Skip to content

build(deps): Bump github.com/hashicorp/vault from 1.19.5 to 1.21.1 #1204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): Bump github.com/hashicorp/vault from 1.19.5 to 1.21.1 #1204

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 19, 2025
edited
Loading

Bumps github.com/hashicorp/vault from 1.19.5 to 1.21.1.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.21.1

No release notes provided.

v1.21.0

No release notes provided.

v1.21.0-rc1

No release notes provided.

v1.20.4

No release notes provided.

v1.20.3

No release notes provided.

v1.20.2

August 06, 2025

SECURITY:

BUG FIXES:

  • agent/template: Fixed issue where templates would not render correctly if namespaces was provided by config, and the namespace and mount path of the secret were the same. [GH-31392]
  • identity/mfa: revert cache entry change from #31217 and document cache entry values [GH-31421]

v1.20.1

No release notes provided.

v1.20.0

1.20.0

June 25, 2025

SECURITY:

  • core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. [GH-30794]

CHANGES:

  • UI: remove outdated and unneeded js string extensions [GH-29834]
  • activity (enterprise): The sys/internal/counters/activity endpoint will return actual values for new clients in the current month.
  • activity (enterprise): provided values for start_time and end_time in sys/internal/counters/activity are aligned to the corresponding billing period.
  • activity: provided value for end_time in sys/internal/counters/activity is now capped at the end of the last completed month. [GH-30164]
  • api: Update the default API client to check for the Retry-After header and, if it exists, wait for the specified duration before retrying the request. [GH-30887]
  • auth/alicloud: Update plugin to v0.21.0 [GH-30810]
  • auth/azure: Update plugin to v0.20.2. Login requires resource_group_name, vm_name, and vmss_name to match token claims [GH-30052]
  • auth/azure: Update plugin to v0.20.3 [GH-30082]
  • auth/azure: Update plugin to v0.20.4 [GH-30543]
  • auth/azure: Update plugin to v0.21.0 [GH-30872]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

Previous versions

1.21.0

October 22, 2025

SECURITY:

  • auth/aws: fix an issue where a user may be able to bypass authentication to Vault due to incorrect caching of the AWS client
  • auth/ldap: fix MFA/TOTP enforcement bypass when username_as_alias is enabled.
  • core: Update github.com/hashicorp/go-getter to fix security vulnerability GHSA-wjrx-6529-hcj3.
  • core: Update github.com/ulikunitz/xz to fix security vulnerability GHSA-25xm-hr59-7c27.
  • ui: disable scarf analytics for ui builds

CHANGES:

  • Secrets Recovery (enterprise): Deprecate the recover_snapshot_id query parameter to pass the snapshot ID for recover operations, in favor of a X-Vault-Recover-Snapshot-Id header. Vault will still accept the query parameter for backward compatibility. Also support setting the HTTP method to RECOVER for recover operations, in addition to POST and PUT.
  • activity: Renamed timestamp in export API response to token_creation_time.
  • auth/alicloud: Update plugin to v0.22.0
  • auth/azure: Update plugin to v0.22.0
  • auth/cf: Update plugin to v0.22.0
  • auth/gcp: Update plugin to v0.22.0
  • auth/jwt: Update plugin to v0.25.0
  • auth/kerberos: Update plugin to v0.16.0
  • auth/kubernetes: Update plugin to v0.23.0
  • auth/oci: Update plugin to v0.20.0
  • auth/saml: Update plugin to v0.7.0
  • core: Updates post-install script to print updated license information
  • database/couchbase: Update plugin to v0.15.0
  • database/elasticsearch: Update plugin to v0.19.0
  • database/mongodbatlas: Update plugin to v0.16.0
  • database/redis-elasticache: Update plugin to v0.8.0
  • database/redis: Update plugin to v0.7.0
  • database/snowflake: Update plugin to v0.15.0
  • http: Add JSON configurable limits to HTTP handling for JSON payloads: max_json_depth, max_json_string_value_length, max_json_object_entry_count, max_json_array_element_count.
  • http: Evaluate rate limit quotas before checking JSON limits during request handling.
  • policies: change list comparison to allowed_parameters and denied_parameters from "exact match" to "contains all"
  • sdk: Upgrade to go-secure-stdlib/plugincontainer@v0.4.2, which also bumps github.com/docker/docker to v28.3.3+incompatible
  • secrets/alicloud: Update plugin to v0.21.0
  • secrets/azure: Update azure enterprise secrets plugin to include static roles.
  • secrets/azure: Update plugin to v0.23.0
  • secrets/gcp: Update plugin to v0.23.0
  • secrets/kubernetes: Update plugin to v0.12.0
  • secrets/kv: Update plugin to v0.25.0
  • secrets/mongodbatlas: Update plugin to v0.16.0
  • secrets/openldap: Update plugin to v0.17.0
  • secrets/terraform: Update plugin to v0.13.0
  • ui/client-counts: removes tabs for each client count type and adds split view for counts per type in overview stacked bar chart

... (truncated)

Commits
  • 2453aac [VAULT-40975] This is an automated pull request to build all artifacts for a ...
  • a4ebdf0 Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • 9ad9046 VAULT-40224: pipeline(github): limit comments bodies and pull request message...
  • f4c9615 fix formatting (#10843) (#10902)
  • f1fa898 go: bump golang.org/x/crypto => v0.44.0 to resolve GO-2025-4116 (#10871) (#10...
  • 6c1e1f2 Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • 8013ad3 pipeline(github) Remove enterprise PR numbers from CE backports in sync workf...
  • 343b38c Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • 1d898cc Update deps to match those introduced by vault-plugin-secrets-azure@v0.25.0+e...
  • 5a01e83 Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
github.com/hashicorp/vault [>= 1.20.a, < 1.21]

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from cybwan as a code owner November 19, 2025 22:10
@dependabot dependabot bot added this to the v1.7.0 milestone Nov 19, 2025
@dependabot dependabot bot added area/control-plane Task/Issue related to control plane change/dependencies Pull requests that update a dependency file kind/enhancement New feature or request priority/P2 P2 priority size/XS 1 day labels Nov 19, 2025
@mergify
Copy link
Contributor

mergify bot commented Nov 19, 2025

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

  • title ~= ^(\[wip\]|\[backport\]|\[cherry-pick\])?( )?(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🟢 Enforce verified commits

Wonderful, this rule succeeded.

Make sure that we have verified commits

  • #commits-unverified = 0

🟢 Enforce linear history

Wonderful, this rule succeeded.

Make sure that we have a linear history, no merge commits are allowed

  • linear-history

@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.1 branch 3 times, most recently from 002dc50 to ae3b4d1 Compare November 25, 2025 17:18
@mergify
Copy link
Contributor

mergify bot commented Nov 26, 2025

👋 dependabot[bot] your PR is conflicting and needs to be updated to be merged

@mergify mergify bot added the conflicts PR is conflict with target branch label Nov 26, 2025
@dependabot
build(deps): Bump github.com/hashicorp/vault from 1.19.5 to 1.21.1
6cfaefb 
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.19.5 to 1.21.1.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.19.5...v1.21.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-version: 1.21.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.1 branch from ae3b4d1 to 6cfaefb Compare November 26, 2025 18:05
@mergify mergify bot removed the conflicts PR is conflict with target branch label Nov 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cybwan cybwan Awaiting requested review from cybwan cybwan is a code owner

@reaver-flomesh reaver-flomesh Awaiting requested review from reaver-flomesh reaver-flomesh is a code owner

@naqvis naqvis Awaiting requested review from naqvis naqvis is a code owner

@caishu97 caishu97 Awaiting requested review from caishu97 caishu97 is a code owner

@i0r3k i0r3k Awaiting requested review from i0r3k i0r3k is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@reaver-flomesh reaver-flomesh

Labels

area/control-plane Task/Issue related to control plane change/dependencies Pull requests that update a dependency file kind/enhancement New feature or request priority/P2 P2 priority size/XS 1 day

Projects

None yet

Milestone

v1.7.0

Development

Successfully merging this pull request may close these issues.

2 participants

@reaver-flomesh