v1.10.4

What's Changed

• Bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible by @dependabot in #126
• Updated go-version for workflow by @cezmunsta in #127
• [StepSecurity] Apply security best practices by @step-security-bot in #128
• Bump github.com/spf13/cobra from 1.4.0 to 1.7.0 by @dependabot in #137
• Bump actions/checkout from 2.7.0 to 4.1.1 by @dependabot in #129
• Bump ossf/scorecard-action from 2.0.6 to 2.3.1 by @dependabot in #132
• Bump github/codeql-action from 2.1.27 to 2.22.5 by @dependabot in #130
• Bump actions/upload-artifact from 3.1.0 to 3.1.3 by @dependabot in #134
• Bump actions/dependency-review-action from 2.5.1 to 3.1.0 by @dependabot in #136
• Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 by @dependabot in #135
• Bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 by @dependabot in #133
• Bump github.com/hashicorp/vault/sdk from 0.10.0 to 0.10.2 by @dependabot in #131
• Display Vault API and SDK versions by @cezmunsta in #138
• Create SECURITY.md by @cezmunsta in #139
• Bump actions/dependency-review-action from 3.1.0 to 3.1.1 by @dependabot in #141
• Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot in #140
• Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 by @dependabot in #147
• Updated golint version in workflow by @cezmunsta in #150
• Bump actions/dependency-review-action from 3.1.1 to 3.1.4 by @dependabot in #151
• Bump github/codeql-action from 2.22.5 to 2.22.8 by @dependabot in #148
• Bump step-security/harden-runner from 2.6.0 to 2.6.1 by @dependabot in #146
• Bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in #156
• Bump github/codeql-action from 2.22.8 to 3.22.11 by @dependabot in #155
• Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #152
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #157
• Bump github/codeql-action from 3.22.11 to 3.22.12 by @dependabot in #159
• Bump github.com/containerd/containerd from 1.7.0 to 1.7.11 by @dependabot in #158
• Bump actions/dependency-review-action from 3.1.4 to 3.1.5 by @dependabot in #160
• Updated PR workflow Go version by @cezmunsta in #161

New Contributors

• @step-security-bot made their first contribution in #128

Full Changelog: v1.10.3...v1.10.4

v1.10.3

• Bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in #124

Full Changelog: v1.10.2...v1.10.3

v1.10.2

• Bump github.com/hashicorp/vault from 1.14.0 to 1.14.1 by @dependabot in #119
• Refactored unit tests to use containers by @cezmunsta in #121
• Speedup for tests by reducing to a single Vault node by @cezmunsta in #123

Full Changelog: v1.10.1...v1.10.2

v1.10.1

• Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#118)
• Bumped Vault version to v1.14.0 (#115)
• Updated workflows for on-demand usage (#117)
• Optional renewal warning (#114)

v1.10.0

• Add support for M1 ARM (#85)
• Bump github.com/hashicorp/vault from 1.12.2 to 1.12.5 (#105)
• Disable CGO for builds (#104)
• Bumped to go 1.20 (#106)
• Updated dev-vault helper to use hashicorp/vault (#107)
• Added missing --namespace flag from connect (#109)
• Tweaks to improve the dev-vault helper (#112)
• Add support for KV v2 (#110)

v1.9.0

• Bump golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.7.0 (#102)
• Added scorecard badge to README (#100)
• Ugraded codeql-action to v2
• Added OSSF scorecard
• Update Vault to v1.12.2 (#99)
• Improved dev-vault helper script (#98)
  • Updated prepare_vault to wait for Vault to become available
    (address:port test) before automatic login
  • Added additional secret paths for testing
  • Fixed lint issue, replacing cat with input redirection
  • Optimised vault_exists
  • Updated prepare_vault to wait for the container to be in
    a running state

v1.8.0

• Update Vault to v1.12.0 (#97)
• Add support for multiple secret namespaces (#96)

v1.7.1

• Updated goutils to v1.1.1 (#93)
• Updated Vault to 1.11.1 (#92)
• Updated cobra@v1.4.0 (#91)
• PR workflow improvements (#89)
• Updated to Go 1.18 (#87)
• Updated dependencies (#82)

v1.7.0

• Notify user when their token will soon expire (#81)
  To help avoid unexpected expiration of tokens, the user is provided with a warning when they use a renewable token and it is due to expire in less than 7 days (default).
  The threshold for notifying about renewing tokens, SSH_MS_RENEW_THRESHOLD can be defined for make build and make binaries.
• Use only vault/api in application code (#80)
  To reduce size as well as simply issues arising from indirect dependencies, replacing the use of HashiCorp vault/command with the api in the helper code.
• Add support for SendEnv (#76)
  In cases where the remote server supports environment variables being passed across, adding support for storing SendEnv in the connection's configuration
• Updated dependencies (#75)
  • vault to v1.8.5
  • vault/sdk to v0.2.2-0.20211101151547-6654f4b913f9
  • mimetype to v1.4.0
  • logrus to v1.8.1
• Fix incorrect conversion between integer types (#74)
  Updated NGINX and PMM ports to become uint16 and switched to strconv.ParseUint
• Updated README
  Added the CodeQL badge and updated the recommended version of Vault
• Adding CodeQL workflow
• Upgraded Vault to 1.8.4 (#73)

v1.6.0

• Added cache management (#72)
  A new command, cache, has been created with subcommands for supported operations on the cache, which currently is limited to populating and purging.
  The purge command has been replaced by cache purge
• Fix bad switch in cmd.inspectItem (#70)