chore(deps): bump github.com/hashicorp/vault from 1.3.2 to 1.14.1

[dependabot]

Bumps github.com/hashicorp/vault from 1.3.2 to 1.14.1.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.14.1

No release notes provided.

v1.14.0

1.14.0

June 21, 2023

BREAKING CHANGES:

• secrets/pki: Maintaining running count of certificates will be turned off by default. To re-enable keeping these metrics available on the tidy status endpoint, enable maintain_stored_certificate_counts on tidy-config, to also publish them to the metrics consumer, enable publish_stored_certificate_count_metrics . [GH-18186]

CHANGES:

• auth/alicloud: Updated plugin from v0.14.0 to v0.15.0 [GH-20758]
• auth/azure: Updated plugin from v0.13.0 to v0.15.0 [GH-20816]
• auth/centrify: Updated plugin from v0.14.0 to v0.15.1 [GH-20745]
• auth/gcp: Updated plugin from v0.15.0 to v0.16.0 [GH-20725]
• auth/jwt: Updated plugin from v0.15.0 to v0.16.0 [GH-20799]
• auth/kubernetes: Update plugin to v0.16.0 [GH-20802]
• core: Bump Go version to 1.20.5.
• core: Remove feature toggle for SSCTs, i.e. the env var VAULT_DISABLE_SERVER_SIDE_CONSISTENT_TOKENS. [GH-20834]
• core: Revert #19676 (VAULT_GRPC_MIN_CONNECT_TIMEOUT env var) as we decided it was unnecessary. [GH-20826]
• database/couchbase: Updated plugin from v0.9.0 to v0.9.2 [GH-20764]
• database/redis-elasticache: Updated plugin from v0.2.0 to v0.2.1 [GH-20751]
• replication (enterprise): Add a new parameter for the update-primary API call that allows for setting of the primary cluster addresses directly, instead of via a token.
• secrets/ad: Updated plugin from v0.10.1-0.20230329210417-0b2cdb26cf5d to v0.16.0 [GH-20750]
• secrets/alicloud: Updated plugin from v0.5.4-beta1.0.20230330124709-3fcfc5914a22 to v0.15.0 [GH-20787]
• secrets/aure: Updated plugin from v0.15.0 to v0.16.0 [GH-20777]
• secrets/database/mongodbatlas: Updated plugin from v0.9.0 to v0.10.0 [GH-20882]
• secrets/database/snowflake: Updated plugin from v0.7.0 to v0.8.0 [GH-20807]
• secrets/gcp: Updated plugin from v0.15.0 to v0.16.0 [GH-20818]
• secrets/keymgmt: Updated plugin to v0.9.1
• secrets/kubernetes: Update plugin to v0.5.0 [GH-20802]
• secrets/mongodbatlas: Updated plugin from v0.9.1 to v0.10.0 [GH-20742]
• secrets/pki: Allow issuance of root CAs without AIA, when templated AIA information includes issuer_id. [GH-21209]
• secrets/pki: Warning when issuing leafs from CSRs with basic constraints. In the future, issuance of non-CA leaf certs from CSRs with asserted IsCA Basic Constraints will be prohibited. [GH-20654]

FEATURES:

• AWS Static Roles: The AWS Secrets Engine can manage static roles configured by users. [GH-20536]
• Automated License Utilization Reporting: Added automated license utilization reporting, which sends minimal product-license metering data to HashiCorp without requiring you to manually collect and report them.
• Environment Variables through Vault Agent: Introducing a new process-supervisor mode for Vault Agent which allows injecting secrets as environment variables into a child process using a new env_template configuration stanza. The process-supervisor configuration can be generated with a new vault agent generate-config helper tool. [GH-20530]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.14.1

July 25, 2023

CHANGES:

• auth/ldap: Normalize HTTP response codes when invalid credentials are provided [GH-21282]
• core/namespace (enterprise): Introduce the concept of high-privilege namespace (administrative namespace), which will have access to some system backend paths that were previously only accessible in the root namespace. [GH-21215]
• secrets/transform (enterprise): Enforce a transformation role's max_ttl setting on encode requests, a warning will be returned if max_ttl was applied.
• storage/aerospike: Aerospike storage shouldn't be used on 32-bit architectures and is now unsupported on them. [GH-20825]

IMPROVEMENTS:

• core/fips: Add RPM, DEB packages of FIPS 140-2 and HSM+FIPS 140-2 Vault Enterprise.
• eventbus: updated go-eventlogger library to allow removal of nodes referenced by pipelines (used for subscriptions) [GH-21623]
• openapi: Better mount points for kv-v1 and kv-v2 in openapi.json [GH-21563]
• replication (enterprise): Avoid logging warning if request is forwarded from a performance standby and not a performance secondary
• secrets/pki: Add a parameter to allow ExtKeyUsage field usage from a role within ACME. [GH-21702]
• secrets/transform (enterprise): Switch to pgx PostgreSQL driver for better timeout handling
• sys/metrics (enterprise): Adds a gauge metric that tracks whether enterprise builtin secret plugins are enabled. [GH-21681]

BUG FIXES:

• agent: Fix "generate-config" command documentation URL [GH-21466]
• auth/azure: Fix intermittent 401s by preventing performance secondary clusters from rotating root credentials. [GH-21800]
• auth/token, sys: Fix path-help being unavailable for some list-only endpoints [GH-18571]
• auth/token: Fix parsing of auth/token/create fields to avoid incorrect warnings about ignored parameters [GH-18556]
• awsutil: Update awsutil to v0.2.3 to fix a regression where Vault no longer respects AWS_ROLE_ARN, AWS_WEB_IDENTITY_TOKEN_FILE, and AWS_ROLE_SESSION_NAME. [GH-21951]
• core/managed-keys (enterprise): Allow certain symmetric PKCS#11 managed key mechanisms (AES CBC with and without padding) to operate without an HMAC.
• core: Fixed an instance where incorrect route entries would get tainted. We now pre-calculate namespace specific paths to avoid this. [GH-24170]
• core: Fixed issue with some durations not being properly parsed to include days. [GH-21357]
• identity: Remove caseSensitivityKey to prevent errors while loading groups which could result in missing groups in memDB when duplicates are found. [GH-20965]
• openapi: Fix response schema for PKI Issue requests [GH-21449]
• openapi: Fix schema definitions for PKI EAB APIs [GH-21458]
• replication (enterprise): update primary cluster address after DR failover
• secrets/azure: Fix intermittent 401s by preventing performance secondary clusters from rotating root credentials. [GH-21631]
• secrets/pki: Fix bug with ACME tidy, 'unable to determine acme base folder path'. [GH-21870]
• secrets/pki: Fix preserving acme_account_safety_buffer on config/auto-tidy. [GH-21870]
• secrets/pki: Prevent deleted issuers from reappearing when migrating from a version 1 bundle to a version 2 bundle (versions including 1.13.0, 1.12.2, and 1.11.6); when managed keys were removed but referenced in the Vault 1.10 legacy CA bundle, this the error: no managed key found with uuid. [GH-21316]
• secrets/transform (enterprise): Fix nil panic when deleting a template with tokenization transformations present
• secrets/transform (enterprise): Grab shared locks for various read operations, only escalating to write locks if work is required
• serviceregistration: Fix bug where multiple nodes in a secondary cluster could be labelled active after updating the cluster's primary [GH-21642]
• ui: Adds missing values to details view after generating PKI certificate [GH-21635]
• ui: Fixed an issue where editing an SSH role would clear default_critical_options and default_extension if left unchanged. [GH-21739]
• ui: Fixed secrets, leases, and policies filter dropping focus after a single character [GH-21767]
• ui: Fixes issue with certain navigational links incorrectly displaying in child namespaces [GH-21562]
• ui: Fixes login screen display issue with Safari browser [GH-21582]
• ui: Fixes problem displaying certificates issued with unsupported signature algorithms (i.e. ed25519) [GH-21926]
• ui: Fixes styling of private key input when configuring an SSH key [GH-21531]

... (truncated)

Commits

• bf23fe8 use verify changes for docs to skip tests (#21620) (#22017)
• 0e025ed backport of commit 8615b31598e094b1bf083242e76fff74a31daf9a (#22014)
• 1983499 backport of commit 02f43ecbc26ec79790f30826f49f97cecda987eb (#21587) (#21996)
• 8b92797 backport UI: Remove logic that skips sending object if not changed (#21759)
• 34c45fe backport of commit 1a46088afb0d5e442273350c6793d1216b6be4d1 (#21985)
• 78ea524 backport of commit 4ce8e4b00f96de7b7f0d66878ef41d340fe33855 (#21988)
• b906c03 backport of commit 5ba848dbdd14cac24960ec31e83d620f698b87a8 (#21992)
• e0f9544 backport of commit 6b21994d76b18c91397247dfd69bb01e46c5de25 (#21981)
• 6ff49c0 backport of UI: Fix confirm dropdown not rendering on HSM (#21975)
• 3b841c3 Backport of Limit number of tests in CI comment into release/1.14.x (#21971)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #322.