chore(deps): update dependency hashicorp/vault to v1.21.2 - autoclosed #3408

Closed
renovate-bot wants to merge 1 commits from renovate/hashicorp-vault-1.x into main
Collaborator

This PR contains the following updates:

Package Update Change
hashicorp/vault patch 1.21.11.21.2

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

hashicorp/vault (hashicorp/vault)

v1.21.2

Compare Source

1.21.2

January 07, 2026

CHANGES:

  • auth/oci: bump plugin to v0.20.1
  • core: Bump Go version to 1.25.5
  • packaging: Container images are now exported using a compressed OCI image layout.
  • packaging: UBI container images are now built on the UBI 10 minimal image.
  • secrets/azure: Update plugin to v0.25.1+ent. Improves retry handling during Azure application and service principal creation to reduce transient failures.
  • storage: Upgrade aerospike client library to v8.

IMPROVEMENTS:

  • core: check rotation manager queue every 5 seconds instead of 10 seconds to improve responsiveness
  • go: update to golang/x/crypto to v0.45.0 to resolve GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x, GO-2025-4134 and GO-2025-4135.
  • rotation: Ensure rotations for shared paths only execute on the Primary cluster's active node. Ensure rotations for local paths execute on the cluster-local active node.
  • sdk/rotation: Prevent rotation attempts on read-only storage.
  • secrets-sync (enterprise): Added support for a boolean force_delete flag (default: false). When set to true, this flag allows deletion of a destination even if its associations cannot be unsynced. This option should be used only as a last-resort deletion mechanism, as any secrets already synced to the external provider will remain orphaned and require manual cleanup.
  • secrets/pki: Avoid loading issuer information multiple times per leaf certificate signing.

BUG FIXES:

  • core/activitylog (enterprise): Resolve a stability issue where Vault Enterprise could encounter a panic during month-end billing activity rollover.
  • http: skip JSON limit parsing on cluster listener.
  • quotas: Vault now protects plugins with ResolveRole operations from panicking on quota creation.
  • replication (enterprise): fix rare panic due to race when enabling a secondary with Consul storage.
  • rotation: Fix a bug where a performance secondary would panic if a write was made to a local mount.
  • secret-sync (enterprise): Improved unsync error handling by treating cases where the destination no longer exists as successful.
  • secrets-sync (enterprise): Corrected a bug where the deletion of the latest KV-V2 secret version caused the associated external secret to be deleted entirely. The sync job now implements a version fallback mechanism to find and sync the highest available active version, ensuring continuity and preventing the unintended deletion of the external secret resource.
  • secrets-sync (enterprise): Fix issue where secrets were not properly un-synced after destination config changes.
  • secrets-sync (enterprise): Fix issue where sync store deletion could be attempted when sync is disabled.
  • ui/pki: Fix handling of values that contain commas in list fields like crl_distribution_points.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [hashicorp/vault](https://github.com/hashicorp/vault) | patch | `1.21.1` → `1.21.2` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>hashicorp/vault (hashicorp/vault)</summary> ### [`v1.21.2`](https://github.com/hashicorp/vault/releases/tag/v1.21.2) [Compare Source](https://github.com/hashicorp/vault/compare/v1.21.1...v1.21.2) #### 1.21.2 ##### January 07, 2026 CHANGES: - auth/oci: bump plugin to v0.20.1 - core: Bump Go version to 1.25.5 - packaging: Container images are now exported using a compressed OCI image layout. - packaging: UBI container images are now built on the UBI 10 minimal image. - secrets/azure: Update plugin to v0.25.1+ent. Improves retry handling during Azure application and service principal creation to reduce transient failures. - storage: Upgrade aerospike client library to v8. IMPROVEMENTS: - core: check rotation manager queue every 5 seconds instead of 10 seconds to improve responsiveness - go: update to golang/x/crypto to v0.45.0 to resolve GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x, GO-2025-4134 and GO-2025-4135. - rotation: Ensure rotations for shared paths only execute on the Primary cluster's active node. Ensure rotations for local paths execute on the cluster-local active node. - sdk/rotation: Prevent rotation attempts on read-only storage. - secrets-sync (enterprise): Added support for a boolean force\_delete flag (default: false). When set to true, this flag allows deletion of a destination even if its associations cannot be unsynced. This option should be used only as a last-resort deletion mechanism, as any secrets already synced to the external provider will remain orphaned and require manual cleanup. - secrets/pki: Avoid loading issuer information multiple times per leaf certificate signing. BUG FIXES: - core/activitylog (enterprise): Resolve a stability issue where Vault Enterprise could encounter a panic during month-end billing activity rollover. - http: skip JSON limit parsing on cluster listener. - quotas: Vault now protects plugins with ResolveRole operations from panicking on quota creation. - replication (enterprise): fix rare panic due to race when enabling a secondary with Consul storage. - rotation: Fix a bug where a performance secondary would panic if a write was made to a local mount. - secret-sync (enterprise): Improved unsync error handling by treating cases where the destination no longer exists as successful. - secrets-sync (enterprise): Corrected a bug where the deletion of the latest KV-V2 secret version caused the associated external secret to be deleted entirely. The sync job now implements a version fallback mechanism to find and sync the highest available active version, ensuring continuity and preventing the unintended deletion of the external secret resource. - secrets-sync (enterprise): Fix issue where secrets were not properly un-synced after destination config changes. - secrets-sync (enterprise): Fix issue where sync store deletion could be attempted when sync is disabled. - ui/pki: Fix handling of values that contain commas in list fields like `crl_distribution_points`. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42OS4yIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
renovate-bot added 1 commit 2026-01-23 20:58:12 +00:00
chore(deps): update dependency hashicorp/vault to v1.21.2
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 14s
a043dfac05
renovate-bot force-pushed renovate/hashicorp-vault-1.x from a043dfac05 to a0908db3b0 2026-01-23 22:13:38 +00:00 Compare
renovate-bot force-pushed renovate/hashicorp-vault-1.x from a0908db3b0 to 0c7396798e 2026-01-23 22:46:58 +00:00 Compare
renovate-bot force-pushed renovate/hashicorp-vault-1.x from 0c7396798e to 4ecda6c5ff 2026-01-23 23:02:44 +00:00 Compare
renovate-bot changed title from chore(deps): update dependency hashicorp/vault to v1.21.2 to chore(deps): update dependency hashicorp/vault to v1.21.2 - autoclosed 2026-01-23 23:15:41 +00:00
renovate-bot closed this pull request 2026-01-23 23:15:42 +00:00
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 17s
render-manifests-automerge / render-manifests-automerge (pull_request) Has been skipped
render-manifests-merge / render-manifests-merge (pull_request) Has been skipped

Pull request closed

Sign in to join this conversation.