Skip to content

Comments

build(deps): bump github.com/hashicorp/vault from 0.10.4 to 1.19.0#1989

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/github.com/hashicorp/vault-1.19.0
Closed

build(deps): bump github.com/hashicorp/vault from 0.10.4 to 1.19.0#1989
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/github.com/hashicorp/vault-1.19.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 17, 2025
edited
Loading

Bumps github.com/hashicorp/vault from 0.10.4 to 1.19.0.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.19.0

1.19.0

March 5, 2025

Enterprise LTS: Vault Enterprise 1.19 is a Long-Term Support (LTS) release.

SECURITY:

  • raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e
  • raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.2.0

CHANGES:

  • agent/config: Configuration values including IPv6 addresses will be automatically translated and displayed conformant to RFC-5952 §4. [GH-29517]
  • api: Add to sys/health whether the node has been removed from the HA cluster. If the node has been removed, return code 530 by default or the value of the removedcode query parameter. [GH-28991]
  • api: Add to sys/health whether the standby node has been able to successfully send heartbeats to the active node and the time in milliseconds since the last heartbeat. If the standby has been unable to send a heartbeat, return code 474 by default or the value of the haunhealthycode query parameter. [GH-28991]
  • auth/alicloud: Update plugin to v0.20.0 [GH-29613]
  • auth/azure: Update plugin to v0.19.1 [GH-28712]
  • auth/azure: Update plugin to v0.19.2 [GH-28848]
  • auth/azure: Update plugin to v0.20.0 [GH-29606]
  • auth/azure: Update plugin to v0.20.1 [GH-29728]
  • auth/cf: Update plugin to v0.19.1 [GH-29295]
  • auth/cf: Update plugin to v0.20.0 [GH-29528]
  • auth/gcp: Update plugin to v0.20.0 [GH-29591]
  • auth/gcp: Update plugin to v0.20.1 [GH-29736]
  • auth/jwt: Update plugin to v0.23.0 [GH-29553]
  • auth/kerberos: Update plugin to v0.14.0 [GH-29617]
  • auth/kubernetes: Update plugin to v0.21.0 [GH-29619]
  • auth/ldap: An error will now be returned on login if the number of entries returned from the user DN LDAP search is more than one. [GH-29302]
  • auth/ldap: No longer return authentication warnings to client. [GH-29134]
  • auth/oci: Update plugin to v0.18.0 [GH-29620]
  • core (enterprise): Add tracking of performance standbys by their HA node ID so that RPC connections can be more easily cleaned up when nodes are removed. [GH-29303]
  • core/ha (enterprise): Failed attempts to become a performance standby node are now using an exponential backoff instead of a 10 second delay in between retries. The backoff starts at 2s and increases by a factor of two until reaching the maximum of 16s. This should make unsealing of the node faster in some cases.
  • core/raft: Return an error on sys/storage/raft/join if a node that has been removed from raft cluster attempts to re-join when it still has existing raft data on disk. [GH-29090]
  • core: Bump Go version to 1.23.6.
  • database/couchbase: Update plugin to v0.13.0 [GH-29543]
  • database/elasticsearch: Update plugin to v0.17.0 [GH-29542]
  • database/mongodbatlas: Update plugin to v0.14.0 [GH-29584]
  • database/redis-elasticache: Update plugin to v0.6.0 [GH-29594]
  • database/redis: Update plugin to v0.5.0 [GH-29597]
  • database/snowflake: Update plugin to v0.13.0 [GH-29554]
  • kmip (enterprise): RSA key generation now enforces key sizes of 2048 or higher
  • login (enterprise): Return a 500 error during logins when performance standby nodes make failed gRPC requests to the active node. [GH-28807]
  • proxy/config: Configuration values including IPv6 addresses will be automatically translated and displayed conformant to RFC-5952 §4. [GH-29517]
  • raft/autopilot (enterprise): Alongside the CE autopilot update, update raft-autopilot-enterprise library to v0.3.0 and add enterprise-specific regression testing.
  • sdk: Upgrade to go-secure-stdlib/plugincontainer@v0.4.1, which also bumps github.com/docker/docker to v27.2.1+incompatible [GH-28456]
  • secrets/ad: Update plugin to v0.20.1 [GH-29648]
  • secrets/alicloud: Update plugin to v0.19.0 [GH-29512]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

