Bump github.com/hashicorp/vault from 1.15.3 to 1.15.4

[dependabot]

Bumps github.com/hashicorp/vault from 1.15.3 to 1.15.4.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.15.4

1.15.4

SECURITY:

• core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. Upgrading is strongly recommended.(see CVE-2023-6337 & HCSEC-2023-34)

CHANGES:

• identity (enterprise): POST requests to the /identity/entity/merge endpoint are now always forwarded from standbys to the active node. [GH-24325](hashicorp/vault#24325)

BUG FIXES:

• agent/logging: Agent should now honor correct -log-format and -log-file settings in logs generated by the consul-template library. [GH-24252](hashicorp/vault#24252)
• api: Fix deadlock on calls to sys/leader with a namespace configured on the request. [GH-24256](hashicorp/vault#24256)
• core: Fix a timeout initializing Vault by only using a short timeout persisting barrier keyring encryption counts. [GH-24336](hashicorp/vault#24336)
• ui: Correctly handle directory redirects from pre 1.15.0 Kv v2 list view urls. [GH-24281](hashicorp/vault#24281)
• ui: Fix payload sent when disabling replication [GH-24292](hashicorp/vault#24292)
• ui: When Kv v2 secret is an object, fix so details view defaults to readOnly JSON editor. [GH-24290](hashicorp/vault#24290)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.15.4

December 06, 2023

SECURITY:

• core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see CVE-2023-6337 & HCSEC-2023-34)

CHANGES:

• identity (enterprise): POST requests to the /identity/entity/merge endpoint are now always forwarded from standbys to the active node. [GH-24325]

BUG FIXES:

• agent/logging: Agent should now honor correct -log-format and -log-file settings in logs generated by the consul-template library. [GH-24252]
• api: Fix deadlock on calls to sys/leader with a namespace configured on the request. [GH-24256]
• core: Fix a timeout initializing Vault by only using a short timeout persisting barrier keyring encryption counts. [GH-24336]
• ui: Correctly handle directory redirects from pre 1.15.0 Kv v2 list view urls. [GH-24281]
• ui: Fix payload sent when disabling replication [GH-24292]
• ui: When Kv v2 secret is an object, fix so details view defaults to readOnly JSON editor. [GH-24290]

Commits

• 9b61934 Buffer body read up to MaxRequestSize (#24354) (#24369)
• c5c7c98 backport of commit 9e063f31d7c29481c6b3d632947ed7a58017a5da (#24370)
• 1e61209 Cherry pick license updates from main (#24348)
• f42d508 Backport 1.15.x: For showing JSON editor for complex secret in KV details vie...
• cb87bc1 backport of commit 91ec1a788b46c0bf12a3351e5e3339474400eee9 (#24350)
• 87c8f7c backport of commit 4a7bee5a02db880d543692386ccd597f33e29624 (#24330)
• 818455b backport of commit 18e6385e0589895c354e0d2aed95e8321f1ee84f (#24327)
• fe83861 backport of commit 06b9325bb9e6616789c4fe5e7778459ba98a14ab (#24323)
• b686de3 Bumped product version to 1.15.4.
• fc57356 backport of commit 9ddc33ab98c2c4f5a6cf875bea0457525a15cc76 (#24311)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[hypnoglow]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[hypnoglow]

@dependabot recreate

[dependabot]

Superseded by #32.