Skip to content

Bump github.com/hashicorp/vault/api from 1.15.0 to 1.23.0#224

Merged
rsrchboy merged 1 commit into
masterfrom
dependabot/go_modules/github.com/hashicorp/vault/api-1.23.0
Jun 4, 2026
Merged

Bump github.com/hashicorp/vault/api from 1.15.0 to 1.23.0#224
rsrchboy merged 1 commit into
masterfrom
dependabot/go_modules/github.com/hashicorp/vault/api-1.23.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited
Loading

Bumps github.com/hashicorp/vault/api from 1.15.0 to 1.23.0.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.21.4

SECURITY:

  • Upgrade cloudflare/circl to v1.6.3 to resolve CVE-2026-1229
  • Upgrade filippo.io/edwards25519 to v1.1.1 to resolve GO-2026-4503
  • vault/sdk: Upgrade cloudflare/circl to v1.6.3 to resolve CVE-2026-1229
  • vault/sdk: Upgrade go.opentelemetry.io/otel/sdk to v1.40.0 to resolve GO-2026-4394

CHANGES:

  • core: Bump Go version to 1.25.7
  • mfa/duo: Upgrade duo_api_golang client to 0.2.0 to include the new Duo certificate authorities
  • ui: Remove ability to bulk delete secrets engines from the list view.

IMPROVEMENTS:

  • core/seal: Enhance sys/seal-backend-status to provide more information about seal backends.
  • secrets/kmip (Enterprise): Obey configured best_effort_wal_wait_duration when forwarding kmip requests.
  • secrets/pki (enterprise): Return the POSTPKIOperation capability within SCEP GetCACaps endpoint for better legacy client support.

BUG FIXES:

  • core (enterprise): Buffer the POST body on binary paths to allow re-reading on non-logical forwarding attempts. Addresses an issue for SCEP, EST and CMPv2 certificate issuances with slow replication of entities
  • core/identity (enterprise): Fix excessive logging when updating existing aliases
  • core/managed-keys (enterprise): client credentials should not be required when using Azure Managed Identities in managed keys.
  • plugins (enterprise): Fix bug where requests to external plugins that modify storage weren't populating the X-Vault-Index response header.
  • secrets (pki): Allow issuance of certificates without the server_flag key usage from SCEP, EST and CMPV2 protocols.
  • secrets/pki (enterprise): Address cache invalidation issues with CMPv2 on performance standby nodes.
  • secrets/pki (enterprise): Address issues using SCEP on performance standby nodes failing due to configuration invalidation issues along with errors writing to storage
  • secrets/pki (enterprise): Modify the SCEP GetCACaps endpoint to dynamically reflect the configured encryption and digest algorithms.
  • secrets/pki: The root/sign-intermediate endpoint should not fail when provided a CSR with a basic constraint extension containing isCa set to true
  • secrets/pki: allow glob-style DNS names in alt_names.

v1.21.3

February 05, 2026

SECURITY:

auth/cert: ensure that the certificate being renewed matches the certificate attached to the session.

CHANGES:

core: Bump Go version to 1.25.6

FEATURES:

UI: Hashi-Built External Plugin Support: Recognize and support Hashi-built plugins when run as external binaries

IMPROVEMENTS:

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.15.16 Enterprise

October 09, 2024

SECURITY:

  • secrets/identity: A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their privileges to Vault's root policy (CVE-2024-9180) HCSEC-2024-21

IMPROVEMENTS:

  • core: log at level ERROR rather than INFO when all seals are unhealthy. [GH-28564]

BUG FIXES:

  • auth/cert: When using ocsp_ca_certificates, an error was produced though extra certs validation succeeded. [GH-28597]
  • auth/token: Fix token TTL calculation so that it uses max_lease_ttl tune value for tokens created via auth/token/create. [GH-28498]

1.15.15 Enterprise

September 25, 2024

SECURITY:

CHANGES:

  • core: Bump Go version to 1.22.7.
  • secrets/ssh: Add a flag, allow_empty_principals to allow keys or certs to apply to any user/principal. [GH-28466]

BUG FIXES:

  • secret/aws: Fixed potential panic after step-down and the queue has not repopulated. [GH-28330]
  • auth/cert: During certificate validation, OCSP requests are debug logged even if Vault's log level is above DEBUG. [GH-28450]
  • auth/cert: ocsp_ca_certificates field was not honored when validating OCSP responses signed by a CA that did not issue the certificate. [GH-28309]
  • auth: Updated error handling for missing login credentials in AppRole and UserPass auth methods to return a 400 error instead of a 500 error. [GH-28441]
  • core: Fixed an issue where maximum request duration timeout was not being added to all requests containing strings sys/monitor and sys/events. With this change, timeout is now added to all requests except monitor and events endpoint. [GH-28230]

1.15.14 Enterprise

August 29, 2024

CHANGES:

  • activity (enterprise): filter all fields in client count responses by the request namespace [GH-27790]
  • core: Bump Go version to 1.22.6

IMPROVEMENTS:

  • activity log: Changes how new client counts in the current month are estimated, in order to return more visibly sensible totals. [GH-27547]
  • activity: /sys/internal/counters/activity will now include a warning if the specified usage period contains estimated client counts. [GH-28068]
  • cli: vault operator usage will now include a warning if the specified usage period contains estimated client counts. [GH-28068]
  • core/activity: Ensure client count queries that include the current month return consistent results by sorting the clients before performing estimation [GH-28062]

... (truncated)

Commits
  • d430306 Merge remote-tracking branch 'remotes/from/ce/main'
  • a3bc0a3 (enos): Add LDAP secrets engine blackbox tests to Plugin Scenario (#13072) (#...
  • f8df539 Merge remote-tracking branch 'remotes/from/ce/main'
  • 2b0ec25 VAULT-43444 Addressed races in tests (#13278) (#13285)
  • a097d1f Merge remote-tracking branch 'remotes/from/ce/main'
  • 7e587fd Update vault-plugin-auth-kubernetes to v0.24.1 (#13259) (#13287)
  • 1331818 UI: Fix namespace search showing empty state when namespaces exist (#13257) (...
  • 7b12feb Merge remote-tracking branch 'remotes/from/ce/main'
  • 7d4395c Update vault-plugin-auth-jwt to v0.26.1 (#13242) (#13283)
  • 6d4b615 adds flag to fix chrome in ci (#13279) (#13282)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 4, 2026
@rsrchboy
Copy link
Copy Markdown
Member

rsrchboy commented Jun 4, 2026

@dependabot rebase

@dependabot
Bump github.com/hashicorp/vault/api from 1.15.0 to 1.23.0
661c3b3 
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.15.0 to 1.23.0.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v1.10-v1.15.md)
- [Commits](hashicorp/vault@v1.15.0...api/v1.23.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault/api-1.23.0 branch from 8b02f4b to 661c3b3 Compare June 4, 2026 16:09
@rsrchboy rsrchboy merged commit 24ef232 into master Jun 4, 2026
4 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/hashicorp/vault/api-1.23.0 branch June 4, 2026 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rsrchboy