Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update module github.com/hashicorp/consul to v1.20.0 [security] (release-2.9.x) #15897

Open
wants to merge 1 commit into
base: release-2.9.x
Choose a base branch
from
Open

chore(deps): update module github.com/hashicorp/consul to v1.20.0 [security] (release-2.9.x) #15897

wants to merge 1 commit into from
+116,660 −28,386

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 22, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/hashicorp/consul v1.5.1 -> v1.20.0 age adoption passing confidence

Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

BIT-consul-2020-7219 / CVE-2020-7219 / GHSA-23jv-v6qj-3fhh / GO-2022-0776

More information

Details

Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

BIT-consul-2020-7955 / CVE-2020-7955 / GHSA-r9w6-rhh9-7v53 / GO-2022-0874

More information

Details

Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Denial of Service (DoS) in HashiCorp Consul

BIT-consul-2020-7219 / CVE-2020-7219 / GHSA-23jv-v6qj-3fhh / GO-2022-0776

More information

Details

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

Specific Go Packages Affected

github.com/hashicorp/consul/agent/consul

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Incorrect Authorization in HashiCorp Consul

BIT-consul-2020-7955 / CVE-2020-7955 / GHSA-r9w6-rhh9-7v53 / GO-2022-0874

More information

Details

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Allocation of Resources Without Limits or Throttling in Hashicorp Consul

BIT-consul-2020-13250 / CVE-2020-13250 / GHSA-rqjq-mrgx-85hp / GO-2022-0879

More information

Details

HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service.

Specific Go Packages Affected

github.com/hashicorp/consul/agent/config

Fix

The vulnerability is fixed in versions 1.6.6 and 1.7.4.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

BIT-consul-2020-13250 / CVE-2020-13250 / GHSA-rqjq-mrgx-85hp / GO-2022-0879

More information

Details

Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

BIT-consul-2020-28053 / CVE-2020-28053 / GHSA-6m72-467w-94rh / GO-2024-2505

More information

Details

Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Privilege Escalation in HashiCorp Consul

BIT-consul-2020-28053 / CVE-2020-28053 / GHSA-6m72-467w-94rh / GO-2024-2505

More information

Details

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul Cross-site Scripting vulnerability

BIT-consul-2020-25864 / CVE-2020-25864 / GHSA-8xmx-h8rq-h94j / GO-2023-1851

More information

Details

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

BIT-consul-2020-25864 / CVE-2020-25864 / GHSA-8xmx-h8rq-h94j / GO-2023-1851

More information

Details

HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

BIT-consul-2021-37219 / CVE-2021-37219 / GHSA-ccw8-7688-vqx4 / GO-2022-0593

More information

Details

HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul Privilege Escalation Vulnerability

BIT-consul-2021-37219 / CVE-2021-37219 / GHSA-ccw8-7688-vqx4 / GO-2022-0593

More information

Details

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

Severity

  • CVSS Score: 8.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

BIT-consul-2021-38698 / CVE-2021-38698 / GHSA-6hw5-6gcx-phmw / GO-2022-0559

More information

Details

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.

BIT-consul-2021-38698 / CVE-2021-38698 / GHSA-6hw5-6gcx-phmw / GO-2022-0559

More information

Details

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector

BIT-consul-2022-29153 / CVE-2022-29153 / GHSA-q6h7-4qgw-2j9p / GO-2022-0615

More information

Details

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

BIT-consul-2022-29153 / CVE-2022-29153 / GHSA-q6h7-4qgw-2j9p / GO-2022-0615

More information

Details

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul L7 deny intention results in an allow action

BIT-consul-2021-36213 / CVE-2021-36213 / GHSA-8h2g-r292-j8xh / GO-2022-0895

More information

Details

In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul Missing SSL Certificate Validation

BIT-consul-2021-32574 / CVE-2021-32574 / GHSA-25gf-8qrr-g78r / GO-2022-0894

More information

Details

HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

BIT-consul-2021-32574 / CVE-2021-32574 / GHSA-25gf-8qrr-g78r / GO-2022-0894

More information

Details

Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

BIT-consul-2021-36213 / CVE-2021-36213 / GHSA-8h2g-r292-j8xh / GO-2022-0895

More information

Details

HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

BIT-consul-2022-40716 / CVE-2022-40716 / GHSA-m69r-9g56-7mv8 / GO-2022-1029

More information

Details

HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul vulnerable to authorization bypass

BIT-consul-2022-40716 / CVE-2022-40716 / GHSA-m69r-9g56-7mv8 / GO-2022-1029

More information

Details

HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names. This issue has been fixed in versions 1.11.9, 1.12.5, and 1.13.2. There are no known workarounds.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul vulnerable to denial of service

BIT-consul-2023-1297 / CVE-2023-1297 / GHSA-c57c-7hrj-6q6v / GO-2023-1827

More information

Details

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Severity

  • CVSS Score: 4.9 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

BIT-consul-2023-1297 / CVE-2023-1297 / GHSA-c57c-7hrj-6q6v / GO-2023-1827

More information

Details

Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Hashicorp Consul Cross-site Scripting vulnerability

BIT-consul-2024-10086 / CVE-2024-10086 / GHSA-99wr-c2px-grmh / GO-2024-3242

More information

Details

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

BIT-consul-2024-10086 / CVE-2024-10086 / GHSA-99wr-c2px-grmh / GO-2024-3242

More information

Details

Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Release Notes

hashicorp/consul (github.com/hashicorp/consul)

v1.20.0

Compare Source

1.20.0 (October 14, 2024)

SECURITY:

  • Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [GH-21704]
  • Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [GH-21711]
  • UI: Remove codemirror linting due to package dependency [GH-21726]
  • Upgrade Go to use 1.22.7. This addresses CVE
    CVE-2024-34155 [GH-21705]
  • Upgrade to support aws/aws-sdk-go v1.55.5 or higher. This resolves CVEs
    CVE-2020-8911 and
    CVE-2020-8912. [GH-21684]
  • ui: Pin a newer resolution of Braces [GH-21710]
  • ui: Pin a newer resolution of Codemirror [GH-21715]
  • ui: Pin a newer resolution of Markdown-it [GH-21717]
  • ui: Pin a newer resolution of ansi-html [GH-21735]

FEATURES:

  • grafana: added the dashboards service-to-service dashboard, service dashboard, and consul dataplane dashboard [GH-21806]
  • server: remove v2 tenancy, catalog, and mesh experiments [GH-21592]

IMPROVEMENTS:

  • security: upgrade ubi base image to 9.4 [GH-21750]
  • connect: Add Envoy 1.31 and 1.30 to support matrix [GH-21616]

BUG FIXES:

  • jwt-provider: change dns lookup family from the default of AUTO which would prefer ipv6 to ALL if LOGICAL_DNS is used or PREFER_IPV4 if STRICT_DNS is used to gracefully handle transitions to ipv6. [GH-21703]

v1.19.2

Compare Source

1.19.2 (August 26, 2024)

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0 [GH-21588]

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]

BUG FIXES:

  • api-gateway: (Enterprise only) ensure clusters are properly created for JWT providers with a remote URI for the JWKS endpoint [GH-21604]

v1.19.1

Compare Source

1.19.1 (July 11, 2024)

SECURITY:

IMPROVEMENTS:

  • mesh: update supported envoy version 1.29.5 in addition to 1.28.4, 1.27.6. [GH-21277]

BUG FIXES:

  • core: Fix multiple incorrect type conversion for potential overflows [GH-21251]
  • core: Fix panic runtime error on AliasCheck [GH-21339]
  • dns: Fix a regression where DNS SRV questions were returning duplicate hostnames instead of encoded IPs.
    This affected Nomad integrations with Consul. [GH-21361]
  • dns: Fix a regression where DNS tags using the standard lookup syntax, tag.name.service.consul, were being disregarded. [GH-21361]
  • dns: Fixes a spam log message "Failed to parse TTL for prepared query..."
    that was always being logged on each prepared query evaluation. [GH-21381]
  • terminating-gateway: (Enterprise Only) Fixed issue where enterprise metadata applied to linked services was the terminating-gateways enterprise metadata and not the linked services enterprise metadata. [GH-21382]
  • txn: Fix a bug where mismatched Consul server versions could result in undetected data loss for when using newer Transaction verbs. [GH-21519]

v1.19.0

Compare Source

1.19.0 (June 12, 2024)

BREAKING CHANGES:

  • telemetry: State store usage metrics with a double consul element in the metric name have been removed. Please use the same metric without the second consul instead. As an example instead of consul.consul.state.config_entries use consul.state.config_entries [GH-20674]

SECURITY:

FEATURES:

  • dns: queries now default to a refactored DNS server that is v1 and v2 Catalog compatible.
    Use v1dns in the experiments agent config to disable.
    The legacy server will be removed in a future release of Consul.
    See the Consul 1.19.x Release Notes for removed DNS features. [GH-20715]
  • gateways: api-gateway can leverage listener TLS certificates available on the gateway's local filesystem by specifying the public certificate and private key path in the new file-system-certificate configuration entry [GH-20873]

IMPROVEMENTS:

  • dns: new version was not supporting partition or namespace being set to 'default' in CE version. [GH-21230]
  • mesh: update supported envoy version 1.29.4 in addition to 1.28.3, 1.27.5, 1.26.8. [GH-21142]
  • upgrade go version to v1.22.4. [GH-21265]
  • Upgrade github.com/envoyproxy/go-control-plane to 0.12.0. [GH-20973]
  • dns: DNS-over-grpc when using consul-dataplane now accepts partition, namespace, token as metadata to default those query parameters.
    consul-dataplane v1.5+ will send this information automatically. [GH-20899]
  • snapshot: Add consul snapshot decode CLI command to output a JSON object stream of all the snapshots data. [GH-20824]
  • telemetry: Add telemetry.disable_per_tenancy_usage_metrics in agent configuration to disable setting tenancy labels on usage metrics. This significantly decreases CPU utilization in clusters with many admin partitions or namespaces.
  • telemetry: Improved the performance usage metrics emission by not outputting redundant metrics. [GH-20674]

DEPRECATIONS:

  • snapshot agent: (Enterprise only) Top level single snapshot destinations local_storage, aws_storage, azure_blob_storage, and google_storage in snapshot agent configuration files are now deprecated. Use the backup_destinations config object instead.

