chore(deps): update dependency hashicorp/consul to v1.21.4

[renovate]

This PR contains the following updates:

Package	Update	Change
hashicorp/consul	minor	1.20.1 -> 1.21.4

---

Release Notes

hashicorp/consul (hashicorp/consul)

v1.21.4

Compare Source

SECURITY:

• security: Update Go to 1.23.12 to address CVE-2025-47906 [GH-22547]

IMPROVEMENTS:

• ui: Replaced internal code editor with HDS (HashiCorp Design System) code editor and code block components for improved accessibility and maintainability across the Consul UI. [GH-22513]

BUG FIXES:

• cli: capture pprof when ACL is enabled and a token with operator:read is used, even if enable_debug config is not explicitly set. [GH-22552]

v1.21.3

Compare Source

IMPROVEMENTS:

• ui: Improved display and handling of IPv6 addresses for better readability and usability in the Consul web interface. [GH-22468]

BUG FIXES:

• cli: validate IP address in service registration to prevent invalid IPs in service and tagged addresses. [GH-22467]
• ui: display IPv6 addresses with proper bracketed formatting [GH-22423]

v1.21.2

Compare Source

SECURITY:

• security: Upgrade UBI base image version to address CVE
  CVE-2025-4802
  CVE-2024-40896
  CVE-2024-12243
  CVE-2025-24528
  CVE-2025-3277
  CVE-2024-12133
  CVE-2024-57970
  CVE-2025-31115 [GH-22409]
• cli: update tls ca and cert create to reduce excessive file perms for generated public files [GH-22286]
• connect: Added non default namespace and partition checks to ConnectCA CSR requests. [GH-22376]
• security: Upgrade Go to 1.23.10. [GH-22412]

IMPROVEMENTS:

• config: Warn about invalid characters in datacenter resulting in non-generation of X.509 certificates when using external CA for agent TLS communication. [GH-22382]
• connect: Use net.JoinHostPort for host:port formatting to handle IPv6. [GH-22359]

BUG FIXES:

• http: return a clear error when both Service.Service and Service.ID are missing during catalog registration [GH-22381]
• license: (Enterprise only) Fixed issue where usage metrics are not written to the snapshot to export the license data. [GH-10668]
• wan-federation: Fixed an issue where advertised IPv6 addresses were causing WAN federation to fail. [GH-22226]

v1.21.1

Compare Source

FEATURES:

• xds: Extend LUA Script support for API Gateway [GH-22321]
• xds: Added a configurable option to disable XDS session load balancing, intended for scenarios where an external load balancer is used in front of Consul servers, making internal load balancing unnecessary.

IMPROVEMENTS:

• http: Add peer query param on catalog service API [GH-22189]

v1.21.0

Compare Source

• Enhancement: Added support for Consul Session to update the state of a Health Check, allowing for more dynamic and responsive health monitoring within the Consul ecosystem. This feature enables sessions to directly influence health check statuses, improving the overall reliability and accuracy of service health assessments.

v1.20.6

Compare Source

1.20.6 (April 25, 2025)

SECURITY:

• Update golang.org/x/net to v0.38.0 to address GHSA-vvgc-356p-c3xw and GO-2025-3595.
  Update github.com/golang-jwt/jwt/v4 to v4.5.2 to address GO-2025-3553 and GHSA-mh63-6h87-95cp.
  Update Go to v1.23.8 to address GO-2025-3563. [GH-22268]

IMPROVEMENTS:

• Added support for Consul Session to update the state of a Health Check, allowing for more dynamic and responsive health monitoring within the Consul ecosystem. This feature enables sessions to directly influence health check statuses, improving the overall reliability and accuracy of service health assessments. [GH-22227]

BUG FIXES:

• agent: Add the missing Service TaggedAddresses and Check Type fields to Txn API. [GH-22220]

v1.20.5

Compare Source

1.20.5 (March 11, 2025)

SECURITY:

• Update golang.org/x/crypto to v0.35.0 to address GO-2025-3487.
  Update golang.org/x/oauth2 to v0.27.0 to address GO-2025-3488.
  Update github.com/go-jose/go-jose/v3 to v3.0.4 to address GO-2025-3485. [GH-22207]
• Upgrade Go to 1.23.6. [GH-22204]

BUG FIXES:

• logging: Fixed compilation error for OS NetBSD. [GH-22184]

v1.20.4

Compare Source

1.20.4 (February 20, 2025)

IMPROVEMENTS:

• dependency: upgrade consul/api to use Go 1.31.2 [GH-22174]

BUG FIXES:

• api: Fixed api submodule checksum mismatch issue by retracted 1.31.1 version [GH-22172] [GH-22172]

v1.20.3

Compare Source

SECURITY:

• Upgrade Go to use v1.22.11 and bump Go X-Repositories to latest. This addresses CVE
  CVE-2024-45341 and
  CVE-2024-45336 [GH-22084]
• Upgrade Go to use v1.22.12 and bump Go X-Repositories to latest. This addresses CVE
  CVE-2025-22866 [GH-22132]

IMPROVEMENTS:

• connect: update supported envoy versions to 1.33.0, 1.32.3 [GH-22138]
• metadata: memoize the parsed build versions [GH-22113]

BUG FIXES:

• Fixed logging error while building for OpenBSD OS [GH-22120] [GH-22120]
• api-gateway: Fixed TLS configuration to properly enforce listener TLS versions and cipher suites [GH-21984]
• aws-auth: Fix bug where calls to AWS IAM and STS services error out due to URL with multiple trailing slashes. [GH-22109]

v1.20.2

Compare Source

SECURITY:

• Removed ability to use bexpr to filter results without ACL read on endpoint [GH-21950]
• Resolved issue where hcl would allow duplicates of the same key in acl policy configuration. [GH-21908]
• Update github.com/golang-jwt/jwt/v4 to v4.5.1 to address GHSA-29wx-vh33-7x7r. [GH-21951]
• Update golang.org/x/crypto to v0.31.0 to address GO-2024-3321. [GH-22001]
• Update golang.org/x/net to v0.33.0 to address GO-2024-3333. [GH-22021]
• Update registry.access.redhat.com/ubi9-minimal image to 9.5 to address CVE-2024-3596,CVE-2024-2511,CVE-2024-26458. [GH-22011]
• api: Enforces strict content-type header validation to protect against XSS vulnerability. [GH-21930]
  FEATURES:
• docs: added the docs for the grafana dashboards [GH-21795]
  BUG FIXES:
• proxycfg: fix a bug where peered upstreams watches are canceled even when another target needs it. [GH-21871]
• state: ensure that identical manual virtual IP updates result in not bumping the modify indexes [GH-21909]

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.