chore(deps): bump github.com/hashicorp/consul from 0.0.0-20171026175957-610f3c86a089 to 1.22.5

[dependabot]

Bumps github.com/hashicorp/consul from 0.0.0-20171026175957-610f3c86a089 to 1.22.5.

Release notes

Sourced from github.com/hashicorp/consul's releases.

v1.22.5

1.22.5 (February 26, 2026)

SECURITY:

• security: upgrade go version to 1.25.7 [GH-23204]
• dockerfile: the Consul build Go base image to alpine3.23 [GH-23194]
• connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
• security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]
• security: Patched Vault CA provider to prevent arbitrary file reads via Kubernetes, JWT, and AppRole methods. [GH-23249]
• security: Introduced debounce timing for synchronization operations within federationStateAntiEntropySync. [GH-23196]

IMPROVEMENTS:

• api-gateway: Fixed "duplicate matcher" errors in Envoy when using multiple file-system certificates on a single TLS listener. The certificates are now consolidated into a single filter chain, allowing Envoy to select the correct one. [GH-23212]
• agent: Fix vault provider failure when signing intermediate CA with isCA=true in CSR [GH-23202]
• cli: Added --aws-iam-endpoint flag to consul login command for AWS IAM auth method to support custom IAM endpoint configuration [GH-23109]
• docs: Refreshed the security documentation to include the new HTTP server timeout defaults and relevant configuration options. [GH-23246]
• api: Cancel context check for watches cache fetch to stop execution when manager deregisters the watch. [GH-23157]

v1.22.4

⚠️ Important Notice

We have identified an issue in Consul and Consul Enterprise Feb Patch Release (1.22.4, 1.22.4-ent, 1.21.10-ent, 1.18.20-ent) that requires a corrective patch release.

We recommend that customers avoid using these versions in production environments and wait for the upcoming patch release.

Customers who have upgraded to these versions should temporarily revert to the previous stable release while we prepare a corrected update.

A new patched release is expected by the end of the this month.

Further updates will be shared once the new version is available. We apologize for the inconvenience and appreciate your patience.

1.22.4 (February 18, 2026)

SECURITY:

• security: upgrade go version to 1.25.7 [GH-23204]
• dockerfile: the Consul build Go base image to alpine3.23 [GH-23194]
• connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
• security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]

IMPROVEMENTS:

• api-gateway: Fixed "duplicate matcher" errors in Envoy when using multiple file-system certificates on a single TLS listener. The certificates are now consolidated into a single filter chain, allowing Envoy to select the correct one. [GH-23212]
• agent: Fix vault provider failure when signing intermediate CA with isCA=true in CSR [GH-23202]
• cli: Added --aws-iam-endpoint flag to consul login command for AWS IAM auth method to support custom IAM endpoint configuration [GH-23109]
• api: Cancel context check for watches cache fetch to stop execution when manager deregisters the watch. [GH-23157]

v1.22.3

1.22.3 (January 23, 2026)

... (truncated)

Changelog

Sourced from github.com/hashicorp/consul's changelog.

1.22.4 (February 18, 2026)

SECURITY:

• security: upgrade go version to 1.25.7 [GH-23204]
• dockerfile: the Consul build Go base image to alpine3.23 [GH-23194]
• connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
• security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]

IMPROVEMENTS:

• api-gateway: Fixed "duplicate matcher" errors in Envoy when using multiple file-system certificates on a single TLS listener. The certificates are now consolidated into a single filter chain, allowing Envoy to select the correct one. [GH-23212]
• agent: Fix vault provider failure when signing intermediate CA with isCA=true in CSR [GH-23202]
• cli: Added --aws-iam-endpoint flag to consul login command for AWS IAM auth method to support custom IAM endpoint configuration [GH-23109]

1.22.3 (January 23, 2026)

SECURITY:

• Update the Consul Build Go base image to alpine3.23.2 [GH-23138]

IMPROVEMENTS:

• api: Add consul services imported-services and new api(/v1/exported-services) command to list services imported by partitions within a local datacenter [GH-12045]
• connect: added ability to configure Virtual IP range for t-proxy with CIDRs [GH-23085]

1.22.1 (November 27, 2025)

SECURITY:

• connect: Upgrade envoy version to 1.35.6 [GH-23056]
• security: Updated golang.org/x/crypto from v0.42.0 to v0.44.0. This resolves GO-2025-4116

IMPROVEMENTS:

• ui: Removed ember-route-action-helper and migrated all {{route-action}} usages to explicit route/controller logic. [GH-23004]
• ui: Replaced reopen() calls with direct property assignment and subclassing to resolve Ember component reopen deprecation warnings [GH-22971]
• ui: removed deprecated Route#renderTemplate usage by introducing DebugLayout component and controller-based conditional rendering for docs routes [GH-22978]
• ui: resolved multiple Ember deprecations:

• Removed mutation-after-consumption warnings in Outlet by staging state updates outside the render pass
• Replaced deprecated Route#replaceWith/transitionTo usage with RouterService in affected routes
• Avoided mutating objects produced by {{hash}} (setting-on-hash) by switching to tracked POJOs [GH-23010]

BUG FIXES:

• acl: fixed a bug where ACL policy replication in WANfed is impacted when primaryDC is inconsistent [GH-22954]
• xds: fix RBAC failure in upstream service when there are more than one downstream exported service with same name but different peer [GH-23049]
• xds: fix bug where Using replacePrefixMatch: "/" results in double slashes (//path) and Using replacePrefixMatch: "" does not strip the prefix at all (e.g., mapping /v1/dashboard → /dashboard) resulting in 301 and 404 errors respectively [GH-23035]

1.22.1 Enterprise (November 27, 2025)

SECURITY:

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.