Skip to content

build(deps): bump the go group across 5 directories with 7 updates#817

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-abed743654
Open

build(deps): bump the go group across 5 directories with 7 updates#817
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-abed743654

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the go group with 3 updates in the / directory: github.com/hashicorp/boundary, github.com/hashicorp/go-kms-wrapping/v2 and golang.org/x/crypto.
Bumps the go group with 1 update in the /plugins/kms/mains/alicloudkms directory: github.com/hashicorp/go-kms-wrapping/wrappers/alicloudkms/v2.
Bumps the go group with 1 update in the /plugins/kms/mains/azurekeyvault directory: github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2.
Bumps the go group with 1 update in the /plugins/kms/mains/gcpckms directory: github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2.
Bumps the go group with 1 update in the /plugins/kms/mains/ocikms directory: github.com/hashicorp/go-kms-wrapping/wrappers/ocikms/v2.

Updates github.com/hashicorp/boundary from 0.18.1-0.20260708165146-a1e2c87b8a14 to 0.21.3

Release notes

Sourced from github.com/hashicorp/boundary's releases.

v0.21.3

0.21.3 (2026/04/28)

New and Improved

  • Added support for IBM Passport Advantage Online licensing. You can now use PAO to enable Boundary Enterprise.
  • Added support for new debug flag to expose pprof endpoints for debugging purposes. (PR)
  • Updated internal dependencies.

Security

v0.21.2

0.21.2 (2026/04/06)

New and Improved

  • cli: Added optional flags -sort-by and -sort-direction to boundary search. These flags can be used to control sorting when searching the client cache and the resource is sessions or targets. (PR)
  • The client cache search API now supports the sort_by and sort_direction query parameters when searching sessions or targets. (PR)

v0.21.1

0.21.1 (2026/02/10)

Security

v0.21.0

0.21.0 (2025/11/12)

New and Improved

  • ui: Optimized loading of table filters and improved table search support (PR)

Bug fixes

  • ui: Show username for OIDC auth method in user menu (PR)

v0.20.3

0.20.3 (2026/04/24)

New and Improved

  • Added support for new debug flag to expose pprof endpoints for debugging purposes. (PR)

Security

... (truncated)

Changelog

Sourced from github.com/hashicorp/boundary's changelog.

0.21.3 (2026/04/28)

New and Improved

  • Added support for IBM Passport Advantage Online licensing. You can now use PAO to enable Boundary Enterprise.
  • Added support for new debug flag to expose pprof endpoints for debugging purposes. (PR)
  • Updated internal dependencies.

Security

0.21.2 (2026/04/06)

New and Improved

  • cli: Added optional flags -sort-by and -sort-direction to boundary search. These flags can be used to control sorting when searching the client cache and the resource is sessions or targets. (PR)
  • The client cache search API now supports the sort_by and sort_direction query parameters when searching sessions or targets. (PR)

0.21.1 (2026/02/10)

Security

0.21.0 (2025/12/11)

New and Improved

  • Vault LDAP has been added as a credential provider (PR)
  • Added support for host key verification when connecting to an SSH target by providing a known_hosts file. (PR)
  • Added new credential type for password. (PR)
  • ui: Optimized loading of table filters and improved table search support (PR)
  • cli: boundary connect will close unused sessions when there is no longer a connection being actively proxied. This behavior can be modified via the -inactive-timeout=<duration> command-line argument (PR)
  • cli: boundary connect redis can now consume password credentials (PR)
  • AWS KMS credential handling now allows the use of shared credential files. Additionally, the default profile is now included in the credential chain by default if it exists. (PR)

Bug fixes

  • ui: Show username for OIDC auth method in user menu (PR)
  • boundary connect rdp no longer opens a new window for each call on mac. (PR)

... (truncated)

Commits

Updates github.com/hashicorp/go-kms-wrapping/v2 from 2.0.22 to 2.0.23

Commits

Updates golang.org/x/crypto from 0.51.0 to 0.54.0

Commits
  • cdce021 go.mod: update golang.org/x dependencies
  • d9474cc openpgp: make the deprecation message more explicit
  • 7626c50 ssh: verify declared key type matches decoded key in authorized_keys
  • 0471e79 ssh/agent: enforce strict limits on DSA key parameters
  • 6435c37 ssh: sanitize client disconnect messages
  • 7d695da ssh/agent: drain channel stderr in agent forwarders
  • 5b7f841 acme/autocert: fix data race in Manager.createCert
  • 0b316e7 argon2: update RFC 9106 parameter recommendations
  • 55aec0a x509roots/fallback: update bundle
  • 5f2de1a internal: remove wycheproof tests
  • Additional commits viewable in compare view

Updates github.com/hashicorp/go-kms-wrapping/wrappers/alicloudkms/v2 from 2.0.4 to 2.0.5

Commits
  • 2cd5668 Add WithRandomReader to aead-specific options (#74)
  • 124e1d8 Revert "Explicitly provide the KeyID to Decrypt operations (#70)" (#72)
  • 07a9204 Explicitly provide the KeyID to Decrypt operations (#70)
  • 0989a9b feature: support WithKeyId(...) option for TestWrapper.SetConfig(...) (#67)
  • 3062a0d Update plugin against updated interfaces
  • See full diff in compare view

Updates github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 from 2.0.14 to 2.0.15

Commits
  • 4315424 Bump github.com/go-jose/go-jose/v3 in /wrappers/transit (#213)
  • dd9ba92 fix (wrappers/gcp): fix set/get of wrapper key id (#211)
  • e283e58 fix (extras/kms): fix adding external key to cache without a key id (#214)
  • 5416b17 docs (wrappers/gcp): create a readme for test setup (#212)
  • d528673 Allow plugin package to be compiled under WASM (#207)
  • 3fce5b7 fix (actions): only run buf_if_merged when it's the main branch (#210)
  • c93ec17 Bump Azure deps (#208)
  • e9731d8 Update non-cloud-specific deps for security updates
  • 257b599 Bump transit wrapper deps (#206)
  • 0b9e77f Bump aead wrapper deps
  • Additional commits viewable in compare view

Updates github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 from 2.0.13 to 2.0.14

Commits
  • f931342 Bump deps in main module (#203)
  • d9ec0eb Add go.work to gitignore
  • 25e3f03 Bump golang.org/x/net from 0.7.0 to 0.17.0 in /plugin (#197)
  • d3bfabe Bump golang.org/x/net from 0.7.0 to 0.17.0 in /examples/plugin-cli (#191)
  • 8bd49fb Bump golang.org/x/net from 0.7.0 to 0.17.0 in /wrappers/gcpckms (#193)
  • 7ff2f32 Bump golang.org/x/net from 0.7.0 to 0.17.0 in /wrappers/azurekeyvault (#195)
  • a6972d8 Bump golang.org/x/net in /examples/plugin-cli/plugins/mains/transit (#192)
  • 3f99e79 Bump golang.org/x/net from 0.7.0 to 0.17.0 in /extras/kms/examples (#194)
  • 248bb45 Bump golang.org/x/net from 0.8.0 to 0.17.0 in /wrappers/transit (#196)
  • 4ca279f Bump golang.org/x/net from 0.7.0 to 0.17.0 in /wrappers/ocikms (#190)
  • Additional commits viewable in compare view

Updates github.com/hashicorp/go-kms-wrapping/wrappers/ocikms/v2 from 2.0.9 to 2.0.10

Commits
  • 7f7cee7 Adds an option to perform encryption operations with no HMAC required. (#170)
  • 08d524b fix (extras/crypto): add guarding for Sha256SumWriter/Sha256SumReader (#169)
  • 2964a28 Bump deps
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 8, 2026 19:09
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 8, 2026
psekar
psekar previously approved these changes Jul 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/go-abed743654 branch from 8b8aa0b to 3bfe037 Compare July 9, 2026 00:14
@louisruch

Copy link
Copy Markdown
Collaborator

@dependabot rebase

Bumps the go group with 3 updates in the / directory: [github.com/hashicorp/boundary](https://github.com/hashicorp/boundary), [github.com/hashicorp/go-kms-wrapping/v2](https://github.com/hashicorp/go-kms-wrapping) and [golang.org/x/crypto](https://github.com/golang/crypto).
Bumps the go group with 1 update in the /plugins/kms/mains/alicloudkms directory: [github.com/hashicorp/go-kms-wrapping/wrappers/alicloudkms/v2](https://github.com/hashicorp/go-kms-wrapping).
Bumps the go group with 1 update in the /plugins/kms/mains/azurekeyvault directory: [github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2](https://github.com/hashicorp/go-kms-wrapping).
Bumps the go group with 1 update in the /plugins/kms/mains/gcpckms directory: [github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2](https://github.com/hashicorp/go-kms-wrapping).
Bumps the go group with 1 update in the /plugins/kms/mains/ocikms directory: [github.com/hashicorp/go-kms-wrapping/wrappers/ocikms/v2](https://github.com/hashicorp/go-kms-wrapping).


Updates `github.com/hashicorp/boundary` from 0.18.1-0.20260708165146-a1e2c87b8a14 to 0.21.3
- [Release notes](https://github.com/hashicorp/boundary/releases)
- [Changelog](https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/boundary/commits/v0.21.3)

Updates `github.com/hashicorp/go-kms-wrapping/v2` from 2.0.22 to 2.0.23
- [Release notes](https://github.com/hashicorp/go-kms-wrapping/releases)
- [Commits](hashicorp/go-kms-wrapping@v2.0.22...v2.0.23)

Updates `golang.org/x/crypto` from 0.51.0 to 0.54.0
- [Commits](golang/crypto@v0.51.0...v0.54.0)

Updates `github.com/hashicorp/go-kms-wrapping/wrappers/alicloudkms/v2` from 2.0.4 to 2.0.5
- [Release notes](https://github.com/hashicorp/go-kms-wrapping/releases)
- [Commits](hashicorp/go-kms-wrapping@v2.0.4...v2.0.5)

Updates `github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2` from 2.0.14 to 2.0.15
- [Release notes](https://github.com/hashicorp/go-kms-wrapping/releases)
- [Commits](hashicorp/go-kms-wrapping@v2.0.14...v2.0.15)

Updates `github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2` from 2.0.13 to 2.0.14
- [Release notes](https://github.com/hashicorp/go-kms-wrapping/releases)
- [Commits](hashicorp/go-kms-wrapping@v2.0.13...v2.0.14)

Updates `github.com/hashicorp/go-kms-wrapping/wrappers/ocikms/v2` from 2.0.9 to 2.0.10
- [Release notes](https://github.com/hashicorp/go-kms-wrapping/releases)
- [Commits](hashicorp/go-kms-wrapping@v2.0.9...v2.0.10)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/boundary
  dependency-version: 0.21.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/hashicorp/go-kms-wrapping/v2
  dependency-version: 2.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/hashicorp/go-kms-wrapping/wrappers/alicloudkms/v2
  dependency-version: 2.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2
  dependency-version: 2.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2
  dependency-version: 2.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/hashicorp/go-kms-wrapping/wrappers/ocikms/v2
  dependency-version: 2.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: golang.org/x/crypto
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/go-abed743654 branch from 3bfe037 to 35203ab Compare July 9, 2026 05:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants