Skip to content

build(deps): Bump github.com/hashicorp/vault from 1.19.5 to 1.21.0 #1155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): Bump github.com/hashicorp/vault from 1.19.5 to 1.21.0 #1155

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 22, 2025
edited
Loading

Bumps github.com/hashicorp/vault from 1.19.5 to 1.21.0.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.21.0

No release notes provided.

v1.21.0-rc1

No release notes provided.

v1.20.4

No release notes provided.

v1.20.3

No release notes provided.

v1.20.2

August 06, 2025

SECURITY:

BUG FIXES:

  • agent/template: Fixed issue where templates would not render correctly if namespaces was provided by config, and the namespace and mount path of the secret were the same. [GH-31392]
  • identity/mfa: revert cache entry change from #31217 and document cache entry values [GH-31421]

v1.20.1

No release notes provided.

v1.20.0

1.20.0

June 25, 2025

SECURITY:

  • core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. [GH-30794]

CHANGES:

  • UI: remove outdated and unneeded js string extensions [GH-29834]
  • activity (enterprise): The sys/internal/counters/activity endpoint will return actual values for new clients in the current month.
  • activity (enterprise): provided values for start_time and end_time in sys/internal/counters/activity are aligned to the corresponding billing period.
  • activity: provided value for end_time in sys/internal/counters/activity is now capped at the end of the last completed month. [GH-30164]
  • api: Update the default API client to check for the Retry-After header and, if it exists, wait for the specified duration before retrying the request. [GH-30887]
  • auth/alicloud: Update plugin to v0.21.0 [GH-30810]
  • auth/azure: Update plugin to v0.20.2. Login requires resource_group_name, vm_name, and vmss_name to match token claims [GH-30052]
  • auth/azure: Update plugin to v0.20.3 [GH-30082]
  • auth/azure: Update plugin to v0.20.4 [GH-30543]
  • auth/azure: Update plugin to v0.21.0 [GH-30872]
  • auth/azure: Update plugin to v0.21.1 [GH-31010]
  • auth/cf: Update plugin to v0.20.1 [GH-30583]
  • auth/cf: Update plugin to v0.21.0 [GH-30842]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.21.0 rc1

October 9, 2025

SECURITY:

  • auth/ldap: fix MFA/TOTP enforcement bypass when username_as_alias is enabled.
  • core: Update github.com/hashicorp/go-getter to fix security vulnerability GHSA-wjrx-6529-hcj3.
  • core: Update github.com/ulikunitz/xz to fix security vulnerability GHSA-25xm-hr59-7c27.

CHANGES:

  • Secrets Recovery (enterprise): Deprecate the recover_snapshot_id query parameter to pass the snapshot ID for recover operations, in favor of a X-Vault-Recover-Snapshot-Id header. Vault will still accept the query parameter for backward compatibility. Also support setting the HTTP method to RECOVER for recover operations, in addition to POST and PUT.
  • activity: Renamed timestamp in export API response to token_creation_time.
  • auth/alicloud: Update plugin to v0.22.0
  • auth/azure: Update plugin to v0.22.0
  • auth/cf: Update plugin to v0.22.0
  • auth/gcp: Update plugin to v0.22.0
  • auth/jwt: Update plugin to v0.25.0
  • auth/kerberos: Update plugin to v0.16.0
  • auth/kubernetes: Update plugin to v0.23.0
  • auth/oci: Update plugin to v0.20.0
  • core: Updates post-install script to print updated license information
  • database/couchbase: Update plugin to v0.15.0
  • database/elasticsearch: Update plugin to v0.19.0
  • database/mongodbatlas: Update plugin to v0.16.0
  • database/redis-elasticache: Update plugin to v0.8.0
  • database/redis: Update plugin to v0.7.0
  • database/snowflake: Update plugin to v0.15.0
  • http: Add JSON configurable limits to HTTP handling for JSON payloads: max_json_depth, max_json_string_value_length, max_json_object_entry_count, max_json_array_element_count.
  • http: Evaluate rate limit quotas before checking JSON limits during request handling.
  • policies: change list comparison to allowed_parameters and denied_parameters from "exact match" to "contains all"
  • sdk: Upgrade to go-secure-stdlib/[email protected], which also bumps github.com/docker/docker to v28.3.3+incompatible
  • secrets/alicloud: Update plugin to v0.21.0
  • secrets/azure: Update azure enterprise secrets plugin to include static roles.
  • secrets/azure: Update plugin to v0.23.0
  • secrets/gcp: Update plugin to v0.23.0
  • secrets/kubernetes: Update plugin to v0.12.0
  • secrets/kv: Update plugin to v0.25.0
  • secrets/mongodbatlas: Update plugin to v0.16.0
  • secrets/openldap: Update plugin to v0.17.0
  • secrets/terraform: Update plugin to v0.13.0
  • ui/client-counts: removes tabs for each client count type and adds split view for counts per type in overview stacked bar chart
  • ui: Add client count attribution for the full billing period to the client counts overview table
  • ui: Remove namespace context filter for activity in client count dashboard

FEATURES:

  • AES-CBC in Transit (Enterprise): Add support for encryption and decryption with AES-CBC in the Transit Secrets Engine.
  • KV v2 Version Attribution: Vault now includes attribution metadata for versioned KV secrets. This allows lookup of attribution information for each version of KV v2 secrets from CLI and API.
  • Login MFA TOTP Self-Enrollment (Enterprise): Simplify creation of login MFA TOTP credentials for users, allowing them to self-enroll MFA TOTP using a QR code (TOTP secret) generated during login. The new functionality is configurable on the TOTP login MFA method configuration screen and via the enable_self_enrollment parameter in the API.

