rebase: Bump github.com/hashicorp/vault from 1.4.2 to 1.9.9

[dependabot]

Bumps github.com/hashicorp/vault from 1.4.2 to 1.9.9.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.9.9

No release notes provided.

v1.9.8

No release notes provided.

v1.9.7

No release notes provided.

v1.9.6

No release notes provided.

v1.9.5

No release notes provided.

v1.9.4

No release notes provided.

v1.9.3

1.9.3

January 27, 2022

IMPROVEMENTS:

• auth/kubernetes: Added support for dynamically reloading short-lived tokens for better Kubernetes 1.21+ compatibility [GH-13698]
• auth/ldap: Add username to alias metadata [GH-13669]
• core/identity: Support updating an alias' custom_metadata to be empty. [GH-13395]
• core: Fixes code scanning alerts [GH-13667]
• http (enterprise): Serve /sys/license/status endpoint within namespaces

BUG FIXES:

• auth/oidc: Fixes OIDC auth from the Vault UI when using the implicit flow and form_post response mode. [GH-13492]
• cli: Fix using kv patch with older server versions that don't support HTTP PATCH. [GH-13615]
• core (enterprise): Workaround AWS CloudHSM v5 SDK issue not allowing read-only sessions
• core/identity: Address a data race condition between local updates to aliases and invalidations [GH-13476]
• core: add support for go-sockaddr templates in the top-level cluster_addr field [GH-13678]
• identity/oidc: Check for a nil signing key on rotation to prevent panics. [GH-13716]
• kmip (enterprise): Fix locate by name operations fail to find key after a rekey operation.
• secrets/database/mssql: Accept a boolean for contained_db, rather than just a string. [GH-13469]
• secrets/gcp: Fixes role bindings for BigQuery dataset resources. [GH-13548]
• secrets/pki: Fix regression causing performance secondaries to forward certificate generation to the primary. [GH-13759]
• storage/raft: On linux, use map_populate for bolt files to improve startup time. [GH-13573]
• storage/raft: Units for bolt metrics now given in milliseconds instead of nanoseconds [GH-13749]
• ui: Fixes breadcrumb bug for secrets navigation [GH-13604]
• ui: Fixes issue saving KMIP role correctly [GH-13585]

v1.9.2

1.9.2

December 21, 2021

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.9.9

August 31, 2022

CHANGES:

• core: Bump Go version to 1.17.13.

BUG FIXES:

• core (enterprise): Fix some races in merkle index flushing code found in testing
• core: Increase the allowed concurrent gRPC streams over the cluster port. [GH-16327]
• database: Invalidate queue should cancel context first to avoid deadlock [GH-15933]
• secrets/database: Fix a bug where the secret engine would queue up a lot of WAL deletes during startup. [GH-16686]
• ui: Fix OIDC callback to accept namespace flag in different formats [GH-16886]
• ui: Fix issue logging in with JWT auth method [GH-16466]

SECURITY:

• identity/entity: When entity aliases mapped to a single entity share the same alias name, but have different mount accessors, Vault can leak metadata between the aliases. This metadata leak may result in unexpected access if templated policies are using alias metadata for path names. [HCSEC-2022-18]

1.9.8

July 21, 2022

CHANGES:

• core: Bump Go version to 1.17.12.

IMPROVEMENTS:

• secrets/ssh: Allow additional text along with a template definition in defaultExtension value fields. [GH-16018]

BUG FIXES:

• core/identity: Replicate member_entity_ids and policies in identity/group across nodes identically [GH-16088]
• core/replication (enterprise): Don't flush merkle tree pages to disk after losing active duty
• core/seal: Fix possible keyring truncation when using the file backend. [GH-15946]
• storage/raft (enterprise): Prevent unauthenticated voter status change with rejoin [GH-16324]
• transform (enterprise): Fix a bug in the handling of nested or unmatched capture groups in FPE transformations.
• ui: Fix issue where metadata tab is hidden even though policy grants access [GH-15824]
• ui: Updated leasId to leaseId in the "Copy Credentials" section of "Generate AWS Credentials" [GH-15685]

1.9.7

June 10, 2022

CHANGES:

• core: Bump Go version to 1.17.11. [GH-go-ver-197]

IMPROVEMENTS:

... (truncated)

Commits

• 9c11f0a Backport of UI/OIDC auth bug for hcp namespace flag into release/1.9.x (#16909)
• f128cbd backport of commit 247a019be0ace89bfa3cdc54c0294829bf390ef0 (#16885)
• d651606 Update 1.9.x go 1.17.13 (#16836)
• f788761 backport of commit bab106359351d060e8691b8b7ebd1a21b72bdfbe (#16841)
• 899c297 Typo: Corrected same typo in 2 locations (on-premise to on-premises) (#13402)...
• 5395ad5 backport of commit 8c6c586a529df4504d4291c3ec8cd5563cc137c7 (#13984)
• b920bde Backport consul-template update (#16792)
• 89bd5d5 backport of commit 5118aa6d0c22bf4a09878e4f83909d167b55b1ed (#14408)
• 462ef0f backport of commit 192c2aa7e2f092f96054c7cd36b32630e80ca351 (#16708)
• 60cf24c backport of commit b8a706b122228dfe58611fe5ed3b5c83ffe3929f (#16689)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[nixpanic]

@Mergifyio rebase

[mergify]

rebase

✅ Branch has been successfully rebased

[github-actions]

/test ci/centos/k8s-e2e-external-storage/1.23

[github-actions]

/test ci/centos/k8s-e2e-external-storage/1.24

[github-actions]

/test ci/centos/k8s-e2e-external-storage/1.25

[github-actions]

/test ci/centos/k8s-e2e-external-storage/1.26

[github-actions]

/test ci/centos/mini-e2e-helm/k8s-1.23

[github-actions]

/test ci/centos/mini-e2e-helm/k8s-1.24

[github-actions]

/test ci/centos/mini-e2e-helm/k8s-1.25

[github-actions]

/test ci/centos/mini-e2e-helm/k8s-1.26

[github-actions]

/test ci/centos/mini-e2e/k8s-1.23

[github-actions]

/test ci/centos/mini-e2e/k8s-1.24

[github-actions]

/test ci/centos/mini-e2e/k8s-1.25

[github-actions]

/test ci/centos/mini-e2e/k8s-1.26

[github-actions]

/test ci/centos/upgrade-tests-cephfs

[github-actions]

/test ci/centos/upgrade-tests-rbd

[porwalameet]

We are getting security alert for this repo, which flags vault using 1.4.2 version. Can we have a release drop with this fix please.

[Madhu-1]

@Mergifyio backport release-v3.8

[mergify]

backport release-v3.8

✅ Backports have been created

• #3859 rebase: Bump github.com/hashicorp/vault from 1.4.2 to 1.9.9 (backport #3712) has been created for branch release-v3.8 but encountered conflicts