Trez/rinoa-docker
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Activity

🔧 Renovate: Update (patch) regex/hashicorp/vault to 1.21.2 to v1.21.2 #1681

Merged
renovate-bot merged 1 commits from renovate/regex-hashicorp-vault-1-21-2 into main 2026-01-24 12:38:57 -05:00
Conversation 0 Commits 1 Files Changed 2
+2 -2
renovate-bot commented 2026-01-24 12:38:32 -05:00
Member
Copy Link
Copy Source

This PR contains the following updates:

Package Update Change
hashicorp/vault patch 1.21.11.21.2

Renovate Update Info

  • Update Type: patch

  • Automerge: 🛑 This update requires manual approval

Release Notes

hashicorp/vault (hashicorp/vault)

v1.21.2

Compare Source

January 07, 2026

CHANGES:

  • auth/oci: bump plugin to v0.20.1
  • core: Bump Go version to 1.25.5
  • packaging: Container images are now exported using a compressed OCI image layout.
  • packaging: UBI container images are now built on the UBI 10 minimal image.
  • secrets/azure: Update plugin to v0.25.1+ent. Improves retry handling during Azure application and service principal creation to reduce transient failures.
  • storage: Upgrade aerospike client library to v8.

IMPROVEMENTS:

  • core: check rotation manager queue every 5 seconds instead of 10 seconds to improve responsiveness
  • go: update to golang/x/crypto to v0.45.0 to resolve GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x, GO-2025-4134 and GO-2025-4135.
  • rotation: Ensure rotations for shared paths only execute on the Primary cluster's active node. Ensure rotations for local paths execute on the cluster-local active node.
  • sdk/rotation: Prevent rotation attempts on read-only storage.
  • secrets-sync (enterprise): Added support for a boolean force_delete flag (default: false). When set to true, this flag allows deletion of a destination even if its associations cannot be unsynced. This option should be used only as a last-resort deletion mechanism, as any secrets already synced to the external provider will remain orphaned and require manual cleanup.
  • secrets/pki: Avoid loading issuer information multiple times per leaf certificate signing.

BUG FIXES:

  • core/activitylog (enterprise): Resolve a stability issue where Vault Enterprise could encounter a panic during month-end billing activity rollover.
  • http: skip JSON limit parsing on cluster listener.
  • quotas: Vault now protects plugins with ResolveRole operations from panicking on quota creation.
  • replication (enterprise): fix rare panic due to race when enabling a secondary with Consul storage.
  • rotation: Fix a bug where a performance secondary would panic if a write was made to a local mount.
  • secret-sync (enterprise): Improved unsync error handling by treating cases where the destination no longer exists as successful.
  • secrets-sync (enterprise): Corrected a bug where the deletion of the latest KV-V2 secret version caused the associated external secret to be deleted entirely. The sync job now implements a version fallback mechanism to find and sync the highest available active version, ensuring continuity and preventing the unintended deletion of the external secret resource.
  • secrets-sync (enterprise): Fix issue where secrets were not properly un-synced after destination config changes.
  • secrets-sync (enterprise): Fix issue where sync store deletion could be attempted when sync is disabled.
  • ui/pki: Fix handling of values that contain commas in list fields like crl_distribution_points.

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [hashicorp/vault](https://github.com/hashicorp/vault) | patch | `1.21.1` → `1.21.2` | ### ⚡ Renovate Update Info - **Update Type:** patch - **Automerge:** 🛑 This update requires manual approval --- ### Release Notes <details> <summary>hashicorp/vault (hashicorp/vault)</summary> ### [`v1.21.2`](https://github.com/hashicorp/vault/blob/HEAD/CHANGELOG.md#1212) [Compare Source](https://github.com/hashicorp/vault/compare/v1.21.1...v1.21.2) ##### January 07, 2026 CHANGES: - auth/oci: bump plugin to v0.20.1 - core: Bump Go version to 1.25.5 - packaging: Container images are now exported using a compressed OCI image layout. - packaging: UBI container images are now built on the UBI 10 minimal image. - secrets/azure: Update plugin to v0.25.1+ent. Improves retry handling during Azure application and service principal creation to reduce transient failures. - storage: Upgrade aerospike client library to v8. IMPROVEMENTS: - core: check rotation manager queue every 5 seconds instead of 10 seconds to improve responsiveness - go: update to golang/x/crypto to v0.45.0 to resolve GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x, GO-2025-4134 and GO-2025-4135. - rotation: Ensure rotations for shared paths only execute on the Primary cluster's active node. Ensure rotations for local paths execute on the cluster-local active node. - sdk/rotation: Prevent rotation attempts on read-only storage. - secrets-sync (enterprise): Added support for a boolean force\_delete flag (default: false). When set to true, this flag allows deletion of a destination even if its associations cannot be unsynced. This option should be used only as a last-resort deletion mechanism, as any secrets already synced to the external provider will remain orphaned and require manual cleanup. - secrets/pki: Avoid loading issuer information multiple times per leaf certificate signing. BUG FIXES: - core/activitylog (enterprise): Resolve a stability issue where Vault Enterprise could encounter a panic during month-end billing activity rollover. - http: skip JSON limit parsing on cluster listener. - quotas: Vault now protects plugins with ResolveRole operations from panicking on quota creation. - replication (enterprise): fix rare panic due to race when enabling a secondary with Consul storage. - rotation: Fix a bug where a performance secondary would panic if a write was made to a local mount. - secret-sync (enterprise): Improved unsync error handling by treating cases where the destination no longer exists as successful. - secrets-sync (enterprise): Corrected a bug where the deletion of the latest KV-V2 secret version caused the associated external secret to be deleted entirely. The sync job now implements a version fallback mechanism to find and sync the highest available active version, ensuring continuity and preventing the unintended deletion of the external secret resource. - secrets-sync (enterprise): Fix issue where secrets were not properly un-synced after destination config changes. - secrets-sync (enterprise): Fix issue where sync store deletion could be attempted when sync is disabled. - ui/pki: Fix handling of values that contain commas in list fields like `crl_distribution_points`. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NC4yIiwidXBkYXRlZEluVmVyIjoiNDIuODQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGUiXX0=-->
renovate-bot added the dependenciesrenovate labels 2026-01-24 12:38:33 -05:00
renovate-bot added 1 commit 2026-01-24 12:38:40 -05:00
🔧 Renovate: Update (patch) regex/hashicorp/vault to 1.21.2 to v1.21.2 2bdd882a12
renovate-bot scheduled this pull request to auto merge when all checks succeed 2026-01-24 12:38:51 -05:00
renovate-bot merged commit 7c0deab395 into main 2026-01-24 12:38:57 -05:00
renovate-bot deleted branch renovate/regex-hashicorp-vault-1-21-2 2026-01-24 12:39:02 -05:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
docker-compose
manual
renovate
No Label dependencies renovate
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-sonarqube-bot renovate-bot root Trez.One
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Trez/rinoa-docker#1681
Delete Branch "renovate/regex-hashicorp-vault-1-21-2"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?