Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the dependencies-minor group with 5 updates #94

Closed
wants to merge 1 commit into from
Closed

Bump the dependencies-minor group with 5 updates #94

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 23, 2024
edited
Loading

Bumps the dependencies-minor group with 5 updates:

Package From To
github.com/aliyun/alibaba-cloud-sdk-go 1.62.479 1.62.665
github.com/hashicorp/go-hclog 1.5.0 1.6.2
github.com/hashicorp/go-sockaddr 1.0.2 1.0.6
github.com/hashicorp/vault/api 1.9.2 1.10.0
github.com/hashicorp/vault/sdk 0.9.2 0.10.2

Updates github.com/aliyun/alibaba-cloud-sdk-go from 1.62.479 to 1.62.665

Release notes

Sourced from github.com/aliyun/alibaba-cloud-sdk-go's releases.

v1.62.665

  • Generated 2014-08-28 for Ess.
  • ECIScalingConfiguration add lifecycle params.

v1.62.664

  • Generated 2015-01-01 for R-kvstore.
  • Add DescribeClusterBackupList OpenAPI.

v1.62.663

  • Generated 2022-01-30 for avatar.
  • support unbind device

v1.62.662

  • Generated 2020-01-01 for ddoscoo.
  • Update sdk.

v1.62.661

  • Generated 2023-08-01 for AiMiaoBi. undefined

v1.62.660

  • Generated 2018-01-20 for Linkvisual. undefined

v1.62.659

  • Generated 2018-01-20 for Iot.
  • BatchPub Support MQTT5.

v1.62.658

  • Generated 2016-11-01 for live.
  • Update to support new apis.

v1.62.657

  • Generated 2020-06-15 for hitsdb.
  • support UpdateSecurityGroup

v1.62.656

  • Generated 2018-01-20 for Linkvisual. undefined

v1.62.655

  • Generated 2019-01-15 for Qualitycheck.
  • Add GetRuleV4 param schemeTaskConfigId/schemeTaskConfigName

v1.62.654

  • Generated 2020-01-10 for ResourceSharing.
  • Support share resource to service for RS.
  • Support display precheck information.

v1.62.653

... (truncated)

Changelog

Sourced from github.com/aliyun/alibaba-cloud-sdk-go's changelog.

2024-01-23 Version: v1.62.665

  • Generated 2014-08-28 for Ess.
  • ECIScalingConfiguration add lifecycle params.

2024-01-18 Version: v1.62.664

  • Generated 2015-01-01 for R-kvstore.
  • Add DescribeClusterBackupList OpenAPI.

2024-01-17 Version: v1.62.663

  • Generated 2022-01-30 for avatar.
  • support unbind device

2024-01-17 Version: v1.62.662

  • Generated 2020-01-01 for ddoscoo.
  • Update sdk.

2024-01-16 Version: v1.62.661

  • Generated 2023-08-01 for AiMiaoBi. undefined

2024-01-16 Version: v1.62.660

  • Generated 2018-01-20 for Linkvisual. undefined

2024-01-15 Version: v1.62.659

  • Generated 2018-01-20 for Iot.
  • BatchPub Support MQTT5.

2024-01-15 Version: v1.62.658

  • Generated 2016-11-01 for live.
  • Update to support new apis.

2024-01-15 Version: v1.62.657

  • Generated 2020-06-15 for hitsdb.
  • support UpdateSecurityGroup

2024-01-15 Version: v1.62.656

  • Generated 2018-01-20 for Linkvisual. undefined

2024-01-15 Version: v1.62.655

  • Generated 2019-01-15 for Qualitycheck.
  • Add GetRuleV4 param schemeTaskConfigId/schemeTaskConfigName

2024-01-08 Version: v1.62.654

  • Generated 2020-01-10 for ResourceSharing.
  • Support share resource to service for RS.
  • Support display precheck information.

2024-01-05 Version: v1.62.653

... (truncated)

Commits
  • b320bfb Generated 2014-08-28 for Ess.
  • 5ce0d27 Generated 2015-01-01 for R-kvstore.
  • de0d7ba Generated 2022-01-30 for avatar.
  • b9ec35c Generated 2020-01-01 for ddoscoo.
  • f2a580f Generated 2023-08-01 for AiMiaoBi.
  • 082fb30 Generated 2018-01-20 for Linkvisual.
  • 01c6dde Generated 2018-01-20 for Iot.
  • 356dc15 Generated 2016-11-01 for live.
  • d5d34c2 Generated 2020-06-15 for hitsdb.
  • 3f6876a Generated 2018-01-20 for Linkvisual.
  • Additional commits viewable in compare view

Updates github.com/hashicorp/go-hclog from 1.5.0 to 1.6.2

Release notes

Sourced from github.com/hashicorp/go-hclog's releases.

Fix level syncing

What's Changed

Full Changelog: hashicorp/go-hclog@v1.6.1...v1.6.2

Fix forcing color

What's Changed

Full Changelog: hashicorp/go-hclog@v1.6.0...v1.6.1

New level inheritance mode

This release adds the ability to have sub-loggers arrange themselves into a tree and sync the level changes downward in the tree.

What's Changed

New Contributors

Full Changelog: hashicorp/go-hclog@v1.5.0...v1.6.0

Commits
  • 3600f4a Conside if the level is to be used separately from if the levels should be ca...
  • 71d286f Merge pull request #136 from hashicorp/f-color-doc
  • a72e7ad Add skip for color test on windows because the test uses posix colors
  • 4a8b5e1 Fix colors not being enabled in some forced contexts.
  • 1ea3660 Add test of colors with ForceColor
  • 852f2c3 Merge pull request #134 from hashicorp/f-better-levels
  • 3d50de2 Merge pull request #135 from hashicorp/peteski22/docs/standard-logger-options...
  • 748cdbc Tweak README
  • 370a023 Updated go doc to make it clear InferLevelsWithTimestamp relies on InferLevel...
  • 4911d46 Update intlogger.go
  • Additional commits viewable in compare view

Updates github.com/hashicorp/go-sockaddr from 1.0.2 to 1.0.6

Commits
  • 081a518 Merge pull request #55 from hashicorp/wasm
  • eeae47b Add support for js/wasm
  • fbafcc8 Use old format for go version statement in go.mod
  • 5b3b245 Add Go version statement to go.mod, update deps
  • 21bd712 Merge pull request #34 from angrycub/f-win-ps-route
  • 1bfef14 Merge pull request #46 from hashicorp/compliance/add-license
  • 188344f [COMPLIANCE] Update MPL 2.0 LICENSE
  • e364f8b make unix socket implement SockAddr interface (#42)
  • cc581bb Incorporate review feedback
  • 72bc527 Add PowerShell impl. of GetDefaultInterfaceName
  • See full diff in compare view

Updates github.com/hashicorp/vault/api from 1.9.2 to 1.10.0

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.10.0

1.10.0

March 23, 2022

CHANGES:

  • core: Changes the unit of default_lease_ttl and max_lease_ttl values returned by the /sys/config/state/sanitized endpoint from nanoseconds to seconds. [GH-14206]
  • core: Bump Go version to 1.17.7. [GH-14232]
  • plugin/database: The return value from POST /database/config/:name has been updated to "204 No Content" [GH-14033]
  • secrets/azure: Changes the configuration parameter use_microsoft_graph_api to use the Microsoft Graph API by default. [GH-14130]
  • storage/etcd: Remove support for v2. [GH-14193]
  • ui: Upgrade Ember to version 3.24 [GH-13443]

FEATURES:

