-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update module github.com/hashicorp/vault/api to v1.9.1 #12
base: master
Are you sure you want to change the base?
Conversation
7f62666
to
6824c49
Compare
6824c49
to
eca2585
Compare
eca2585
to
f6d99c5
Compare
6e2a5d9
to
afbc386
Compare
afbc386
to
570212b
Compare
570212b
to
3ea9e0f
Compare
3ea9e0f
to
a8b2eb3
Compare
a8b2eb3
to
996221b
Compare
0a422ba
to
95456c1
Compare
95456c1
to
37c1788
Compare
|
GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
---|---|---|---|---|---|
5530654 | Triggered | AWS Keys | 8b6d8ef | infrastucture/uploader/uploader_test.go | View secret |
5530653 | Triggered | DigitalOcean Spaces Keys | f8e4607 | infrastucture/uploader/uploader_test.go | View secret |
5530653 | Triggered | DigitalOcean Spaces Keys | 1445d8f | infrastucture/uploader/uploader_test.go | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
37c1788
to
6abdefc
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
6abdefc
to
bfeda9d
Compare
This PR contains the following updates:
v1.4.1
->v1.9.1
Release Notes
hashicorp/vault
v1.9.1
Compare Source
1.9.1
December 9, 2021
IMPROVEMENTS:
aerospike-client-go
to v5.6.0. [GH-12165]BUG FIXES:
nonce
parameter optional for the Authorization Endpoint of OIDC providers. [GH-13231]ed25519
when requesting a response in PKCS8 format [GH-13257]v1.9.0
Compare Source
1.9.0
November 17, 2021
CHANGES:
been removed. [GH-12888]
specifying extensions when requesting ssh key signing. Update roles setting
allowed_extensions to
*
to permit any extension to be specified by an end-user. [GH-12847]FEATURES:
/
) and also on API endpoints (/v1/*
) [GH-12485]metadata endpoint. The data will be present in responses made to the data endpoint independent of the
calling token's
read
access to the metadata endpoint. [GH-12907]/<mount>/data/:path
kv-v2endpoint through HTTP
PATCH
. A newpatch
ACL capability has been added andis required to make such requests. [GH-12687]
local
auth mounts willgenerate identity entities for the tokens issued. The aliases of the entity
resulting from local auth mounts (local-aliases), will be scoped by the cluster.
This means that the local-aliases will never leave the geographical boundary of
the cluster where they were issued. This is something to be mindful about for
those who have implemented local auth mounts for complying with GDPR guidelines.
IMPROVEMENTS:
role/:name/secret-id-accessor/lookup
endpoint now returns a 404 status code when thesecret_id_accessor
cannot be found [GH-12788]skip_browser
CLI option to allow users to skip opening the default browser during the authentication flow. [GH-12876]allowed_policies_glob
anddisallowed_policies_glob
fields to token roles to allow glob matching of policies [GH-7277].well-known/keys
endpoint that are being used by roles to sign/verify tokens. [GH-12780]outstanding dirty pages that were not flushed. [GH-2093]
ed25519
as a key for the pki backend [GH-11780]external-source: "vault"
metadata value for Consul registration. [GH-12163]reference
field to batch items, and propogate it to the responseBUG FIXES:
unexpected fault address
panic when using persistent cache. [GH-12534]form_post
as theoidc_response_mode
. [GH-12265]prem
build.of dirty pages is 0. [GH-2093]
of dirty pages in the merkle tree at time of checkpoint creation. [GH-2093]
vault operator raft snapshot save
. [GH-12388]addr_type=public_v6
in auto-join [GH-12366]v1.8.3
Compare Source
1.8.3
29 September 2021
IMPROVEMENTS:
BUG FIXES:
unexpected fault address
panic when using persistent cache. [GH-12534]vault operator raft snapshot save
. [GH-12388]v1.8.2
Compare Source
1.8.2
26 August 2021
CHANGES:
BUG FIXES:
v1.8.1
Compare Source
1.8.1
August 5th, 2021
CHANGES:
IMPROVEMENTS:
external-source: "vault"
metadata value for Consul registration. [GH-12163]BUG FIXES:
form_post
as theoidc_response_mode
. [GH-12258]v1.8.0
Compare Source
1.8.0
July 28th, 2021
CHANGES:
explicitly defined to do so. A new configuration parameter,
exit_on_retry_failure
, within the new top-level stanza,template_config
, canbe set to
true
in order to cause agent to exit. Note that for agent to exit iftemplate.error_on_missing_key
is set totrue
,exit_on_retry_failure
mustbe also set to
true
. Otherwise, the template engine will log an error but thenrestart its internal runner. [GH-11775]
when using GCP Auto-Auth method [GH-11473]
start Vault. More information is available in the Vault License FAQ
FEATURES:
of service account keys and access tokens. [GH-12023]
vault operator
command to detect common issues with vault server setups.IMPROVEMENTS:
api.Client
throughSetLogger
. [GH-11696]prefix_filter
to telemetry config [GH-12025]rotate-role
endpoint to allow rotations of service accounts. [GH-11942]SocketTimeout
,ConnectTimeout
, andServerSelectionTimeout
[GH-11600]DEPRECATIONS:
/gcp/token/:roleset
and/gcp/key/:roleset
paths for generatingsecrets for rolesets. Use
/gcp/roleset/:roleset/token
and/gcp/roleset/:roleset/key
instead. [GH-12023]BUG FIXES:
information from the auto-auth config map on renewals or retries. [GH-11576]
v0.1.0
tobring in a verification key caching fix. [GH-11784]
vault list
andvault kv list
with output format other thantable
. [GH-12031]filtering rule would not appear on performance secondary if created after rule
was defined.
pem_bundle
andpem_json
didn't work for CA-only configurations [GH-11861]SetCredentials
wasn't falling back to usingRotateRootCredentials
ifSetCredentials
isUnimplemented
[GH-11585]storage when upgrading from 1.5 to 1.6. See Upgrade Notes for 1.6.x.
v1.7.2
Compare Source
1.7.2
May 20th, 2021
SECURITY:
leases and dynamic secret leases with a zero-second TTL, causing them to be
treated as non-expiring, and never revoked. This issue affects Vault and Vault
Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and
1.7.2 (CVE-2021-32923).
CHANGES:
when using GCP Auto-Auth method [GH-11473]
signing JWTs [GH-11494]
IMPROVEMENTS:
SocketTimeout
,ConnectTimeout
, andServerSelectionTimeout
[GH-11600]BUG FIXES:
information from the auto-auth config map on renewals or retries. [GH-11576]
SetCredentials
wasn't falling back to usingRotateRootCredentials
ifSetCredentials
isUnimplemented
[GH-11585]v1.7.1
Compare Source
Release vault 1.7.1
v1.7.0
Compare Source
1.7.0
24 March 2021
CHANGES:
FEATURES:
max_age
role parameter andauth_time
claim validation. [GH-10919]IMPROVEMENTS:
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.