Bump github.com/hashicorp/vault from 0.10.4 to 1.8.5

[dependabot[bot]]

Bumps github.com/hashicorp/vault from 0.10.4 to 1.8.5.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.8.5

1.8.5

November 4, 2021

BUG FIXES:

• auth/aws: fix config/rotate-root to store new key [GH-12715]
• core/identity: Cleanup alias in the in-memory entity after an alias deletion by ID [GH-12834]
• core/identity: Disallow entity alias creation/update if a conflicting alias exists for the target entity and mount combination [GH-12747]
• http (enterprise): Always forward internal/counters endpoints from perf standbys to active node
• identity/token: Adds missing call to unlock mutex in key deletion error handling [GH-12916]
• kmip (enterprise): Fix handling of custom attributes when servicing GetAttributes requests
• kmip (enterprise): Fix handling of invalid role parameters within various vault api calls
• kmip (enterprise): Forward KMIP register operations to the active node
• secrets/keymgmt (enterprise): Fix support for Azure Managed HSM Key Vault instances. [GH-12952]
• transform (enterprise): Fix an error where the decode response of an expired token is an empty result rather than an error.

v1.8.4

1.8.4

6 October 2021

IMPROVEMENTS:

• core: Update Oracle Cloud library to enable seal integration with the uk-gov-london-1 region [GH-12724]

BUG FIXES:

• core: Fix a deadlock on HA leadership transfer [GH-12691]
• database/postgres: Update postgres library (github.com/lib/pq) to properly remove terminated TLS connections from the connection pool. [GH-12413]
• pki: Fix regression preventing email addresses being used as a common name within certificates [GH-12716]
• storage/postgres: Update postgres library (github.com/lib/pq) to properly remove terminated TLS connections from the connection pool. [GH-12413]
• ui: Fix bug where edit role form on auth method is invalid by default [GH-12646]

v1.8.3

1.8.3

29 September 2021

IMPROVEMENTS:

• secrets/pki: Allow signing of self-issued certs with a different signature algorithm. [GH-12514]

BUG FIXES:

• agent: Avoid possible unexpected fault address panic when using persistent cache. [GH-12534]
• core (enterprise): Allow deletion of stored licenses on DR secondary nodes
• core (enterprise): Fix bug where password generation through password policies do not work on namespaces if performed outside a request callback or from an external plugin. [GH-12635]
• core (enterprise): Only delete quotas on primary cluster. [GH-12339]
• identity: Fail alias rename if the resulting (name,accessor) exists already [GH-12473]
• raft (enterprise): Fix panic when updating auto-snapshot config
• secrets/db: Fix bug where Vault can rotate static role passwords early during start up under certain conditions. [GH-12563]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.8.5

November 4, 2021

SECURITY:

• core/identity: Templated ACL policies would always match the first-created entity alias if multiple entity aliases existed for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. This vulnerability, CVE-2021-43998, was fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.

BUG FIXES:

• auth/aws: fix config/rotate-root to store new key [GH-12715]
• core/identity: Cleanup alias in the in-memory entity after an alias deletion by ID [GH-12834]
• core/identity: Disallow entity alias creation/update if a conflicting alias exists for the target entity and mount combination [GH-12747]
• http (enterprise): Always forward internal/counters endpoints from perf standbys to active node
• identity/token: Adds missing call to unlock mutex in key deletion error handling [GH-12916]
• kmip (enterprise): Fix handling of custom attributes when servicing GetAttributes requests
• kmip (enterprise): Fix handling of invalid role parameters within various vault api calls
• kmip (enterprise): Forward KMIP register operations to the active node
• secrets/keymgmt (enterprise): Fix support for Azure Managed HSM Key Vault instances. [GH-12952]
• transform (enterprise): Fix an error where the decode response of an expired token is an empty result rather than an error.

1.8.4

6 October 2021

SECURITY:

• core/identity: A Vault user with write permission to an entity alias ID sharing a mount accessor with another user may acquire this other user’s policies by merging their identities. This vulnerability, CVE-2021-41802, was fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.

IMPROVEMENTS:

• core: Update Oracle Cloud library to enable seal integration with the uk-gov-london-1 region [GH-12724]

BUG FIXES:

• core: Fix a deadlock on HA leadership transfer [GH-12691]
• database/postgres: Update postgres library (github.com/lib/pq) to properly remove terminated TLS connections from the connection pool. [GH-12413]
• pki: Fix regression preventing email addresses being used as a common name within certificates [GH-12716]
• storage/postgres: Update postgres library (github.com/lib/pq) to properly remove terminated TLS connections from the connection pool. [GH-12413]
• ui: Fix bug where edit role form on auth method is invalid by default [GH-12646]

1.8.3

29 September 2021

IMPROVEMENTS:

• secrets/pki: Allow signing of self-issued certs with a different signature algorithm. [GH-12514]

BUG FIXES:

• agent: Avoid possible unexpected fault address panic when using persistent cache. [GH-12534]
• core (enterprise): Allow deletion of stored licenses on DR secondary nodes

... (truncated)

Commits

• 647eccf update Go version from 1.16.7 to 1.16.9 (#13029)
• 0f4e4c6 bump to go 1.16.9 (#13028)
• 03a718d go get sdk@release/1.8.x (#12994)
• 6654f4b 1.8.5 version bump (#12986)
• bebf096 Fix go.mod, go.sum after go-kms-wrapping update (#12958)
• 94f2ef9 go-kms-wrapping update for Azure Key Vault's Managed HSM offering [backport 1...
• e777d3b Adds missing unlock of RWMutex in OIDC delete key (#12916) (#12922)
• dd80dbf Backport 12834 18x (#12869)
• 3a186fa Update dependency go-mssqldb to v0.11.0 in release/1.8.x (#12873)
• c4cf784 Backport 1.8.x: Fix auth/aws so that config/rotate-root saves new key pair (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot[bot]]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot[bot]]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot[bot]]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot[bot]]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.