... (truncated)

Commits
  • 818ca8b [VAULT-40260] This is an automated pull request to build all artifacts for a ...
  • b5deaa0 Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • a20f035 Backport [VAULT-40033] Migrate Slack notifications to ibm-hashicorp workspace...
  • 58e59e6 Backport license: update headers to IBM Corp. into release/1.21.x+ent (#10234...
  • 59a526a Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • 1c05b39 pipeline(changed-files): one more small false positive fix (#10247) (#10263) ...
  • 29892ad Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • 054c35d fix: cache aws auth client by account id (#9981) (#10111) (#10125)
  • 921938f Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • fabb0da Backport Backport pipeline(changed-files): fix false positives for some files...
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
github.com/hashicorp/vault [>= 1.20.a, < 1.21]

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added this to the v1.7.0 milestone Oct 22, 2025
@dependabot dependabot bot added the area/control-plane Task/Issue related to control plane label Oct 22, 2025
@dependabot dependabot bot requested a review from caishu97 as a code owner October 22, 2025 22:25
@dependabot dependabot bot added the change/dependencies Pull requests that update a dependency file label Oct 22, 2025
@dependabot dependabot bot requested a review from i0r3k as a code owner October 22, 2025 22:25
@dependabot dependabot bot added kind/enhancement New feature or request priority/P2 P2 priority size/XS 1 day labels Oct 22, 2025
@mergify
Copy link
Contributor

mergify bot commented Oct 22, 2025

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

  • title ~= ^(\[wip\]|\[backport\]|\[cherry-pick\])?( )?(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🟢 Enforce verified commits

Wonderful, this rule succeeded.

Make sure that we have verified commits

  • #commits-unverified = 0

🟢 Enforce linear history

Wonderful, this rule succeeded.

Make sure that we have a linear history, no merge commits are allowed

  • linear-history

@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.0 branch from 43d0484 to a1ef772 Compare October 27, 2025 06:57
@mergify
Copy link
Contributor

mergify bot commented Oct 29, 2025

👋 dependabot[bot] your PR is conflicting and needs to be updated to be merged

@mergify mergify bot added the conflicts PR is conflict with target branch label Oct 29, 2025
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.0 branch from a1ef772 to 651f5e9 Compare October 29, 2025 05:29
@mergify mergify bot removed the conflicts PR is conflict with target branch label Oct 29, 2025
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.0 branch 2 times, most recently from 66a51e4 to 5831b7f Compare October 30, 2025 16:08
@mergify
Copy link
Contributor

mergify bot commented Nov 3, 2025

👋 dependabot[bot] your PR is conflicting and needs to be updated to be merged

@mergify mergify bot added the conflicts PR is conflict with target branch label Nov 3, 2025
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.0 branch from 5831b7f to 7a9bf50 Compare November 3, 2025 07:23
@mergify mergify bot removed the conflicts PR is conflict with target branch label Nov 3, 2025
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.0 branch from 7a9bf50 to 9f4bef3 Compare November 6, 2025 06:03
@mergify
Copy link
Contributor

mergify bot commented Nov 7, 2025

👋 dependabot[bot] your PR is conflicting and needs to be updated to be merged

@mergify mergify bot added the conflicts PR is conflict with target branch label Nov 7, 2025
@dependabot
build(deps): Bump github.com/hashicorp/vault from 1.19.5 to 1.21.0
dd8af9f 
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.19.5 to 1.21.0.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.19.5...v1.21.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.0 branch from 9f4bef3 to dd8af9f Compare November 7, 2025 02:29
@mergify mergify bot removed the conflicts PR is conflict with target branch label Nov 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cybwan cybwan Awaiting requested review from cybwan cybwan is a code owner

@reaver-flomesh reaver-flomesh Awaiting requested review from reaver-flomesh reaver-flomesh is a code owner

@naqvis naqvis Awaiting requested review from naqvis naqvis is a code owner

@caishu97 caishu97 Awaiting requested review from caishu97 caishu97 is a code owner

@i0r3k i0r3k Awaiting requested review from i0r3k i0r3k is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@reaver-flomesh reaver-flomesh

Labels

area/control-plane Task/Issue related to control plane change/dependencies Pull requests that update a dependency file kind/enhancement New feature or request priority/P2 P2 priority size/XS 1 day

Projects

None yet

Milestone

v1.7.0

Development

Successfully merging this pull request may close these issues.

2 participants

@reaver-flomesh