Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/hashicorp/vault/sdk from 0.5.0 to 0.5.1 #1988

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 10, 2022

Bumps github.com/hashicorp/vault/sdk from 0.5.0 to 0.5.1.

Changelog

Sourced from github.com/hashicorp/vault/sdk's changelog.

0.5.1 (February 25th, 2016)

DEPRECATIONS/CHANGES:

  • RSA keys less than 2048 bits are no longer supported in the PKI backend. 1024-bit keys are considered unsafe and are disallowed in the Internet PKI. The pki backend has enforced SHA256 hashes in signatures from the beginning, and software that can handle these hashes should be able to handle larger key sizes. GH-1095
  • The PKI backend now does not automatically delete expired certificates, including from the CRL. Doing so could lead to a situation where a time mismatch between the Vault server and clients could result in a certificate that would not be considered expired by a client being removed from the CRL. The new pki/tidy endpoint can be used to trigger expirations. GH-1129
  • The cert backend now performs a variant of channel binding at renewal time for increased security. In order to not overly burden clients, a notion of identity is used. This functionality can be disabled. See the 0.5.1 upgrade guide for more specific information GH-1127

FEATURES:

  • Codebase Audit: Vault's 0.5 codebase was audited by iSEC. (The terms of the audit contract do not allow us to make the results public.) GH-220

IMPROVEMENTS:

  • api: The VAULT_TLS_SERVER_NAME environment variable can be used to control the SNI header during TLS connections GH-1131
  • api/health: Add the server's time in UTC to health responses GH-1117
  • command/rekey and command/generate-root: These now return the status at attempt initialization time, rather than requiring a separate fetch for the nonce GH-1054
  • credential/cert: Don't require root/sudo tokens for the certs/ and crls/ paths; use normal ACL behavior instead GH-468
  • credential/github: The validity of the token used for login will be checked at renewal time GH-1047
  • credential/github: The config endpoint no longer requires a root token; normal ACL path matching applies
  • deps: Use the standardized Go 1.6 vendoring system
  • secret/aws: Inform users of AWS-imposed policy restrictions around STS tokens if they attempt to use an invalid policy GH-1113
  • secret/mysql: The MySQL backend now allows disabling verification of the connection_url GH-1096
  • secret/pki: Submitted CSRs are now verified to have the correct key type and minimum number of bits according to the role. The exception is intermediate CA signing and the sign-verbatim path GH-1104
  • secret/pki: New tidy endpoint to allow expunging expired certificates. GH-1129
  • secret/postgresql: The PostgreSQL backend now allows disabling verification of the connection_url GH-1096

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v0.5.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 10, 2022
Signed-off-by: cpanato <[email protected]>
@codecov-commenter
Copy link

codecov-commenter commented Jun 12, 2022

Codecov Report

Merging #1988 (a992d57) into main (68e8d93) will decrease coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1988      +/-   ##
==========================================
- Coverage   28.71%   28.69%   -0.02%     
==========================================
  Files         132      133       +1     
  Lines        8087     8092       +5     
==========================================
  Hits         2322     2322              
- Misses       5458     5463       +5     
  Partials      307      307              
Impacted Files Coverage Δ
pkg/oci/remote/image.go 73.68% <0.00%> (ø)
cmd/cosign/cli/download.go 0.00% <0.00%> (ø)
cmd/cosign/cli/options/download.go 0.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 68e8d93...a992d57. Read the comment docs.

@cpanato cpanato merged commit b01a173 into main Jun 12, 2022
@cpanato cpanato deleted the dependabot/go_modules/github.com/hashicorp/vault/sdk-0.5.1 branch June 12, 2022 12:22
@github-actions github-actions bot added this to the v1.10.0 milestone Jun 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants