Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/hashicorp/vault/sdk from 0.5.0 to 0.5.1 #162

Merged
merged 1 commit into from
Jun 13, 2022
Merged

Bump github.com/hashicorp/vault/sdk from 0.5.0 to 0.5.1 #162

merged 1 commit into from
Jun 13, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 10, 2022
edited
Loading

Bumps github.com/hashicorp/vault/sdk from 0.5.0 to 0.5.1.

Changelog

Sourced from github.com/hashicorp/vault/sdk's changelog.

0.5.1 (February 25th, 2016)

DEPRECATIONS/CHANGES:

  • RSA keys less than 2048 bits are no longer supported in the PKI backend. 1024-bit keys are considered unsafe and are disallowed in the Internet PKI. The pki backend has enforced SHA256 hashes in signatures from the beginning, and software that can handle these hashes should be able to handle larger key sizes. GH-1095
  • The PKI backend now does not automatically delete expired certificates, including from the CRL. Doing so could lead to a situation where a time mismatch between the Vault server and clients could result in a certificate that would not be considered expired by a client being removed from the CRL. The new pki/tidy endpoint can be used to trigger expirations. GH-1129
  • The cert backend now performs a variant of channel binding at renewal time for increased security. In order to not overly burden clients, a notion of identity is used. This functionality can be disabled. See the 0.5.1 upgrade guide for more specific information GH-1127

FEATURES:

  • Codebase Audit: Vault's 0.5 codebase was audited by iSEC. (The terms of the audit contract do not allow us to make the results public.) GH-220

IMPROVEMENTS:

  • api: The VAULT_TLS_SERVER_NAME environment variable can be used to control the SNI header during TLS connections GH-1131
  • api/health: Add the server's time in UTC to health responses GH-1117
  • command/rekey and command/generate-root: These now return the status at attempt initialization time, rather than requiring a separate fetch for the nonce GH-1054
  • credential/cert: Don't require root/sudo tokens for the certs/ and crls/ paths; use normal ACL behavior instead GH-468
  • credential/github: The validity of the token used for login will be checked at renewal time GH-1047
  • credential/github: The config endpoint no longer requires a root token; normal ACL path matching applies
  • deps: Use the standardized Go 1.6 vendoring system
  • secret/aws: Inform users of AWS-imposed policy restrictions around STS tokens if they attempt to use an invalid policy GH-1113
  • secret/mysql: The MySQL backend now allows disabling verification of the connection_url GH-1096
  • secret/pki: Submitted CSRs are now verified to have the correct key type and minimum number of bits according to the role. The exception is intermediate CA signing and the sign-verbatim path GH-1104
  • secret/pki: New tidy endpoint to allow expunging expired certificates. GH-1129
  • secret/postgresql: The PostgreSQL backend now allows disabling verification of the connection_url GH-1096

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from lingrino as a code owner June 10, 2022 16:06
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jun 13, 2022
edited
Loading

Deploying with  Cloudflare Pages  Cloudflare Pages

Latest commit: a69e8a7
Status: ✅  Deploy successful!
Preview URL: https://b5a6dd1b.vaku.pages.dev
Branch Preview URL: https://dependabot-go-modules-github-is1u.vaku.pages.dev

View logs

@lingrino lingrino enabled auto-merge (squash) June 13, 2022 16:32
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault/sdk-0.5.1 branch from c0e9940 to 24cec82 Compare June 13, 2022 16:33
@dependabot
Bump github.com/hashicorp/vault/sdk from 0.5.0 to 0.5.1
a69e8a7 
Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v0.5.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault/sdk-0.5.1 branch from 24cec82 to a69e8a7 Compare June 13, 2022 16:38
@lingrino lingrino merged commit 962bfa0 into main Jun 13, 2022
@lingrino lingrino deleted the dependabot/go_modules/github.com/hashicorp/vault/sdk-0.5.1 branch June 13, 2022 16:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lingrino lingrino lingrino approved these changes

Assignees

@lingrino lingrino

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lingrino