Skip to content

Commit e56fefc

Browse files
pulumi-renovate[bot]pulumi-renovate[bot]
authored
Update module github.com/hashicorp/vault to v1.20.2 [SECURITY] (#5779)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/hashicorp/vault](https://redirect.github.com/hashicorp/vault) | replace | patch | `v1.20.0` -> `v1.20.2` | --- ### Hashicorp Vault has Lockout Feature Authentication Bypass BIT-vault-2025-6004 / [CVE-2025-6004](https://nvd.nist.gov/vuln/detail/CVE-2025-6004) / [GHSA-qgj7-fmq2-6cc4](https://redirect.github.com/advisories/GHSA-qgj7-fmq2-6cc4) / [GO-2025-3840](https://pkg.go.dev/vuln/GO-2025-3840) <details> <summary>More information</summary> #### Details Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2025-6004](https://nvd.nist.gov/vuln/detail/CVE-2025-6004) - [https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035](https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035) - [https://github.com/hashicorp/vault](https://redirect.github.com/hashicorp/vault) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-qgj7-fmq2-6cc4) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Hashicorp Vault has Incorrect Validation for Non-CA Certificates BIT-vault-2025-6037 / [CVE-2025-6037](https://nvd.nist.gov/vuln/detail/CVE-2025-6037) / [GHSA-6c5r-4wfc-3mcx](https://redirect.github.com/advisories/GHSA-6c5r-4wfc-3mcx) / [GO-2025-3836](https://pkg.go.dev/vuln/GO-2025-3836) <details> <summary>More information</summary> #### Details Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. #### Severity - CVSS Score: 6.8 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2025-6037](https://nvd.nist.gov/vuln/detail/CVE-2025-6037) - [https://discuss.hashicorp.com/t/hcsec-2025-18-vault-certificate-auth-method-did-not-validate-common-name-for-non-ca-certificates/76037](https://discuss.hashicorp.com/t/hcsec-2025-18-vault-certificate-auth-method-did-not-validate-common-name-for-non-ca-certificates/76037) - [https://github.com/hashicorp/vault](https://redirect.github.com/hashicorp/vault) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-6c5r-4wfc-3mcx) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vault BIT-vault-2025-6014 / [CVE-2025-6014](https://nvd.nist.gov/vuln/detail/CVE-2025-6014) / [GHSA-qv3p-fmv3-9hww](https://redirect.github.com/advisories/GHSA-qv3p-fmv3-9hww) / [GO-2025-3841](https://pkg.go.dev/vuln/GO-2025-3841) <details> <summary>More information</summary> #### Details Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vault #### Severity Unknown #### References - [https://github.com/advisories/GHSA-qv3p-fmv3-9hww](https://redirect.github.com/advisories/GHSA-qv3p-fmv3-9hww) - [https://nvd.nist.gov/vuln/detail/CVE-2025-6014](https://nvd.nist.gov/vuln/detail/CVE-2025-6014) - [https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036](https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2025-3841) and the [Go Vulnerability Database](https://redirect.github.com/golang/vulndb) ([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)). </details> --- ### Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vault BIT-vault-2025-6011 / [CVE-2025-6011](https://nvd.nist.gov/vuln/detail/CVE-2025-6011) / [GHSA-mwgr-84fv-3jh9](https://redirect.github.com/advisories/GHSA-mwgr-84fv-3jh9) / [GO-2025-3839](https://pkg.go.dev/vuln/GO-2025-3839) <details> <summary>More information</summary> #### Details Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vault #### Severity Unknown #### References - [https://github.com/advisories/GHSA-mwgr-84fv-3jh9](https://redirect.github.com/advisories/GHSA-mwgr-84fv-3jh9) - [https://nvd.nist.gov/vuln/detail/CVE-2025-6011](https://nvd.nist.gov/vuln/detail/CVE-2025-6011) - [https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034](https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2025-3839) and the [Go Vulnerability Database](https://redirect.github.com/golang/vulndb) ([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)). </details> --- ### Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users BIT-vault-2025-6011 / [CVE-2025-6011](https://nvd.nist.gov/vuln/detail/CVE-2025-6011) / [GHSA-mwgr-84fv-3jh9](https://redirect.github.com/advisories/GHSA-mwgr-84fv-3jh9) / [GO-2025-3839](https://pkg.go.dev/vuln/GO-2025-3839) <details> <summary>More information</summary> #### Details A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. #### Severity - CVSS Score: 3.7 / 10 (Low) - Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2025-6011](https://nvd.nist.gov/vuln/detail/CVE-2025-6011) - [https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034](https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034) - [https://github.com/hashicorp/vault](https://redirect.github.com/hashicorp/vault) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-mwgr-84fv-3jh9) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration BIT-vault-2025-6000 / [CVE-2025-6000](https://nvd.nist.gov/vuln/detail/CVE-2025-6000) / [GHSA-mr4h-qf9j-f665](https://redirect.github.com/advisories/GHSA-mr4h-qf9j-f665) / [GO-2025-3838](https://pkg.go.dev/vuln/GO-2025-3838) <details> <summary>More