Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump github.com/hashicorp/vault/sdk from 0.9.1 to 0.9.2 #117

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 26, 2023

Bumps github.com/hashicorp/vault/sdk from 0.9.1 to 0.9.2.

Changelog

Sourced from github.com/hashicorp/vault/sdk's changelog.

0.9.2 (January 26th, 2018)

SECURITY:

  • Okta Auth Backend: While the Okta auth backend was successfully verifying usernames and passwords, it was not checking the returned state of the account, so accounts that had been marked locked out could still be used to log in. Only accounts in SUCCESS or PASSWORD_WARN states are now allowed.
  • Periodic Tokens: A regression in 0.9.1 meant that periodic tokens created by the AppRole, AWS, and Cert auth backends would expire when the max TTL for the backend/mount/system was hit instead of their stated behavior of living as long as they are renewed. This is now fixed; existing tokens do not have to be reissued as this was purely a regression in the renewal logic.
  • Seal Wrapping: During certain replication states values written marked for seal wrapping may not be wrapped on the secondaries. This has been fixed, and existing values will be wrapped on next read or write. This does not affect the barrier keys.

DEPRECATIONS/CHANGES:

  • sys/health DR Secondary Reporting: The replication_dr_secondary bool returned by sys/health could be misleading since it would be false both when a cluster was not a DR secondary but also when the node is a standby in the cluster and has not yet fully received state from the active node. This could cause health checks on LBs to decide that the node was acceptable for traffic even though DR secondaries cannot handle normal Vault traffic. (In other words, the bool could only convey "yes" or "no" but not "not sure yet".) This has been replaced by replication_dr_mode and replication_perf_mode which are string values that convey the current state of the node; a value of disabled indicates that replication is disabled or the state is still being discovered. As a result, an LB check can positively verify that the node is both not disabled and is not a DR secondary, and avoid sending traffic to it if either is true.
  • PKI Secret Backend Roles parameter types: For ou and organization in role definitions in the PKI secret backend, input can now be a comma-separated string or an array of strings. Reading a role will now return arrays for these parameters.
  • Plugin API Changes: The plugin API has been updated to utilize golang's context.Context package. Many function signatures now accept a context object as the first parameter. Existing plugins will need to pull in the latest Vault code and update their function signatures to begin using context and the new gRPC transport.

FEATURES:

  • gRPC Backend Plugins: Backend plugins now use gRPC for transport, allowing them to be written in other languages.
  • Brand New CLI: Vault has a brand new CLI interface that is significantly streamlined, supports autocomplete, and is almost entirely backwards compatible.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from alexhung as a code owner July 26, 2023 09:07
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 26, 2023
@alexhung
Copy link
Member

This is blocked by this hashicorp/vault#18492 as we need to implement ExistenceCheck func for role path.

Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.9.1 to 0.9.2.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v0.9.1...v0.9.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault/sdk-0.9.2 branch from 7d29e5a to c0471c5 Compare August 17, 2023 16:01
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 6, 2023

Superseded by #123.

@dependabot dependabot bot closed this Sep 6, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/hashicorp/vault/sdk-0.9.2 branch September 6, 2023 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant