Bump github.com/hashicorp/vault/api from 1.1.1 to 1.20.0 #45

dependabot · 2025-06-04T19:38:04Z

Bumps github.com/hashicorp/vault/api from 1.1.1 to 1.20.0.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.19.5

1.19.5

May 30, 2025

Enterprise LTS: Vault Enterprise 1.19 is a Long-Term Support (LTS) release.

CHANGES:

database/snowflake: Update plugin to v0.13.1 [GH-30775]

IMPROVEMENTS:

plugins: Support registration of CE plugins with extracted artifact directory. [GH-30673]

BUG FIXES:

ui: Fix broken link to Hashicorp Vault developer site in the Web REPL help. [GH-30670]

v1.19.4

1.19.4

May 16, 2025

CHANGES:

Update vault-plugin-auth-cf to v0.20.1 [GH-30586]

auth/azure: Update plugin to v0.20.4 [GH-30543]

core: Bump Go version to 1.24.3.

IMPROVEMENTS:

Namespaces (enterprise): allow a root token to relock a namespace

core (enterprise): update to FIPS 140-3 cryptographic module in the FIPS builds.

core: Updated code and documentation to support FIPS 140-3 compliant algorithms. [GH-30576]

core: support for X25519MLKEM768 (post quantum key agreement) in the Go TLS stack. [GH-30603]

ui: Replaces all instances of the deprecated event.keyCode with event.key [GH-30493]

BUG FIXES:

core (enterprise): fix a bug where plugin automated root rotations would stop after seal/unseal operations

plugins (enterprise): Fix an issue where Enterprise plugins can't run on a standby node when it becomes active because standby nodes don't extract the artifact when the plugin is registered. Remove extracting from Vault and require the operator to place the extracted artifact in the plugin directory before registration.

v1.19.3

1.19.3

April 30, 2025

CHANGES:

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.9.10

September 30, 2022

SECURITY:

secrets/pki: Vault’s TLS certificate auth method did not initially load the optionally-configured CRL issued by the role’s CA into memory on startup, resulting in the revocation list not being checked, if the CRL has not yet been retrieved. This vulnerability, CVE-2022-41316, is fixed in Vault 1.12.0, 1.11.4, 1.10.7, and 1.9.10. [HSEC-2022-24]

BUG FIXES:

auth/cert: Vault does not initially load the CRLs in cert auth unless the read/write CRL endpoint is hit. [GH-17138]

replication (enterprise): Fix data race in SaveCheckpoint()

ui: Fix lease force revoke action [GH-16930]

1.9.9

August 31, 2022

SECURITY:

core: When entity aliases mapped to a single entity share the same alias name, but have different mount accessors, Vault can leak metadata between the aliases. This metadata leak may result in unexpected access if templated policies are using alias metadata for path names. This vulnerability, CVE-2022-40186, is fixed in 1.11.3, 1.10.6, and 1.9.9. [HSEC-2022-18]

CHANGES:

core: Bump Go version to 1.17.13.

BUG FIXES:

core (enterprise): Fix some races in merkle index flushing code found in testing

core: Increase the allowed concurrent gRPC streams over the cluster port. [GH-16327]

database: Invalidate queue should cancel context first to avoid deadlock [GH-15933]

secrets/database: Fix a bug where the secret engine would queue up a lot of WAL deletes during startup. [GH-16686]

ui: Fix OIDC callback to accept namespace flag in different formats [GH-16886]

ui: Fix issue logging in with JWT auth method [GH-16466]

SECURITY:

identity/entity: When entity aliases mapped to a single entity share the same alias name, but have different mount accessors, Vault can leak metadata between the aliases. This metadata leak may result in unexpected access if templated policies are using alias metadata for path names. [HCSEC-2022-18]

1.9.8

July 21, 2022

SECURITY:

storage/raft: Vault Enterprise (“Vault”) clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. This vulnerability, CVE-2022-36129, was fixed in Vault 1.9.8, 1.10.5, and 1.11.1. [HSEC-2022-15]

CHANGES:

core: Bump Go version to 1.17.12.

... (truncated)

Commits

71ca099 Update vault-plugin-secrets-gcp to v0.22.0 (#30846)
51ec0db Update vault-plugin-auth-kerberos to v0.15.0 (#30845)
38cc2c9 Update vault-plugin-auth-cf to v0.21.0 (#30842)
36aa49b enos(fips1403): simplify semver constraint to only consider currently mixed r...
407c297 Update vault-plugin-secrets-openldap to v0.16.0 (#30844)
a725087 VAULT-36495 CE changes (#30807)
d19e946 Update vault-plugin-auth-oci to v0.19.0 (#30841)
d9ecd5b PostgreSQL backend passwordless authentication in cloud (#30681)
636524e Update vault-plugin-database-couchbase to v0.14.0 (#30836)
befafd5 [VAULT-35682] build(cgo): Build CGO binaries in a container (#30834)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.1.1 to 1.20.0. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-pre-v1.10.md) - [Commits](hashicorp/vault@v1.1.1...api/v1.20.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/api dependency-version: 1.20.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 4, 2025

dependabot bot mentioned this pull request Jun 4, 2025

Bump github.com/hashicorp/vault/api from 1.1.1 to 1.16.0 #42

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump github.com/hashicorp/vault/api from 1.1.1 to 1.20.0 #45

Bump github.com/hashicorp/vault/api from 1.1.1 to 1.20.0 #45

Uh oh!

dependabot bot commented on behalf of github Jun 4, 2025

Uh oh!

Uh oh!

Bump github.com/hashicorp/vault/api from 1.1.1 to 1.20.0 #45

Are you sure you want to change the base?

Bump github.com/hashicorp/vault/api from 1.1.1 to 1.20.0 #45

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 4, 2025

v1.19.5

1.19.5

May 30, 2025

v1.19.4

1.19.4

May 16, 2025

v1.19.3

1.19.3

April 30, 2025

1.9.10

September 30, 2022

1.9.9

August 31, 2022

1.9.8

July 21, 2022

Uh oh!

Uh oh!