Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/hashicorp/vault from 1.18.2 to 1.18.5 #334

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump github.com/hashicorp/vault from 1.18.2 to 1.18.5 #334

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 24, 2025
edited
Loading

Bumps github.com/hashicorp/vault from 1.18.2 to 1.18.5.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.18.5

No release notes provided.

v1.18.4

1.18.4

January 30, 2025

CHANGES:

  • auth/cf: Update plugin to v0.19.1 [GH-29295]
  • sdk: Updated golang and dependency versions to be consistent across core, API, SDK to address [GO-2024-3333] and ensure version consistency [GH-29422]

IMPROVEMENTS:

  • plugins (enterprise): The Database secrets engine now allows skipping the automatic rotation of static roles during import.
  • events (enterprise): Use the path event metadata field when authorizing a client's subscribe capability for consuming an event, instead of requiring data_path to be present in the event metadata.
  • ui: Adds navigation for LDAP hierarchical libraries [GH-29293]
  • ui: Adds params to postgresql database to improve editing a connection in the web browser. [GH-29200]

BUG FIXES:

  • activity: Include activity records from clients created by deleted or disabled auth mounts in Export API response. [GH-29376]
  • core: Prevent integer overflows of the barrier key counter on key rotation requests [GH-29176]
  • database/mssql: Fix a bug where contained databases would silently fail root rotation if a custom root rotation statement was not provided. [GH-29399]
  • plugins: Fix a bug that causes zombie dbus-daemon processes on certain systems. [GH-29334]
  • sdk/database: Fix a bug where slow database connections can cause goroutines to be blocked. [GH-29097]
  • secrets/pki: Fix a bug that prevented the full CA chain to be used when enforcing name constraints. [GH-29255]
  • sentinel (enterprise): No longer report inaccurate log messages for when failing an advisory policy.
  • ui (enterprise): Fixes login to web UI when MFA is enabled for SAML auth methods [GH-28873]
  • ui: Fixes login to web UI when MFA is enabled for OIDC (i.e. azure, auth0) and Okta auth methods [GH-28873]
  • ui: Fixes navigation for quick actions in LDAP roles' popup menu [GH-29293]

v1.18.3

1.18.3

December 18, 2024

CHANGES:

  • secrets/openldap: Update plugin to v0.14.4 [GH-29131]
  • secrets/pki: Enforce the issuer constraint extensions (extended key usage, name constraints, issuer name) when issuing or signing leaf certificates. For more information see PKI considerations [GH-29045]

IMPROVEMENTS:

  • auth/okta: update to okta sdk v5 from v2. Transitively updates go-jose dependency to >=3.0.3 to resolve GO-2024-2631. See https://github.com/okta/okta-sdk-golang/blob/master/MIGRATING.md for details on changes. [GH-28121]
  • core: Added new enable_post_unseal_trace and post_unseal_trace_directory config options to generate Go traces during the post-unseal step for debug purposes. [GH-28895]
  • sdk: Add Vault build date to system view plugin environment response [GH-29082]
  • ui: Replace KVv2 json secret details view with Hds::CodeBlock component allowing users to search the full secret height. [GH-28808]

BUG FIXES:

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

Previous versions

1.19.0-rc1 Enterprise

February 20, 2025

SECURITY:

  • raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e
  • raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.2.0

CHANGES:

  • api: Add to sys/health whether the node has been removed from the HA cluster. If the node has been removed, return code 530 by default or the value of the removedcode query parameter. [GH-28991]
  • api: Add to sys/health whether the standby node has been able to successfully send heartbeats to the active node and the time in milliseconds since the last heartbeat. If the standby has been unable to send a heartbeat, return code 474 by default or the value of the haunhealthycode query parameter. [GH-28991]
  • auth/alicloud: Update plugin to v0.20.0 [GH-29613]
  • auth/azure: Update plugin to v0.19.1 [GH-28712]
  • auth/azure: Update plugin to v0.19.2 [GH-28848]
  • auth/azure: Update plugin to v0.20.0 [GH-29606]
  • auth/cf: Update plugin to v0.19.1 [GH-29295]
  • auth/cf: Update plugin to v0.20.0 [GH-29528]
  • auth/gcp: Update plugin to v0.20.0 [GH-29591]
  • auth/jwt: Update plugin to v0.23.0 [GH-29553]
  • auth/kerberos: Update plugin to v0.14.0 [GH-29617]
  • auth/kubernetes: Update plugin to v0.21.0 [GH-29619]
  • auth/ldap: An error will now be returned on login if the number of entries returned from the user DN LDAP search is more than one. [GH-29302]
  • auth/ldap: No longer return authentication warnings to client. [GH-29134]
  • auth/oci: Update plugin to v0.18.0 [GH-29620]
  • core (enterprise): Add tracking of performance standbys by their HA node ID so that RPC connections can be more easily cleaned up when nodes are removed. [GH-29303]
  • core/raft: Return an error on sys/storage/raft/join if a node that has been removed from raft cluster attempts to re-join when it still has existing raft data on disk. [GH-29090]
  • database/couchbase: Update plugin to v0.13.0 [GH-29543]
  • database/elasticsearch: Update plugin to v0.17.0 [GH-29542]
  • database/mongodbatlas: Update plugin to v0.14.0 [GH-29584]
  • database/redis-elasticache: Update plugin to v0.6.0 [GH-29594]
  • database/redis: Update plugin to v0.5.0 [GH-29597]
  • database/snowflake: Update plugin to v0.13.0 [GH-29554]
  • kmip (enterprise): RSA key generation now enforces key sizes of 2048 or higher
  • login (enterprise): Return a 500 error during logins when performance standby nodes make failed gRPC requests to the active node. [GH-28807]
  • raft/autopilot (enterprise): Alongside the CE autopilot update, update raft-autopilot-enterprise library to v0.3.0 and add enterprise-specific regression testing.
  • sdk: Upgrade to go-secure-stdlib/[email protected], which also bumps github.com/docker/docker to v27.2.1+incompatible [GH-28456]
  • secrets/ad: Update plugin to v0.20.1 [GH-29648]
  • secrets/alicloud: Update plugin to v0.19.0 [GH-29512]
  • secrets/aws: The AWS Secrets engine now persists entries to storage between writes. This enables users to not have to pass every required field on each write and to make individual updates as necessary. Note: in order to zero out a value that is previously configured, users must now explicitly set the field to its zero value on an update. [GH-29497]
  • secrets/azure: Update plugin to v0.20.1 [GH-28699]
  • secrets/azure: Update plugin to v0.21.0 [GH-29639]

... (truncated)

Commits
  • 2cb3755 [VAULT-34253] This is an automated pull request to build all artifacts for a ...
  • 609ad64 Update Go to 1.23.6 on 1.18.x (#29662)
  • 0e6d259 [VAULT-21282] Expose NetworkLayer on a TestClusterCore via a convenience meth...
  • f5ba4d0 backport of commit 50509c6bab1deb084e0b559fef9f87604bfb3e6e (#29657)
  • 752dd68 backport of commit 67663c85a3e1ea71e78ea3ccb23063f1e599298e (#29655)
  • 059e407 backport of commit 4b05b590f5fcba35ba135963b0b094670d969672 (#29624)
  • 06a3655 backport of commit 6a30d4e5b0e55823c8f6b2ff73f985addcdb80b0 (#29586)
  • 4f4b156 backport of commit 88e67adf6c9f02cc8ed7bbf120d3f4cc35e59ce9 (#29580)
  • ac30d1d UI: Remove custom tag class and replace with Hds::Badge (#29475) (#29555)
  • 3463730 backport of commit 17fc0227add2f1f3cea5b5f56f0d8c320b80ed6d (#29526)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from a team as a code owner February 24, 2025 23:00
@dependabot dependabot bot added automerge dependencies patch drafts the next patch release labels Feb 24, 2025
@dependabot dependabot bot mentioned this pull request Feb 24, 2025
Closed
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 24, 2025
edited
Loading

Dependency Review

The following issues were found:

  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 9 package(s) with unknown licenses.

View full job summary

@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.18.5 branch 3 times, most recently from 12443fa to 0f1b1db Compare March 1, 2025 21:38
@dependabot
Bump github.com/hashicorp/vault from 1.18.2 to 1.18.5
f1013e4 
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.18.2 to 1.18.5.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.18.2...v1.18.5)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.18.5 branch from 0f1b1db to f1013e4 Compare March 1, 2025 21:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
automerge dependencies patch drafts the next patch release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants