Bump github.com/codenotary/immudb from 1.3.0 to 1.4.1

[dependabot]

Bumps github.com/codenotary/immudb from 1.3.0 to 1.4.1.

Release notes

Sourced from github.com/codenotary/immudb's releases.

v1.4.1

Release notes

We're pleased to announce new version of immudb: 1.4.1. This is a smaller maintenance release that fixes important issues discovered in the previous 1.4.0 release.

Important issues fixed

Along with this release, the go SDK for immudb comes with fixes to two security vulnerabilities (CVE-2022-36111 and CVE-2022-39199) that we've discovered through an internal security review. Those vulnerabilities only affect the client SDK that is part of the immudb release - for that reason make sure that the most recent go SDK version is used in your application.

More information about those vulnerabilities can be found in those adversaries:

• GHSA-672p-m5jq-mrh8
• GHSA-6cqj-6969-p57x

Small improvements

Besides important fixes, this release also comes with improved naming convention related to replication options and an option to reset admin password without knowledge of the previous password. Such password reset is helpful in case the admin password is lost and can also be used to ensure there's a correct admin password set in cloud deployments such as Kubernetes.

Changelog

[v1.4.1] - 2022-11-16

Bug Fixes

• Change replication-related terms in codebase
• Change replication-related terms in tests
• cmd: Rename replication flags to follow consistent convention
• cmd/immudb: Better description of the --force-admin-password flag
• cmd/immudb: Fix description of the force-admin-password flag
• embedded/appendable: fsync parent directory
• embedded/appendable: fsync parent folder in remote appedable
• pkg: Rename replication-related fields in GRPC protocol
• pkg/client: Delay server identity validation
• pkg/client/cache: Add methods to validate server identity
• pkg/client/cache: Validate server's identity
• pkg/server: Remove includeDeactivated flag when querying for users
• pkg/server/servertest: Add uuid to buffconn server
• pkg/server/servertest: Fix resetting grpc connection
• test/perf-test-suite: Avoid dumping immudb logo on perf test results file
• test/performance-test-suite: Ensure results are shown after proper is finished
• verification: Additional Linear proof consistency check
• verification: Recreate linear advance proofs for older servers

Changes

• pkg/server: Add logs for activities related to users
• ci: migrate deprecating set-output commands
• cmd/immudb: Allow resetting sysadmin password
• docs/security: Be less specific about package version in examples
• docs/security: Add resources for the linear-fake vulnerability
• embedded/appendable: sync directories
• embedded/store: Disable asynchronous AHT generation

... (truncated)

Changelog

Sourced from github.com/codenotary/immudb's changelog.

[v1.4.1] - 2022-11-14

Changes

• pkg/server: Add logs for activities related to users

[v1.4.1-RC1] - 2022-11-16

Bug Fixes

• Change replication-related terms in codebase
• Change replication-related terms in tests
• cmd: Rename replication flags to follow consistent convention
• cmd/immudb: Better description of the --force-admin-password flag
• cmd/immudb: Fix description of the force-admin-password flag
• embedded/appendable: fsync parent directory
• embedded/appendable: fsync parent folder in remote appedable
• pkg: Rename replication-related fields in GRPC protocol
• pkg/client: Delay server identity validation
• pkg/client/cache: Add methods to validate server identity
• pkg/client/cache: Validate server's identity
• pkg/server: Remove includeDeactivated flag when querying for users
• pkg/server/servertest: Add uuid to buffconn server
• pkg/server/servertest: Fix resetting grpc connection
• test/perf-test-suite: Avoid dumping immudb logo on perf test results file
• test/performance-test-suite: Ensure results are shown after proper is finished
• verification: Additional Linear proof consistency check
• verification: Recreate linear advance proofs for older servers

Changes

• ci: migrate deprecating set-output commands
• cmd/immudb: Allow resetting sysadmin password
• docs/security: Be less specific about package version in examples
• docs/security: Add resources for the linear-fake vulnerability
• embedded/appendable: sync directories
• embedded/store: Disable asynchronous AHT generation
• embedded/store: Remove AHT Wait Hub
• pkg/client: Document WithDisableIdentityCheck option
• pkg/client/cache: Describe serverIdentity parameter
• pkg/client/cache: Limit the hash part of the identity file name
• pkg/client/state: Cleanup mutex handling in StateService
• pkg/server: Warn if sysadmin user password was not reset
• pkg/server: Better warning for unchanged admin password
• test/performance-test-suite: Add summary to json output

Features

• ci: fix message and input
• ci: add runner name to mattermost message header
• ci: simplify results extraction
• ci: extract performance tests into separate workflow to be reused
• ci: add scheduled daily test runs and send results to Mattermost
• pkg/replication: Disable server's identity check in internal replication

... (truncated)

Commits

• 99e4f1e release: v1.4.1
• c19fb0f test(pkg/server): replace assert with require
• cc214dc test(pkg/server): replace assert with require
• 48c91ad test(pkg/stream): replace assert with require
• e95def1 test(pkg/signer): replace assert with require
• 7d1117d test(pkg/logger): replace assert with require
• f3ffbb1 test(pkg/auth): replace assert with require
• b56a1e8 test(pkg/server): replace assert with require
• 63b2a7f test(pkg/client): replace assert with require
• 317694e test(pkg/server): replace assert with require
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.