dependabot[bot] opened a new pull request #1770: URL: https://github.com/apache/dubbo-go/pull/1770
Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.3.0 to 0.4.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/blob/main/CHANGELOG.md";>github.com/hashicorp/vault/sdk's changelog</a>.</em></p> <blockquote> <h2>0.4.1 (January 13, 2016)</h2> <p>SECURITY:</p> <ul> <li>Build against Go 1.5.3 to mitigate a security vulnerability introduced in Go 1.5. For more information, please see <a href="https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4";>https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4</a></li> </ul> <p>This is a security-only release; other than the version number and building against Go 1.5.3, there are no changes from 0.4.0.</p> <h2>0.4.0 (December 10, 2015)</h2> <p>DEPRECATIONS/CHANGES:</p> <ul> <li>Policy Name Casing: Policy names are now normalized to lower-case on write, helping prevent accidental case mismatches. For backwards compatibility, policy names are not currently normalized when reading or deleting. <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/676";>GH-676</a></li> <li>Default etcd port number: the default connection string for the <code>etcd</code> physical store uses port 2379 instead of port 4001, which is the port used by the supported version 2.x of etcd. <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/753";>GH-753</a></li> <li>As noted below in the FEATURES section, if your Vault installation contains a policy called <code>default</code>, new tokens created will inherit this policy automatically.</li> <li>In the PKI backend there have been a few minor breaking changes: <ul> <li>The token display name is no longer a valid option for providing a base domain for issuance. Since this name is prepended with the name of the authentication backend that issued it, it provided a faulty use-case at best and a confusing experience at worst. We hope to figure out a better per-token value in a future release.</li> <li>The <code>allowed_base_domain</code> parameter has been changed to <code>allowed_domains</code>, which accepts a comma-separated list of domains. This allows issuing certificates with DNS subjects across multiple domains. If you had a configured <code>allowed_base_domain</code> parameter, it will be migrated automatically when the role is read (either via a normal read, or via issuing a certificate).</li> </ul> </li> </ul> <p>FEATURES:</p> <ul> <li><strong>Significantly Enhanced PKI Backend</strong>: The <code>pki</code> backend can now generate and sign root CA certificates and intermediate CA CSRs. It can also now sign submitted client CSRs, as well as a significant number of other enhancements. See the updated documentation for the full API. <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/666";>GH-666</a></li> <li><strong>CRL Checking for Certificate Authentication</strong>: The <code>cert</code> backend now supports pushing CRLs into the mount and using the contained serial numbers for revocation checking. See the documentation for the <code>cert</code> backend for more info. <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/330";>GH-330</a></li> <li><strong>Default Policy</strong>: Vault now ensures that a policy named <code>default</code> is added to every token. This policy cannot be deleted, but it can be modified (including to an empty policy). There are three endpoints allowed in the</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/vault/commit/1a807d58cb4e87808a27d53bede3fa252b876871";><code>1a807d5</code></a> Cut version 0.4.1</li> <li><a href="https://github.com/hashicorp/vault/commit/3ba925b3793d1b7f55e1c909f5cec6ac0743d141";><code>3ba925b</code></a> Bump values to 0.4.1</li> <li><a href="https://github.com/hashicorp/vault/commit/b3da917b2305b23693cf2594f9d29e52acc514cf";><code>b3da917</code></a> Cut version 0.4.0</li> <li><a href="https://github.com/hashicorp/vault/commit/d597ae2402f41c7e08d102777a78002a8250a4a6";><code>d597ae2</code></a> Fill in release date in Changelog</li> <li><a href="https://github.com/hashicorp/vault/commit/ba44fb4ac266c684a9b7ab8e739a524e4c201889";><code>ba44fb4</code></a> Bump website version</li> <li><a href="https://github.com/hashicorp/vault/commit/b3786fbeac19cba924b6e050602929dd8261df3d";><code>b3786fb</code></a> Add check for DOCKER_CROSS_IMAGE in dist script</li> <li><a href="https://github.com/hashicorp/vault/commit/583882efdcc725412e8172ee32f86d5454ad05cf";><code>583882e</code></a> Update documentation to be consistent with return codes</li> <li><a href="https://github.com/hashicorp/vault/commit/c1151dd3c3187f6cf5014fd358ce1d9158081989";><code>c1151dd</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/666";>#666</a> from hashicorp/pki-csrs</li> <li><a href="https://github.com/hashicorp/vault/commit/a09b2f34379a54be2ed0f1561a2c842838ec7678";><code>a09b2f3</code></a> Make the timeout for 'make test' 60s to accommodate larger numbers of generat...</li> <li><a href="https://github.com/hashicorp/vault/commit/22cb3ae90cc780bb2dfe1c06c2c6761784c7248b";><code>22cb3ae</code></a> Merge branch 'master' into pki-csrs</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/vault/compare/v0.3.0...v0.4.1";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