  • Database plugin multiplexing: manage multiple database connections with a single plugin process [GH-14033]
  • Login MFA: Single and two phase MFA is now available when authenticating to Vault. [GH-14025]
  • Mount Migration: Vault supports moving secrets and auth mounts both within and across namespaces.
  • Postgres in the UI: Postgres DB is now supported by the UI [GH-12945]
  • Report in-flight requests: Adding a trace capability to show in-flight requests, and a new gauge metric to show the total number of in-flight requests [GH-13024]
  • Server Side Consistent Tokens: Service tokens have been updated to be longer (a minimum of 95 bytes) and token prefixes for all token types are updated from s., b., and r. to hvs., hvb., and hvr. for service, batch, and recovery tokens respectively. Vault clusters with integrated storage will now have read-after-write consistency by default. [GH-14109]
  • Transit SHA-3 Support: Add support for SHA-3 in the Transit backend. [GH-13367]
  • Transit Time-Based Key Autorotation: Add support for automatic, time-based key rotation to transit secrets engine, including in the UI. [GH-13691]
  • UI Client Count Improvements: Restructures client count dashboard, making use of billing start date to improve accuracy. Adds mount-level distribution and filtering. [GH-client-counts]
  • Agent Telemetry: The Vault Agent can now collect and return telemetry information at the /agent/v1/metrics endpoint.

IMPROVEMENTS:

  • agent: Adds ability to configure specific user-assigned managed identities for Azure auto-auth. [GH-14214]
  • agent: The agent/v1/quit endpoint can now be used to stop the Vault Agent remotely [GH-14223]
  • api: Allow cloning api.Client tokens via api.Config.CloneToken or api.Client.SetCloneToken(). [GH-13515]
  • api: Define constants for X-Vault-Forward and X-Vault-Inconsistent headers [GH-14067]
  • api: Implements Login method in Go client libraries for GCP and Azure auth methods [GH-13022]
  • api: Implements Login method in Go client libraries for LDAP auth methods [GH-13841]
  • api: Trim newline character from wrapping token in logical.Unwrap from the api package [GH-13044]
  • api: add api method for modifying raft autopilot configuration [GH-12428]
  • api: respect WithWrappingToken() option during AppRole login authentication when used with secret ID specified from environment or from string [GH-13241]
  • audit: The audit logs now contain the port used by the client [GH-12790]
  • auth/aws: Enable region detection in the CLI by specifying the region as auto [GH-14051]
  • auth/cert: Add certificate extensions as metadata [GH-13348]
  • auth/jwt: The Authorization Code flow makes use of the Proof Key for Code Exchange (PKCE) extension. [GH-13365]
  • auth/kubernetes: Added support for dynamically reloading short-lived tokens for better Kubernetes 1.21+ compatibility [GH-13595]
  • auth/ldap: Add a response warning and server log whenever the config is accessed if userfilter doesn't consider userattr [GH-14095]
  • auth/ldap: Add username to alias metadata [GH-13669]
  • auth/ldap: Add username_as_alias configurable to change how aliases are named [GH-14324]
  • auth/okta: Update okta-sdk-golang dependency to version v2.9.1 for improved request backoff handling [GH-13439]
  • auth/token: The auth/token/revoke-accessor endpoint is now idempotent and will

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.10.0

Unreleased

CHANGES:

  • go: Update go version to 1.17.5 [GH-13408]
  • ui: Upgrade Ember to version 3.24 [GH-13443]

FEATURES:

  • Report in-flight requests: Adding a trace capability to show in-flight requests, and a new gauge metric to show the total number of in-flight requests [GH-13024]
  • Transit SHA-3 Support: Add support for SHA-3 in the Transit backend. [GH-13367]
  • Transit Time-Based Key Autorotation: Add support for automatic, time-based key rotation to transit secrets engine. [GH-13691]

IMPROVEMENTS:

  • api: Allow cloning api.Client tokens via api.Config.CloneToken or api.Client.SetCloneToken(). [GH-13515]
  • api: Implements Login method in Go client libraries for GCP and Azure auth methods [GH-13022]
  • api: Trim newline character from wrapping token in logical.Unwrap from the api package [GH-13044]
  • api: add api method for modifying raft autopilot configuration [GH-12428]
  • api: respect WithWrappingToken() option during AppRole login authentication when used with secret ID specified from environment or from string [GH-13241]
  • audit: The audit logs now contain the port used by the client [GH-12790]
  • auth: reading sys/auth/:path now returns the configuration for the auth engine mounted at the given path [GH-12793]
  • auth/cert: Add certificate extensions as metadata [GH-13348]
  • auth/jwt: The Authorization Code flow makes use of the Proof Key for Code Exchange (PKCE) extension. [GH-13365]
  • auth/kubernetes: Added support for dynamically reloading short-lived tokens for better Kubernetes 1.21+ compatibility [GH-13595]
  • auth/ldap: Add username to alias metadata [GH-13669]
  • auth/okta: Update okta-sdk-golang dependency to version v2.9.1 for improved request backoff handling [GH-13439]
  • auth/token: The auth/token/revoke-accessor endpoint is now idempotent and will not error out if the token has already been revoked. [GH-13661]
  • command (enterprise): "vault license get" now uses non-deprecated endpoint /sys/license/status
  • core/ha: Add new mechanism for keeping track of peers talking to active node, and new 'operator members' command to view them. [GH-13292]
  • core/identity: Support updating an alias' custom_metadata to be empty. [GH-13395]
  • core/pki: Support Y10K value in notAfter field to be compliant with IEEE 802.1AR-2018 standard [GH-12795]
  • core: Add duration and start_time to completed requests log entries [GH-13682]
  • core: Add support to list password policies at sys/policies/password [GH-12787]
  • core: Fixes code scanning alerts [GH-13667]
  • core: Periodically test the health of connectivity to auto-seal backends [GH-13078]
  • core: Reading sys/mounts/:path now returns the configuration for the secret engine at the given path [GH-12792]
  • core: Replace "master key" terminology with "root key" [GH-13324]
  • http (enterprise): Serve /sys/license/status endpoint within namespaces
  • sdk: Add helper for decoding root tokens [GH-10505]
  • secrets/database/influxdb: Switch/upgrade to the influxdb1-client module [GH-12262]
  • secrets/database: Add database configuration parameter 'disable_escaping' for username and password when connecting to a database. [GH-13414]
  • secrets/kv: add patch support for KVv2 key metadata [GH-13215]
  • secrets/pki: Allow URI SAN templates in allowed_uri_sans when allowed_uri_sans_template is set to true. [GH-10249]
  • secrets/transit: Don't abort transit encrypt or decrypt batches on single item failure. [GH-13111]
  • storage/aerospike: Upgrade aerospike-client-go to v5.6.0. [GH-12165]
  • storage/raft: Set InitialMmapSize to 100GB on 64bit architectures [GH-13178]
  • storage/raft: When using retry_join stanzas, join against all of them in parallel. [GH-13606]

... (truncated)

Commits

Updates github.com/hashicorp/vault/sdk from 0.9.2 to 0.10.2

Changelog

Sourced from github.com/hashicorp/vault/sdk's changelog.

0.10.2 (June 6th, 2018)

SECURITY:

  • Tokens: A race condition was identified that could occur if a token's lease expired while Vault was not running. In this case, when Vault came back online, sometimes it would properly revoke the lease but other times it would not, leading to a Vault token that no longer had an expiration and had essentially unlimited lifetime. This race was per-token, not all-or-nothing for all tokens that may have expired during Vault's downtime. We have fixed the behavior and put extra checks in place to help prevent any similar future issues. In addition, the logic we have put in place ensures that such lease-less tokens can no longer be used (unless they are root tokens that never had an expiration to begin with).
  • Convergent Encryption: The version 2 algorithm used in transit's convergent encryption feature is susceptible to offline plaintext-confirmation attacks. As a result, we are introducing a version 3 algorithm that mitigates this. If you are currently using convergent encryption, we recommend upgrading, rotating your encryption key (the new key version will use the new algorithm), and rewrapping your data (the rewrap endpoint can be used to allow a relatively non-privileged user to perform the rewrapping while never divulging the plaintext).
  • AppRole case-sensitive role name secret-id leaking: When using a mixed-case role name via AppRole, deleting a secret-id via accessor or other operations could end up leaving the secret-id behind and valid but without an accessor. This has now been fixed, and we have put checks in place to prevent these secret-ids from being used.

