fix(deps): update module github.com/hashicorp/vault to v1.6.3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/hashicorp/vault	require	patch	v1.6.1 -> v1.6.3

---

Release Notes

hashicorp/vault

v1.6.3

Compare Source

SECURITY:

• Limited Unauthenticated License Read: We addressed a security vulnerability that allowed for the unauthenticated
  reading of Vault licenses from DR Secondaries. This vulnerability affects Vault and Vault Enterprise and is
  fixed in 1.6.3 (CVE-2021-27668).

CHANGES:

• secrets/mongodbatlas: Move from whitelist to access list API [GH-10966]

IMPROVEMENTS:

• ui: Clarify language on usage metrics page empty state [GH-10951]

BUG FIXES:

• auth/kubernetes: Cancel API calls to TokenReview endpoint when request context
  is closed [GH-10930]
• core/identity: Fix deadlock in entity merge endpoint. [GH-10877]
• quotas: Fix duplicate quotas on performance standby nodes. [GH-10855]
• quotas/rate-limit: Fix quotas enforcing old rate limit quota paths [GH-10689]
• replication (enterprise): Don't write request count data on DR Secondaries.
  Fixes DR Secondaries becoming out of sync approximately every 30s. [GH-10970]
• secrets/azure (enterprise): Forward service principal credential creation to the
  primary cluster if called on a performance standby or performance secondary. [GH-10902]

v1.6.2

Compare Source

SECURITY:

• IP Address Disclosure: We fixed a vulnerability where, under some error
  conditions, Vault would return an error message disclosing internal IP
  addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in
  1.6.2 (CVE-2021-3024).
• Limited Unauthenticated Remove Peer: As of Vault 1.6, the remove-peer command
  on DR secondaries did not require authentication. This issue impacts the
  stability of HA architecture, as a bad actor could remove all standby
  nodes from a DR
  secondary. This issue affects Vault Enterprise 1.6.0 and 1.6.1, and is fixed in
  1.6.2 (CVE-2021-3282).
• Mount Path Disclosure: Vault previously returned different HTTP status codes for
  existent and non-existent mount paths. This behavior would allow unauthenticated
  brute force attacks to reveal which paths had valid mounts. This issue affects
  Vault and Vault Enterprise and is fixed in 1.6.2 (CVE-2020-25594).

CHANGES:

• go: Update go version to 1.15.7 [GH-10730]

FEATURES:

• ui: Adds check for feature flag on application, and updates namespace toolbar on login if present [GH-10588]

IMPROVEMENTS:

• core (enterprise): "vault status" command works when a namespace is set. [GH-10725]
• core: reduce memory used by leases [GH-10726]
• storage/raft (enterprise): Listing of peers is now allowed on DR secondary
  cluster nodes, as an update operation that takes in DR operation token for
  authenticating the request.

BUG FIXES:

• agent: Set namespace for template server in agent. [GH-10757]
• core: Make the response to an unauthenticated request to sys/internal endpoints consistent regardless of mount existence. [GH-10650]
• metrics: Protect emitMetrics from panicking during post-seal [GH-10708]
• secrets/gcp: Fix issue with account and iam_policy roleset WALs not being removed after attempts when GCP project no longer exists [GH-10759]
• storage/raft (enterprise): Automated snapshots with Azure required specifying
  azure_blob_environment, which should have had as a default AZUREPUBLICCLOUD.
• storage/raft (enterprise): Autosnapshots config and storage weren't excluded from
  performance replication, causing conflicts and errors.
• ui: Fix bug that double encodes secret route when there are spaces in the path and makes you unable to view the version history. [GH-10596]
• ui: Fix expected response from feature-flags endpoint [GH-10684]

---

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[codecov]

Codecov Report

Merging #221 (6f653c9) into master (f095b5a) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #221   +/-   ##
=======================================
  Coverage   36.61%   36.61%           
=======================================
  Files           7        7           
  Lines         183      183           
=======================================
  Hits           67       67           
  Misses         98       98           
  Partials       18       18           

[jbrockopp]

LGTM