Skip to content

deps: bump the hashicorp group across 1 directory with 4 updates#279

Merged
ahiggins-arti merged 1 commit into
mainfrom
dependabot/go_modules/hashicorp-3574f6a465
Jul 7, 2025
Merged

deps: bump the hashicorp group across 1 directory with 4 updates#279
ahiggins-arti merged 1 commit into
mainfrom
dependabot/go_modules/hashicorp-3574f6a465

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the hashicorp group with 4 updates in the / directory: github.com/hashicorp/consul/api, github.com/hashicorp/vault/api, github.com/hashicorp/vault/api/auth/aws and github.com/hashicorp/vault/api/auth/kubernetes.

Updates github.com/hashicorp/consul/api from 1.32.0 to 1.32.1

Commits

Updates github.com/hashicorp/vault/api from 1.16.0 to 1.20.0

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.20.0

1.20.0

June 25, 2025

SECURITY:

  • core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. [GH-30794]

CHANGES:

  • UI: remove outdated and unneeded js string extensions [GH-29834]
  • activity (enterprise): The sys/internal/counters/activity endpoint will return actual values for new clients in the current month.
  • activity (enterprise): provided values for start_time and end_time in sys/internal/counters/activity are aligned to the corresponding billing period.
  • activity: provided value for end_time in sys/internal/counters/activity is now capped at the end of the last completed month. [GH-30164]
  • api: Update the default API client to check for the Retry-After header and, if it exists, wait for the specified duration before retrying the request. [GH-30887]
  • auth/alicloud: Update plugin to v0.21.0 [GH-30810]
  • auth/azure: Update plugin to v0.20.2. Login requires resource_group_name, vm_name, and vmss_name to match token claims [GH-30052]
  • auth/azure: Update plugin to v0.20.3 [GH-30082]
  • auth/azure: Update plugin to v0.20.4 [GH-30543]
  • auth/azure: Update plugin to v0.21.0 [GH-30872]
  • auth/azure: Update plugin to v0.21.1 [GH-31010]
  • auth/cf: Update plugin to v0.20.1 [GH-30583]
  • auth/cf: Update plugin to v0.21.0 [GH-30842]
  • auth/gcp: Update plugin to v0.20.2 [GH-30081]
  • auth/jwt: Update plugin to v0.23.2 [GH-30431]
  • auth/jwt: Update plugin to v0.24.1 [GH-30876]
  • auth/kerberos: Update plugin to v0.15.0 [GH-30845]
  • auth/kubernetes: Update plugin to v0.22.1 [GH-30910]
  • auth/oci: Update plugin to v0.19.0 [GH-30841]
  • auth/saml: Update plugin to v0.6.0
  • core: Bump Go version to 1.24.4.
  • core: Verify that the client IP address extracted from an X-Forwarded-For header is a valid IPv4 or IPv6 address [GH-29774]
  • database/couchbase: Update plugin to v0.14.0 [GH-30836]
  • database/elasticsearch: Update plugin to v0.18.0 [GH-30796]
  • database/mongodbatlas: Update plugin to v0.15.0 [GH-30856]
  • database/redis-elasticache: Update plugin to v0.7.0 [GH-30785]
  • database/redis: Update plugin to v0.6.0 [GH-30797]
  • database/snowflake: Update plugin to v0.14.0 [GH-30748]
  • database/snowflake: Update plugin to v0.14.1 [GH-30868]
  • logical/system: add ent stub for plugin catalog handling [GH-30890]
  • quotas/rate-limit: Round up the Retry-After value to the nearest second when calculating the retry delay. [GH-30887]
  • secrets/ad: Update plugin to v0.21.0 [GH-30819]
  • secrets/alicloud: Update plugin to v0.20.0 [GH-30809]
  • secrets/azure: Update plugin to v0.21.2 [GH-30037]
  • secrets/azure: Update plugin to v0.21.3 [GH-30083]
  • secrets/azure: Update plugin to v0.22.0 [GH-30832]
  • secrets/gcp: Update plugin to v0.21.2 [GH-29970]
  • secrets/gcp: Update plugin to v0.21.3 [GH-30080]
  • secrets/gcp: Update plugin to v0.22.0 [GH-30846]
  • secrets/gcpkms: Update plugin to v0.21.0 [GH-30835]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.20.0

June 25, 2025

SECURITY:

  • core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. [GH-30794],[HCSEC-2025-11]

CHANGES:

  • UI: remove outdated and unneeded js string extensions [GH-29834]
  • activity (enterprise): The sys/internal/counters/activity endpoint will return actual values for new clients in the current month.
  • activity (enterprise): provided values for start_time and end_time in sys/internal/counters/activity are aligned to the corresponding billing period.
  • activity: provided value for end_time in sys/internal/counters/activity is now capped at the end of the last completed month. [GH-30164]
  • api: Update the default API client to check for the Retry-After header and, if it exists, wait for the specified duration before retrying the request. [GH-30887]
  • auth/alicloud: Update plugin to v0.21.0 [GH-30810]
  • auth/azure: Update plugin to v0.20.2. Login requires resource_group_name, vm_name, and vmss_name to match token claims [GH-30052]
  • auth/azure: Update plugin to v0.20.3 [GH-30082]
  • auth/azure: Update plugin to v0.20.4 [GH-30543]
  • auth/azure: Update plugin to v0.21.0 [GH-30872]
  • auth/azure: Update plugin to v0.21.1 [GH-31010]
  • auth/cf: Update plugin to v0.20.1 [GH-30583]
  • auth/cf: Update plugin to v0.21.0 [GH-30842]
  • auth/gcp: Update plugin to v0.20.2 [GH-30081]
  • auth/jwt: Update plugin to v0.23.2 [GH-30431]
  • auth/jwt: Update plugin to v0.24.1 [GH-30876]
  • auth/kerberos: Update plugin to v0.15.0 [GH-30845]
  • auth/kubernetes: Update plugin to v0.22.1 [GH-30910]
  • auth/oci: Update plugin to v0.19.0 [GH-30841]
  • auth/saml: Update plugin to v0.6.0
  • core: Bump Go version to 1.24.4.
  • core: Verify that the client IP address extracted from an X-Forwarded-For header is a valid IPv4 or IPv6 address [GH-29774]
  • database/couchbase: Update plugin to v0.14.0 [GH-30836]
  • database/elasticsearch: Update plugin to v0.18.0 [GH-30796]
  • database/mongodbatlas: Update plugin to v0.15.0 [GH-30856]
  • database/redis-elasticache: Update plugin to v0.7.0 [GH-30785]
  • database/redis: Update plugin to v0.6.0 [GH-30797]
  • database/snowflake: Update plugin to v0.14.0 [GH-30748]
  • database/snowflake: Update plugin to v0.14.1 [GH-30868]
  • logical/system: add ent stub for plugin catalog handling [GH-30890]
  • quotas/rate-limit: Round up the Retry-After value to the nearest second when calculating the retry delay. [GH-30887]
  • secrets/ad: Update plugin to v0.21.0 [GH-30819]
  • secrets/alicloud: Update plugin to v0.20.0 [GH-30809]
  • secrets/azure: Update plugin to v0.21.2 [GH-30037]
  • secrets/azure: Update plugin to v0.21.3 [GH-30083]
  • secrets/azure: Update plugin to v0.22.0 [GH-30832]
  • secrets/gcp: Update plugin to v0.21.2 [GH-29970]
  • secrets/gcp: Update plugin to v0.21.3 [GH-30080]
  • secrets/gcp: Update plugin to v0.22.0 [GH-30846]
  • secrets/gcpkms: Update plugin to v0.21.0 [GH-30835]
  • secrets/kubernetes: Update plugin to v0.11.0 [GH-30855]

... (truncated)

Commits
  • 6fdd6b5 [VAULT-37323] This is an automated pull request to build all artifacts for a ...
  • aa9c6cc Backport of Add Enos benchmark scenario into release/1.20.x (#31055)
  • fbdc4e9 backport of commit 0e11fbfe59f8d38f36384269019991891bf64400 (#31060)
  • f168725 backport of commit ed31706e40227be22f1d61de82f15713643634ce (#31047)
  • 4721701 backport of commit 642b4f18173d8c5d759ab840c7a2f010b262f7ae (#31046)
  • 030d564 backport of commit 1d2c3caa21dea8b233ee069303820f383c11ff9e (#31040)
  • 469b476 [DOCS] LTS upgrade summary (#30981) (#31041)
  • dbac299 backport of commit bc7456370fc5e3c56eeecbbe4cbe1f7bf86dca61 (#31039)
  • be7fcd6 backport of commit d755c7cd1d826835c98e1843bea975ac17a75278 (#31033)
  • 78ae0ca enos(fips1403): simplify semver constraint to only consider currently mixed v...
  • Additional commits viewable in compare view

Updates github.com/hashicorp/vault/api/auth/aws from 0.9.0 to 0.10.0

Changelog

Sourced from github.com/hashicorp/vault/api/auth/aws's changelog.

0.10.0 (April 10th, 2018)

SECURITY:

  • Log sanitization for Combined Database Secret Engine: In certain failure scenarios with incorrectly formatted connection urls, the raw connection errors were being returned to the user with the configured database credentials. Errors are now sanitized before being returned to the user.

DEPRECATIONS/CHANGES:

  • Database plugin compatibility: The database plugin interface was enhanced to support some additional functionality related to root credential rotation and supporting templated URL strings. The changes were made in a backwards-compatible way and all builtin plugins were updated with the new features. Custom plugins not built into Vault will need to be upgraded to support templated URL strings and root rotation. Additionally, the Initialize method was deprecated in favor of a new Init method that supports configuration modifications that occur in the plugin back to the primary data store.
  • Removal of returned secret information: For a long time Vault has returned configuration given to various secret engines and auth methods with secret values (such as secret API keys or passwords) still intact, and with a warning to the user on write that anyone with read access could see the secret. This was mostly done to make it easy for tools like Terraform to judge whether state had drifted. However, it also feels quite un-Vault-y to do this and we've never felt very comfortable doing so. In 0.10 we have gone through and removed this behavior from the various backends; fields which contained secret values are simply no longer returned on read. We are working with the Terraform team to make changes to their provider to accommodate this as best as possible, and users of other tools may have to make adjustments, but in the end we felt that the ends did not justify the means and we needed to prioritize security over operational convenience.
  • LDAP auth method case sensitivity: We now treat usernames and groups configured locally for policy assignment in a case insensitive fashion by default. Existing configurations will continue to work as they do now; however, the next time a configuration is written case_sensitive_names will need to be explicitly set to true.
  • TTL handling within core: All lease TTL handling has been centralized within the core of Vault to ensure consistency across all backends. Since this was previously delegated to individual backends, there may be some slight differences in TTLs generated from some backends.
  • Removal of default secret/ mount: In 0.12 we will stop mounting secret/ by default at initialization time (it will still be available in dev mode).

FEATURES:

  • OSS UI: The Vault UI is now fully open-source. Similarly to the CLI, some features are only available with a supporting version of Vault, but the code

... (truncated)

Commits

Updates github.com/hashicorp/vault/api/auth/kubernetes from 0.9.0 to 0.10.0

Changelog

Sourced from github.com/hashicorp/vault/api/auth/kubernetes's changelog.

0.10.0 (April 10th, 2018)

SECURITY:

  • Log sanitization for Combined Database Secret Engine: In certain failure scenarios with incorrectly formatted connection urls, the raw connection errors were being returned to the user with the configured database credentials. Errors are now sanitized before being returned to the user.

DEPRECATIONS/CHANGES:

  • Database plugin compatibility: The database plugin interface was enhanced to support some additional functionality related to root credential rotation and supporting templated URL strings. The changes were made in a backwards-compatible way and all builtin plugins were updated with the new features. Custom plugins not built into Vault will need to be upgraded to support templated URL strings and root rotation. Additionally, the Initialize method was deprecated in favor of a new Init method that supports configuration modifications that occur in the plugin back to the primary data store.
  • Removal of returned secret information: For a long time Vault has returned configuration given to various secret engines and auth methods with secret values (such as secret API keys or passwords) still intact, and with a warning to the user on write that anyone with read access could see the secret. This was mostly done to make it easy for tools like Terraform to judge whether state had drifted. However, it also feels quite un-Vault-y to do this and we've never felt very comfortable doing so. In 0.10 we have gone through and removed this behavior from the various backends; fields which contained secret values are simply no longer returned on read. We are working with the Terraform team to make changes to their provider to accommodate this as best as possible, and users of other tools may have to make adjustments, but in the end we felt that the ends did not justify the means and we needed to prioritize security over operational convenience.
  • LDAP auth method case sensitivity: We now treat usernames and groups configured locally for policy assignment in a case insensitive fashion by default. Existing configurations will continue to work as they do now; however, the next time a configuration is written case_sensitive_names will need to be explicitly set to true.
  • TTL handling within core: All lease TTL handling has been centralized within the core of Vault to ensure consistency across all backends. Since this was previously delegated to individual backends, there may be some slight differences in TTLs generated from some backends.
  • Removal of default secret/ mount: In 0.12 we will stop mounting secret/ by default at initialization time (it will still be available in dev mode).

FEATURES:

  • OSS UI: The Vault UI is now fully open-source. Similarly to the CLI, some features are only available with a supporting version of Vault, but the code

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2025
@dependabot dependabot Bot requested a review from a team as a code owner July 1, 2025 04:41
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2025
@dependabot
deps: bump the hashicorp group across 1 directory with 4 updates
ae8023d 
Bumps the hashicorp group with 4 updates in the / directory: [github.com/hashicorp/consul/api](https://github.com/hashicorp/consul), [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault), [github.com/hashicorp/vault/api/auth/aws](https://github.com/hashicorp/vault) and [github.com/hashicorp/vault/api/auth/kubernetes](https://github.com/hashicorp/vault).


Updates `github.com/hashicorp/consul/api` from 1.32.0 to 1.32.1
- [Release notes](https://github.com/hashicorp/consul/releases)
- [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md)
- [Commits](hashicorp/consul@api/v1.32.0...api/v1.32.1)

Updates `github.com/hashicorp/vault/api` from 1.16.0 to 1.20.0
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.16.0...v1.20.0)

Updates `github.com/hashicorp/vault/api/auth/aws` from 0.9.0 to 0.10.0
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v0.md)
- [Commits](hashicorp/vault@v0.9.0...v0.10.0)

Updates `github.com/hashicorp/vault/api/auth/kubernetes` from 0.9.0 to 0.10.0
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v0.md)
- [Commits](hashicorp/vault@v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/consul/api
  dependency-version: 1.32.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: hashicorp
- dependency-name: github.com/hashicorp/vault/api
  dependency-version: 1.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: hashicorp
- dependency-name: github.com/hashicorp/vault/api/auth/aws
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: hashicorp
- dependency-name: github.com/hashicorp/vault/api/auth/kubernetes
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: hashicorp
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/hashicorp-3574f6a465 branch from 537fa86 to ae8023d Compare July 7, 2025 15:19
@ahiggins-arti ahiggins-arti merged commit 5a1e601 into main Jul 7, 2025
4 checks passed
@ahiggins-arti ahiggins-arti deleted the dependabot/go_modules/hashicorp-3574f6a465 branch July 7, 2025 15:34
@articulate-shipping articulate-shipping Bot mentioned this pull request Jul 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ahiggins-arti ahiggins-arti ahiggins-arti approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ahiggins-arti