You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@dubbo.apache.org by GitBox <gi...@apache.org> on 2022/11/07 12:01:35 UTC

[GitHub] [dubbo-go] dependabot[bot] opened a new pull request, #2108: build(deps): bump github.com/hashicorp/vault/sdk from 0.6.0 to 0.6.1

dependabot[bot] opened a new pull request, #2108:
URL: https://github.com/apache/dubbo-go/pull/2108

   Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.6.0 to 0.6.1.
   <details>
   <summary>Changelog</summary>
   <p><em>Sourced from <a href="https://github.com/hashicorp/vault/blob/main/CHANGELOG.md">github.com/hashicorp/vault/sdk's changelog</a>.</em></p>
   <blockquote>
   <h2>0.6.1 (August 22, 2016)</h2>
   <p>DEPRECATIONS/CHANGES:</p>
   <ul>
   <li>Once the active node is 0.6.1, standby nodes must also be 0.6.1 in order to
   connect to the HA cluster. We recommend following our <a href="https://www.vaultproject.io/docs/install/upgrade.html">general upgrade
   instructions</a> in
   addition to 0.6.1-specific upgrade instructions to ensure that this is not
   an issue.</li>
   <li>Status codes for sealed/uninitialized Vaults have changed to <code>503</code>/<code>501</code>
   respectively. See the <a href="https://www.vaultproject.io/docs/install/upgrade-to-0.6.1.html">version-specific upgrade
   guide</a> for
   more details.</li>
   <li>Root tokens (tokens with the <code>root</code> policy) can no longer be created except
   by another root token or the <code>generate-root</code> endpoint.</li>
   <li>Issued certificates from the <code>pki</code> backend against new roles created or
   modified after upgrading will contain a set of default key usages.</li>
   <li>The <code>dynamodb</code> physical data store no longer supports HA by default. It has
   some non-ideal behavior around failover that was causing confusion. See the
   <a href="https://www.vaultproject.io/docs/config/index.html#ha_enabled">documentation</a>
   for information on enabling HA mode. It is very important that this
   configuration is added <em>before upgrading</em>.</li>
   <li>The <code>ldap</code> backend no longer searches for <code>memberOf</code> groups as part of its
   normal flow. Instead, the desired group filter must be specified. This fixes
   some errors and increases speed for directories with different structures,
   but if this behavior has been relied upon, ensure that you see the upgrade
   notes <em>before upgrading</em>.</li>
   <li><code>app-id</code> is now deprecated with the addition of the new AppRole backend.
   There are no plans to remove it, but we encourage using AppRole whenever
   possible, as it offers enhanced functionality and can accommodate many more
   types of authentication paradigms.</li>
   </ul>
   <p>FEATURES:</p>
   <ul>
   <li><strong>AppRole Authentication Backend</strong>: The <code>approle</code> backend is a
   machine-oriented authentication backend that provides a similar concept to
   App-ID while adding many missing features, including a pull model that
   allows for the backend to generate authentication credentials rather than
   requiring operators or other systems to push credentials in. It should be
   useful in many more situations than App-ID. The inclusion of this backend
   deprecates App-ID. <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/1426">GH-1426</a></li>
   <li><strong>Request Forwarding</strong>: Vault servers can now forward requests to each other
   rather than redirecting clients. This feature is off by default in 0.6.1 but
   will be on by default in the next release. See the <a href="https://www.vaultproject.io/docs/concepts/ha.html">HA concepts
   page</a> for information on
   enabling and configuring it. <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/443">GH-443</a></li>
   <li><strong>Convergent Encryption in <code>Transit</code></strong>: The <code>transit</code> backend now supports a
   convergent encryption mode where the same plaintext will produce the same
   ciphertext. Although very useful in some situations, this has potential
   security implications, which are mostly mitigated by requiring the use of</li>
   </ul>
   <!-- raw HTML omitted -->
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a href="https://github.com/hashicorp/vault/commit/182ba68a9589d4cef95234134aaa498a686e3de3"><code>182ba68</code></a> Cut version 0.6.1</li>
   <li><a href="https://github.com/hashicorp/vault/commit/05238c04cb1a74b5211aa001e45e8c9fd3a5f91a"><code>05238c0</code></a> Update version numbers</li>
   <li><a href="https://github.com/hashicorp/vault/commit/6beadc1e1c9c7d317ef8074eaa3f26dfcc936f4d"><code>6beadc1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/1755">#1755</a> from hashicorp/logxi</li>
   <li><a href="https://github.com/hashicorp/vault/commit/68345eb77086b3154a850b957a8ce47a471b9f16"><code>68345eb</code></a> Convert to logxi</li>
   <li><a href="https://github.com/hashicorp/vault/commit/0dd95f0d240e0820e84e22062db45f571fccee51"><code>0dd95f0</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/1754">#1754</a> from hashicorp/secret-id-read-delete</li>
   <li><a href="https://github.com/hashicorp/vault/commit/7d772e445fd1b0d1d8857e36f6681241eb04ce19"><code>7d772e4</code></a> Extract out common code</li>
   <li><a href="https://github.com/hashicorp/vault/commit/1a62fb64c212144e16b02f82c4a19fc8c8d9fa61"><code>1a62fb6</code></a> Seperate endpoints for read/delete using secret-id and accessor</li>
   <li><a href="https://github.com/hashicorp/vault/commit/826146f9e85018337a293bd0442c3645433fa8d7"><code>826146f</code></a> Initial fixups, not yet done</li>
   <li><a href="https://github.com/hashicorp/vault/commit/357ecb4dfee0e4c4af12befce3ac44738892fd6a"><code>357ecb4</code></a> gofmt</li>
   <li><a href="https://github.com/hashicorp/vault/commit/cb106531dbea8e1766d635d29aec8dde5a14aac0"><code>cb10653</code></a> Bump tf version</li>
   <li>Additional commits viewable in <a href="https://github.com/hashicorp/vault/compare/v0.6.0...v0.6.1">compare view</a></li>
   </ul>
   </details>
   <br />
   
   
   [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/vault/sdk&package-manager=go_modules&previous-version=0.6.0&new-version=0.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
   
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo-go] AlexStocks closed pull request #2108: build(deps): bump github.com/hashicorp/vault/sdk from 0.6.0 to 0.6.1

Posted by GitBox <gi...@apache.org>.

AlexStocks closed pull request #2108: build(deps): bump github.com/hashicorp/vault/sdk from 0.6.0 to 0.6.1
URL: https://github.com/apache/dubbo-go/pull/2108


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo-go] dependabot[bot] commented on pull request #2108: build(deps): bump github.com/hashicorp/vault/sdk from 0.6.0 to 0.6.1

Posted by GitBox <gi...@apache.org>.

dependabot[bot] commented on PR #2108:
URL: https://github.com/apache/dubbo-go/pull/2108#issuecomment-1306635849

   OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file.
   
   If you change your mind, just re-open this PR and I'll resolve any conflicts on it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org