Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump hashicorp/random from 3.1.2 to 3.6.3 in /deploy/aws/app/kube #519

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): bump hashicorp/random from 3.1.2 to 3.6.3 in /deploy/aws/app/kube #519

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 16, 2024

Bumps hashicorp/random from 3.1.2 to 3.6.3.

Release notes

Sourced from hashicorp/random's releases.

v3.6.3

NOTES:

  • all: This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#604)

v3.6.2

NOTES:

  • resource/random_pet: Results have been updated to the latest upstream petname data (#581)

v3.6.1

BUG FIXES:

  • all: Prevent keepers from triggering an in-place update following import (#385)
  • resource/random_shuffle: Prevent inconsistent result after apply when result_count is set to 0 (#409)
  • provider/random_password: Fix bug which causes panic when special, upper, lower and number/numeric are all false (#551)
  • provider/random_string: Fix bug which causes panic when special, upper, lower and number/numeric are all false (#551)

v3.6.0

FEATURES:

  • resource/random_bytes: New resource that generates an array of random bytes intended to be used as key or secret (#272)

v3.5.1

BUG FIXES:

  • resource/random_password: Prevent error with bcrypt by truncating the bytes that are hashed to a maximum length of 72 (#397)

v3.5.0

NOTES:

  • This Go module has been updated to Go 1.19 per the Go support policy. Any consumers building on earlier Go versions may experience errors. (#378)

v3.4.3

NOTES:

  • resource/random_password: The values for lower, number, special, upper, min_lower, min_numeric, min_special, min_upper and length could be null if the resource was imported using version 3.3.1 or before. The value for length will be automatically calculated and assigned and default values will be assigned for the other attributes listed after this upgrade (#313)
  • resource/random_string: The values for lower, number, special, upper, min_lower, min_numeric, min_special, min_upper and length could be null if the resource was imported using version 3.3.1 or before. The value for length will be automatically calculated and assigned and default values will be assigned for the other attributes listed after this upgrade (#313)
  • resource/random_password: If the resource was created between versions 3.4.0 and 3.4.2, the bcrypt_hash value would not correctly verify against the result value. Affected resources will automatically regenerate a valid bcrypt_hash after this upgrade. (#308)
  • resource/random_password: The override_special attribute may show a plan difference from empty string ("") to null if previously applied with version 3.4.2. The plan should show this as an in-place update and it should occur only once after upgrading. (#312)
  • resource/random_string: The override_special attribute may show a plan difference from empty string ("") to null if previously applied with version 3.4.2. The plan should show this as an in-place update and it should occur only once after upgrading. (#312)

BUG FIXES:

  • resource/random_password: Assign default values to lower, number, special, upper, min_lower, min_numeric, min_special and min_upper if null. Assign length of result to length if null (#313)
  • resource/random_string: Assign default values to lower, number, special, upper, min_lower, min_numeric, min_special and min_upper if null. Assign length of result to length if null (#313)
  • resource/random_password: Fixed incorrect bcrypt_hash generation since version 3.4.0 (#308)
  • resource/random_password: Prevented difference with override_special when upgrading from version 3.3.2 and earlier (#312)
  • resource/random_string: Prevented difference with override_special when upgrading from version 3.3.2 and earlier (#312)

... (truncated)

Changelog

Sourced from hashicorp/random's changelog.

3.6.3 (September 11, 2024)

NOTES:

  • all: This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#604)

3.6.2 (May 21, 2024)

NOTES:

  • resource/random_pet: Results have been updated to the latest upstream petname data (#581)

3.6.1 (April 16, 2024)

BUG FIXES:

  • all: Prevent keepers from triggering an in-place update following import (#385)
  • resource/random_shuffle: Prevent inconsistent result after apply when result_count is set to 0 (#409)
  • provider/random_password: Fix bug which causes panic when special, upper, lower and number/numeric are all false (#551)
  • provider/random_string: Fix bug which causes panic when special, upper, lower and number/numeric are all false (#551)

3.6.0 (December 04, 2023)

FEATURES:

  • resource/random_bytes: New resource that generates an array of random bytes intended to be used as key or secret (#272)

3.5.1 (April 12, 2023)

BUG FIXES:

  • resource/random_password: Prevent error with bcrypt by truncating the bytes that are hashed to a maximum length of 72 (#397)

3.5.0 (April 11, 2023)

NOTES:

  • This Go module has been updated to Go 1.19 per the Go support policy. Any consumers building on earlier Go versions may experience errors. (#378)

3.4.3 (September 08, 2022)

NOTES:

  • resource/random_password: The values for lower, number, special, upper, min_lower, min_numeric, min_special, min_upper and length could be null if the resource was imported using version 3.3.1 or before. The value for length will be automatically calculated and assigned and default values will be assigned for the other attributes listed after this upgrade (#313)
  • resource/random_string: The values for lower, number, special, upper, min_lower, min_numeric, min_special, min_upper and length could be null if the resource was imported using version 3.3.1 or before. The value for length will be automatically calculated and assigned and default values will be assigned for the other attributes listed after this upgrade (#313)
  • resource/random_password: If the resource was created between versions 3.4.0 and 3.4.2, the bcrypt_hash value would not correctly verify against the result value. Affected resources will automatically regenerate a valid bcrypt_hash after this upgrade. (#308)
  • resource/random_password: The override_special attribute may show a plan difference from empty string ("") to null if previously applied with version 3.4.2. The plan should show this as an in-place update and it should occur only once after upgrading. (#312)
  • resource/random_string: The override_special attribute may show a plan difference from empty string ("") to null if previously applied with version 3.4.2. The plan should show this as an in-place update and it should occur only once after upgrading. (#312)

BUG FIXES:

... (truncated)

Commits
  • e546ae4 Update changelog
  • 9c49289 all: Bump minimum Go module version to 1.22 (#604)
  • 635ccbe Result of tsccr-helper -log-level=info gha update -latest . (#605)
  • f00d9f6 build(deps): Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#603)
  • ebb0ae2 build(deps): Bump hashicorp/setup-terraform from 3.1.1 to 3.1.2 (#602)
  • 523efdf SEC-090: Automated trusted workflow pinning (2024-08-19) (#601)
  • b6364da Result of tsccr-helper -log-level=info gha update -latest . (#600)
  • 3c20ad7 testing: Update acceptance tests to use new statecheck package and value co...
  • 8b6cb37 build(deps): Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#598)
  • 5c81757 build(deps): Bump github.com/hashicorp/terraform-plugin-framework (#597)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump hashicorp/random in /deploy/aws/app/kube
83b7e55 
Bumps [hashicorp/random](https://github.com/hashicorp/terraform-provider-random) from 3.1.2 to 3.6.3.
- [Release notes](https://github.com/hashicorp/terraform-provider-random/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-random/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-random@v3.1.2...v3.6.3)

---
updated-dependencies:
- dependency-name: hashicorp/random
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file terraform Pull requests that update Terraform code labels Sep 16, 2024
@dependabot dependabot bot mentioned this pull request Sep 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file terraform Pull requests that update Terraform code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants