Update module github.com/hashicorp/vault to v1.20.3 [SECURITY] (#5811)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[github.com/hashicorp/vault](https://redirect.github.com/hashicorp/vault)
| replace | patch | `v1.20.2` -> `v1.20.3` |

---

### HashiCorp Vault Community Edition Denial of Service Though Complex
JSON Payloads
BIT-vault-2025-6203 /
[CVE-2025-6203](https://nvd.nist.gov/vuln/detail/CVE-2025-6203) /
[GHSA-8f82-53h8-2p34](https://redirect.github.com/advisories/GHSA-8f82-53h8-2p34)

<details>
<summary>More information</summary>

#### Details
A malicious user may submit a specially-crafted complex payload that
otherwise meets the default request size limit which results in
excessive memory and CPU consumption of Vault. This may lead to a
timeout in Vault’s auditing subroutine, potentially resulting in the
Vault server to become unresponsive. This vulnerability, CVE-2025-6203,
is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3,
1.19.9, 1.18.14, and 1.16.25.

#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`

#### References
-
[https://nvd.nist.gov/vuln/detail/CVE-2025-6203](https://nvd.nist.gov/vuln/detail/CVE-2025-6203)
-
[https://github.com/hashicorp/vault/commit/eedc2b7426f30e57e306229ce697ce81e203ab89](https://redirect.github.com/hashicorp/vault/commit/eedc2b7426f30e57e306229ce697ce81e203ab89)
- [https://discuss.hashicorp.com](https://discuss.hashicorp.com)
-
[https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393](https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393)
-
[https://github.com/hashicorp/vault](https://redirect.github.com/hashicorp/vault)

This data is provided by
[OSV](https://osv.dev/vulnerability/GHSA-8f82-53h8-2p34) and the [GitHub
Advisory Database](https://redirect.github.com/github/advisory-database)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>hashicorp/vault (github.com/hashicorp/vault)</summary>

###
[`v1.20.3`](https://redirect.github.com/hashicorp/vault/compare/v1.20.2...v1.20.3)

[Compare
Source](https://redirect.github.com/hashicorp/vault/compare/v1.20.2...v1.20.3)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - Monday through
Friday ( * * * * 1-5 ) (UTC).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzkuMjY0LjAiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiaW1wYWN0L25vLWNoYW5nZWxvZy1yZXF1aXJlZCJdfQ==-->

Co-authored-by: pulumi-renovate[bot] <189166143+pulumi-renovate[bot]@users.noreply.github.com>

Author: pulumi-renovate[bot]

provider/go.mod

@@ -32,7 +32,7 @@ replace github.com/hashicorp/terraform-plugin-log => github.com/gdavison/terrafo
 replace (
 	github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20250530111747-935112552988
 	github.com/hashicorp/terraform-provider-aws => ../upstream
-	github.com/hashicorp/vault => github.com/hashicorp/vault v1.20.2
+	github.com/hashicorp/vault => github.com/hashicorp/vault v1.20.3
 )
 
 require (