Skip to content

Bump github.com/hashicorp/consul/api from 1.18.0 to 1.33.7#326

Merged
dangra merged 1 commit intomasterfrom
dependabot/go_modules/github.com/hashicorp/consul/api-1.33.7
Apr 8, 2026
Merged

Bump github.com/hashicorp/consul/api from 1.18.0 to 1.33.7#326
dangra merged 1 commit intomasterfrom
dependabot/go_modules/github.com/hashicorp/consul/api-1.33.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 4, 2026
edited
Loading

Bumps github.com/hashicorp/consul/api from 1.18.0 to 1.33.7.

Release notes

Sourced from github.com/hashicorp/consul/api's releases.

v1.22.6

1.22.6 (March 23, 2026)

SECURITY:

  • security: upgrade envoy version to 1.35.9 and 1.34.13 [GH-23372]
  • security: update google.golang.org/grpc to fix CVE-2026-33186 [GH-23379]
  • security: upgrade go version to 1.25.8 [GH-23322]
  • security: bump golang.org/x/* dependencies to align with consul-enterprise and address security vulnerabilities. [GH-23322]

IMPROVEMENTS:

  • api-gateway: Add support to disable traffic with weight 0 in services for HTTPRoute backends, allowing explicit zero-weight backends to be excluded from traffic. [GH-23216]
  • ui: Fixed Consul UI to work in non-secure environments by enabling Ember Data's UUID polyfill for crypto.randomUUID. [GH-23341]
  • ui: Fixed Consul UI services page navigation by ensuring route transitions trigger the expected model hook behavior after Ember upgrade. [GH-23271]
  • ui: Replaced deprecated SideNav component with AppSideNav for improved navigation structure. [GH-23289]

v1.22.5

1.22.5 (February 26, 2026)

SECURITY:

  • security: upgrade go version to 1.25.7 [GH-23204]
  • dockerfile: the Consul build Go base image to alpine3.23 [GH-23194]
  • connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
  • security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]
  • security: Patched Vault CA provider to prevent arbitrary file reads via Kubernetes, JWT, and AppRole methods. [GH-23249]
  • security: Introduced debounce timing for synchronization operations within federationStateAntiEntropySync. [GH-23196]

IMPROVEMENTS:

  • api-gateway: Fixed "duplicate matcher" errors in Envoy when using multiple file-system certificates on a single TLS listener. The certificates are now consolidated into a single filter chain, allowing Envoy to select the correct one. [GH-23212]
  • agent: Fix vault provider failure when signing intermediate CA with isCA=true in CSR [GH-23202]
  • cli: Added --aws-iam-endpoint flag to consul login command for AWS IAM auth method to support custom IAM endpoint configuration [GH-23109]
  • docs: Refreshed the security documentation to include the new HTTP server timeout defaults and relevant configuration options. [GH-23246]
  • api: Cancel context check for watches cache fetch to stop execution when manager deregisters the watch. [GH-23157]

v1.22.4

⚠️ Important Notice

We have identified an issue in Consul and Consul Enterprise Feb Patch Release (1.22.4, 1.22.4-ent, 1.21.10-ent, 1.18.20-ent) that requires a corrective patch release.

We recommend that customers avoid using these versions in production environments and wait for the upcoming patch release.

Customers who have upgraded to these versions should temporarily revert to the previous stable release while we prepare a corrected update.

A new patched release is expected by the end of the this month.

Further updates will be shared once the new version is available. We apologize for the inconvenience and appreciate your patience.

1.22.4 (February 18, 2026)

... (truncated)

Changelog

Sourced from github.com/hashicorp/consul/api's changelog.

1.22.5 (February 26, 2026)

SECURITY:

  • security: upgrade go version to 1.25.7 [GH-23204]
  • dockerfile: update the Consul build Go base image to alpine3.23 [GH-23194]
  • connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
  • security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]
  • security: Patched Vault CA provider to prevent arbitrary file reads via Kubernetes, JWT, and AppRole methods. [GH-23249]
  • security: Introduced debounce timing for synchronization operations within federationStateAntiEntropySync. [GH-23196]

IMPROVEMENTS:

  • api-gateway: Fixed "duplicate matcher" errors in Envoy when using multiple file-system certificates on a single TLS listener. The certificates are now consolidated into a single filter chain, allowing Envoy to select the correct one. [GH-23212]
  • agent: Fix vault provider failure when signing intermediate CA with isCA=true in CSR [GH-23202]
  • cli: Added --aws-iam-endpoint flag to consul login command for AWS IAM auth method to support custom IAM endpoint configuration [GH-23109]
  • docs: Refreshed the security documentation to include the new HTTP server timeout defaults and relevant configuration options. [GH-23246]
  • api: Cancel context check for watches cache fetch to stop execution when manager deregisters the watch. [GH-23157]

1.22.5 Enterprise (February 26, 2026)

SECURITY:

  • security: upgrade go version to 1.25.7 [GH-23204]
  • dockerfile: the Consul build Go base image to alpine3.23 [GH-23194]
  • connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
  • security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]
  • security: Patched Vault CA provider to prevent arbitrary file reads via Kubernetes, JWT, and AppRole methods. [GH-23249]
  • security: Introduced debounce timing for synchronization operations within federationStateAntiEntropySync. [GH-23196]

IMPROVEMENTS:

  • api-gateway: Fixed "duplicate matcher" errors in Envoy when using multiple file-system certificates on a single TLS listener. The certificates are now consolidated into a single filter chain, allowing Envoy to select the correct one. [GH-23212]
  • agent: Fix vault provider failure when signing intermediate CA with isCA=true in CSR [GH-23202]
  • cli: Added --aws-iam-endpoint flag to consul login command for AWS IAM auth method to support custom IAM endpoint configuration [GH-23109]
  • docs: Refreshed the security documentation to include the new HTTP server timeout defaults and relevant configuration options. [GH-23246]
  • api: Cancel context check for watches cache fetch to stop execution when manager deregisters the watch. [GH-23157]

1.21.11 Enterprise (February 26, 2026)

SECURITY:

  • security: upgrade go version to 1.25.7 [GH-23204]
  • dockerfile: the Consul build Go base image to alpine3.23 [GH-23194]
  • connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
  • security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]
  • security: Patched Vault CA provider to prevent arbitrary file reads via Kubernetes, JWT, and AppRole methods. [GH-23249]
  • security: Introduced debounce timing for synchronization operations within federationStateAntiEntropySync. [GH-23196]

... (truncated)

Commits
  • 9b276c0 api submodule update
  • a9606a1 api: prepare go.mod and go.sum for release (commented out replace, tidied)
  • 2eac01d Backport of Update google.golang.org/grpc to fix CVE-2026-33186 into release/...
  • 3469af2 Backport of fixes socket.io vulnerability into release/1.22.x (#23384)
  • 6c4b285 Backport go and version upgrade in 1.22.x (#23378)
  • c986167 Backport of Migrate to use HDS:Card instead of custom setup into release/1.22...
  • 7beff96 Backport of fix immutable and underscore libraries versions into release/1.22...
  • 8066c55 Backport of remove unused custom-element addon into release/1.22.x (#23363)
  • d5243ec Backport of Rishabh gupta/UI/a11y fix non functional icons into release/1.22....
  • f0bef79 Backport of Update Slack notification channel ID into release/1.22.x (#23328)
  • Additional commits viewable in compare view

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 4, 2026
@dependabot dependabot bot mentioned this pull request Apr 4, 2026
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/consul/api-1.33.7 branch from 648550e to f2d92d0 Compare April 8, 2026 19:31
@dependabot
Bump github.com/hashicorp/consul/api from 1.18.0 to 1.33.7
6846255 
Bumps [github.com/hashicorp/consul/api](https://github.com/hashicorp/consul) from 1.18.0 to 1.33.7.
- [Release notes](https://github.com/hashicorp/consul/releases)
- [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md)
- [Commits](hashicorp/consul@v1.18.0...api/v1.33.7)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/consul/api
  dependency-version: 1.33.7
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/consul/api-1.33.7 branch from f2d92d0 to 6846255 Compare April 8, 2026 20:56
@dangra dangra merged commit 8c68155 into master Apr 8, 2026
5 checks passed
@dangra dangra deleted the dependabot/go_modules/github.com/hashicorp/consul/api-1.33.7 branch April 8, 2026 21:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dangra