1.14.10 branch March 6, 2024 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants