Skip to content

chore(deps): bump github.com/hashicorp/vault from 1.21.2 to 1.21.4#152

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/github.com/hashicorp/vault-1.21.4
Open

chore(deps): bump github.com/hashicorp/vault from 1.21.2 to 1.21.4#152
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/github.com/hashicorp/vault-1.21.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 8, 2026
edited
Loading

Bumps github.com/hashicorp/vault from 1.21.2 to 1.21.4.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.21.4

SECURITY:

  • Upgrade cloudflare/circl to v1.6.3 to resolve CVE-2026-1229
  • Upgrade filippo.io/edwards25519 to v1.1.1 to resolve GO-2026-4503
  • vault/sdk: Upgrade cloudflare/circl to v1.6.3 to resolve CVE-2026-1229
  • vault/sdk: Upgrade go.opentelemetry.io/otel/sdk to v1.40.0 to resolve GO-2026-4394

CHANGES:

  • core: Bump Go version to 1.25.7
  • mfa/duo: Upgrade duo_api_golang client to 0.2.0 to include the new Duo certificate authorities
  • ui: Remove ability to bulk delete secrets engines from the list view.

IMPROVEMENTS:

  • core/seal: Enhance sys/seal-backend-status to provide more information about seal backends.
  • secrets/kmip (Enterprise): Obey configured best_effort_wal_wait_duration when forwarding kmip requests.
  • secrets/pki (enterprise): Return the POSTPKIOperation capability within SCEP GetCACaps endpoint for better legacy client support.

BUG FIXES:

  • core (enterprise): Buffer the POST body on binary paths to allow re-reading on non-logical forwarding attempts. Addresses an issue for SCEP, EST and CMPv2 certificate issuances with slow replication of entities
  • core/identity (enterprise): Fix excessive logging when updating existing aliases
  • core/managed-keys (enterprise): client credentials should not be required when using Azure Managed Identities in managed keys.
  • plugins (enterprise): Fix bug where requests to external plugins that modify storage weren't populating the X-Vault-Index response header.
  • secrets (pki): Allow issuance of certificates without the server_flag key usage from SCEP, EST and CMPV2 protocols.
  • secrets/pki (enterprise): Address cache invalidation issues with CMPv2 on performance standby nodes.
  • secrets/pki (enterprise): Address issues using SCEP on performance standby nodes failing due to configuration invalidation issues along with errors writing to storage
  • secrets/pki (enterprise): Modify the SCEP GetCACaps endpoint to dynamically reflect the configured encryption and digest algorithms.
  • secrets/pki: The root/sign-intermediate endpoint should not fail when provided a CSR with a basic constraint extension containing isCa set to true
  • secrets/pki: allow glob-style DNS names in alt_names.

v1.21.3

February 05, 2026

SECURITY:

auth/cert: ensure that the certificate being renewed matches the certificate attached to the session.

CHANGES:

core: Bump Go version to 1.25.6

FEATURES:

UI: Hashi-Built External Plugin Support: Recognize and support Hashi-built plugins when run as external binaries

IMPROVEMENTS:

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.21.4

March 05, 2026

SECURITY:

  • Upgrade cloudflare/circl to v1.6.3 to resolve CVE-2026-1229
  • Upgrade filippo.io/edwards25519 to v1.1.1 to resolve GO-2026-4503
  • vault/sdk: Upgrade cloudflare/circl to v1.6.3 to resolve CVE-2026-1229
  • vault/sdk: Upgrade go.opentelemetry.io/otel/sdk to v1.40.0 to resolve GO-2026-4394

CHANGES:

  • core: Bump Go version to 1.25.7
  • mfa/duo: Upgrade duo_api_golang client to 0.2.0 to include the new Duo certificate authorities
  • ui: Remove ability to bulk delete secrets engines from the list view.

IMPROVEMENTS:

  • core/seal: Enhance sys/seal-backend-status to provide more information about seal backends.
  • secrets/kmip (Enterprise): Obey configured best_effort_wal_wait_duration when forwarding kmip requests.
  • secrets/pki (enterprise): Return the POSTPKIOperation capability within SCEP GetCACaps endpoint for better legacy client support.

BUG FIXES:

  • core (enterprise): Buffer the POST body on binary paths to allow re-reading on non-logical forwarding attempts. Addresses an issue for SCEP, EST and CMPv2 certificate issuances with slow replication of entities
  • core/identity (enterprise): Fix excessive logging when updating existing aliases
  • core/managed-keys (enterprise): client credentials should not be required when using Azure Managed Identities in managed keys.
  • plugins (enterprise): Fix bug where requests to external plugins that modify storage weren't populating the X-Vault-Index response header.
  • secrets (pki): Allow issuance of certificates without the server_flag key usage from SCEP, EST and CMPV2 protocols.
  • secrets/pki (enterprise): Address cache invalidation issues with CMPv2 on performance standby nodes.
  • secrets/pki (enterprise): Address issues using SCEP on performance standby nodes failing due to configuration invalidation issues along with errors writing to storage
  • secrets/pki (enterprise): Modify the SCEP GetCACaps endpoint to dynamically reflect the configured encryption and digest algorithms.
  • secrets/pki: The root/sign-intermediate endpoint should not fail when provided a CSR with a basic constraint extension containing isCa set to true
  • secrets/pki: allow glob-style DNS names in alt_names.

1.21.3

February 05, 2026

SECURITY:

  • auth/cert: ensure that the certificate being renewed matches the certificate attached to the session.

CHANGES:

  • core: Bump Go version to 1.25.6

FEATURES:

  • UI: Hashi-Built External Plugin Support: Recognize and support Hashi-built plugins when run as external binaries

... (truncated)

Commits
  • ffe7023 This is an automated pull request to build all artifacts for a release (#31820)
  • 0029c63 Bump version from 1.21.3 to 1.21.4 (#31819)
  • 61d180f This is an automated pull request to build all artifacts for a release (#31813)
  • 1732208 Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • 0f2c11a [VAULT-42862] upgrade cloudflare/circl => v1.6.3 to partially resolve CVE-202...
  • 77d05f8 Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • efd542d actions: bump actions and set-up-go in cloud scenario runner (#12629) (#12633...
  • a69c321 Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • 2e5e8e5 Add schedule to hcp runs (#12636) (#12659) (#12660)
  • fed05bd Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1....
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 8, 2026 07:23
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 8, 2026
@dependabot dependabot Bot mentioned this pull request Mar 8, 2026
Closed
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.4 branch 2 times, most recently from 13e7327 to 302bde9 Compare March 16, 2026 10:24
@dependabot dependabot Bot requested a review from a team as a code owner March 16, 2026 10:25
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.4 branch from 302bde9 to ef1e9b8 Compare March 23, 2026 12:40
@jjacque
Copy link
Copy Markdown
Contributor

jjacque commented Mar 24, 2026

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.4 branch from ef1e9b8 to 659d967 Compare March 24, 2026 10:30
@jjacque
Copy link
Copy Markdown
Contributor

jjacque commented Mar 30, 2026

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.4 branch from 659d967 to d0fc3ae Compare March 30, 2026 09:15
@dependabot @jjacque
chore(deps): bump github.com/hashicorp/vault from 1.21.2 to 1.21.4
6e9f3c1 
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.21.2 to 1.21.4.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault@v1.21.2...v1.21.4)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-version: 1.21.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@jjacque jjacque force-pushed the dependabot/go_modules/github.com/hashicorp/vault-1.21.4 branch from d0fc3ae to 6e9f3c1 Compare April 13, 2026 12:40
@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented Apr 13, 2026

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric Results
Complexity 0
Duplication 0

View in Codacy

TIP This summary will be updated as you push new changes. Give us feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jjacque