information</summary> #### Details A privileged Vault operator within the root namespace with write permission to may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. #### Severity - CVSS Score: 9.1 / 10 (Critical) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2025-6000](https://nvd.nist.gov/vuln/detail/CVE-2025-6000) - [https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033](https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033) - [https://github.com/hashicorp/vault](https://redirect.github.com/hashicorp/vault) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-mr4h-qf9j-f665) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault BIT-vault-2025-6015 / [CVE-2025-6015](https://nvd.nist.gov/vuln/detail/CVE-2025-6015) / [GHSA-v6r4-35f9-9rpw](https://redirect.github.com/advisories/GHSA-v6r4-35f9-9rpw) / [GO-2025-3842](https://pkg.go.dev/vuln/GO-2025-3842) <details> <summary>More information</summary> #### Details Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault #### Severity Unknown #### References - [https://github.com/advisories/GHSA-v6r4-35f9-9rpw](https://redirect.github.com/advisories/GHSA-v6r4-35f9-9rpw) - [https://nvd.nist.gov/vuln/detail/CVE-2025-6015](https://nvd.nist.gov/vuln/detail/CVE-2025-6015) - [https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038](https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2025-3842) and the [Go Vulnerability Database](https://redirect.github.com/golang/vulndb) ([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)). </details> --- ### Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse BIT-vault-2025-6014 / [CVE-2025-6014](https://nvd.nist.gov/vuln/detail/CVE-2025-6014) / [GHSA-qv3p-fmv3-9hww](https://redirect.github.com/advisories/GHSA-qv3p-fmv3-9hww) / [GO-2025-3841](https://pkg.go.dev/vuln/GO-2025-3841) <details> <summary>More information</summary> #### Details Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. #### Severity - CVSS Score: 6.5 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2025-6014](https://nvd.nist.gov/vuln/detail/CVE-2025-6014) - [https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036](https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036) - [https://github.com/hashicorp/vault](https://redirect.github.com/hashicorp/vault) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-qv3p-fmv3-9hww) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault BIT-vault-2025-6004 / [CVE-2025-6004](https://nvd.nist.gov/vuln/detail/CVE-2025-6004) / [GHSA-qgj7-fmq2-6cc4](https://redirect.github.com/advisories/GHSA-qgj7-fmq2-6cc4) / [GO-2025-3840](https://pkg.go.dev/vuln/GO-2025-3840) <details> <summary>More information</summary> #### Details Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault #### Severity Unknown #### References - [https://github.com/advisories/GHSA-qgj7-fmq2-6cc4](https://redirect.github.com/advisories/GHSA-qgj7-fmq2-6cc4) - [https://nvd.nist.gov/vuln/detail/CVE-2025-6004](https://nvd.nist.gov/vuln/detail/CVE-2025-6004) - [https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035](https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2025-3840) and the [Go Vulnerability Database](https://redirect.github.com/golang/vulndb) ([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)). </details> --- ### Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault BIT-vault-2025-6037 / [CVE-2025-6037](https://nvd.nist.gov/vuln/detail/CVE-2025-6037) / [GHSA-6c5r-4wfc-3mcx](https://redirect.github.com/advisories/GHSA-6c5r-4wfc-3mcx) / [GO-2025-3836](https://pkg.go.dev/vuln/GO-2025-3836) <details> <summary>More information</summary> #### Details Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault #### Severity Unknown #### References - [https://github.com/advisories/GHSA-6c5r-4wfc-3mcx](https://redirect.github.com/advisories/GHSA-6c5r-4wfc-3mcx) - [https://nvd.nist.gov/vuln/detail/CVE-2025-6037](https://nvd.nist.gov/vuln/detail/CVE-2025-6037) - [https://discuss.hashicorp.com/t/hcsec-2025-18-vault-certificate-auth-method-did-not-validate-common-name-for-non-ca-certificates/76037](https://discuss.hashicorp.com/t/hcsec-2025-18-vault-certificate-auth-method-did-not-validate-common-name-for-non-ca-certificates/76037) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2025-3836) and the [Go Vulnerability Database](https://redirect.github.com/golang/vulndb) ([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)). </details> --- ### Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault BIT-vault-2025-6000 / [CVE-2025-6000](https://nvd.nist.gov/vuln/detail/CVE-2025-6000) / [GHSA-mr4h-qf9j-f665](https://redirect.github.com/advisories/GHSA-mr4h-qf9j-f665) / [GO-2025-3838](https://pkg.go.dev/vuln/GO-2025-3838) <details> <summary>More information</summary> #### Details Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault #### Severity Unknown #### References - [https://github.com/advisories/GHSA-mr4h-qf9j-f665](https://redirect.github.com/advisories/GHSA-mr4h-qf9j-f665) - [https://nvd.nist.gov/vuln/detail/CVE-2025-6000](https://nvd.nist.gov/vuln/detail/CVE-2025-6000) - [https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033](https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2025-3838) and the [Go Vulnerability Database](https://redirect.github.com/golang/vulndb) ([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)). </details> --- ### Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability BIT-vault-2025-6015 / [CVE-2025-6015](https://nvd.nist.gov/vuln/detail/CVE-2025-6015) / [GHSA-v6r4-35f9-9rpw](https://redirect.github.com/advisories/GHSA-v6r4-35f9-9rpw) / [GO-2025-3842](https://pkg.go.dev/vuln/GO-2025-3842) <details> <summary>More information</summary> #### Details Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. #### Severity - CVSS Score: 5.7 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2025-6015](https://nvd.nist.gov/vuln/detail/CVE-2025-6015) - [https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038](https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038) - [https://github.com/hashicorp/vault](https://redirect.github.com/hashicorp/vault) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-v6r4-35f9-9rpw) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### HashiCorp Vault ldap auth method may not have correctly enforced MFA BIT-vault-2025-6013 / [CVE-2025-6013](https://nvd.nist.gov/vuln/detail/CVE-2025-6013) / [GHSA-7rx2-769v-hrwf](https://redirect.github.com/advisories/GHSA-7rx2-769v-hrwf) / [GO-2025-3848](https://pkg.go.dev/vuln/GO-2025-3848) <details> <summary>More information</summary> #### Details Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24. #### Severity - CVSS Score: 6.5 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2025-6013](https://nvd.nist.gov/vuln/detail/CVE-2025-6013) - [https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092](https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092) - [https://github.com/hashicorp/vault](https://redirect.github.com/hashicorp/vault) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-7rx2-769v-hrwf) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### HashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vault BIT-vault-2025-6013 / [CVE-2025-6013](https://nvd.nist.gov/vuln/detail/CVE-2025-6013) / [GHSA-7rx2-769v-hrwf](https://redirect.github.com/advisories/GHSA-7rx2-769v-hrwf) / [GO-2025-3848](https://pkg.go.dev/vuln/GO-2025-3848) <details> <summary>More information</summary> #### Details HashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vault #### Severity Unknown #### References - [https://github.com/advisories/GHSA-7rx2-769v-hrwf](https://redirect.github.com/advisories/GHSA-7rx2-769v-hrwf) - [https://nvd.nist.gov/vuln/detail/CVE-2025-6013](https://nvd.nist.gov/vuln/detail/CVE-2025-6013) - [https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092](https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2025-3848) and the [Go Vulnerability Database](https://redirect.github.com/golang/vulndb) ([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)). </details> --- ### Release Notes <details> <summary>hashicorp/vault (github.com/hashicorp/vault)</summary> ### [`v1.20.2`](https://redirect.github.com/hashicorp/vault/releases/tag/v1.20.2) [Compare Source](https://redirect.github.com/hashicorp/vault/compare/v1.20.1...v1.20.2) ##### August 06, 2025 SECURITY: - auth/ldap: fix MFA/TOTP enforcement bypass when username_as_alias is enabled \[[GH-31427](https://redirect.github.com/hashicorp/vault/pull/31427),[HCSEC-2025-20](https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092)]. BUG FIXES: - agent/template: Fixed issue where templates would not render correctly if namespaces was provided by config, and the namespace and mount path of the secret were the same. \[[GH-31392](https://redirect.github.com/hashicorp/vault/pull/31392)] - identity/mfa: revert cache entry change from [#&#8203;31217](https://redirect.github.com/hashicorp/vault/issues/31217) and document cache entry values \[[GH-31421](https://redirect.github.com/hashicorp/vault/pull/31421)] ### [`v1.20.1`](https://redirect.github.com/hashicorp/vault/compare/v1.20.0...v1.20.1) [Compare Source](https://redirect.github.com/hashicorp/vault/compare/v1.20.0...v1.20.1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - "every weekday" (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzkuMTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJpbXBhY3Qvbm8tY2hhbmdlbG9nLXJlcXVpcmVkIl19--> Co-authored-by: pulumi-renovate[bot] <189166143+pulumi-renovate[bot]@users.noreply.github.com>
1 parent a71ee7b commit e56fefc

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

provider/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ replace github.com/hashicorp/terraform-plugin-log => github.com/gdavison/terrafo
3232
replace (
3333
github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20250530111747-935112552988
3434
github.com/hashicorp/terraform-provider-aws => ../upstream
35-
github.com/hashicorp/vault => github.com/hashicorp/vault v1.20.0
35+
github.com/hashicorp/vault => github.com/hashicorp/vault v1.20.2
3636
)
3737

3838
require (

0 commit comments

Comments
 (0)