Bump github.com/hashicorp/consul from 1.0.7 to 1.6.3

[dependabot-preview]

Bumps github.com/hashicorp/consul from 1.0.7 to 1.6.3.

Changelog

Sourced from github.com/hashicorp/consul's changelog.

1.6.3 (January 30, 2020)

SECURITY

• agent: mitigate potential DoS vector allowing unbounded server resource usage from unauthenticated connections [GH-7159]
• acl: add ACL enforcement to the v1/agent/health/service/* endpoints [GH-7160]

IMPROVEMENTS

• tls: auto_encrypt and verify_incoming [GH-6811]

BUG FIXES

• agent: output proper HTTP status codes for Txn requests that are too large [GH-7158]
• connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index [GH-7011]
• connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison [GH-7012]

1.6.2 (November 13, 2019)

SECURITY

• Updated to compile with Go 1.12.13 which includes a fix for CVE-2019-17596 in [Go 1.12.11] [GH-6319]

FEATURES

• agent: store check type in catalog [GH-6561]
• agent: update force-leave to allow for complete removal of members [GH-6571]
• agent: updates to the agent token trigger anti-entropy full syncs [GH-6577]
• snapshot agent (Consul Enterprise): Added support for saving snapshots to Google Cloud Storage.
• connect: Added proxy config stanza to allow exposing HTTP paths through Envoy for non-Connect-enabled services [GH-5396]

IMPROVEMENTS

• licensing (Consul Enterprise): Increase initial server temporary license duration to 6 hours to allow for longer upgrades/migrations.
• server: ensure the primary datacenter and ACL datacenter match [GH-6634]
• sdk: ignore panics due to stray goroutines logging after a test completes [GH-6632]
• agent: allow mesh gateways to initialize even if there are no connect services registered yet [GH-6576]
• agent: endpoint performance improvements, Txn endpoint in particular. [GH-6680]
• sdk: add NewTestServerT, deprecate NewTestServer in testutil to prevent nil point dereference [GH-6761]
• agent: auto_encrypt provided TLS certificates can now be used to enable HTTPS on clients [GH-6489]
• sentinel (Consul Enterprise): update to v0.13.0, see Sentinel changelog for more details

BUG FIXES

• ARM release binaries: Starting with v1.6.2, Consul will ship three separate versions of ARM builds. The previous ARM binaries of Consul could potentially crash due to the way the Go runtime manages internal pointers to its Go routine management constructs and how it keeps track of them especially during signal handling. From v1.6.2 forward, it is recommended to use:
  • consul_{version}_linux_armelv5.zip for all 32-bit armel systems
  • consul_{version}_linux_armhfv6.zip for all armhf systems with v6+ architecture
  • consul_{version}_linux_arm64.zip for all v8 64-bit architectures
• agent: Parse the HTTP Authorization header as case-insensitive. [GH-6568]
• agent: minimum quorum check added to Autopilot with minQuorum option [GH-6654]

... (truncated)

Commits

• 7f3b5f3 Release v1.6.3
• 8bd8d45 update bindata_assetfs.go
• e686a38 Update CHANGELOG
• b788f72 Mitigate HTTP/RPC Services Allow Unbounded Resource Usage
• e7244ac agent: add ACL enforcement to the v1/agent/health/service/* endpoints
• f2aa2c1 agent: output proper HTTP status codes for Txn requests that are too large (#...
• a0f76a2 Merge pull request #7081 from hashicorp/feature/ui-update-copyright-year
• 61db0b4 Updates the Consul copyright year to 2020
• 7cdd07a connect: use inline_string instead for envoy ca (#7026)
• 249c831 Release v1.6.3-pandora-pre1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 3 PRs for your first few update runs. Once an update run creates fewer than 3 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Dependabot tried to update this pull request, but something went wrong. The most likely cause is #61, which may be blocking Dependabot from updating your dependency files.

[dependabot-preview]

Dependabot tried to update this pull request, but something went wrong. The most likely cause is #61, which may be blocking Dependabot from updating your dependency files.

[dependabot-preview]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.