Bump github.com/hashicorp/vault from 1.15.3 to 1.17.1

[dependabot]

Bumps github.com/hashicorp/vault from 1.15.3 to 1.17.1.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.17.1

1.17.1

June 26, 2024

CHANGES:

• auth/jwt: Update plugin to v0.21.0 [GH-27498]

IMPROVEMENTS:

• storage/raft: Improve autopilot logging on startup to show config values clearly and avoid spurious logs [GH-27464]
• ui/secrets-sync: Hide Secrets Sync from the sidebar nav if user does not have access to the feature. [GH-27262]

BUG FIXES:

• agent: Fixed an issue causing excessive CPU usage during normal operation [GH-27518]
• config: Vault TCP listener config now correctly supports the documented proxy_protocol_behavior setting of 'deny_unauthorized' [GH-27459]
• core/audit: Audit logging a Vault request/response checks if the existing context is cancelled and will now use a new context with a 5 second timeout. If the existing context is cancelled a new context, will be used. [GH-27531]
• helper/pkcs7: Fix parsing certain messages containing only certificates [GH-27435]
• proxy: Fixed an issue causing excessive CPU usage during normal operation [GH-27518]
• replication (enterprise): fix cache invalidation issue leading to namespace custom metadata not being shown correctly on performance secondaries
• secrets-sync (enterprise): Properly remove tags from secrets in AWS when they are removed from the source association
• secrets-sync (enterprise): Return more accurate error code for invalid connection details
• secrets-sync (enterprise): Skip invalid GitHub repository names when creating destinations
• storage/azure: Fix invalid account name initialization bug [GH-27563]
• storage/raft (enterprise): Fix issue with namespace cache not getting cleared on snapshot restore, resulting in namespaces not found in the snapshot being inaccurately represented by API responses. [GH-27474]
• ui: Allow creation of session_token type roles for AWS secret backend [GH-27424]

v1.17.0

1.17.0

June 12, 2024

CHANGES:

• api: Upgrade from github.com/go-jose/go-jose/v3 v3.0.3 to github.com/go-jose/go-jose/v4 v4.0.1. [GH-26527]
• audit: breaking change - Vault now allows audit logs to contain 'correlation-id' and 'x-correlation-id' headers when they are present in the incoming request. By default they are not HMAC'ed (but can be configured to HMAC by Vault Operators). [GH-26777]
• auth/alicloud: Update plugin to v0.18.0 [GH-27133]
• auth/azure: Update plugin to v0.18.0 [GH-27146]
• auth/centrify: Remove the deprecated Centrify auth method plugin [GH-27130]
• auth/cf: Update plugin to v0.17.0 [GH-27161]
• auth/gcp: Update plugin to v0.18.0 [GH-27140]
• auth/jwt: Update plugin to v0.20.2 [GH-26291]
• auth/jwt: Update plugin to v0.20.3 [GH-26890]
• auth/kerberos: Update plugin to v0.12.0 [GH-27177]
• auth/kubernetes: Update plugin to v0.19.0 [GH-27186]
• auth/oci: Update plugin to v0.16.0 [GH-27142]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.17.1

June 26, 2024

CHANGES:

• auth/jwt: Update plugin to v0.21.0 [GH-27498]

IMPROVEMENTS:

• storage/raft: Improve autopilot logging on startup to show config values clearly and avoid spurious logs [GH-27464]
• ui/secrets-sync: Hide Secrets Sync from the sidebar nav if user does not have access to the feature. [GH-27262]

BUG FIXES:

• agent: Fixed an issue causing excessive CPU usage during normal operation [GH-27518]
• config: Vault TCP listener config now correctly supports the documented proxy_protocol_behavior setting of 'deny_unauthorized' [GH-27459]
• core/audit: Audit logging a Vault request/response checks if the existing context is cancelled and will now use a new context with a 5 second timeout. If the existing context is cancelled a new context, will be used. [GH-27531]
• helper/pkcs7: Fix parsing certain messages containing only certificates [GH-27435]
• proxy: Fixed an issue causing excessive CPU usage during normal operation [GH-27518]
• replication (enterprise): fix cache invalidation issue leading to namespace custom metadata not being shown correctly on performance secondaries
• secrets-sync (enterprise): Properly remove tags from secrets in AWS when they are removed from the source association
• secrets-sync (enterprise): Return more accurate error code for invalid connection details
• secrets-sync (enterprise): Skip invalid GitHub repository names when creating destinations
• storage/azure: Fix invalid account name initialization bug [GH-27563]
• storage/raft (enterprise): Fix issue with namespace cache not getting cleared on snapshot restore, resulting in namespaces not found in the snapshot being inaccurately represented by API responses. [GH-27474]
• ui: Allow creation of session_token type roles for AWS secret backend [GH-27424]

1.17.0

June 12, 2024

SECURITY:

• auth/jwt: Update plugin to v0.20.3 that resolves a security issue with validing JWTs [GH-26890, HCSEC-2024-11]

CHANGES:

• api: Upgrade from github.com/go-jose/go-jose/v3 v3.0.3 to github.com/go-jose/go-jose/v4 v4.0.1. [GH-26527]
• audit: breaking change - Vault now allows audit logs to contain 'correlation-id' and 'x-correlation-id' headers when they are present in the incoming request. By default they are not HMAC'ed (but can be configured to HMAC by Vault Operators). [GH-26777]
• auth/alicloud: Update plugin to v0.18.0 [GH-27133]
• auth/azure: Update plugin to v0.18.0 [GH-27146]
• auth/centrify: Remove the deprecated Centrify auth method plugin [GH-27130]
• auth/cf: Update plugin to v0.17.0 [GH-27161]
• auth/gcp: Update plugin to v0.18.0 [GH-27140]
• auth/jwt: Update plugin to v0.20.2 [GH-26291]
• auth/kerberos: Update plugin to v0.12.0 [GH-27177]
• auth/kubernetes: Update plugin to v0.19.0 [GH-27186]

... (truncated)

Commits

• b8ab595 [VAULT-28416] This is an automated pull request to build all artifacts for a ...
• 6ae7bf4 actions: use the Github API for pull request labels (#27603) (#27604)
• 12da388 backport of commit 4e02a7a6731d5ab0bdc9bac4b282abca01505de9 (#27575)
• bd2c2a2 backport of commit 89e9e0f2cd46431ed212e7f63ec0ea2e23a639e7 (#27573)
• fd1845c Update interoperability-matrix.mdx (#27195) (#27570)
• 20adf07 backport of commit 45682dc090d36d323a3b63b0caa78e25bf328e86 (#27568)
• 6d7e876 Merge branch 'backport/VAULT-27411/secrets-sync-known-issue-and-docs-update/c...
• 078786d [DOCS: SPE-827] Add autopilot known issue to 1.15 docs and 1.16/1.17 release ...
• 9eaf58e backport of commit 25438b2238fe94e7bf4bbdc08b4447827534e6b1 (#27553)
• 15ee3dd backport of commit 9af5c5c93364bb3fa7ea0f8a25351a53df49f4f8 (#27550)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[xbglowx]

@dependabot rebase

[dependabot]

Superseded by #82.