0.11.6 (December 14th, 2018)

This release contains the three security fixes from 1.0.0 and 1.0.1 and the following bug fixes from 1.0.0/1.0.1:

  • namespaces: Correctly reload the proper mount when tuning or reloading the mount [GH-5937]
  • replication/perfstandby: Fix audit table upgrade on standbys [GH-5811]
  • replication/perfstandby: Fix redirect on approle update [GH-5820]
  • secrets/kv: Fix issue where storage version would get incorrectly downgraded [GH-5809]

It is otherwise identical to 0.11.5.

0.11.5 (November 13th, 2018)

BUG FIXES:

  • agent: Fix issue when specifying two file sinks [GH-5610]
  • auth/userpass: Fix minor timing issue that could leak the presence of a username [GH-5614]
  • autounseal/alicloud: Fix issue interacting with the API (Enterprise)
  • autounseal/azure: Fix key version tracking (Enterprise)
  • cli: Fix panic that could occur if parameters were not provided [GH-5603]
  • core: Fix buggy behavior if trying to remount into a namespace
  • identity: Fix duplication of entity alias entity during alias transfer between entities [GH-5733]
  • namespaces: Fix tuning of auth mounts in a namespace
  • ui: Fix bug where editing secrets as JSON doesn't save properly [GH-5660]
  • ui: Fix issue where IE 11 didn't render the UI and also had a broken form when trying to use tool/hash [GH-5714]

0.11.4 (October 23rd, 2018)

CHANGES:

  • core: HA lock file is no longer copied during operator migrate [GH-5503]. We've categorized this as a change, but generally this can be considered just a bug fix, and no action is needed.

FEATURES:

  • Transit Key Trimming: Keys in transit secret engine can now be trimmed to remove older unused key versions
  • Web UI support for KV Version 2: Browse, delete, undelete and destroy individual secret versions in the UI
  • Azure Existing Service Principal Support: Credentials can now be generated against an existing service principal

IMPROVEMENTS:

... (truncated)

Commits
  • 7eeafb6 [VAULT-34422] This is an automated pull request to build all artifacts for a ...
  • 389c6ed backport of commit 1b50c640998cc0719fcb9875116628d8c156ae0d (#29770)
  • e12d326 backport of commit 0cec5066e6cf98f2b4f1f34e1151639ae2769c9b (#29807)
  • 3a95da7 [VAULT-34422] This is an automated pull request to build all artifacts for a ...
  • 6392f5b backport of commit e2f09cb2ab83492c9e02a6bc41192ee00b6b5b55 (#29683)
  • a42449d backport of commit 0edc710621e198f1c512233f84476cc6acc20dce (#29800)
  • dcbc84c backport of commit 6bf505c1a3d9bcd375370b99bb98f0243e39541f (#29787)
  • c5b7c3d backport of commit 17c0ee93cb63158ed4f197479e9ea3f2da163f53 (#29786)
  • 310e7b8 backport of commit 39df7fa97356fcf68f2b6337ceb700f4efd749b4 (#29779)
  • c0004af Update all go-jose to v3.0.4 or v4.05 for CVE-2025-27144 (#29772)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 17, 2025
@dependabot dependabot bot mentioned this pull request Mar 17, 2025
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.19.0 branch 2 times, most recently from e15b3ce to 2e6a54f Compare March 26, 2025 19:45
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 26, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@sergeylanzman sergeylanzman reopened this Mar 26, 2025
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.19.0 branch 4 times, most recently from 9afacd8 to 2139b5e Compare March 26, 2025 21:37
@dependabot
build(deps): bump github.com/hashicorp/vault from 0.10.4 to 1.19.0
d35dd36 
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 0.10.4 to 1.19.0.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v0.md)
- [Commits](hashicorp/vault@v0.10.4...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.19.0 branch from 2139b5e to d35dd36 Compare March 26, 2025 21:40
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/hashicorp/vault-1.19.0 branch March 26, 2025 21:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sergeylanzman