Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/hashicorp/vault from 1.15.3 to 1.16.2 #78

Closed
wants to merge 1 commit into from
Closed

Bump github.com/hashicorp/vault from 1.15.3 to 1.16.2 #78

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 29, 2024

Bumps github.com/hashicorp/vault from 1.15.3 to 1.16.2.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.16.2

No release notes provided.

v1.16.1

1.16.1

April 04, 2024

Please note that Vault 1.16.1 is the first Enterprise release of the Vault Enterprise 1.16 series.

BUG FIXES:

  • auth/ldap: Fix login error for group search anonymous bind. [GH-26200]
  • auth/ldap: Fix login error missing entity alias attribute value. [GH-26200]
  • cli: fixed a bug where the Vault CLI would error out if HOME was not set. [GH-26243]
  • core: Only reload seal configuration when enable_multiseal is set to true. [GH-26166]
  • secret/database: Fixed race condition where database mounts may leak connections [GH-26147]

v1.16.0

1.16.0

March 26, 2024

SECURITY:

  • auth/cert: compare public keys of trusted non-CA certificates with incoming client certificates to prevent trusting certs with the same serial number but not the same public/private key. [GH-25649]
  • auth/cert: validate OCSP response was signed by the expected issuer and serial number matched request [GH-26091]
  • secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [GH-22852]

CHANGES:

  • Upgrade grpc to v1.58.3 [GH-23703]
  • Upgrade x/net to v0.17.0 [GH-23703]
  • api: add the enterprise parameter to the /sys/health endpoint [GH-24270]
  • auth/alicloud: Update plugin to v0.16.1 [GH-25014]
  • auth/alicloud: Update plugin to v0.17.0 [GH-25217]
  • auth/approle: Normalized error response messages when invalid credentials are provided [GH-23786]
  • auth/azure: Update plugin to v0.16.1 [GH-22795]
  • auth/azure: Update plugin to v0.17.0 [GH-25258]
  • auth/cf: Update plugin to v0.16.0 [GH-25196]
  • auth/gcp: Update plugin to v0.16.2 [GH-25233]
  • auth/jwt: Update plugin to v0.19.0 [GH-24972]
  • auth/jwt: Update plugin to v0.20.0 [GH-25326]
  • auth/jwt: Update plugin to v0.20.1 [GH-25937]
  • auth/kerberos: Update plugin to v0.10.1 [GH-22797]
  • auth/kerberos: Update plugin to v0.11.0 [GH-25232]
  • auth/kubernetes: Update plugin to v0.18.0 [GH-25207]
  • auth/oci: Update plugin to v0.14.1 [GH-22774]
  • auth/oci: Update plugin to v0.15.1 [GH-25245]
  • cli: Using vault plugin reload with -plugin in the root namespace will now reload the plugin across all namespaces instead of just the root namespace. [GH-24878]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.16.2

April 24, 2024

Enterprise LTS: Vault Enterprise 1.16 is a Long-Term Support (LTS) release.

CHANGES:

  • auth/jwt: Update plugin to v0.20.2 [GH-26291]
  • core: Bump Go version to 1.21.9.
  • secrets/azure: Update plugin to v0.17.1 [GH-26528]
  • ui: Update dependencies including D3 libraries [GH-26346]

IMPROVEMENTS:

  • activity (enterprise): Change minimum retention window in activity log to 48 months
  • audit: timestamps across multiple audit devices for an audit entry will now match. [GH-26088]
  • license utilization reporting (enterprise): Add retention months to license utilization reports.
  • sdk/decompression: DecompressWithCanary will now chunk the decompression in memory to prevent loading it all at once. [GH-26464]
  • ui: fixes cases where inputs did not have associated labels [GH-26263]
  • ui: show banner instead of permission denied error when batch token is expired [GH-26396]

BUG FIXES:

  • agent: vault.namespace no longer gets incorrectly overridden by auto_auth.namespace, if set [GH-26427]
  • api: fixed a bug where LifetimeWatcher routines weren't respecting exponential backoff in the presence of unexpected errors [GH-26383]
  • core (enterprise): fix bug where raft followers disagree with the seal type after returning to one seal from two. [GH-26523]
  • core/seal: During a seal reload through SIGHUP, only write updated seal barrier on an active node [GH-26381]
  • core/seal: allow overriding of VAULT_GCPCKMS_SEAL_KEY_RING and VAULT_GCPCKMS_SEAL_CRYPTO_KEY environment keys in seal-ha
  • events (enterprise): Terminate WebSocket connection when token is revoked.
  • secrets/pki: fixed validation bug which rejected ldap schemed URLs in crl_distribution_points. [GH-26477]
  • storage/raft (enterprise): Fix a bug where autopilot automated upgrades could fail due to using the wrong upgrade version
  • ui: fixed a bug where the replication pages did not update display when navigating between DR and performance [GH-26325]
  • ui: fixes undefined start time in filename for downloaded client count attribution csv [GH-26485]

1.16.1

April 04, 2024

Please note that Vault 1.16.1 is the first Enterprise release of the Vault Enterprise 1.16 series.

BUG FIXES:

  • auth/ldap: Fix login error for group search anonymous bind. [GH-26200]
  • auth/ldap: Fix login error missing entity alias attribute value. [GH-26200]
  • cli: fixed a bug where the Vault CLI would error out if HOME was not set. [GH-26243]
  • core: Only reload seal configuration when enable_multiseal is set to true. [GH-26166]
  • secret/database: Fixed race condition where database mounts may leak connections [GH-26147]

1.16.0

March 26, 2024

... (truncated)

Commits
  • c6e4c2d [VAULT-26312] This is an automated pull request to build all artifacts for a ...
  • 4a60a91 backport of commit eb037d43a60b0d49181ec9f601b559402a27ec27 (#26578)
  • 441be62 [VAULT-26312] This is an automated pull request to build all artifacts for a ...
  • 793905b backport of commit 79a5dea19892c69e09aa9ab40ad27a8e375a0eaf (#26542)
  • 5ca7deb backport of commit 18286ab0faa4774e09804f6072731b21c530ae36 (#26541)
  • b2e6565 Use enumer to generate String() methods for most enums (#25705) (#26469)
  • 589ae73 backport of commit 96434710811dafa60f72648a19c8cbe0596fcc71 (#26513)
  • b46a8ad bump go version to 1.21.9 (#26520)
  • 6527bf5 backport of commit dd939d9a7e44185c0312f397dc850be6e54d0aa4 (#26518)
  • 6ae13f7 backport of commit 79d9bf1572378049737720acd69c4ccc608cce96 (#26517)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/hashicorp/vault from 1.15.3 to 1.16.2
01dea5a 
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.15.3 to 1.16.2.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.15.3...v1.16.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 29, 2024
@xbglowx xbglowx closed this Apr 29, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 29, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/go_modules/github.com/hashicorp/vault-1.16.2 branch April 29, 2024 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@xbglowx