Skip to content
This repository has been archived by the owner on Jul 23, 2024. It is now read-only.

Bump github.com/hashicorp/vault from 1.15.3 to 1.16.1 #45

Closed
wants to merge 1 commit into from
Closed

Bump github.com/hashicorp/vault from 1.15.3 to 1.16.1 #45

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 4, 2024
edited
Loading

Bumps github.com/hashicorp/vault from 1.15.3 to 1.16.1.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.16.1

1.16.1

April 04, 2024

BUG FIXES:

  • auth/ldap: Fix login error for group search anonymous bind. [GH-26200]
  • auth/ldap: Fix login error missing entity alias attribute value. [GH-26200]
  • cli: fixed a bug where the Vault CLI would error out if HOME was not set. [GH-26243]
  • core: Only reload seal configuration when enable_multiseal is set to true. [GH-26166]
  • secret/database: Fixed race condition where database mounts may leak connections [GH-26147]

v1.16.0

No release notes provided.

v1.16.0-rc3

1.16.0-rc3

March 13, 2024

SECURITY:

  • auth/cert: compare public keys of trusted non-CA certificates with incoming client certificates to prevent trusting certs with the same serial number but not the same public/private key. [GH-25649]
  • secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [GH-22852]

CHANGES:

  • Upgrade grpc to v1.58.3 [GH-23703]
  • Upgrade x/net to v0.17.0 [GH-23703]
  • api: add the enterprise parameter to the /sys/health endpoint [GH-24270]
  • auth/alicloud: Update plugin to v0.16.1 [GH-25014]
  • auth/alicloud: Update plugin to v0.17.0 [GH-25217]
  • auth/approle: Normalized error response messages when invalid credentials are provided [GH-23786]
  • auth/azure: Update plugin to v0.16.1 [GH-22795]
  • auth/azure: Update plugin to v0.17.0 [GH-25258]
  • auth/cf: Update plugin to v0.16.0 [GH-25196]
  • auth/gcp: Update plugin to v0.16.2 [GH-25233]
  • auth/jwt: Update plugin to v0.19.0 [GH-24972]
  • auth/jwt: Update plugin to v0.20.0 [GH-25326]
  • auth/kerberos: Update plugin to v0.10.1 [GH-22797]
  • auth/kerberos: Update plugin to v0.11.0 [GH-25232]
  • auth/kubernetes: Update plugin to v0.18.0 [GH-25207]
  • auth/oci: Update plugin to v0.14.1 [GH-22774]
  • auth/oci: Update plugin to v0.15.1 [GH-25245]
  • cli: Using vault plugin reload with -plugin in the root namespace will now reload the plugin across all namespaces instead of just the root namespace. [GH-24878]
  • cli: vault plugin info and vault plugin deregister now require 2 positional arguments instead of accepting either 1 or 2. [GH-24250]
  • core: Bump Go version to 1.21.8.
  • database/couchbase: Update plugin to v0.10.1 [GH-25275]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

Previous versions

1.16.0

March 26, 2024

SECURITY:

  • auth/cert: compare public keys of trusted non-CA certificates with incoming client certificates to prevent trusting certs with the same serial number but not the same public/private key. [GH-25649]
  • auth/cert: validate OCSP response was signed by the expected issuer and serial number matched request [GH-26091]
  • secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [GH-22852]

CHANGES:

  • Upgrade grpc to v1.58.3 [GH-23703]
  • Upgrade x/net to v0.17.0 [GH-23703]
  • api: add the enterprise parameter to the /sys/health endpoint [GH-24270]
  • auth/alicloud: Update plugin to v0.16.1 [GH-25014]
  • auth/alicloud: Update plugin to v0.17.0 [GH-25217]
  • auth/approle: Normalized error response messages when invalid credentials are provided [GH-23786]
  • auth/azure: Update plugin to v0.16.1 [GH-22795]
  • auth/azure: Update plugin to v0.17.0 [GH-25258]
  • auth/cf: Update plugin to v0.16.0 [GH-25196]
  • auth/gcp: Update plugin to v0.16.2 [GH-25233]
  • auth/jwt: Update plugin to v0.19.0 [GH-24972]
  • auth/jwt: Update plugin to v0.20.0 [GH-25326]
  • auth/jwt: Update plugin to v0.20.1 [GH-25937]
  • auth/kerberos: Update plugin to v0.10.1 [GH-22797]
  • auth/kerberos: Update plugin to v0.11.0 [GH-25232]
  • auth/kubernetes: Update plugin to v0.18.0 [GH-25207]
  • auth/oci: Update plugin to v0.14.1 [GH-22774]
  • auth/oci: Update plugin to v0.15.1 [GH-25245]
  • cli: Using vault plugin reload with -plugin in the root namespace will now reload the plugin across all namespaces instead of just the root namespace. [GH-24878]
  • cli: vault plugin info and vault plugin deregister now require 2 positional arguments instead of accepting either 1 or 2. [GH-24250]
  • core (enterprise): Seal High Availability (HA) must be enabled by enable_multiseal in configuration.
  • core: Bump Go version to 1.21.8.
  • database/couchbase: Update plugin to v0.10.1 [GH-25275]
  • database/elasticsearch: Update plugin to v0.14.0 [GH-25263]
  • database/mongodbatlas: Update plugin to v0.11.0 [GH-25264]
  • database/redis-elasticache: Update plugin to v0.3.0 [GH-25296]
  • database/redis: Update plugin to v0.2.3 [GH-25289]
  • database/snowflake: Update plugin to v0.10.0 [GH-25143]
  • database/snowflake: Update plugin to v0.9.1 [GH-25020]
  • events: Remove event noficiations websocket endpoint in non-Enterprise [GH-25640]
  • events: Source URL is now vault://{vault node} [GH-24201]
  • identity (enterprise): POST requests to the /identity/entity/merge endpoint are now always forwarded from standbys to the active node. [GH-24325]

... (truncated)

Commits
  • 6b59867 [VAULT-25687] This is an automated pull request to build all artifacts for a ...
  • 8c515f2 backport of commit 39499e6fbaa874fd9004577c2fb9816543387e80 (#26244)
  • b1126ec backport of commit 5fac327daedc19d7ccd9b8b197132d7d4eaac719 (#26177)
  • 7193079 backport of commit 92c58476ee927137f25ceec51f043a24fc92b00c (#26235)
  • 5ef2b62 backport of commit c9dafc19715c0c8c38ad33bd413de69613ae0dd2 (#26188)
  • 22e7a4b [VAULT-25687] This is an automated pull request to build all artifacts for a ...
  • 8e1879e Correct version for release next week (#26211)
  • 09d9519 auth/ldap: fix login errors (#26200) (#26206)
  • 806b2fc Force a seal rewrap when stored generation is higher than existing (#26202)
  • 3e98d13 Use local wrapping option for withDisallowEnvVars for AWS & Azure (#26195)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 4, 2024
@dependabot dependabot bot mentioned this pull request Apr 4, 2024
Closed
@dependabot
Bump github.com/hashicorp/vault from 1.15.3 to 1.16.1
f2c727d 
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.15.3 to 1.16.1.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.15.3...v1.16.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.16.1 branch from 41e1c00 to f2c727d Compare April 5, 2024 19:21
@hypnoglow
Copy link
Owner

@dependabot merge

@hypnoglow
Copy link
Owner

@dependabot cancel merge

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github May 1, 2024

Superseded by #46.

@dependabot dependabot bot closed this May 1, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/hashicorp/vault-1.16.1 branch May 1, 2024 11:13
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@hypnoglow