Bump github.com/hashicorp/consul/api from 1.9.1 to 1.19.1 in /backend

[dependabot]

Bumps github.com/hashicorp/consul/api from 1.9.1 to 1.19.1.

Release notes

Sourced from github.com/hashicorp/consul/api's releases.

v1.14.4

1.14.4 (January 26, 2023)

BREAKING CHANGES:

• connect: Fix configuration merging for transparent proxy upstreams. Proxy-defaults and service-defaults config entries were not correctly merged for implicit upstreams in transparent proxy mode and would result in some configuration not being applied. To avoid issues when upgrading, ensure that any proxy-defaults or service-defaults have correct configuration for upstreams, since all fields will now be properly used to configure proxies. [GH-16000]
• peering: Newly created peering connections must use only lowercase characters in the name field. Existing peerings with uppercase characters will not be modified, but they may encounter issues in various circumstances. To maintain forward compatibility and avoid issues, it is recommended to destroy and re-create any invalid peering connections so that they do not have a name containing uppercase characters. [GH-15697]

FEATURES:

• connect: add flags envoy-ready-bind-port and envoy-ready-bind-address to the consul connect envoy command that allows configuration of readiness probe on proxy for any service kind. [GH-16015]
• deps: update to latest go-discover to provide ECS auto-discover capabilities. [GH-13782]

IMPROVEMENTS:

• acl: relax permissions on the WatchServers, WatchRoots and GetSupportedDataplaneFeatures gRPC endpoints to accept any valid ACL token [GH-15346]
• connect: Add support for ConsulResolver to specifies a filter expression [GH-15659]
• grpc: Use new balancer implementation to reduce periodic WARN logs when shuffling servers. [GH-15701]
• partition: (Consul Enterprise only) when loading service from on-disk config file or sending API request to agent endpoint, if the partition is unspecified, consul will default the partition in the request to agent's partition [GH-16024]

BUG FIXES:

• agent: Fix assignment of error when auto-reloading cert and key file changes. [GH-15769]
• agent: Fix issue where the agent cache would incorrectly mark protobuf objects as updated. [GH-15866]
• cli: Fix issue where consul connect envoy was unable to configure TLS over unix-sockets to gRPC. [GH-15913]
• connect: (Consul Enterprise only) Fix issue where upstream configuration from proxy-defaults and service-defaults was not properly merged. This could occur when a mixture of empty-strings and "default" were used for the namespace or partition fields.
• connect: Fix issue where service-resolver protocol checks incorrectly errored for failover peer targets. [GH-15833]
• connect: Fix issue where watches on upstream failover peer targets did not always query the correct data. [GH-15865]
• xds: fix bug where sessions for locally-managed services could fail with "this server has too many xDS streams open" [GH-15789]

v1.14.3

1.14.3 (December 13, 2022)

SECURITY:

• Upgrade to use Go 1.19.4. This resolves a vulnerability where restricted files can be read on Windows. CVE-2022-41720 [GH-15705]
• Upgrades golang.org/x/net to prevent a denial of service by excessive memory usage caused by HTTP2 requests. CVE-2022-41717 [GH-15737]

FEATURES:

• ui: Add field for fallback server addresses to peer token generation form [GH-15555]

IMPROVEMENTS:

• connect: ensure all vault connect CA tests use limited privilege tokens [GH-15669]

BUG FIXES:

... (truncated)

Changelog

Sourced from github.com/hashicorp/consul/api's changelog.

1.14.4 (January 26, 2023)

BREAKING CHANGES:

• connect: Fix configuration merging for transparent proxy upstreams. Proxy-defaults and service-defaults config entries were not correctly merged for implicit upstreams in transparent proxy mode and would result in some configuration not being applied. To avoid issues when upgrading, ensure that any proxy-defaults or service-defaults have correct configuration for upstreams, since all fields will now be properly used to configure proxies. [GH-16000]
• peering: Newly created peering connections must use only lowercase characters in the name field. Existing peerings with uppercase characters will not be modified, but they may encounter issues in various circumstances. To maintain forward compatibility and avoid issues, it is recommended to destroy and re-create any invalid peering connections so that they do not have a name containing uppercase characters. [GH-15697]

FEATURES:

• connect: add flags envoy-ready-bind-port and envoy-ready-bind-address to the consul connect envoy command that allows configuration of readiness probe on proxy for any service kind. [GH-16015]
• deps: update to latest go-discover to provide ECS auto-discover capabilities. [GH-13782]

IMPROVEMENTS:

• acl: relax permissions on the WatchServers, WatchRoots and GetSupportedDataplaneFeatures gRPC endpoints to accept any valid ACL token [GH-15346]
• connect: Add support for ConsulResolver to specifies a filter expression [GH-15659]
• grpc: Use new balancer implementation to reduce periodic WARN logs when shuffling servers. [GH-15701]
• partition: (Consul Enterprise only) when loading service from on-disk config file or sending API request to agent endpoint, if the partition is unspecified, consul will default the partition in the request to agent's partition [GH-16024]

BUG FIXES:

• agent: Fix assignment of error when auto-reloading cert and key file changes. [GH-15769]
• agent: Fix issue where the agent cache would incorrectly mark protobuf objects as updated. [GH-15866]
• cli: Fix issue where consul connect envoy was unable to configure TLS over unix-sockets to gRPC. [GH-15913]
• connect: (Consul Enterprise only) Fix issue where upstream configuration from proxy-defaults and service-defaults was not properly merged. This could occur when a mixture of empty-strings and "default" were used for the namespace or partition fields.
• connect: Fix issue where service-resolver protocol checks incorrectly errored for failover peer targets. [GH-15833]
• connect: Fix issue where watches on upstream failover peer targets did not always query the correct data. [GH-15865]
• xds: fix bug where sessions for locally-managed services could fail with "this server has too many xDS streams open" [GH-15789]

1.13.6 (January 26, 2023)

FEATURES:

• connect: add flags envoy-ready-bind-port and envoy-ready-bind-address to the consul connect envoy command that allows configuration of readiness probe on proxy for any service kind. [GH-16015]
• deps: update to latest go-discover to provide ECS auto-discover capabilities. [GH-13782]

IMPROVEMENTS:

• grpc: Use new balancer implementation to reduce periodic WARN logs when shuffling servers. [GH-15701]
• partition: (Consul Enterprise only) when loading service from on-disk config file or sending API request to agent endpoint, if the partition is unspecified, consul will default the partition in the request to agent's partition [GH-16024]

BUG FIXES:

• agent: Fix assignment of error when auto-reloading cert and key file changes. [GH-15769]

1.12.9 (January 26, 2023)

FEATURES:

... (truncated)

Commits

• fd6998e revert go mod changes
• e18b5e2 fix api incompatibility
• f6bceb1 update root go mod and go tidy
• cc57dbd update changelog and version
• 1abd87a bump api and envoyextension in troubleshoot module
• e9426da bump api version in envoyextension submodule
• 1cacf08 bump sdk version
• 983a1b8 backport of commit 1180908144b4afd26c3546d2ab43d34e135a029c (#16389)
• a618065 Backport of Add docs for usage endpoint and command into release/1.15.x (#16382)
• 2fb0a2f Backport of Add docs for usage endpoint and command into release/1.15.x (#16383)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)