Bump github.com/hashicorp/vault from 1.14.1 to 1.15.6

[dependabot]

Bumps github.com/hashicorp/vault from 1.14.1 to 1.15.6.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.15.6

1.15.6

February 29, 2024

SECURITY:

• auth/cert: compare public keys of trusted non-CA certificates with incoming client certificates to prevent trusting certs with the same serial number but not the same public/private key. [GH-25649]

CHANGES:

• core: Bump Go version to 1.21.7.
• secrets/openldap: Update plugin to v0.12.1 [GH-25524]

FEATURES:

• Manual License Utilization Reporting: Added manual license utilization reporting, which allows users to create manual exports of product-license [metering data] to report to Hashicorp.

IMPROVEMENTS:

• auth/cert: Cache trusted certs to reduce memory usage and improve performance of logins. [GH-25421]
• ui: Add deletion_allowed param to transformations and include tokenization as a type option [GH-25436]
• ui: redirect back to current route after reauthentication when token expires [GH-25335]
• ui: remove unnecessary OpenAPI calls for unmanaged auth methods [GH-25364]

BUG FIXES:

• agent: Fix issue where Vault Agent was unable to render KVv2 secrets with delete_version_after set. [GH-25387]
• audit: Handle a potential panic while formatting audit entries for an audit log [GH-25605]
• core (enterprise): Fix a deadlock that can occur on performance secondary clusters when there are many mounts and a mount is deleted or filtered [GH-25448]
• core (enterprise): Fix a panic that can occur if only one seal exists but is unhealthy on the non-first restart of Vault.
• core/quotas: Deleting a namespace that contains a rate limit quota no longer breaks replication [GH-25439]
• openapi: Fixing response fields for rekey operations [GH-25509]
• secrets/transit: When provided an invalid input with hash_algorithm=none, a lock was not released properly before reporting an error leading to deadlocks on a subsequent key configuration update. [GH-25336]
• storage/file: Fixing spuriously deleting storage keys ending with .temp [GH-25395]
• transform (enterprise): guard against a panic looking up a token in exportable mode with barrier storage.
• ui: Do not disable JSON display toggle for KV version 2 secrets [GH-25235]
• ui: Do not show resultant-acl banner on namespaces a user has access to [GH-25256]
• ui: Fix copy button not working on masked input when value is not a string [GH-25269]
• ui: Update the KV secret data when you change the version you're viewing of a nested secret. [GH-25152]

v1.15.5

1.15.5

January 31, 2024

SECURITY:

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.15.6

February 29, 2024

SECURITY:

• auth/cert: compare public keys of trusted non-CA certificates with incoming client certificates to prevent trusting certs with the same serial number but not the same public/private key. [GH-25649]

CHANGES:

• core: Bump Go version to 1.21.7.
• secrets/openldap: Update plugin to v0.12.1 [GH-25524]

FEATURES:

• Manual License Utilization Reporting: Added manual license utilization reporting, which allows users to create manual exports of product-license [metering data] to report to Hashicorp.

IMPROVEMENTS:

• auth/cert: Cache trusted certs to reduce memory usage and improve performance of logins. [GH-25421]
• ui: Add deletion_allowed param to transformations and include tokenization as a type option [GH-25436]
• ui: redirect back to current route after reauthentication when token expires [GH-25335]
• ui: remove unnecessary OpenAPI calls for unmanaged auth methods [GH-25364]

BUG FIXES:

• agent: Fix issue where Vault Agent was unable to render KVv2 secrets with delete_version_after set. [GH-25387]
• audit: Handle a potential panic while formatting audit entries for an audit log [GH-25605]
• core (enterprise): Fix a deadlock that can occur on performance secondary clusters when there are many mounts and a mount is deleted or filtered [GH-25448]
• core (enterprise): Fix a panic that can occur if only one seal exists but is unhealthy on the non-first restart of Vault.
• core/quotas: Deleting a namespace that contains a rate limit quota no longer breaks replication [GH-25439]
• openapi: Fixing response fields for rekey operations [GH-25509]
• secrets/transit: When provided an invalid input with hash_algorithm=none, a lock was not released properly before reporting an error leading to deadlocks on a subsequent key configuration update. [GH-25336]
• storage/file: Fixing spuriously deleting storage keys ending with .temp [GH-25395]
• transform (enterprise): guard against a panic looking up a token in exportable mode with barrier storage.
• ui: Do not disable JSON display toggle for KV version 2 secrets [GH-25235]
• ui: Do not show resultant-acl banner on namespaces a user has access to [GH-25256]
• ui: Fix copy button not working on masked input when value is not a string [GH-25269]
• ui: Update the KV secret data when you change the version you're viewing of a nested secret. [GH-25152]

1.15.5

January 31, 2024

SECURITY:

• audit: Fix bug where use of 'log_raw' option could result in other devices logging raw audit data [GH-24968] [HCSEC-2024-01]

... (truncated)

Commits

• 615cf6f [VAULT-24502] This is an automated pull request to build all artifacts for a ...
• 7d8936d backport of commit e0b1b87ca684425a38855ac2cbd4436b7945a406 (#25702)
• 0ee38fb Revert "backport of commit ebe9ccf9c7a6af81977dadda7050bea3501c8d31 (#25624)"...
• ee2cd6b Bump go version to 1.21.7 (#25663)
• a701240 backport of commit 773911494e767482207674b5e7bdb9608693c8c0 (#25655)
• 060b975 backport of commit 3aa5b915eecd8d158410a2019ca5eafcaabf77df (#25651)
• 0ccfbc0 Audit panic fix: PR based on #25605 (#25631)
• efeafec backport of commit ebe9ccf9c7a6af81977dadda7050bea3501c8d31 (#25624)
• f73c1fe backport of commit 7ecaca0bb75bf625220e24cc4862fa496baa1249 (#25567)
• d06eaab backport of commit 4811fd1962b97ea98d4dd7d7a0639c9cb42ac5bb (#24983)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dennisc87]

I have looked around for fixes to the issue with the indirect dependencies, so upgrading to the vault/SDK v0.11.0, also contains breaking changes, but I haven't found a fix, I looked at the issues below, but it seems that they don't want to support this use case (importing the Vault package into our own application)....

• Data.Clone not defined in latest version of test tooling hashicorp/vault#25603
• Version v1.15.4 not compatible with latest sdk version 0.10.2 hashicorp/vault#24551, in this issue there is a potential fix with a specific version, but that doesn't sound right to me: Version v1.15.4 not compatible with latest sdk version 0.10.2 hashicorp/vault#24551 (comment)

Please let me know how you fixed this issue, if you succeed.

[dependabot]

Superseded by #258.