Skip to content

Update GitHub Action hashicorp/vault-action to v4#72

Merged
hash-worker[bot] merged 1 commit into
mainfrom
deps/gha/hashicorp-vault-action-4.x
Jun 1, 2026
Merged

Update GitHub Action hashicorp/vault-action to v4#72
hash-worker[bot] merged 1 commit into
mainfrom
deps/gha/hashicorp-vault-action-4.x

Conversation

@hash-worker

@hash-worker hash-worker Bot commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
hashicorp/vault-action action major v3.4.0 β†’ v4

Release Notes

hashicorp/vault-action (hashicorp/vault-action)

v4

Compare Source

v4.0.0

Compare Source

4.0.0 (May 12, 2026)

Improvements:

  • Bump node runtime from node20 to node24 GH-604
  • Fix leading slash in secret paths causing HTTP 400 errors (e.g. /cubbyhole/test β†’ v1/cubbyhole/test instead of v1//cubbyhole/test)
  • bump jsrsasign from 11.1.0 to 11.1.3
  • bump body-parser from 1.20.3 to 1.20.5
  • bump qs from 6.13.0 to 6.15.1
  • bump http-errors from 2.0.0 to 2.0.1
  • bump minimatch from 3.1.2 to 3.1.5
  • bump underscore from 1.13.4 to 1.13.8

Configuration

πŸ“… Schedule: (UTC)

  • Branch creation
    • "before 2am on saturday"
  • Automerge
    • "before 4am every weekday,every weekend"

🚦 Automerge: Enabled.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@hash-worker hash-worker Bot enabled auto-merge June 1, 2026 09:43
@cursor

cursor Bot commented Jun 1, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
The change sits on the path that loads GitHub App credentials from Vault for Renovate; a major action bump could affect secret retrieval even though inputs are unchanged.

Overview
Bumps hashicorp/vault-action from v3.4.0 to v4 on the Authenticate Vault step in the centralized Renovate workflow (.github/workflows/housekeeping-dependencies.yml). The step still uses JWT against VAULT_ADDR and the same secrets mapping for the GitHub worker app credentials; only the action ref/commit pin changes.

Reviewed by Cursor Bugbot for commit 159587a. Bugbot is set up for automated code reviews on this repo. Configure here.

@augmentcode

augmentcode Bot commented Jun 1, 2026

Copy link
Copy Markdown
πŸ€– Augment PR Summary

Summary: Updates the housekeeping-dependencies workflow to use hashicorp/vault-action v4 (pinned to the v4 commit SHA).
Why: Picks up the upstream major release, including the action runtime bump to Node 24 and related fixes/maintenance updates.

πŸ€– Was this summary useful? React with πŸ‘ or πŸ‘Ž

@augmentcode augmentcode Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

@hash-worker hash-worker Bot added this pull request to the merge queue Jun 1, 2026
Merged via the queue into main with commit bc3772d Jun 1, 2026
9 checks passed
@hash-worker hash-worker Bot deleted the deps/gha/hashicorp-vault-action-4.x branch June 1, 2026 09:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant