build(deps): Bump the go group across 1 directory with 26 updates

[dependabot]

Bumps the go group with 11 updates in the / directory:

Package	From	To
cloud.google.com/go/kms	1.15.7	1.18.1
filippo.io/age	1.1.1	1.2.0
github.com/Azure/azure-sdk-for-go/sdk/azcore	1.9.2	1.12.0
github.com/ProtonMail/go-crypto	1.1.0-alpha.0-proton	1.1.0-alpha.3-proton
github.com/aws/aws-sdk-go-v2	1.25.0	1.30.1
github.com/aws/aws-sdk-go-v2/config	1.27.0	1.27.23
github.com/aws/aws-sdk-go-v2/feature/s3/manager	1.16.0	1.17.3
github.com/aws/aws-sdk-go-v2/service/kms	1.28.1	1.35.1
github.com/fatih/color	1.16.0	1.17.0
github.com/hashicorp/vault/api	1.12.0	1.14.0
github.com/urfave/cli	1.22.14	1.22.15

Updates cloud.google.com/go/kms from 1.15.7 to 1.18.1

Release notes

Sourced from cloud.google.com/go/kms's releases.

kms: v1.18.1

1.18.1 (2024-06-26)

Bug Fixes

• kms: Enable new auth lib (b95805f)

retail: v1.17.1

1.17.1 (2024-06-26)

Bug Fixes

• retail: Enable new auth lib (b95805f)

security: v1.17.1

1.17.1 (2024-06-26)

Bug Fixes

• security: Enable new auth lib (b95805f)

functions: v1.16.3

1.16.3 (2024-06-26)

Bug Fixes

• functions: Enable new auth lib (b95805f)

redis: v1.16.1

1.16.1 (2024-06-26)

Bug Fixes

• redis: Enable new auth lib (b95805f)

Changelog

Sourced from cloud.google.com/go/kms's changelog.

1.18.1 (2023-05-08)

Bug Fixes

• documentai: Update grpc to v1.55.0 (1147ce0)

1.18.0 (2023-03-22)

Features

• documentai: Add ImportProcessorVersion in v1beta3 (c967961)

1.17.0 (2023-03-15)

Features

• documentai: Added hints.language_hints field in OcrConfig (#7522) (b2c40c3)

1.16.0 (2023-02-22)

Features

• documentai: ROLLBACK (#7439) (932ddc8)

1.15.0 (2023-02-14)

⚠ BREAKING CHANGES

• documentai: The TrainProcessorVersion parent was incorrectly annotated.

Features

• documentai: Add REST client (06a54a1)
• documentai: Added advanced_ocr_options field in OcrConfig (45c70e3)
• documentai: Added EvaluationReference to evaluation.proto (#7290) (4623db8)
• documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
• documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
• documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
• documentai: Exposed GetProcessorType to v1 (447afdd)
• documentai: Exposed GetProcessorType to v1beta3 (447afdd)
• documentai: Rewrite signatures in terms of new location (3c4b2b3)
• documentai: Start generating stubs dir (de2d180)

Miscellaneous Chores

... (truncated)

Commits

• b53c5fb chore: release main (#10406)
• b3a2cd2 chore(main): release pubsub 1.40.0 (#10407)
• a3d70ed feat(pubsub): add client ID to initial streaming pull request (#10436)
• b76b4ee chore(telcoautomation): release v1.0.0 (#10448)
• c8b65e4 chore(securitycentermanagement): release v1.0.0 (#10447)
• 752601c chore(securesourcemanager): release v1.0.0 (#10446)
• 1cf83a8 chore(edgenetwork): release v1.0.0 (#10445)
• 4f2cc2b chore(cloudquotas): release v1.0.0 (#10444)
• 2980bd1 chore(cloudcontrolspartner): release v1.0.0 (#10443)
• 5e4167f chore(backupdr): release v1.0.0 (#10442)
• Additional commits viewable in compare view

Updates cloud.google.com/go/storage from 1.38.0 to 1.41.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

pubsub: v1.40.0

1.40.0 (2024-06-26)

Features

• pubsub: Add client ID to initial streaming pull request (#10436) (a3d70ed)
• pubsub: Add use_topic_schema for Cloud Storage Subscriptions (d6c543c)

Commits

• 9fb390d chore(main): release spanner 1.41.0 (#7068)
• 7231644 chore(all): auto-regenerate gapics (#7110)
• 4f0456e chore(all): auto-regenerate gapics (#7085)
• 83f12d5 chore(main): release bigquery 1.44.0 (#6990)
• 8cd9468 chore(main): release pubsub 1.27.0 (#7069)
• 756f7bf chore(main): release firestore 1.9.0 (#6987)
• a77ada8 chore(main): release datastore 1.10.0 (#7067)
• d16d9af chore(main): release logging 1.6.0 (#7070)
• 601c77a feat(bigquery): add default partition expiration to Dataset (#7096)
• eddaf71 test(pubsublite): fix flaky TestIntegration_PublishSubscribeSinglePartition (...
• Additional commits viewable in compare view

Updates filippo.io/age from 1.1.1 to 1.2.0

Release notes

Sourced from filippo.io/age's releases.

age v1.2.0

A small release to build the release binaries with a more recent Go toolchain, and to fix a couple CLI edge cases (FiloSottile/age#491, FiloSottile/age#555).

The Go module now exposes a plugin package that provides an age plugin client. That is, Recipient and Identity implementations that invoke a plugin binary, allowing the use of age plugins in Go programs.

Finally, Recipients can now return a set of "labels" by implementing RecipientWithLabels. This allows replicating the special behavior of the scrypt Recipient in third-party Recipients, or applying policy useful for authenticated or post-quantum Recipients.

// RecipientWithLabels can be optionally implemented by a Recipient, in which
// case Encrypt will use WrapWithLabels instead of Wrap.
//
// Encrypt will succeed only if the labels returned by all the recipients
// (assuming the empty set for those that don't implement RecipientWithLabels)
// are the same.
//
// This can be used to ensure a recipient is only used with other recipients
// with equivalent properties (for example by setting a "postquantum" label) or
// to ensure a recipient is always used alone (by returning a random label, for
// example to preserve its authentication properties).
type RecipientWithLabels interface {
	WrapWithLabels(fileKey []byte) (s []*Stanza, labels []string, err error)
}

Commits

• bbe6ce5 .github/workflows: update artifacts Actions
• 1e1bada .github/workflows: go-version stable, not latest
• 2293a9a .github/workflows: use latest Go for bootstrap
• 01fe9cd README: add pkgx installation instructions
• bd0511b cmd/age: detect output/input file reuse when possible
• febaade cmd/age: create file for empty decryptions
• 0a40718 doc: regenerate groff and html man pages
• 7ed4868 .github/workflows: apparently setup-go has no defaults
• 2a761fc .github/workflows: update GitHub Actions
• 98e7afc all: upgrade dependencies
• Additional commits viewable in compare view

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.2 to 1.12.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.12.0

1.12.0 (2024-06-06)

Features Added

• Added field StatusCodes to runtime.FetcherForNextLinkOptions allowing for additional HTTP status codes indicating success.
• Added func NewUUID to the runtime package for generating UUIDs.

Bugs Fixed

• Fixed an issue that prevented pollers using the Operation-Location strategy from unmarshaling the final result in some cases.

Other Changes

• Updated dependencies.

sdk/azcore/v1.11.1

1.11.1 (2024-04-02)

Bugs Fixed

• Pollers that use the Location header won't consider http.StatusRequestTimeout a terminal failure.
• runtime.Poller[T].Result won't consider non-terminal error responses as terminal.

sdk/azcore/v1.11.0

1.11.0 (2024-04-01)

Features Added

• Added StatusCodes to arm/policy.RegistrationOptions to allow supporting non-standard HTTP status codes during registration.
• Added field InsecureAllowCredentialWithHTTP to azcore.ClientOptions and dependent authentication pipeline policies.
• Added type MultipartContent to the streaming package to support multipart/form payloads with custom Content-Type and file name.

Bugs Fixed

• runtime.SetMultipartFormData won't try to stringify []byte values.
• Pollers that use the Location header won't consider http.StatusTooManyRequests a terminal failure.

Other Changes

• Update dependencies.

Commits

• e58902b Prep azcore v1.12.0 for release (#23005)
• 9ad32c5 Increment package version after release of internal (#23004)
• 897e903 Update ignore-links.txt (#23003)
• ac7cc04 [keyvault] fix test recording sanitizers (#22911)
• 276cf8c update readme (#22971)
• 5eb479f [azopenai] Updating hash to merged PR. (#22998)
• 9c4f5c5 Prepare sdk/internal v1.9.0 for release (#22991)
• b407f56 Increment version for messaging/azwebpubsub releases (#22466)
• 3af4c7e update mgmt live test (#22996)
• b7d018e fix sdk/resourcemanager/internal module (#22994)
• Additional commits viewable in compare view

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.1 to 1.5.2

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.

sdk/azidentity/v1.5.2

1.5.2 (2024-04-09)

Bugs Fixed

• ManagedIdentityCredential now specifies resource IDs correctly for Azure Container Instances

Other Changes

• Restored v1.4.0 error behavior for empty tenant IDs
• Upgraded dependencies

Commits

• 299ebfe Prepare internal for release (#22339)
• d00123d Update packages (#22338)
• 0a332e3 Fix issue in Verify-Link.ps1 after PS 7.4 update (#22336)
• c8ae7ed Sync eng/common directory with azure-sdk-tools for PR 7615 (#22335)
• 9ae828c Replace ErrAuthenticationRequired with AuthenticationRequiredError (#22317)
• 7c50f09 [Release] sdk/resourcemanager/springappdiscovery/armspringappdiscovery/0.1.0 ...
• b36de61 Added spec location verification to the release pipeline (#22301)
• 00f2b8b Go SDK for Azure Web PubSub Data plane (#21929)
• 0aa2409 Sync eng/common directory with azure-sdk-tools for PR 7585 (#22312)
• 572ba1f JSON marshaling helpers will preserve Content-Type (#22309)
• Additional commits viewable in compare view

Updates github.com/ProtonMail/go-crypto from 1.1.0-alpha.0-proton to 1.1.0-alpha.3-proton

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

v1.1.0-alpha.3-proton

This pre-release is v1.1.0-alpha.3 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

v1.1.0-alpha.1-proton

This pre-release is v1.1.0-alpha.1 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

Commits

• dfc5210 Fix HMAC generation (#204)
• a0d3abb Replace ioutil.ReadAll with io.ReadAll
• 12d80ee fix(v2): Adapt NewForwardingEntity to refactored NewEntity
• 00db3be fix(v2): Do not allow encrpytion with a forwarding key
• 49c1020 feat: Add symmetric keys to v2
• bce9b31 fix: Address warnings
• e202bef feat: Add forwarding to v2 api
• 2a86d28 fix: Address rebase on version 2 issues
• a425074 Use fingerprints instead of KeyIDs
• b55bb97 Create a copy of the encrypted key when forwarding
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.25.0 to 1.30.1

Commits

• 4509a60 Release 2024-06-28
• 0c61504 Regenerated Clients
• 7ca59bf Update SDK's smithy-go dependency to v1.20.3
• fe1af5b Update endpoints model
• b76404f Update API model
• 8ca412d Release 2024-06-27
• 6505a14 Regenerated Clients
• 66e5439 Update endpoints model
• 590c9db Update API model
• 7c25c21 Release 2024-06-26
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.27.0 to 1.27.23

Commits

• 4509a60 Release 2024-06-28
• 0c61504 Regenerated Clients
• 7ca59bf Update SDK's smithy-go dependency to v1.20.3
• fe1af5b Update endpoints model
• b76404f Update API model
• 8ca412d Release 2024-06-27
• 6505a14 Regenerated Clients
• 66e5439 Update endpoints model
• 590c9db Update API model
• 7c25c21 Release 2024-06-26
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.0 to 1.17.23

Commits

• 4509a60 Release 2024-06-28
• 0c61504 Regenerated Clients
• 7ca59bf Update SDK's smithy-go dependency to v1.20.3
• fe1af5b Update endpoints model
• b76404f Update API model
• 8ca412d Release 2024-06-27
• 6505a14 Regenerated Clients
• 66e5439 Update endpoints model
• 590c9db Update API model
• 7c25c21 Release 2024-06-26
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.0 to 1.17.3

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/feature/s3/manager's changelog.

Release (2022-12-15)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/aws-sdk-go-v2: v1.17.3
  • Bug Fix: Unify logic between shared config and in finding home directory
• github.com/aws/aws-sdk-go-v2/config: v1.18.5
  • Bug Fix: Unify logic between shared config and in finding home directory
• github.com/aws/aws-sdk-go-v2/credentials: v1.13.5
  • Bug Fix: Unify logic between shared config and in finding home directory
• github.com/aws/aws-sdk-go-v2/service/backupgateway: v1.8.0
  • Feature: This release adds support for VMware vSphere tags, enabling customer to protect VMware virtual machines using tag-based policies for AWS tags mapped from vSphere tags. This release also adds support for customer-accessible gateway-hypervisor interaction log and upload bandwidth rate limit schedule.
• github.com/aws/aws-sdk-go-v2/service/connect: v1.40.0
  • Feature: Added support for "English - New Zealand" and "English - South African" to be used with Amazon Connect Custom Vocabulary APIs.
• github.com/aws/aws-sdk-go-v2/service/ecs: v1.21.0
  • Feature: This release adds support for container port ranges in ECS, a new capability that allows customers to provide container port ranges to simplify use cases where multiple ports are in use in a container. This release updates TaskDefinition mutation APIs and the Task description APIs.
• github.com/aws/aws-sdk-go-v2/service/eks: v1.26.0
  • Feature: Add support for Windows managed nodes groups.
• github.com/aws/aws-sdk-go-v2/service/glue: v1.38.0
  • Feature: This release adds support for AWS Glue Crawler with native DeltaLake tables, allowing Crawlers to classify Delta Lake format tables and catalog them for query engines to query against.
• github.com/aws/aws-sdk-go-v2/service/kinesis: v1.16.0
  • Feature: Added StreamARN parameter for Kinesis Data Streams APIs. Added a new opaque pagination token for ListStreams. SDKs will auto-generate Account Endpoint when accessing Kinesis Data Streams.
• github.com/aws/aws-sdk-go-v2/service/location: v1.19.5
  • Documentation: This release adds support for a new style, "VectorOpenDataStandardLight" which can be used with the new data source, "Open Data Maps (Preview)".
• github.com/aws/aws-sdk-go-v2/service/m2: v1.2.0
  • Feature: Adds an optional create-only KmsKeyId property to Environment and Application resources.
• github.com/aws/aws-sdk-go-v2/service/sagemaker: v1.57.0
  • Feature: SageMaker Inference Recommender now allows customers to load tests their models on various instance types using private VPC.
• github.com/aws/aws-sdk-go-v2/service/securityhub: v1.26.0
  • Feature: Added new resource details objects to ASFF, including resources for AwsEc2LaunchTemplate, AwsSageMakerNotebookInstance, AwsWafv2WebAcl and AwsWafv2RuleGroup.
• github.com/aws/aws-sdk-go-v2/service/translate: v1.16.0
  • Feature: Raised the input byte size limit of the Text field in the TranslateText API to 10000 bytes.

Release (2022-12-14)

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/cloudwatch: v1.23.0
  • Feature: Adding support for Metrics Insights Alarms
• github.com/aws/aws-sdk-go-v2/service/costexplorer: v1.24.0
  • Feature: This release supports percentage-based thresholds on Cost Anomaly Detection alert subscriptions.
• github.com/aws/aws-sdk-go-v2/service/networkmanager: v1.16.0
  • Feature: Appliance Mode support for AWS Cloud WAN.
• github.com/aws/aws-sdk-go-v2/service/redshiftdata: v1.17.0
  • Feature: This release adds a new --client-token field to ExecuteStatement and BatchExecuteStatement operations. Customers can now run queries with the additional client token parameter to ensures idempotency.
• github.com/aws/aws-sdk-go-v2/service/sagemakermetrics: v1.0.1
  • Documentation: Update SageMaker Metrics documentation.

Release (2022-12-13)

... (truncated)

Commits

• 1257d4e Release 2022-12-15
• f89f556 Regenerated Clients
• 7c6f2cf Update endpoints model
• 7cd0d9d Update API model
• 6067fb2 Unify home dir logic between shared config and sso (#1960)
• 6fad028 Release 2022-12-14
• cc65897 Regenerated Clients
• e04c471 Update endpoints model
• 2de26a2 Update API model
• 7ad009a Release 2022-12-13
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/kms from 1.28.1 to 1.35.1

Commits

• 4509a60 Release 2024-06-28
• 0c61504 Regenerated Clients
• 7ca59bf Update SDK's smithy-go dependency to v1.20.3
• fe1af5b Update endpoints model
• b76404f Update API model
• 8ca412d Release 2024-06-27
• 6505a14 Regenerated Clients
• 66e5439 Update endpoints model
• 590c9db Update API model
• 7c25c21 Release 2024-06-26
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.49.0 to 1.57.1

Commits

• 4509a60 Release 2024-06-28
• 0c61504 Regenerated Clients
• 7ca59bf Update SDK's smithy-go dependency to v1.20.3
• fe1af5b Update endpoints model
• b76404f Update API model
• 8ca412d Release 2024-06-27
• 6505a14 Regenerated Clients
• 66e5439 Update endpoints model
• 590c9db Update API model
• 7c25c21 Release 2024-06-26
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.27.0 to 1.30.1

Commits

• 4509a60 Release 2024-06-28
• 0c61504 Regenerated Clients
• 7ca59bf Update SDK's smithy-go dependency to v1.20.3
• fe1af5b Update endpoints model
• b76404f Update API model
• 8ca412d Release 2024-06-27
• 6505a14 Regenerated Clients
• 66e5439 Update endpoints model
• 590c9db Update API model
• 7c25c21 Release 2024-06-26
• Additional commits viewable in compare view

Updates github.com/fatih/color from 1.16.0 to 1.17.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.17.0

What's Changed

• Fix multi-parameter println spacing by @​klauspost in fatih/color#228
• ci: update Go and Staticcheck versions by @​fatih in fatih/color#222
• Bump golang.org/x/sys from 0.14.0 to 0.17.0 by @​dependabot in fatih/color#221
• Bump actions/setup-go from 4 to 5 by @​dependabot in fatih/color#217
• Bump golang.org/x/sys from 0.17.0 to 0.18.0 by @​dependabot in fatih/color#224

New Contributors

• @​klauspost made their first contribution in fatih/color#228

Full Changelog: fatih/color@v1.16.0...v1.17.0

Commits

• b6598b1 Merge pull request #228 from klauspost/fix-println-issue-218
• 00b1811 Fix multi-parameter println spacing
• 04994a8 Merge pull request #224 from fatih/dependabot/go_modules/golang.org/x/sys-0.18.0
• 7526cad Merge branch 'main' into dependabot/go_modules/golang.org/x/sys-0.18.0
• 8d058ca Merge pull request #222 from fatih/ci-updates
• 2ac809f Bump golang.org/x/sys from 0.17.0 to 0.18.0
• 51a7bbf ci: update Go and Staticcheck versions
• 799c49c Merge pull request #217 from fatih/dependabot/github_actions/actions/setup-go-5
• f8e0ec9 Merge branch 'main' into dependabot/github_actions/actions/setup-go-5
• 298abd8 Merge pull request #221 from fatih/dependabot/go_modules/golang.org/x/sys-0.17.0
• Additional commits viewable in compare view

Updates github.com/golang/protobuf from 1.5.3 to 1.5.4

Release notes

Sourced from github.com/golang/protobuf's releases.

v1.5.4

Notable changes

• update descriptor.proto to latest version

Commits

• 75de7c0 Merge pull request #1597 from golang/updatedesc
• b7697bb all: update descriptor.proto to latest version
• See full diff in compare view

Updates github.com/hashicorp/vault/api from 1.12.0 to 1.14.0

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.14.0

1.14.0

June 21, 2023

BREAKING CHANGES:

• secrets/pki: Maintaining running count of certificates will be turned off by default. To re-enable keeping these metrics available on the tidy status endpoint, enable maintain_stored_certificate_counts on tidy-config, to also publish them to the metrics consumer, enable publish_stored_certificate_count_metrics . [GH-18186]

CHANGES:

• auth/alicloud: Updated plugin from v0.14.0 to v0.15.0 [GH-20758]
• auth/azure: Updated plugin from v0.13.0 to v0.15.0 [GH-20816]
• auth/centrify: Updated plugin from v0.14.0 to v0.15.1 [GH-20745]
• auth/gcp: Updated plugin from v0.15.0 to v0.16.0 [GH-20725]
• auth/jwt: Updated plugin from v0.15.0 to v0.16.0 [GH-20799]
• auth/kubernetes: Update plugin to v0.16.0 [GH-20802]
• core: Bump Go version to 1.20.5.
• core: Remove feature toggle for SSCTs, i.e. the env var VAULT_DISABLE_SERVER_SIDE_CONSISTENT_TOKENS. [GH-20834]
• core: Revert #19676 (VAULT_GRPC_MIN_CONNECT_TIMEOUT env var) as we decided it was unnecessary. [GH-20826]
• database/couchbase: Updated plugin from v0.9.0 to v0.9.2 [GH-20764]
• database/redis-elasticache: Updated plugin from v0.2.0 to v0.2.1 [GH-20751]
• replication (enterprise): Add a new parameter for the update-primary API call that allows for setting of the primary cluster addresses directly, instead of via a token.
• secrets/ad: Updated plugin from v0.10.1-0.20230329210417-0b2cdb26cf5d to v0.16.0 [GH-20750]
• secrets/alicloud: Updated plugin from v0.5.4-beta1.0.20230330124709-3fcfc5914a22 to v0.15.0 [GH-20787]
• secrets/aure: Updated plugin from v0.15.0 to v0.16.0 [GH-20777]
• secrets/database/mongodbatlas: Updated plugin from v0.9.0 to v0.10.0 [GH-20882]
• secrets/database/snowflake: Updated plugin from v0.7.0 to v0.8.0 [GH-20807]
• secrets/gcp: Updated plugin from v0.15.0 to v0.16.0 [GH-20818]
• secrets/keymgmt: Updated plugin to v0.9.1
• secrets/kubernetes: Update plugin to v0.5.0 [GH-20802]
• secrets/mongodbatlas: Updated plugin from v0.9.1 to v0.10.0 [GH-20742]
• secrets/pki: Allow issuance of root CAs without AIA, when templated AIA information includes issuer_id. [GH-21209]
• secrets/pki: Warning when issuing leafs from CSRs with basic constraints. In the future, issuance of non-CA leaf certs from CSRs with asserted IsCA Basic Constraints will be prohibited. [GH-20654]

FEATURES:

• AWS Static Roles: The AWS Secrets Engine can manage static roles configured by users. [GH-20536]
• Automated License Utilization Reporting: Added automated license utilization reporting, which sends minimal product-license metering data to HashiCorp without requiring you to manually collect and report them.
• Environment Variables through Vault Agent: Introducing a new process-supervisor mode for Vault Agent which allows injecting secrets as environment variables into a child process using a new env_template configuration stanza. The process-supervisor configuration can be generated with a new vault agent generate-config helper tool. [GH-20530]
• MongoDB Atlas Database Secrets: Adds support for client certificate credentials [GH-20425]
• MongoDB Atlas Database Secrets: Adds support for generating X.509 certificates on dynamic roles for user authentication [GH-20882]
• NEW PKI Workflow in UI: Completes generally available rollout of new PKI UI that provides smoother mount configuration and a more guided user experience [GH-pki-ui-improvements]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.14.0

June 21, 2023

SECURITY:

• ui: key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. [HSEC-2023-17]

BREAKING CHANGES:

• secrets/pki: Maintaining running count of certificates will be turned off by default. To re-enable keeping these metrics available on the tidy status endpoint, enable maintain_stored_certificate_counts on tidy-config, to also publish them to the metrics consumer, enable publish_stored_certificate_count_metrics . [GH-18186]

CHANGES:

• auth/alicloud: Updated plugin from v0.14.0 to v0.15.0 [GH-20758]
• auth/azure: Updated plugin from v0.13.0 to v0.15.0 [GH-20816]
• auth/centrify: Updated plugin from v0.14.0 to v0.15.1 [GH-20745]
• auth/gcp: Updated plugin from v0.15.0 to v0.16.0 [GH-20725]
• auth/jwt: Updated plugin from v0.15.0 to v0.16.0 [GH-20799]
• auth/kubernetes: Update plugin to v0.16.0 [GH-20802]
• core: Bump Go version to 1.20.5.
• core: Remove feature toggle for SSCTs, i.e. the env var VAULT_DISABLE_SERVER_SIDE_CONSISTENT_TOKENS. [GH-20834]
• core: Revert #19676 (VAULT_GRPC_MIN_CONNECT_TIMEOUT env var) as we decided it was unnecessary. [GH-20826]
• database/couchbase: Updated plugin from v0.9.0 to v0.9.2 [GH-20764]
• database/redis-elasticache: Updated plugin from v0.2.0 to v0.2.1 [GH-20751]
• replication (enterprise): Add a new parameter for the update-primary API call that allows for setting of the primary cluster addresses directly, instead of via a token.
• secrets/ad: Updated plugin from v0.10.1-0.20230329210417-0b2cdb26cf5d to v0.16.0 [GH-20750]
• secrets/alicloud: Updated plugin from v0.5.4-beta1.0.20230330124709-3fcfc5914a22 to v0.15.0 [GH-20787]
• secrets/aure: Updated plugin from v0.15.0 to v0.16.0 [GH-20777]
• secrets/database/mongodbatlas: Updated plugin from v0.9.0 to v0.10.0 [GH-20882]
• secrets/database/snowflake: Updated plugin from v0.7.0 to v0.8.0 [GH-20807]
• secrets/gcp: Updated plugin from v0.15.0 to v0.16.0 [GH-20818]
• secrets/keymgmt: Updated plugin to v0.9.1
• secrets/kubernetes: Update plugin to v0.5.0 [GH-20802]
• secrets/mongodbatlas: Updated plugin from v0.9.1 to v0.10.0 [GH-20742]
• secrets/pki: Allow issuance of root CAs without AIA, when templated AIA information includes issuer_id. [GH-21209]
• secrets/pki: Warning when issuing leafs from CSRs with basic constraints. In the future, issuance of non-CA leaf certs from CSRs with asserted IsCA Basic Constraints will be prohibited. [GH-20654]

FEATURES:

• AWS Static Roles: The AWS Secrets Engine can manage static roles configured by users. [GH-20536]
• Automated License Utilization Reporting: Added automated license utilization reporting, which sends minimal product-license

[dependabot]

The following labels could not be found: dependencies.

[dependabot]

Superseded by #33.