alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

chore(deps): update dependency hashicorp/vault to v1.21.2 - autoclosed #3408

Closed
renovate-bot wants to merge 1 commits from renovate/hashicorp-vault-1.x into main
pull from: renovate/hashicorp-vault-1.x
merge into: alexlebens:main
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate-bot commented 2026-01-23 20:58:12 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
hashicorp/vault patch 1.21.11.21.2

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

hashicorp/vault (hashicorp/vault)

v1.21.2

Compare Source

1.21.2

January 07, 2026

CHANGES:

  • auth/oci: bump plugin to v0.20.1
  • core: Bump Go version to 1.25.5
  • packaging: Container images are now exported using a compressed OCI image layout.
  • packaging: UBI container images are now built on the UBI 10 minimal image.
  • secrets/azure: Update plugin to v0.25.1+ent. Improves retry handling during Azure application and service principal creation to reduce transient failures.
  • storage: Upgrade aerospike client library to v8.

IMPROVEMENTS:

  • core: check rotation manager queue every 5 seconds instead of 10 seconds to improve responsiveness
  • go: update to golang/x/crypto to v0.45.0 to resolve GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x, GO-2025-4134 and GO-2025-4135.
  • rotation: Ensure rotations for shared paths only execute on the Primary cluster's active node. Ensure rotations for local paths execute on the cluster-local active node.
  • sdk/rotation: Prevent rotation attempts on read-only storage.
  • secrets-sync (enterprise): Added support for a boolean force_delete flag (default: false). When set to true, this flag allows deletion of a destination even if its associations cannot be unsynced. This option should be used only as a last-resort deletion mechanism, as any secrets already synced to the external provider will remain orphaned and require manual cleanup.
  • secrets/pki: Avoid loading issuer information multiple times per leaf certificate signing.

BUG FIXES:

  • core/activitylog (enterprise): Resolve a stability issue where Vault Enterprise could encounter a panic during month-end billing activity rollover.
  • http: skip JSON limit parsing on cluster listener.
  • quotas: Vault now protects plugins with ResolveRole operations from panicking on quota creation.
  • replication (enterprise): fix rare panic due to race when enabling a secondary with Consul storage.
  • rotation: Fix a bug where a performance secondary would panic if a write was made to a local mount.
  • secret-sync (enterprise): Improved unsync error handling by treating cases where the destination no longer exists as successful.
  • secrets-sync (enterprise): Corrected a bug where the deletion of the latest KV-V2 secret version caused the associated external secret to be deleted entirely. The sync job now implements a version fallback mechanism to find and sync the highest available active version, ensuring continuity and preventing the unintended deletion of the external secret resource.
  • secrets-sync (enterprise): Fix issue where secrets were not properly un-synced after destination config changes.
  • secrets-sync (enterprise): Fix issue where sync store deletion could be attempted when sync is disabled.
  • ui/pki: Fix handling of values that contain commas in list fields like crl_distribution_points.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [hashicorp/vault](https://github.com/hashicorp/vault) | patch | `1.21.1` → `1.21.2` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>hashicorp/vault (hashicorp/vault)</summary> ### [`v1.21.2`](https://github.com/hashicorp/vault/releases/tag/v1.21.2) [Compare Source](https://github.com/hashicorp/vault/compare/v1.21.1...v1.21.2) #### 1.21.2 ##### January 07, 2026 CHANGES: - auth/oci: bump plugin to v0.20.1 - core: Bump Go version to 1.25.5 - packaging: Container images are now exported using a compressed OCI image layout. - packaging: UBI container images are now built on the UBI 10 minimal image. - secrets/azure: Update plugin to v0.25.1+ent. Improves retry handling during Azure application and service principal creation to reduce transient failures. - storage: Upgrade aerospike client library to v8. IMPROVEMENTS: - core: check rotation manager queue every 5 seconds instead of 10 seconds to improve responsiveness - go: update to golang/x/crypto to v0.45.0 to resolve GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x, GO-2025-4134 and GO-2025-4135. - rotation: Ensure rotations for shared paths only execute on the Primary cluster's active node. Ensure rotations for local paths execute on the cluster-local active node. - sdk/rotation: Prevent rotation attempts on read-only storage. - secrets-sync (enterprise): Added support for a boolean force\_delete flag (default: false). When set to true, this flag allows deletion of a destination even if its associations cannot be unsynced. This option should be used only as a last-resort deletion mechanism, as any secrets already synced to the external provider will remain orphaned and require manual cleanup. - secrets/pki: Avoid loading issuer information multiple times per leaf certificate signing. BUG FIXES: - core/activitylog (enterprise): Resolve a stability issue where Vault Enterprise could encounter a panic during month-end billing activity rollover. - http: skip JSON limit parsing on cluster listener. - quotas: Vault now protects plugins with ResolveRole operations from panicking on quota creation. - replication (enterprise): fix rare panic due to race when enabling a secondary with Consul storage. - rotation: Fix a bug where a performance secondary would panic if a write was made to a local mount. - secret-sync (enterprise): Improved unsync error handling by treating cases where the destination no longer exists as successful. - secrets-sync (enterprise): Corrected a bug where the deletion of the latest KV-V2 secret version caused the associated external secret to be deleted entirely. The sync job now implements a version fallback mechanism to find and sync the highest available active version, ensuring continuity and preventing the unintended deletion of the external secret resource. - secrets-sync (enterprise): Fix issue where secrets were not properly un-synced after destination config changes. - secrets-sync (enterprise): Fix issue where sync store deletion could be attempted when sync is disabled. - ui/pki: Fix handling of values that contain commas in list fields like `crl_distribution_points`. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42OS4yIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
renovate-bot added 1 commit 2026-01-23 20:58:12 +00:00
chore(deps): update dependency hashicorp/vault to v1.21.2
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 14s
Details
a043dfac05
renovate-bot force-pushed renovate/hashicorp-vault-1.x from a043dfac05 to a0908db3b0 2026-01-23 22:13:38 +00:00 Compare
renovate-bot force-pushed renovate/hashicorp-vault-1.x from a0908db3b0 to 0c7396798e 2026-01-23 22:46:58 +00:00 Compare
renovate-bot force-pushed renovate/hashicorp-vault-1.x from 0c7396798e to 4ecda6c5ff 2026-01-23 23:02:44 +00:00 Compare
renovate-bot changed title from chore(deps): update dependency hashicorp/vault to v1.21.2 to chore(deps): update dependency hashicorp/vault to v1.21.2 - autoclosed 2026-01-23 23:15:41 +00:00
renovate-bot closed this pull request 2026-01-23 23:15:42 +00:00
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 17s
Details
render-manifests-automerge / render-manifests-automerge (pull_request) Has been skipped
Details
render-manifests-merge / render-manifests-merge (pull_request) Has been skipped
Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Renovate
Issue generated by Renovate.
 automerge
This PR will be automerged by Renovate.
 chart
Chart update generated by Renovate.
 image
Image update generated by Renovate.
 stale
PR or Issue that has not been updated recently.
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-bot renovate-bot alexlebens
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#3408
Delete Branch "renovate/hashicorp-vault-1.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?