Bump github.com/hashicorp/consul from 1.8.0 to 1.9.5

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps github.com/hashicorp/consul from 1.8.0 to 1.9.5.

Release notes

Sourced from github.com/hashicorp/consul's releases.

v1.9.5

1.9.5 (April 15, 2021)

SECURITY:

• Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864 [GH-10023]
• audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156

IMPROVEMENTS:

• api: AutopilotServerHelath now handles the 429 status code returned by the v1/operator/autopilot/health endpoint and still returned the parsed reply which will indicate server healthiness [GH-8599]
• client: when a client agent is attempting to dereigster a service, anddoes not have access to the ACL token used to register a service, attempt to use the agent token instead of the default user token. If no agent token is set, fall back to the default user token. [GH-9683]
• connect: Automatically rewrite the Host header for Terminating Gateway HTTP services [GH-9042]
• ui: support stricter content security policies [GH-9847]

BUG FIXES:

• api: ensure v1/health/ingress/:service endpoint works properly when streaming is enabled [GH-9967]
• areas: Fixes a bug which would prevent newer servers in a network areas from connecting to servers running a version of Consul prior to 1.7.3.
• audit-logging: (Enterprise only) Fixed an issue that resulted in usage of the agent master token or managed service provider tokens from being resolved properly. [GH-10013]
• cache: fix a bug in the client agent cache where streaming could potentially leak resources. [GH-9978]. [GH-9978]
• cache: fix a bug in the client agent cache where streaming would disconnect every 20 minutes and cause delivery delays. [GH-9979]. [GH-9979]
• command: when generating envoy bootstrap configs to stdout do not mix informational logs into the json [GH-9980]
• config: correct config key from advertise_addr_ipv6 to advertise_addr_wan_ipv6 [GH-9851]
• http: fix a bug in Consul Enterprise that would cause the UI to believe namespaces were supported, resulting in warning logs and incorrect UI behaviour. [GH-9923]
• snapshot: fixes a bug that would cause snapshots to be missing all but the first ACL Auth Method. [GH-10025]
• ui: Fix intention form cancel button [GH-9901]

v1.9.4

1.9.4 (March 04, 2021)

IMPROVEMENTS:

• connect: if the token given to the vault provider returns no data avoid a panic [GH-9806]
• connect: update supported envoy point releases to 1.16.2, 1.15.3, 1.14.6, 1.13.7 [GH-9737]
• xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel [GH-9765]

BUG FIXES:

• api: Remove trailing periods from the gateway internal HTTP API endpoint [GH-9752]
• cache: Prevent spamming the logs for days when a cached request encounters an "ACL not found" error. [GH-9738]
• connect: connect CA Roots in the primary datacenter should use a SigningKeyID derived from their local intermediate [GH-9428]
• proxycfg: avoid potential deadlock in delivering proxy snapshot to watchers. [GH-9689]
• replication: Correctly log all replication warnings that should not be suppressed [GH-9320]
• streaming: fixes a bug caused by caching an incorrect snapshot, that would cause clients to error until the cache expired. [GH-9772]
• ui: Exclude proxies when showing the total number of instances on a node. [GH-9749]
• ui: Fixed a bug in older browsers relating to String.replaceAll and fieldset w/flexbox usage [GH-9715]
• xds: deduplicate mesh gateway listeners by address in a stable way to prevent some LDS churn [GH-9650]

... (truncated)

Changelog

Sourced from github.com/hashicorp/consul's changelog.

1.9.5 (April 15, 2021)

SECURITY:

• Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864 [GH-10023]
• audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156

IMPROVEMENTS:

• api: AutopilotServerHelath now handles the 429 status code returned by the v1/operator/autopilot/health endpoint and still returned the parsed reply which will indicate server healthiness [GH-8599]
• client: when a client agent is attempting to dereigster a service, anddoes not have access to the ACL token used to register a service, attempt to use the agent token instead of the default user token. If no agent token is set, fall back to the default user token. [GH-9683]
• connect: Automatically rewrite the Host header for Terminating Gateway HTTP services [GH-9042]
• ui: support stricter content security policies [GH-9847]

BUG FIXES:

• api: ensure v1/health/ingress/:service endpoint works properly when streaming is enabled [GH-9967]
• areas: Fixes a bug which would prevent newer servers in a network areas from connecting to servers running a version of Consul prior to 1.7.3.
• audit-logging: (Enterprise only) Fixed an issue that resulted in usage of the agent master token or managed service provider tokens from being resolved properly. [GH-10013]
• cache: fix a bug in the client agent cache where streaming could potentially leak resources. [GH-9978]. [GH-9978]
• cache: fix a bug in the client agent cache where streaming would disconnect every 20 minutes and cause delivery delays. [GH-9979]. [GH-9979]
• command: when generating envoy bootstrap configs to stdout do not mix informational logs into the json [GH-9980]
• config: correct config key from advertise_addr_ipv6 to advertise_addr_wan_ipv6 [GH-9851]
• http: fix a bug in Consul Enterprise that would cause the UI to believe namespaces were supported, resulting in warning logs and incorrect UI behaviour. [GH-9923]
• snapshot: fixes a bug that would cause snapshots to be missing all but the first ACL Auth Method. [GH-10025]
• ui: Fix intention form cancel button [GH-9901]

1.9.4 (March 04, 2021)

IMPROVEMENTS:

• connect: if the token given to the vault provider returns no data avoid a panic [GH-9806]
• connect: update supported envoy point releases to 1.16.2, 1.15.3, 1.14.6, 1.13.7 [GH-9737]
• xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel [GH-9765]

BUG FIXES:

• api: Remove trailing periods from the gateway internal HTTP API endpoint [GH-9752]
• cache: Prevent spamming the logs for days when a cached request encounters an "ACL not found" error. [GH-9738]
• connect: connect CA Roots in the primary datacenter should use a SigningKeyID derived from their local intermediate [GH-9428]
• proxycfg: avoid potential deadlock in delivering proxy snapshot to watchers. [GH-9689]
• replication: Correctly log all replication warnings that should not be suppressed [GH-9320]
• streaming: fixes a bug caused by caching an incorrect snapshot, that would cause clients to error until the cache expired. [GH-9772]
• ui: Exclude proxies when showing the total number of instances on a node. [GH-9749]
• ui: Fixed a bug in older browsers relating to String.replaceAll and fieldset w/flexbox usage [GH-9715]
• xds: deduplicate mesh gateway listeners by address in a stable way to prevent some LDS churn [GH-9650]
• xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists; also prevent some flaps in terminating gateways as well [GH-9651]

... (truncated)

Commits

• 3c1c226 Release v1.9.5
• 7398f36 update bindata_assetfs.go
• 8980514 update changelog for 1.9.5 (#10042)
• 2e84559 Merge pull request #10030 from hashicorp/fix-ent-audit-log-bypass
• dc937c9 Merge pull request #10023 from hashicorp/fix-raw-kv-xss
• 04d3575 Merge pull request #10025 from hashicorp/dnephin/fix-snapshot-auth-methods
• 0e7ab74 [1.9.x] mod: bump to github.com/hashicorp/mdns v1.0.4 (#10019)
• 01998ae Merge pull request #10014 from hashicorp/dnephin/changelog
• 72aee1d Move static token resolution into the ACLResolver (#10013)
• b8c7982 Merge pull request #10008 from hashicorp/mw.update-homepage-links
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.