synapse

mirror of https://github.com/element-hq/synapse.git synced 2026-06-02 21:34:28 +00:00

Files

T

dependabot[bot] 71e07d4c75 Bump hashicorp/vault-action from 3.4.0 to 4.0.0 (#19804 )

Bumps
[hashicorp/vault-action](https://github.com/hashicorp/vault-action) from
3.4.0 to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/vault-action/releases">hashicorp/vault-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<h2>4.0.0 (May 12, 2026)</h2>
<p>Improvements:</p>
<ul>
<li>Bump node runtime from node20 to node24 <a
href="https://redirect.github.com/hashicorp/vault-action/pull/604">GH-604</a></li>
<li>Fix leading slash in secret paths causing HTTP 400 errors (e.g.
<code>/cubbyhole/test</code> → <code>v1/cubbyhole/test</code> instead of
<code>v1//cubbyhole/test</code>)</li>
<li>bump jsrsasign from 11.1.0 to 11.1.3</li>
<li>bump body-parser from 1.20.3 to 1.20.5</li>
<li>bump qs from 6.13.0 to 6.15.1</li>
<li>bump http-errors from 2.0.0 to 2.0.1</li>
<li>bump minimatch from 3.1.2 to 3.1.5</li>
<li>bump underscore from 1.13.4 to 1.13.8</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/vault-action/blob/main/CHANGELOG.md">hashicorp/vault-action's
changelog</a>.</em></p>
<blockquote>
<h2>4.0.0 (May 12, 2026)</h2>
<p>Improvements:</p>
<ul>
<li>Bump node runtime from node20 to node24 <a
href="https://redirect.github.com/hashicorp/vault-action/pull/604">GH-604</a></li>
<li>Fix leading slash in secret paths causing HTTP 400 errors (e.g.
<code>/cubbyhole/test</code> → <code>v1/cubbyhole/test</code> instead of
<code>v1//cubbyhole/test</code>)</li>
<li>bump jsrsasign from 11.1.0 to 11.1.3</li>
<li>bump body-parser from 1.20.3 to 1.20.5</li>
<li>bump qs from 6.13.0 to 6.15.1</li>
<li>bump http-errors from 2.0.0 to 2.0.1</li>
<li>bump minimatch from 3.1.2 to 3.1.5</li>
<li>bump underscore from 1.13.4 to 1.13.8</li>
</ul>
<h2>3.4.0 (June 13, 2025)</h2>
<p>Bugs:</p>
<ul>
<li>replace all dot chars during normalization (<a
href="https://redirect.github.com/hashicorp/vault-action/pull/580">hashicorp/vault-action#580</a>)</li>
</ul>
<p>Improvements:</p>
<ul>
<li>Prevent possible DoS via polynomial regex (<a
href="https://redirect.github.com/hashicorp/vault-action/pull/583">hashicorp/vault-action#583</a>)</li>
</ul>
<h2>3.3.0 (March 3, 2025)</h2>
<p>Features:</p>
<ul>
<li>Wildcard secret imports can use <code>**</code> to retain case of
exported env keys <a
href="https://redirect.github.com/hashicorp/vault-action/pull/545">GH-545</a></li>
</ul>
<h2>3.2.0 (March 3, 2025)</h2>
<p>Improvements:</p>
<ul>
<li>Add retry for jwt auth login to fix intermittent login failures <a
href="https://redirect.github.com/hashicorp/vault-action/pull/574">GH-574</a></li>
</ul>
<h2>3.1.0 (January 9, 2025)</h2>
<p>Improvements:</p>
<ul>
<li>fix wildcard handling when field contains dot <a
href="https://redirect.github.com/hashicorp/vault-action/pull/542">GH-542</a></li>
<li>bump body-parser from 1.20.0 to 1.20.3</li>
<li>bump braces from 3.0.2 to 3.0.3</li>
<li>bump cross-spawn from 7.0.3 to 7.0.6</li>
<li>bump micromatch from 4.0.5 to 4.0.8</li>
</ul>
<p>Features:</p>
<ul>
<li><code>secretId</code> is no longer required for approle to support
advanced use cases like machine login when <code>bind_secret_id</code>
is false. <a
href="https://redirect.github.com/hashicorp/vault-action/pull/522">GH-522</a></li>
<li>Use <code>pki</code> configuration to generate certificates from
Vault <a
href="https://redirect.github.com/hashicorp/vault-action/pull/564">GH-564</a></li>
</ul>
<h2>3.0.0 (February 15, 2024)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/hashicorp/vault-action/commit/892a26828f195e65540a40b4768ae4571f51ebfc"><code>892a268</code></a>
Update copywrite headers for v.4.0.0 release (<a
href="https://redirect.github.com/hashicorp/vault-action/issues/607">#607</a>)</li>
<li><a
href="https://github.com/hashicorp/vault-action/commit/a7ffa26e2e6ede175ca2e4f7dec54e78425d6936"><code>a7ffa26</code></a>
Prepare for release v4.0.0 (<a
href="https://redirect.github.com/hashicorp/vault-action/issues/606">#606</a>)</li>
<li><a
href="https://github.com/hashicorp/vault-action/commit/a049f0183861f1dbbd996f64b48335487cc968db"><code>a049f01</code></a>
[COMPLIANCE] Add/Update Copyright Headers (<a
href="https://redirect.github.com/hashicorp/vault-action/issues/605">#605</a>)</li>
<li><a
href="https://github.com/hashicorp/vault-action/commit/95977a3e2387e93244aaae1232de66fc47b379a3"><code>95977a3</code></a>
Adding team-vault-consumption as CODEOWNERS (<a
href="https://redirect.github.com/hashicorp/vault-action/issues/600">#600</a>)</li>
<li><a
href="https://github.com/hashicorp/vault-action/commit/7e48e563b6a9b4b0ba8b028c5ee89c41a8ae2671"><code>7e48e56</code></a>
Upgrade Node.js to 24 and update dependencies (<a
href="https://redirect.github.com/hashicorp/vault-action/issues/604">#604</a>)</li>
<li><a
href="https://github.com/hashicorp/vault-action/commit/79632e33d6953d190b940ffa440bf97821cabd80"><code>79632e3</code></a>
[COMPLIANCE] Add Copyright and License Headers (Batch 1 of 1) (<a
href="https://redirect.github.com/hashicorp/vault-action/issues/589">#589</a>)</li>
<li><a
href="https://github.com/hashicorp/vault-action/commit/734c523c4fbdb289cdf26dd2dc177f3627d1e140"><code>734c523</code></a>
README.md: Removing jwtGithubAudience default (<a
href="https://redirect.github.com/hashicorp/vault-action/issues/590">#590</a>)</li>
<li><a
href="https://github.com/hashicorp/vault-action/commit/2c5827061f1ad91ca97897d6257ebe638e033699"><code>2c58270</code></a>
[Compliance] - PR Template Changes Required (<a
href="https://redirect.github.com/hashicorp/vault-action/issues/586">#586</a>)</li>
<li>See full diff in <a
href="https://github.com/hashicorp/vault-action/compare/4c06c5ccf5c0761b6029f56cfb1dcf5565918a3b...892a26828f195e65540a40b4768ae4571f51ebfc">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hashicorp/vault-action&package-manager=github_actions&previous-version=3.4.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>