You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@dubbo.apache.org by GitBox <gi...@apache.org> on 2020/11/06 07:00:04 UTC
[GitHub] [dubbo-go] dependabot[bot] opened a new pull request #852: Bump github.com/hashicorp/consul/api from 1.5.0 to 1.7.0
dependabot[bot] opened a new pull request #852:
URL: https://github.com/apache/dubbo-go/pull/852
Bumps [github.com/hashicorp/consul/api](https://github.com/hashicorp/consul) from 1.5.0 to 1.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/hashicorp/consul/releases">github.com/hashicorp/consul/api's releases</a>.</em></p>
<blockquote>
<h2>v1.6.9</h2>
<h2>1.6.9 (September 11, 2020)</h2>
<p>BUG FIXES:</p>
<ul>
<li>api: fixed a panic caused by an api request with Connect=null [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/8537">GH-8537</a>]</li>
</ul>
<h2>v1.6.8</h2>
<h2>1.6.8 (August 12, 2020)</h2>
<p>BUG FIXES:</p>
<ul>
<li>vendor: update github.com/armon/go-metrics to v0.3.4 [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/8478">GH-8478</a>]</li>
</ul>
<h2>v1.6.7</h2>
<h2>1.6.7 (July 30, 2020)</h2>
<p>BUG FIXES:</p>
<ul>
<li>agent: Fixed an issue with lock contention during RPCs when under load while using the Prometheus metrics sink. [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/8372">GH-8372</a>]</li>
<li>gossip: Avoid issue where two unique leave events for the same node could lead to infinite rebroadcast storms [<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/8345">GH-8345</a>]</li>
</ul>
<h2>v1.6.6</h2>
<h2>1.6.6 (June 10, 2020)</h2>
<p>SECURITY:</p>
<ul>
<li>Adding an option <code>http_config.use_cache</code> to disable agent caching for http endpoints, because Consul’s DNS and HTTP API expose a caching feature susceptible to DoS. <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250">CVE-2020-13250</a> [<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/8023">GH-8023</a>](<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/8023">hashicorp/consul#8023</a>)</li>
<li>Propagate and enforce changes to legacy ACL tokens rules in secondary data centers. <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797">CVE-2020-12797</a> [<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/8047">GH-8047</a>](<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/8047">hashicorp/consul#8047</a>)</li>
<li>Only resolve local acl token in the datacenter it belongs to. <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170">CVE-2020-13170</a> [<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/8068">GH-8068</a>](<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/8068">hashicorp/consul#8068</a>)</li>
</ul>
<p>BUG FIXES:</p>
<ul>
<li>acl: Fixed an issue where legacy management tokens could not be used in secondary datacenters. [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/7908">GH-7908</a>]</li>
<li>agent: Fixed a race condition that could cause an agent to crash when first starting. [<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/7955">GH-7955</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/hashicorp/consul/blob/master/CHANGELOG.md">github.com/hashicorp/consul/api's changelog</a>.</em></p>
<blockquote>
<h2>1.7.0 (February 11, 2020)</h2>
<p>NOTES:</p>
<ul>
<li>
<p>cli: Our Windows 32-bit and 64-bit executables for this version and up will be signed with a HashiCorp certificate. Windows users will no longer see a warning about an "unknown publisher" when running our software.</p>
</li>
<li>
<p>cli: Our darwin releases for this version and up will be signed and notarized according to Apple's requirements.</p>
</li>
</ul>
<p>Prior to this release, MacOS 10.15+ users attempting to run our software may see the error: "'consul' cannot be opened because the developer cannot be verified." This error affected all MacOS 10.15+ users who downloaded our software directly via web browsers, and was caused by changes to <a href="https://developer.apple.com/news/?id=09032019a">Apple's third-party software requirements</a>.</p>
<p>MacOS 10.15+ users should plan to upgrade to 1.7.0+.</p>
<p>SECURITY:</p>
<ul>
<li>dns: Updated miekg/dns dependency to fix a memory leak and CVE-2019-19794. [<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/6984">GH-6984</a>], [<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/7252">GH-7252</a>]</li>
<li>updated to compile with [<a href="https://groups.google.com/forum/m/#!topic/golang-announce/Hsw4mHYc470">Go 1.12.16</a>] which includes a fix for CVE-2020-0601 on windows [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/7153">GH-7153</a>]</li>
</ul>
<p>BREAKING CHANGES:</p>
<ul>
<li>http: The HTTP API no longer accepts JSON fields that are unknown to it. Instead errors will be returned with 400 status codes [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/6874">GH-6874</a>]</li>
<li>dns: PTR record queries now return answers that contain the Consul datacenter as a label between <code>service</code> and the domain. [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/6909">GH-6909</a>]</li>
<li>agent: The ACL requirement for the <a href="https://www.consul.io/api/agent.html#force-leave-and-shutdown">agent/force-leave endpoint</a> is now <code>operator:write</code> rather than <code>agent:write</code>. [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/7033">GH-7033</a>]</li>
<li>logging: Switch over to using go-hclog and allow emitting either structured or unstructured logs. This changes the log format quite a bit and could break any log parsing users may have in place. [<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/1249">GH-1249</a>][<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/7130">GH-7130</a>]</li>
<li>intentions: Change the ACL requirement and enforcement for wildcard rules. Previously this would look for an ACL rule that would grant access to the service/intention <code>*</code>. Now, in order to write a wildcard intention requires write access to all intentions and reading a wildcard intention requires read access to any intention that would match. Additionally intention listing and reading allow access if the requester can read either side of the intention whereas before it only allowed it for permissions on the destination side. [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/7028">GH-7028</a>]</li>
<li>telemetry: <code>consul.rpc.query</code> has changed to only measure the <em>start</em> of <code>srv.blockingQuery()</code> calls. In certain rare cases where there are lots of idempotent updates this will cause the metric to report lower than before. The counter should now provides more meaningful behavior that maps to the rate of client-initiated requests. [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/7224">GH-7224</a>]</li>
</ul>
<p>FEATURES:</p>
<ul>
<li><strong>Namespaces (Consul Enterprise only)</strong> This version adds namespacing to Consul. Namespaces help reduce operational challenges by removing restrictions around uniqueness of resource names across distinct teams, and enable operators to provide self-service through delegation of administrative privileges. Namespace support was added to:
<ul>
<li>ACLs</li>
<li>Key/Value Store</li>
<li>Sessions</li>
<li>Catalog</li>
<li>Connect</li>
<li>UI [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/6639">GH6639</a>]</li>
</ul>
</li>
<li>agent: Add Cloud Auto-join support for Tencent Cloud [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/6818">GH-6818</a>]</li>
<li>connect: Added a new CA provider allowing Connect certificates to be managed by AWS <a href="https://www.consul.io/docs/connect/ca/aws.html">ACM Private CA</a>.</li>
<li>connect: Allow configuration of upstream connection limits in Envoy [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/6829">GH-6829</a>]</li>
<li>ui: Adds UI support for <a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/6446">Exposed Checks</a> <a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/6575">[GH6575]</a></li>
<li>ui: Visualisation of the Discovery Chain <a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/6746">[GH6746]</a></li>
</ul>
<p>IMPROVEMENTS:</p>
<ul>
<li>acl: Use constant time comparison when checking for the ACL agent master token. [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/6943">GH-6943</a>]</li>
<li>acl: Add accessorID of token when ops are denied by ACL system [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/7117">GH-7117</a>]</li>
<li>agent: default the primary_datacenter to the datacenter if not configured [<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/7111">GH-7111</a>]</li>
<li>agent: configurable <code>MaxQueryTime</code> and <code>DefaultQueryTime</code> [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/3777">GH-3777</a>]</li>
<li>agent: do not deregister service checks twice [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/6168">GH-6168</a>]</li>
<li>agent: remove service sidecars in <code>cleanupRegistration</code> [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/7022">GH-7022</a>]</li>
<li>agent: setup grpc server with auto_encrypt certs and add <code>-https-port</code> [<a href="https://github-redirect.dependabot.com/hashicorp/consul/pull/7086">GH-7086</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/hashicorp/consul/commit/95fb95bfe643d7886c4fb2d9f3afe1977d31cfec"><code>95fb95b</code></a> Release v1.7.0</li>
<li><a href="https://github.com/hashicorp/consul/commit/f0cac9260f13f4dd6dc7c6e1a04dd8448f9c9412"><code>f0cac92</code></a> update bindata_assetfs.go</li>
<li><a href="https://github.com/hashicorp/consul/commit/22a661487f12373df7fd25bafd2aa9aef3830ac8"><code>22a6614</code></a> Update CHANGELOG.md</li>
<li><a href="https://github.com/hashicorp/consul/commit/329c607c3de48239f6e2df4e39c1c68f6f807d22"><code>329c607</code></a> [skip ci] add windows signing to changelog (<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/7260">#7260</a>)</li>
<li><a href="https://github.com/hashicorp/consul/commit/80ed304e04c606fdb636283ad6fc68e38e91dfb9"><code>80ed304</code></a> Run make update-vendor and fixup various go.sum files</li>
<li><a href="https://github.com/hashicorp/consul/commit/3c6d9516bc85d46b21c7ef1b9964ae01ffeb73b1"><code>3c6d951</code></a> Bump <code>api</code> and <code>sdk</code> module versions</li>
<li><a href="https://github.com/hashicorp/consul/commit/77074be9b8567d32fd5b874839988339b844eddf"><code>77074be</code></a> Bump sdk module version to 0.4.0</li>
<li><a href="https://github.com/hashicorp/consul/commit/e231d62bc9cdb9d181322ec95615642151961d68"><code>e231d62</code></a> Make the config entry and leaf cert cache types ns aware (<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/7256">#7256</a>)</li>
<li><a href="https://github.com/hashicorp/consul/commit/6739fe6e83bd881a9e583e4aeefb822c552b8e2b"><code>6739fe6</code></a> connect: add validations around intermediate cert ttl (<a href="https://github-redirect.dependabot.com/hashicorp/consul/issues/7213">#7213</a>)</li>
<li><a href="https://github.com/hashicorp/consul/commit/1edcdafeaf351de6945fdbea17d9e87186bd89eb"><code>1edcdaf</code></a> changelog: move "calls" outside code backticks</li>
<li>Additional commits viewable in <a href="https://github.com/hashicorp/consul/compare/v1.5.0...v1.7.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo-go] zouyx commented on pull request #852: Bump github.com/hashicorp/consul/api from 1.5.0 to 1.7.0
Posted by GitBox <gi...@apache.org>.
zouyx commented on pull request #852:
URL: https://github.com/apache/dubbo-go/pull/852#issuecomment-723544330
@dependabot recreate
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo-go] dependabot[bot] closed pull request #852: Bump github.com/hashicorp/consul/api from 1.5.0 to 1.7.0
Posted by GitBox <gi...@apache.org>.
dependabot[bot] closed pull request #852:
URL: https://github.com/apache/dubbo-go/pull/852
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo-go] zouyx commented on pull request #852: Bump github.com/hashicorp/consul/api from 1.5.0 to 1.7.0
Posted by GitBox <gi...@apache.org>.
zouyx commented on pull request #852:
URL: https://github.com/apache/dubbo-go/pull/852#issuecomment-723544385
@dependabot reopen
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo-go] zouyx commented on pull request #852: Bump github.com/hashicorp/consul/api from 1.5.0 to 1.7.0
Posted by GitBox <gi...@apache.org>.
zouyx commented on pull request #852:
URL: https://github.com/apache/dubbo-go/pull/852#issuecomment-722930039
@dependabot close
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo-go] dependabot[bot] commented on pull request #852: Bump github.com/hashicorp/consul/api from 1.5.0 to 1.7.0
Posted by GitBox <gi...@apache.org>.
dependabot[bot] commented on pull request #852:
URL: https://github.com/apache/dubbo-go/pull/852#issuecomment-723544336
Looks like this PR is closed. If you re-open it I'll rebase it as long as no-one else has edited it (you can use `@dependabot reopen` if the branch has been deleted).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo-go] dependabot[bot] commented on pull request #852: Bump github.com/hashicorp/consul/api from 1.5.0 to 1.7.0
Posted by GitBox <gi...@apache.org>.
dependabot[bot] commented on pull request #852:
URL: https://github.com/apache/dubbo-go/pull/852#issuecomment-724091254
OK, I won't notify you again about this release, but will get in touch when a new version is available.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo-go] dependabot[bot] closed pull request #852: Bump github.com/hashicorp/consul/api from 1.5.0 to 1.7.0
Posted by GitBox <gi...@apache.org>.
dependabot[bot] closed pull request #852:
URL: https://github.com/apache/dubbo-go/pull/852
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org