BUG FIXES:

v1.18.2

Compare Source

1.18.2 (May 14, 2024)

Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.

SECURITY:

IMPROVEMENTS:

  • gateways: service defaults configuration entries can now be used to set default upstream limits for mesh-gateways [GH-20945]
  • connect: Add ability to disable Auto Host Header Rewrite on Terminating Gateway at the service level [GH-20802]

BUG FIXES:

  • dns: fix a bug with sameness group queries in DNS where responses did not respect DefaultForFailover.
    DNS requests against sameness groups without this field set will now error as intended.
  • error running consul server in 1.18.0: failed to configure SCADA provider user's home directory path: $HOME is not defined [GH-20926]
  • server: fix Ent snapshot restore on CE when CE downgrade is enabled [GH-20977]
  • xds: Make TCP external service registered with terminating gateway reachable from peered cluster [GH-19881]

v1.18.1

Compare Source

1.18.1 (March 26, 2024)

Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.

BREAKING CHANGES:

  • ui: Adds a "Link to HCP Consul Central" modal with integration to side-nav and link to HCP banner. There will be an option to disable the Link to HCP banner from the UI in a follow-up release. [GH-20474]

SECURITY:

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner January 22, 2025 19:52
@renovate renovate bot added area/security dependencies Pull requests that update a dependency file labels Jan 22, 2025
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jan 22, 2025

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 40 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.20 -> 1.23.5
cloud.google.com/go/pubsub v1.30.0 -> v1.32.0
cloud.google.com/go/storage v1.29.0 -> v1.30.1
github.com/aws/aws-sdk-go v1.44.315 -> v1.55.5
github.com/davecgh/go-spew v1.1.1 -> v1.1.2-0.20180830191138-d8f796af33cc
github.com/golang/protobuf v1.5.3 -> v1.5.4
github.com/hashicorp/consul/api v1.20.0 -> v1.29.5
github.com/opentracing/opentracing-go v1.2.0 -> v1.2.1-0.20220228012449-10b1cf09e00b
github.com/prometheus/client_model v0.4.0 -> v0.5.0
go.etcd.io/bbolt v1.3.6 -> v1.3.7
google.golang.org/grpc v1.56.3 -> v1.58.3
golang.org/x/exp v0.0.0-20230321023759-10a507213a29 -> v0.0.0-20230817173708-d852ddb80c63
golang.org/x/oauth2 v0.10.0 -> v0.15.0
cloud.google.com/go v0.110.2 -> v0.110.4
cloud.google.com/go/compute v1.20.1 -> v1.21.0
cloud.google.com/go/iam v0.13.0 -> v1.1.1
cloud.google.com/go/longrunning v0.4.1 -> v0.5.1
github.com/Azure/azure-sdk-for-go v65.0.0+incompatible -> v68.0.0+incompatible
github.com/Microsoft/go-winio v0.6.0 -> v0.6.1
github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f -> v0.12.0
github.com/envoyproxy/protoc-gen-validate v0.10.1 -> v1.0.2
github.com/go-logr/logr v1.2.4 -> v1.3.0
github.com/go-openapi/analysis v0.21.4 -> v0.21.5
github.com/go-openapi/errors v0.20.3 -> v0.21.0
github.com/go-openapi/jsonpointer v0.19.6 -> v0.20.1
github.com/go-openapi/jsonreference v0.20.2 -> v0.20.3
github.com/go-openapi/loads v0.21.2 -> v0.21.3
github.com/go-openapi/spec v0.20.8 -> v0.20.12
github.com/go-openapi/strfmt v0.21.3 -> v0.21.10
github.com/go-openapi/swag v0.22.3 -> v0.22.5
github.com/go-openapi/validate v0.22.1 -> v0.22.4
github.com/hashicorp/go-msgpack v0.5.5 -> v1.1.5
github.com/mitchellh/copystructure v1.0.0 -> v1.2.0
github.com/mitchellh/reflectwalk v1.0.1 -> v1.0.2
github.com/shopspring/decimal v1.2.0 -> v1.3.1
github.com/spf13/cast v1.3.1 -> v1.5.0
go.mongodb.org/mongo-driver v1.11.2 -> v1.13.1
google.golang.org/appengine v1.6.7 -> v1.6.8
google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc -> v0.0.0-20230711160842-782d3b101e98
google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc -> v0.0.0-20230711160842-782d3b101e98
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc -> v0.0.0-20230711160842-782d3b101e98

@renovate renovate bot force-pushed the deps-update/release-2.9.x-go-github.com-hashicorp-consul-vulnerability branch from 7390f3b to 8af12ac Compare January 23, 2025 21:07
@renovate renovate bot force-pushed the deps-update/release-2.9.x-go-github.com-hashicorp-consul-vulnerability branch from 8af12ac to ede0e3c Compare January 27, 2025 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/security dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants