Bump github.com/hashicorp/vault from 1.16.3 to 1.18.2

[dependabot]

Bumps github.com/hashicorp/vault from 1.16.3 to 1.18.2.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.18.2

1.18.2

November 21, 2024

SECURITY:

• raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e

CHANGES:

• auth/azure: Update plugin to v0.19.2 [GH-28848]
• core/ha (enterprise): Failed attempts to become a performance standby node are now using an exponential backoff instead of a 10 second delay in between retries. The backoff starts at 2s and increases by a factor of two until reaching the maximum of 16s. This should make unsealing of the node faster in some cases.
• login (enterprise): Return a 500 error during logins when performance standby nodes make failed gRPC requests to the active node. [GH-28807]

FEATURES:

• Product Usage Reporting: Added product usage reporting, which collects anonymous, numerical, non-sensitive data about Vault secrets usage, and adds it to the existing utilization reports. See the [docs] for more info [GH-28858]

IMPROVEMENTS:

• secret/pki: Introduce a new value always_enforce_err within leaf_not_after_behavior to force the error in all circumstances such as CA issuance and ACME requests if requested TTL values are beyond the issuer's NotAfter. [GH-28907]
• secrets-sync (enterprise): No longer attempt to unsync a random UUID secret name in GCP upon destination creation.
• ui: Adds navigation for LDAP hierarchical roles [GH-28824]
• website/docs: changed outdated reference to consul-helm repository to consul-k8s repository. [GH-28825]

BUG FIXES:

• auth/ldap: Fixed an issue where debug level logging was not emitted. [GH-28881]
• core: Improved an internal helper function that sanitizes paths by adding a check for leading backslashes in addition to the existing check for leading slashes. [GH-28878]
• secret/pki: Fix a bug that prevents PKI issuer field enable_aia_url_templating to be set to false. [GH-28832]
• secrets-sync (enterprise): Fixed issue where secret-key granularity destinations could sometimes cause a panic when loading a sync status.
• secrets/aws: Fix issue with static credentials not rotating after restart or leadership change. [GH-28775]
• secrets/ssh: Return the flag allow_empty_principals in the read role api when key_type is "ca" [GH-28901]
• secrets/transform (enterprise): Fix nil panic when accessing a partially setup database store.
• secrets/transit: Fix a race in which responses from the key update api could contain results from another subsequent update [GH-28839]
• ui: Fixes rendering issues of LDAP dynamic and static roles with the same name [GH-28824]

v1.18.1

1.18.1

October 30, 2024

CHANGES:

• auth/azure: Update plugin to v0.19.1 [GH-28712]
• secrets/azure: Update plugin to v0.20.1 [GH-28699]
• secrets/openldap: Update plugin to v0.14.1 [GH-28479]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.18.2

November 21, 2024

SECURITY:

• raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e

CHANGES:

• auth/azure: Update plugin to v0.19.2 [GH-28848]
• core/ha (enterprise): Failed attempts to become a performance standby node are now using an exponential backoff instead of a 10 second delay in between retries. The backoff starts at 2s and increases by a factor of two until reaching the maximum of 16s. This should make unsealing of the node faster in some cases.
• login (enterprise): Return a 500 error during logins when performance standby nodes make failed gRPC requests to the active node. [GH-28807]

FEATURES:

• Product Usage Reporting: Added product usage reporting, which collects anonymous, numerical, non-sensitive data about Vault secrets usage, and adds it to the existing utilization reports. See the [docs] for more info [GH-28858]

IMPROVEMENTS:

• secret/pki: Introduce a new value always_enforce_err within leaf_not_after_behavior to force the error in all circumstances such as CA issuance and ACME requests if requested TTL values are beyond the issuer's NotAfter. [GH-28907]
• secrets-sync (enterprise): No longer attempt to unsync a random UUID secret name in GCP upon destination creation.
• ui: Adds navigation for LDAP hierarchical roles [GH-28824]
• website/docs: changed outdated reference to consul-helm repository to consul-k8s repository. [GH-28825]

BUG FIXES:

• auth/ldap: Fixed an issue where debug level logging was not emitted. [GH-28881]
• core: Improved an internal helper function that sanitizes paths by adding a check for leading backslashes in addition to the existing check for leading slashes. [GH-28878]
• secret/pki: Fix a bug that prevents PKI issuer field enable_aia_url_templating to be set to false. [GH-28832]
• secrets-sync (enterprise): Fixed issue where secret-key granularity destinations could sometimes cause a panic when loading a sync status.
• secrets/aws: Fix issue with static credentials not rotating after restart or leadership change. [GH-28775]
• secrets/ssh: Return the flag allow_empty_principals in the read role api when key_type is "ca" [GH-28901]
• secrets/transform (enterprise): Fix nil panic when accessing a partially setup database store.
• secrets/transit: Fix a race in which responses from the key update api could contain results from another subsequent update [GH-28839]
• ui: Fixes rendering issues of LDAP dynamic and static roles with the same name [GH-28824]

1.18.1

October 30, 2024

SECURITY:

• core/raft: Add raft join limits [GH-28790, HCSEC-2024-26]

CHANGES:

• auth/azure: Update plugin to v0.19.1 [GH-28712]
• secrets/azure: Update plugin to v0.20.1 [GH-28699]

... (truncated)

Commits

• e36bac5 [VAULT-32561] This is an automated pull request to build all artifacts for a ...
• c109ac5 backport of commit 11966246703e18e02e0abda7912fccaa51d67906 (#28955)
• a43e9ce [VAULT-32561] This is an automated pull request to build all artifacts for a ...
• 31b2baf backport of commit ccb86986248144b6d049218bf64d0815dfabe2ae (#28941)
• 551b74b backport of commit 3f62ae702b052c96dbd0b203a0cd4defe15e5406 (#28937)
• ee096be backport of commit cb0448a78590fe5c25b8447f4e2a283d483bcdd9 (#28933)
• 7e67db1 backport of commit 95a16dbafeba4e26a6f64cdc9c1de7f2625e970e (#28923)
• ebc367b backport of commit dc40b23d9a105b464277601604a01f7f840511bd (#28924)
• 8af62ad Release notes backport for 1.18 (#28915)
• bda6150 backport of commit 1a43ff67558f467387c2ee57bd6a755b4bb658f8 (#28906)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)