Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump github.com/hashicorp/vault from 0.10.4 to 1.18.5 #1983

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump github.com/hashicorp/vault from 0.10.4 to 1.18.5 #1983

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 3, 2025

Bumps github.com/hashicorp/vault from 0.10.4 to 1.18.5.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.18.5

No release notes provided.

v1.18.4

1.18.4

January 30, 2025

CHANGES:

  • auth/cf: Update plugin to v0.19.1 [GH-29295]
  • sdk: Updated golang and dependency versions to be consistent across core, API, SDK to address [GO-2024-3333] and ensure version consistency [GH-29422]

IMPROVEMENTS:

  • plugins (enterprise): The Database secrets engine now allows skipping the automatic rotation of static roles during import.
  • events (enterprise): Use the path event metadata field when authorizing a client's subscribe capability for consuming an event, instead of requiring data_path to be present in the event metadata.
  • ui: Adds navigation for LDAP hierarchical libraries [GH-29293]
  • ui: Adds params to postgresql database to improve editing a connection in the web browser. [GH-29200]

BUG FIXES:

  • activity: Include activity records from clients created by deleted or disabled auth mounts in Export API response. [GH-29376]
  • core: Prevent integer overflows of the barrier key counter on key rotation requests [GH-29176]
  • database/mssql: Fix a bug where contained databases would silently fail root rotation if a custom root rotation statement was not provided. [GH-29399]
  • plugins: Fix a bug that causes zombie dbus-daemon processes on certain systems. [GH-29334]
  • sdk/database: Fix a bug where slow database connections can cause goroutines to be blocked. [GH-29097]
  • secrets/pki: Fix a bug that prevented the full CA chain to be used when enforcing name constraints. [GH-29255]
  • sentinel (enterprise): No longer report inaccurate log messages for when failing an advisory policy.
  • ui (enterprise): Fixes login to web UI when MFA is enabled for SAML auth methods [GH-28873]
  • ui: Fixes login to web UI when MFA is enabled for OIDC (i.e. azure, auth0) and Okta auth methods [GH-28873]
  • ui: Fixes navigation for quick actions in LDAP roles' popup menu [GH-29293]

v1.18.3

1.18.3

December 18, 2024

CHANGES:

  • secrets/openldap: Update plugin to v0.14.4 [GH-29131]
  • secrets/pki: Enforce the issuer constraint extensions (extended key usage, name constraints, issuer name) when issuing or signing leaf certificates. For more information see PKI considerations [GH-29045]

IMPROVEMENTS:

  • auth/okta: update to okta sdk v5 from v2. Transitively updates go-jose dependency to >=3.0.3 to resolve GO-2024-2631. See https://github.com/okta/okta-sdk-golang/blob/master/MIGRATING.md for details on changes. [GH-28121]
  • core: Added new enable_post_unseal_trace and post_unseal_trace_directory config options to generate Go traces during the post-unseal step for debug purposes. [GH-28895]
  • sdk: Add Vault build date to system view plugin environment response [GH-29082]
  • ui: Replace KVv2 json secret details view with Hds::CodeBlock component allowing users to search the full secret height. [GH-28808]

BUG FIXES:

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

0.11.6 (December 14th, 2018)

This release contains the three security fixes from 1.0.0 and 1.0.1 and the following bug fixes from 1.0.0/1.0.1:

  • namespaces: Correctly reload the proper mount when tuning or reloading the mount [GH-5937]
  • replication/perfstandby: Fix audit table upgrade on standbys [GH-5811]
  • replication/perfstandby: Fix redirect on approle update [GH-5820]
  • secrets/kv: Fix issue where storage version would get incorrectly downgraded [GH-5809]

It is otherwise identical to 0.11.5.

0.11.5 (November 13th, 2018)

BUG FIXES:

  • agent: Fix issue when specifying two file sinks [GH-5610]
  • auth/userpass: Fix minor timing issue that could leak the presence of a username [GH-5614]
  • autounseal/alicloud: Fix issue interacting with the API (Enterprise)
  • autounseal/azure: Fix key version tracking (Enterprise)
  • cli: Fix panic that could occur if parameters were not provided [GH-5603]
  • core: Fix buggy behavior if trying to remount into a namespace
  • identity: Fix duplication of entity alias entity during alias transfer between entities [GH-5733]
  • namespaces: Fix tuning of auth mounts in a namespace
  • ui: Fix bug where editing secrets as JSON doesn't save properly [GH-5660]
  • ui: Fix issue where IE 11 didn't render the UI and also had a broken form when trying to use tool/hash [GH-5714]

0.11.4 (October 23rd, 2018)

CHANGES:

  • core: HA lock file is no longer copied during operator migrate [GH-5503]. We've categorized this as a change, but generally this can be considered just a bug fix, and no action is needed.

FEATURES:

  • Transit Key Trimming: Keys in transit secret engine can now be trimmed to remove older unused key versions
  • Web UI support for KV Version 2: Browse, delete, undelete and destroy individual secret versions in the UI
  • Azure Existing Service Principal Support: Credentials can now be generated against an existing service principal

IMPROVEMENTS:

... (truncated)

Commits
  • 2cb3755 [VAULT-34253] This is an automated pull request to build all artifacts for a ...
  • 609ad64 Update Go to 1.23.6 on 1.18.x (#29662)
  • 0e6d259 [VAULT-21282] Expose NetworkLayer on a TestClusterCore via a convenience meth...
  • f5ba4d0 backport of commit 50509c6bab1deb084e0b559fef9f87604bfb3e6e (#29657)
  • 752dd68 backport of commit 67663c85a3e1ea71e78ea3ccb23063f1e599298e (#29655)
  • 059e407 backport of commit 4b05b590f5fcba35ba135963b0b094670d969672 (#29624)
  • 06a3655 backport of commit 6a30d4e5b0e55823c8f6b2ff73f985addcdb80b0 (#29586)
  • 4f4b156 backport of commit 88e67adf6c9f02cc8ed7bbf120d3f4cc35e59ce9 (#29580)
  • ac30d1d UI: Remove custom tag class and replace with Hds::Badge (#29475) (#29555)
  • 3463730 backport of commit 17fc0227add2f1f3cea5b5f56f0d8c320b80ed6d (#29526)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump github.com/hashicorp/vault from 0.10.4 to 1.18.5
00913e9 
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 0.10.4 to 1.18.5.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v0.md)
- [Commits](hashicorp/vault@v0.10.4...v1.18.5)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 3, 2025
@dependabot dependabot bot mentioned this pull request Mar 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants