Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/hashicorp/vault from 1.18.2 to 1.18.4 #5862

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump github.com/hashicorp/vault from 1.18.2 to 1.18.4 #5862

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 3, 2025
edited
Loading

Bumps github.com/hashicorp/vault from 1.18.2 to 1.18.4.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.18.4

1.18.4

January 30, 2025

CHANGES:

  • auth/cf: Update plugin to v0.19.1 [GH-29295]
  • sdk: Updated golang and dependency versions to be consistent across core, API, SDK to address [GO-2024-3333] and ensure version consistency [GH-29422]

IMPROVEMENTS:

  • plugins (enterprise): The Database secrets engine now allows skipping the automatic rotation of static roles during import.
  • events (enterprise): Use the path event metadata field when authorizing a client's subscribe capability for consuming an event, instead of requiring data_path to be present in the event metadata.
  • ui: Adds navigation for LDAP hierarchical libraries [GH-29293]
  • ui: Adds params to postgresql database to improve editing a connection in the web browser. [GH-29200]

BUG FIXES:

  • activity: Include activity records from clients created by deleted or disabled auth mounts in Export API response. [GH-29376]
  • core: Prevent integer overflows of the barrier key counter on key rotation requests [GH-29176]
  • database/mssql: Fix a bug where contained databases would silently fail root rotation if a custom root rotation statement was not provided. [GH-29399]
  • plugins: Fix a bug that causes zombie dbus-daemon processes on certain systems. [GH-29334]
  • sdk/database: Fix a bug where slow database connections can cause goroutines to be blocked. [GH-29097]
  • secrets/pki: Fix a bug that prevented the full CA chain to be used when enforcing name constraints. [GH-29255]
  • sentinel (enterprise): No longer report inaccurate log messages for when failing an advisory policy.
  • ui (enterprise): Fixes login to web UI when MFA is enabled for SAML auth methods [GH-28873]
  • ui: Fixes login to web UI when MFA is enabled for OIDC (i.e. azure, auth0) and Okta auth methods [GH-28873]
  • ui: Fixes navigation for quick actions in LDAP roles' popup menu [GH-29293]

v1.18.3

1.18.3

December 18, 2024

CHANGES:

  • secrets/openldap: Update plugin to v0.14.4 [GH-29131]
  • secrets/pki: Enforce the issuer constraint extensions (extended key usage, name constraints, issuer name) when issuing or signing leaf certificates. For more information see PKI considerations [GH-29045]

IMPROVEMENTS:

  • auth/okta: update to okta sdk v5 from v2. Transitively updates go-jose dependency to >=3.0.3 to resolve GO-2024-2631. See https://github.com/okta/okta-sdk-golang/blob/master/MIGRATING.md for details on changes. [GH-28121]
  • core: Added new enable_post_unseal_trace and post_unseal_trace_directory config options to generate Go traces during the post-unseal step for debug purposes. [GH-28895]
  • sdk: Add Vault build date to system view plugin environment response [GH-29082]
  • ui: Replace KVv2 json secret details view with Hds::CodeBlock component allowing users to search the full secret height. [GH-28808]

BUG FIXES:

  • autosnapshots (enterprise): Fix an issue where snapshot size metrics were not reported for cloud-based storage.
  • core/metrics: Fix unlocked mounts read for usage reporting. [GH-29091]
  • core/seal (enterprise): Fix problem with nodes unable to join Raft clusters with Seal High Availability enabled. [GH-29117]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.18.4

January 30, 2025

CHANGES:

  • auth/cf: Update plugin to v0.19.1 [GH-29295]
  • sdk: Updated golang and dependency versions to be consistent across core, API, SDK to address [GO-2024-3333] and ensure version consistency [GH-29422]

IMPROVEMENTS:

  • plugins (enterprise): The Database secrets engine now allows skipping the automatic rotation of static roles during import.
  • events (enterprise): Use the path event metadata field when authorizing a client's subscribe capability for consuming an event, instead of requiring data_path to be present in the event metadata.
  • ui: Adds navigation for LDAP hierarchical libraries [GH-29293]
  • ui: Adds params to postgresql database to improve editing a connection in the web browser. [GH-29200]

BUG FIXES:

  • activity: Include activity records from clients created by deleted or disabled auth mounts in Export API response. [GH-29376]
  • core: Prevent integer overflows of the barrier key counter on key rotation requests [GH-29176]
  • database/mssql: Fix a bug where contained databases would silently fail root rotation if a custom root rotation statement was not provided. [GH-29399]
  • plugins: Fix a bug that causes zombie dbus-daemon processes on certain systems. [GH-29334]
  • sdk/database: Fix a bug where slow database connections can cause goroutines to be blocked. [GH-29097]
  • secrets/pki: Fix a bug that prevented the full CA chain to be used when enforcing name constraints. [GH-29255]
  • sentinel (enterprise): No longer report inaccurate log messages for when failing an advisory policy.
  • ui (enterprise): Fixes login to web UI when MFA is enabled for SAML auth methods [GH-28873]
  • ui: Fixes login to web UI when MFA is enabled for OIDC (i.e. azure, auth0) and Okta auth methods [GH-28873]
  • ui: Fixes navigation for quick actions in LDAP roles' popup menu [GH-29293]

1.18.3

December 18, 2024

CHANGES:

  • secrets/openldap: Update plugin to v0.14.4 [GH-29131]
  • secrets/pki: Enforce the issuer constraint extensions (extended key usage, name constraints, issuer name) when issuing or signing leaf certificates. For more information see PKI considerations [GH-29045]

IMPROVEMENTS:

  • auth/okta: update to okta sdk v5 from v2. Transitively updates go-jose dependency to >=3.0.3 to resolve GO-2024-2631. See https://github.com/okta/okta-sdk-golang/blob/master/MIGRATING.md for details on changes. [GH-28121]
  • core: Added new enable_post_unseal_trace and post_unseal_trace_directory config options to generate Go traces during the post-unseal step for debug purposes. [GH-28895]
  • sdk: Add Vault build date to system view plugin environment response [GH-29082]
  • ui: Replace KVv2 json secret details view with Hds::CodeBlock component allowing users to search the full secret height. [GH-28808]

BUG FIXES:

  • autosnapshots (enterprise): Fix an issue where snapshot size metrics were not reported for cloud-based storage.
  • core/metrics: Fix unlocked mounts read for usage reporting. [GH-29091]
  • core/seal (enterprise): Fix problem with nodes unable to join Raft clusters with Seal High Availability enabled. [GH-29117]
  • core: fix bug in seal unwrapper that caused high storage latency in Vault CE. For every storage read request, the

... (truncated)

Commits
  • 503be62 [VAULT-33617] This is an automated pull request to build all artifacts for a ...
  • ec5bb93 [VAULT-33617] This is an automated pull request to build all artifacts for a ...
  • 39cd13f 1.18: Fix SDK versions for net and crypto (#29428)
  • 8dc7322 Update go/x/net and go/x/crypto to latest versions throughout (#29425)
  • fc39986 actions: pin to the latest approved workflows (#29321) (#29411)
  • 11713a2 backport of commit 04e75372fb30a4ec03645ca1de60bba54c2bc9dc (#29414)
  • 6179e91 Backport of update go-slug to 0.16.3 into release/1.18.x (#29405)
  • 4e4dc96 Backport of sdk: updating to docker v27.2.1 into release/1.18.x (#29360)
  • ef298d4 backport of commit eef8370118f8d5b13fe59d3b01522e2a65b9a951 (#29398)
  • 2554f2f backport of commit e6a8443f5947c4c0677a3b2414c08244fbde343d (#29394)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 3, 2025
@dependabot dependabot bot requested a review from a team as a code owner February 3, 2025 00:48
@dependabot dependabot bot added the go Pull requests that update Go code label Feb 3, 2025
@dependabot dependabot bot requested a review from a team as a code owner February 3, 2025 00:48
@dependabot
Bump github.com/hashicorp/vault from 1.18.2 to 1.18.4
0d0487b 
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.18.2 to 1.18.4.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.18.2...v1.18.4)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.18.4 branch from 39dbe23 to 0d0487b Compare February 3, 2025 16:11
@atoulme atoulme closed this Feb 3, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 3, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@atoulme atoulme reopened this Feb 3, 2025
@github-actions github-actions bot locked and limited conversation to collaborators Feb 3, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@atoulme