dependabot[bot] opened a new pull request, #2108: URL: https://github.com/apache/dubbo-go/pull/2108
Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.6.0 to 0.6.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/blob/main/CHANGELOG.md";>github.com/hashicorp/vault/sdk's changelog</a>.</em></p> <blockquote> <h2>0.6.1 (August 22, 2016)</h2> <p>DEPRECATIONS/CHANGES:</p> <ul> <li>Once the active node is 0.6.1, standby nodes must also be 0.6.1 in order to connect to the HA cluster. We recommend following our <a href="https://www.vaultproject.io/docs/install/upgrade.html";>general upgrade instructions</a> in addition to 0.6.1-specific upgrade instructions to ensure that this is not an issue.</li> <li>Status codes for sealed/uninitialized Vaults have changed to <code>503</code>/<code>501</code> respectively. See the <a href="https://www.vaultproject.io/docs/install/upgrade-to-0.6.1.html";>version-specific upgrade guide</a> for more details.</li> <li>Root tokens (tokens with the <code>root</code> policy) can no longer be created except by another root token or the <code>generate-root</code> endpoint.</li> <li>Issued certificates from the <code>pki</code> backend against new roles created or modified after upgrading will contain a set of default key usages.</li> <li>The <code>dynamodb</code> physical data store no longer supports HA by default. It has some non-ideal behavior around failover that was causing confusion. See the <a href="https://www.vaultproject.io/docs/config/index.html#ha_enabled";>documentation</a> for information on enabling HA mode. It is very important that this configuration is added <em>before upgrading</em>.</li> <li>The <code>ldap</code> backend no longer searches for <code>memberOf</code> groups as part of its normal flow. Instead, the desired group filter must be specified. This fixes some errors and increases speed for directories with different structures, but if this behavior has been relied upon, ensure that you see the upgrade notes <em>before upgrading</em>.</li> <li><code>app-id</code> is now deprecated with the addition of the new AppRole backend. There are no plans to remove it, but we encourage using AppRole whenever possible, as it offers enhanced functionality and can accommodate many more types of authentication paradigms.</li> </ul> <p>FEATURES:</p> <ul> <li><strong>AppRole Authentication Backend</strong>: The <code>approle</code> backend is a machine-oriented authentication backend that provides a similar concept to App-ID while adding many missing features, including a pull model that allows for the backend to generate authentication credentials rather than requiring operators or other systems to push credentials in. It should be useful in many more situations than App-ID. The inclusion of this backend deprecates App-ID. <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/1426";>GH-1426</a></li> <li><strong>Request Forwarding</strong>: Vault servers can now forward requests to each other rather than redirecting clients. This feature is off by default in 0.6.1 but will be on by default in the next release. See the <a href="https://www.vaultproject.io/docs/concepts/ha.html";>HA concepts page</a> for information on enabling and configuring it. <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/443";>GH-443</a></li> <li><strong>Convergent Encryption in <code>Transit</code></strong>: The <code>transit</code> backend now supports a convergent encryption mode where the same plaintext will produce the same ciphertext. Although very useful in some situations, this has potential security implications, which are mostly mitigated by requiring the use of</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/vault/commit/182ba68a9589d4cef95234134aaa498a686e3de3";><code>182ba68</code></a> Cut version 0.6.1</li> <li><a href="https://github.com/hashicorp/vault/commit/05238c04cb1a74b5211aa001e45e8c9fd3a5f91a";><code>05238c0</code></a> Update version numbers</li> <li><a href="https://github.com/hashicorp/vault/commit/6beadc1e1c9c7d317ef8074eaa3f26dfcc936f4d";><code>6beadc1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/1755";>#1755</a> from hashicorp/logxi</li> <li><a href="https://github.com/hashicorp/vault/commit/68345eb77086b3154a850b957a8ce47a471b9f16";><code>68345eb</code></a> Convert to logxi</li> <li><a href="https://github.com/hashicorp/vault/commit/0dd95f0d240e0820e84e22062db45f571fccee51";><code>0dd95f0</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/1754";>#1754</a> from hashicorp/secret-id-read-delete</li> <li><a href="https://github.com/hashicorp/vault/commit/7d772e445fd1b0d1d8857e36f6681241eb04ce19";><code>7d772e4</code></a> Extract out common code</li> <li><a href="https://github.com/hashicorp/vault/commit/1a62fb64c212144e16b02f82c4a19fc8c8d9fa61";><code>1a62fb6</code></a> Seperate endpoints for read/delete using secret-id and accessor</li> <li><a href="https://github.com/hashicorp/vault/commit/826146f9e85018337a293bd0442c3645433fa8d7";><code>826146f</code></a> Initial fixups, not yet done</li> <li><a href="https://github.com/hashicorp/vault/commit/357ecb4dfee0e4c4af12befce3ac44738892fd6a";><code>357ecb4</code></a> gofmt</li> <li><a href="https://github.com/hashicorp/vault/commit/cb106531dbea8e1766d635d29aec8dde5a14aac0";><code>cb10653</code></a> Bump tf version</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/vault/compare/v0.6.0...v0.6.1";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
