Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/hashicorp/vault from 1.17.2 to 1.17.3 #5219

Closed
wants to merge 1 commit into from
Closed

Bump github.com/hashicorp/vault from 1.17.2 to 1.17.3 #5219

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 12, 2024

Bumps github.com/hashicorp/vault from 1.17.2 to 1.17.3.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.17.3

1.17.3

August 07, 2024

CHANGES:

  • auth/cf: Update plugin to v0.18.0 [GH-27724]

IMPROVEMENTS:

  • audit: Ensure that any underyling errors from audit devices are logged even if we consider auditing to be a success. [GH-27809]
  • audit: Internal implementation changes to the audit subsystem which improve performance. [GH-27952]
  • audit: sinks (file, socket, syslog) will attempt to log errors to the server operational log before returning (if there are errors to log, and the context is done). [GH-27859]
  • auth/cert: Cache full list of role trust information separately to avoid eviction, and avoid duplicate loading during multiple simultaneous logins on the same role. [GH-27902]
  • license utilization reporting (enterprise): Auto-roll billing start date. [GH-27656]
  • website/docs: Added API documentation for Azure Secrets Engine delete role [GH-27883]

BUG FIXES:

  • auth/cert: Use subject's serial number, not issuer's within error message text in OCSP request errors [GH-27696]
  • core (enterprise): Fix 500 errors that occurred querying sys/internal/ui/mounts for a mount prefixed by a namespace path when path filters are configured. [GH-27939]
  • core/identity: Fixed an issue where deleted/reassigned entity-aliases were not removed from in-memory database. [GH-27750]
  • proxy/cache (enterprise): Fixed an issue where Proxy would not correctly update KV secrets when talking to a perf standby. Proxy will now attempt to forward requests to update secrets triggered by events to the active node. Note that this requires allow_forwarding_via_header to be configured on the cluster. [GH-27891]
  • proxy/cache (enterprise): Fixed an issue where cached static secrets could fail to update if the secrets belonged to a non-root namespace. [GH-27730]
  • raft/autopilot: Fixed panic that may occur during shutdown [GH-27726]
  • secrets-sync (enterprise): Destination set/remove operations will no longer be blocked as "purge in progress" after a purge job ended in failure.
  • secrets-sync (enterprise): Normalize custom_tag keys and values for recoverable invalid characters.
  • secrets-sync (enterprise): Normalize secret key names before storing the external_name in a secret association.
  • secrets-sync (enterprise): Patching github sync destination credentials will properly update and save the new credentials.
  • secrets-sync (enterprise): Return an error immediately on destination creation when providing invalid custom_tags based on destination type.
  • secrets/identity (enterprise): Fix a bug that can cause DR promotion to fail in rare cases where a PR secondary has inconsistent alias information in storage.
  • sys: Fix a bug where mounts of external plugins that were registered before Vault v1.0.0 could not be tuned to use versioned plugins. [GH-27881]
  • ui: Fix cursor jump on KVv2 json editor that would occur after pressing ENTER. [GH-27569]
  • ui: fix issue where enabling then disabling "Tidy ACME" in PKI results in failed API call. [GH-27742]
  • ui: fix namespace picker not working when in small screen where the sidebar is collapsed by default. [GH-27728]
Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.17.3

August 07, 2024

CHANGES:

  • auth/cf: Update plugin to v0.18.0 [GH-27724]

IMPROVEMENTS:

  • audit: Ensure that any underyling errors from audit devices are logged even if we consider auditing to be a success. [GH-27809]
  • audit: Internal implementation changes to the audit subsystem which improve performance. [GH-27952]
  • audit: sinks (file, socket, syslog) will attempt to log errors to the server operational log before returning (if there are errors to log, and the context is done). [GH-27859]
  • auth/cert: Cache full list of role trust information separately to avoid eviction, and avoid duplicate loading during multiple simultaneous logins on the same role. [GH-27902]
  • license utilization reporting (enterprise): Auto-roll billing start date. [GH-27656]
  • website/docs: Added API documentation for Azure Secrets Engine delete role [GH-27883]

BUG FIXES:

  • auth/cert: Use subject's serial number, not issuer's within error message text in OCSP request errors [GH-27696]
  • core (enterprise): Fix 500 errors that occurred querying sys/internal/ui/mounts for a mount prefixed by a namespace path when path filters are configured. [GH-27939]
  • core/identity: Fixed an issue where deleted/reassigned entity-aliases were not removed from in-memory database. [GH-27750]
  • proxy/cache (enterprise): Fixed an issue where Proxy would not correctly update KV secrets when talking to a perf standby. Proxy will now attempt to forward requests to update secrets triggered by events to the active node. Note that this requires allow_forwarding_via_header to be configured on the cluster. [GH-27891]
  • proxy/cache (enterprise): Fixed an issue where cached static secrets could fail to update if the secrets belonged to a non-root namespace. [GH-27730]
  • raft/autopilot: Fixed panic that may occur during shutdown [GH-27726]
  • secrets-sync (enterprise): Destination set/remove operations will no longer be blocked as "purge in progress" after a purge job ended in failure.
  • secrets-sync (enterprise): Normalize custom_tag keys and values for recoverable invalid characters.
  • secrets-sync (enterprise): Normalize secret key names before storing the external_name in a secret association.
  • secrets-sync (enterprise): Patching github sync destination credentials will properly update and save the new credentials.
  • secrets-sync (enterprise): Return an error immediately on destination creation when providing invalid custom_tags based on destination type.
  • secrets/identity (enterprise): Fix a bug that can cause DR promotion to fail in rare cases where a PR secondary has inconsistent alias information in storage.
  • sys: Fix a bug where mounts of external plugins that were registered before Vault v1.0.0 could not be tuned to use versioned plugins. [GH-27881]
  • ui: Fix cursor jump on KVv2 json editor that would occur after pressing ENTER. [GH-27569]
  • ui: fix issue where enabling then disabling "Tidy ACME" in PKI results in failed API call. [GH-27742]
  • ui: fix namespace picker not working when in small screen where the sidebar is collapsed by default. [GH-27728]
Commits
  • c91c854 [VAULT-29690] This is an automated pull request to build all artifacts for a ...
  • bf132b4 backport of commit f46bd664878aa20327c0d552477519aa25e4cadb (#28001)
  • 721c350 docker: add upgrade notes for curl removal (#27995) (#27997)
  • c6519cf backport of commit b276c122c00d545e8c69a98425d1d45a7268d7aa (#27991)
  • de1d44c backport of commit 636645592275a243aadebe1fa765b45782d356a0 (#27987)
  • 1318d8d backport of commit 8b8069a30c9b70ba6a39ee763ab4979fe3c4a495 (#27988)
  • 68e9f39 Update vault-plugin-auth-jwt to v0.21.1 (#27986)
  • ef16182 backport of commit 1fb20dbc3dd90e8974394f7686b5985af8ab5390 (#27980)
  • 4af1e35 backport of commit 40698e962bb1daab159a1634af7669c3d519d391 (#27974)
  • e5e142d backport of commit 9b3a73daba5ce0778943a9957086f8b5c0671b21 (#27972)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/hashicorp/vault from 1.17.2 to 1.17.3
11f4ed8 
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.17.2 to 1.17.3.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.17.2...v1.17.3)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner August 12, 2024 00:57
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 12, 2024
@dependabot dependabot bot requested a review from a team as a code owner August 12, 2024 00:57
@crobert-1
Copy link
Contributor 

go: github.com/hashicorp/vault@v1.17.3 requires go >= 1.22.5 (running go 1.21.12)

Closing as we're still blocked from upgrading to go 1.22 by upstream. The upgrade should be done for v0.108.0 though, relevant PR: open-telemetry/opentelemetry-collector-contrib#34658

@crobert-1 crobert-1 closed this Aug 13, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 13, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/go_modules/github.com/hashicorp/vault-1.17.3 branch August 13, 2024 19:18
@github-actions github-actions bot locked and limited conversation to collaborators Aug 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@crobert-1