DEPRECATIONS/CHANGES:

  • PKI duration return types: The PKI backend now returns durations (e.g. when reading a role) as an integer number of seconds instead of a Go-style string, in line with how the rest of Vault's API returns durations.

FEATURES:

  • Active Directory Secrets Engine: A new ad secrets engine has been created which allows Vault to rotate and provide credentials for configured AD accounts.
  • Rekey Verification: Rekey operations can now require verification. This turns on a two-phase process where the existing key shares authorize generating a new master key, and a threshold of the new, returned key shares must be provided to verify that they have been successfully received in order for the actual master key to be rotated.
  • CIDR restrictions for cert, userpass, and kubernetes auth methods: You can now limit authentication to specific CIDRs; these will also be encoded in resultant tokens to limit their use.
  • Vault UI Browser CLI: The UI now supports usage of read/write/list/delete commands in a CLI that can be accessed from the nav bar. Complex inputs such as JSON files are not currently supported. This surfaces features otherwise

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies-minor group with 5 updates
5164685 
Bumps the dependencies-minor group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aliyun/alibaba-cloud-sdk-go](https://github.com/aliyun/alibaba-cloud-sdk-go) | `1.62.479` | `1.62.665` |
| [github.com/hashicorp/go-hclog](https://github.com/hashicorp/go-hclog) | `1.5.0` | `1.6.2` |
| [github.com/hashicorp/go-sockaddr](https://github.com/hashicorp/go-sockaddr) | `1.0.2` | `1.0.6` |
| [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) | `1.9.2` | `1.10.0` |
| [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) | `0.9.2` | `0.10.2` |


Updates `github.com/aliyun/alibaba-cloud-sdk-go` from 1.62.479 to 1.62.665
- [Release notes](https://github.com/aliyun/alibaba-cloud-sdk-go/releases)
- [Changelog](https://github.com/aliyun/alibaba-cloud-sdk-go/blob/master/ChangeLog.txt)
- [Commits](aliyun/alibaba-cloud-sdk-go@v1.62.479...v1.62.665)

Updates `github.com/hashicorp/go-hclog` from 1.5.0 to 1.6.2
- [Release notes](https://github.com/hashicorp/go-hclog/releases)
- [Commits](hashicorp/go-hclog@v1.5.0...v1.6.2)

Updates `github.com/hashicorp/go-sockaddr` from 1.0.2 to 1.0.6
- [Commits](hashicorp/go-sockaddr@v1.0.2...v1.0.6)

Updates `github.com/hashicorp/vault/api` from 1.9.2 to 1.10.0
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/v1.10.0/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.9.2...v1.10.0)

Updates `github.com/hashicorp/vault/sdk` from 0.9.2 to 0.10.2
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v0.md)
- [Commits](hashicorp/vault@v0.9.2...v0.10.2)

---
updated-dependencies:
- dependency-name: github.com/aliyun/alibaba-cloud-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies-minor
- dependency-name: github.com/hashicorp/go-hclog
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies-minor
- dependency-name: github.com/hashicorp/go-sockaddr
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies-minor
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies-minor
- dependency-name: github.com/hashicorp/vault/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 23, 2024
@dependabot dependabot bot requested a review from a team January 23, 2024 12:36
@dependabot dependabot bot mentioned this pull request Jan 23, 2024
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 23, 2024

Looks like these dependencies are up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Jan 23, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/dependencies-minor-8b335fd5c5 branch January 23, 2024 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants