Bump the gomod-backward-compatible group across 1 directory with 6 updates

[dependabot[bot]]

Bumps the gomod-backward-compatible group with 5 updates in the / directory:

Package	From	To
github.com/hashicorp/vault/api	1.16.0	1.20.0
google.golang.org/grpc	1.71.1	1.73.0
k8s.io/api	0.32.3	0.33.1
k8s.io/client-go	0.32.3	0.33.1
sigs.k8s.io/secrets-store-csi-driver	1.4.8	1.5.1

Updates github.com/hashicorp/vault/api from 1.16.0 to 1.20.0

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.19.5

1.19.5

May 30, 2025

Enterprise LTS: Vault Enterprise 1.19 is a Long-Term Support (LTS) release.

CHANGES:

• database/snowflake: Update plugin to v0.13.1 [GH-30775]

IMPROVEMENTS:

• plugins: Support registration of CE plugins with extracted artifact directory. [GH-30673]

BUG FIXES:

• ui: Fix broken link to Hashicorp Vault developer site in the Web REPL help. [GH-30670]

v1.19.4

1.19.4

May 16, 2025

CHANGES:

• Update vault-plugin-auth-cf to v0.20.1 [GH-30586]
• auth/azure: Update plugin to v0.20.4 [GH-30543]
• core: Bump Go version to 1.24.3.

IMPROVEMENTS:

• Namespaces (enterprise): allow a root token to relock a namespace
• core (enterprise): update to FIPS 140-3 cryptographic module in the FIPS builds.
• core: Updated code and documentation to support FIPS 140-3 compliant algorithms. [GH-30576]
• core: support for X25519MLKEM768 (post quantum key agreement) in the Go TLS stack. [GH-30603]
• ui: Replaces all instances of the deprecated event.keyCode with event.key [GH-30493]

BUG FIXES:

• core (enterprise): fix a bug where plugin automated root rotations would stop after seal/unseal operations
• plugins (enterprise): Fix an issue where Enterprise plugins can't run on a standby node when it becomes active because standby nodes don't extract the artifact when the plugin is registered. Remove extracting from Vault and require the operator to place the extracted artifact in the plugin directory before registration.

v1.19.3

1.19.3

April 30, 2025

CHANGES:

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

Previous versions

• v1.10.0 - v1.15.16
• v1.0.0 - v1.9.10
• v0.11.6 and earlier

1.19.5

May 30, 2025

Enterprise LTS: Vault Enterprise 1.19 is a Long-Term Support (LTS) release.

CHANGES:

• database/snowflake: Update plugin to v0.13.1 [GH-30775]

IMPROVEMENTS:

• plugins: Support registration of CE plugins with extracted artifact directory. [GH-30673]

BUG FIXES:

• ui: Fix broken link to Hashicorp Vault developer site in the Web REPL help. [GH-30670]

1.19.4

May 16, 2025

Enterprise LTS: Vault Enterprise 1.19 is a Long-Term Support (LTS) release.

CHANGES:

• Update vault-plugin-auth-cf to v0.20.1 [GH-30586]
• auth/azure: Update plugin to v0.20.4 [GH-30543]
• core: Bump Go version to 1.24.3.

IMPROVEMENTS:

• Namespaces (enterprise): allow a root token to relock a namespace
• core (enterprise): update to FIPS 140-3 cryptographic module in the FIPS builds.
• core: Updated code and documentation to support FIPS 140-3 compliant algorithms. [GH-30576]
• core: support for X25519MLKEM768 (post quantum key agreement) in the Go TLS stack. [GH-30603]
• ui: Replaces all instances of the deprecated event.keyCode with event.key [GH-30493]

BUG FIXES:

• core (enterprise): fix a bug where plugin automated root rotations would stop after seal/unseal operations
• plugins (enterprise): Fix an issue where Enterprise plugins can't run on a standby node when it becomes active because standby nodes don't extract the artifact when the plugin is registered. Remove extracting from Vault and require the operator to place the extracted artifact in the plugin directory before registration.

... (truncated)

Commits

• 71ca099 Update vault-plugin-secrets-gcp to v0.22.0 (#30846)
• 51ec0db Update vault-plugin-auth-kerberos to v0.15.0 (#30845)
• 38cc2c9 Update vault-plugin-auth-cf to v0.21.0 (#30842)
• 36aa49b enos(fips1403): simplify semver constraint to only consider currently mixed r...
• 407c297 Update vault-plugin-secrets-openldap to v0.16.0 (#30844)
• a725087 VAULT-36495 CE changes (#30807)
• d19e946 Update vault-plugin-auth-oci to v0.19.0 (#30841)
• d9ecd5b PostgreSQL backend passwordless authentication in cloud (#30681)
• 636524e Update vault-plugin-database-couchbase to v0.14.0 (#30836)
• befafd5 [VAULT-35682] build(cgo): Build CGO binaries in a container (#30834)
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.71.1 to 1.73.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.73.0

New Features

• balancer/ringhash: move LB policy from xds/internal to exported path to facilitate use without xds (#8249)
• xds: enable least request LB policy by default. It can be disabled by setting GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST=false in your environment. (#8253)
• grpc: add a CallAuthority Call Option that can be used to overwrite the http :authority header on per-RPC basis. (#8068)
• stats/opentelemetry: add trace event for name resolution delay. (#8074)
• health: added List method to gRPC Health service. (#8155)
  • Special Thanks: @​marcoshuck
• ringhash: implement features from gRFC A76. (#8159)
• xds: add functionality to support SPIFFE Bundle Maps as roots of trust in XDS which can be enabled by setting GRPC_EXPERIMENTAL_XDS_MTLS_SPIFFE=true. (#8167, #8180, #8229, #8343)

Bug Fixes

• xds: locality ID metric label is changed to make it consistent with gRFC A78. (#8256)
• client: fail RPCs on the client when using extremely short contexts that expire before the grpc-timeout header is created. (#8312)
• server: non-positive grpc-timeout header values are now rejected. This is consistent with the gRPC protocol spec. (#8290)
  • Special Thanks: @​evanj
• xds: fix reported error string when LRS load reporting interval is invalid. (#8224)
  • Special Thanks: @​alingse

Performance Improvements

• credentials/alts: improve read performance by optimizing buffer copies and allocations. (#8271)
• server: improve performance of RPC handling by avoid a status proto copy (#8282)
  • Special Thanks: @​evanj

Documentation

• examples/features/opentelemetry: modify example to demonstrate tracing using OpenTelemtry plugin. (#8056)

Release 1.72.2

Bug Fixes

• client: restore support for NO_PROXY environment variable when connecting to locally-resolved addresses (case 2 from gRFC A1). (#8329)
• balancer/least_request: fix panic on resolver errors. (#8333)

Release 1.72.1

Bug Fixes

• client: HTTP Proxy connections are no longer attempted for addresses with non-TCP network types. (#8215)
• client: Fix bug that causes RPCs to fail with status INTERNAL instead of CANCELLED or DEADLINE_EXCEEDED when receiving a RST_STREAM frame in the middle of the gRPC message. (#8289)

Release 1.72.0

Dependencies

• Minimum supported Go version is now 1.23 (#8108)

API Changes

• resolver: add experimental AddressMapV2 with generics to ultimately replace AddressMap. Deprecate AddressMap for deletion (#8187)
• resolver: convert EndpointMap in place to use generics (#8189)

... (truncated)

Commits

• c52d025 Change version to 1.73.0 (#8322)
• ac60db1 Add flag guarding SPIFFE Bundle provider (#8343) (#8382)
• 183c148 balancer/ringhash: Add experimental notice in package comment (#8364) (#8365)
• b610465 delegatingresolver: avoid proxy for resolved addresses in NO_PROXY env (#8329...
• 96c4308 balancer/least_request : Fix panic while handling resolver errors (#8333) (#8...
• af5146b grpc: update contributing.md (#8318)
• 09166b6 cleanup: remove unused constants in generic xdsclient (#8315)
• e3f13e7 transport: Prevent sending negative timeouts (#8312)
• b89909b leakcheck: Fix flaky test TestCheck (#8309)
• 709023d grpcsync/event: Simplify synchronization (#8308)
• Additional commits viewable in compare view

Updates k8s.io/api from 0.32.3 to 0.33.1

Commits

• 04f698e Update dependencies to v0.33.1 tag
• 16cedc7 Merge pull request #131088 from atiratree/rename-terminating-replicas-fg
• dc88679 Merge pull request #131103 from ahrtr/etcd_sdk_20250328
• 4a456a2 bump etcd 3.5.21 sdk
• 96e38c9 rename DeploymentPodReplacementPolicy FG to DeploymentReplicaSetTerminatingRe...
• c21a017 Merge pull request #129970 from mortent/AddResourceV1beta2API
• d0673db Run make update
• 118546d Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
• f9401a3 Merge pull request #130797 from jm-franc/configurable-tolerance
• 9b3e544 Generated UPDATE_COMPATIBILITY_FIXTURE_DATA
• Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.32.3 to 0.33.1

Commits

• 173776a Merge pull request #131708tigrato/automated-cherry-pick-of-#131702
• a3d1fde fix: fixes a possible panic in NewYAMLToJSONDecoder
• 955939f bump etcd 3.5.21 sdk
• e8a77bd Merge pull request #130910 from googs1025/fix/datarace
• 7e8c77e Merge pull request #130906 from serathius/streaming-validation
• 27fd396 flake: fix data race for func TestBackoff_Step
• 8bcc6f1 Update kube-openapi and integrate streaming tags validation
• 6ce776c Merge pull request #130857 from thockin/kk_small_vg_diffs
• f2c94d6 Comment on origin and JSON schema
• b63ba07 Use origin in validateFalse's own test
• Additional commits viewable in compare view

Updates k8s.io/client-go from 0.32.3 to 0.33.1

Commits

• e7397e5 Update dependencies to v0.33.1 tag
• ecbbb06 bump etcd 3.5.21 sdk
• 2086688 Merge pull request #129970 from mortent/AddResourceV1beta2API
• dba34c7 Run make update
• e359642 Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
• 3bf0a05 Merge pull request #130797 from jm-franc/configurable-tolerance
• 7a03a3b Generated files
• 1676beb Refresh autogenerated files following the configurable tolerance updates.
• 387edb8 Merge pull request #130967 from aojea/listers
• 21dc3b4 benchmark to show inefficient linear search lookup
• Additional commits viewable in compare view

Updates sigs.k8s.io/secrets-store-csi-driver from 1.4.8 to 1.5.1

Release notes

Sourced from sigs.k8s.io/secrets-store-csi-driver's releases.

v1.5.1 - 2025-05-19

Changelog

Maintenance 🔧

• chore: bump livenessprobe to v2.15.0 and node-driver-registrar to v2.13.0 by @​aramase in kubernetes-sigs/secrets-store-csi-driver#1813
• chore: update to go 1.23.9 by @​aramase in kubernetes-sigs/secrets-store-csi-driver#1820

Security Fix 🛡️

• security: bump to go 1.23.8 to resolve CVE-2025-22871 by @​aramase in kubernetes-sigs/secrets-store-csi-driver#1789

Full Changelog: https://github.com/kubernetes-sigs/secrets-store-csi-driver/compare/v1.5.0...v1.5.1

v1.5.0 - 2025-04-09

Changelog

Bug Fixes 🐞

• b0fdeb52d108375887241e8ddd07c8a97296d061 fix: update sha generation logic
• f0e9dccf836986666aaa7f22dbd1ad6e5210c02f fix: add unit test to show failures in current sha logic

Code Refactoring 💎

• 9548c23ad3e8d430cb01b163a6f431240504771a refactor: cleanup unused err check

Features 🌈

• bf7e77ef35795a6b405511938f6cb976463cb8f9 feat: add build for windows ltsc2025

Maintenance 🔧

• a488327b740472d9b5e4d2af228b91f79b3f9657 chore: bump kind to v0.27.0
• 515358e1f4f65c12cff0d081687fd9de23ecede5 chore: disable trivy package testing for driver-crds
• 924b3b8302bf5a3c172c663ff85c14dcd195addf chore: bump docker golang base images to 1.23
• 572e439668e9689e3c33071c8cb6525ae262a0ce chore: move tam7t to emeritus_approvers
• 0b00da8f222c0e76e6cce09136f839e8cb8a7934 chore: bump github/codeql-action from 3.28.0 to 3.28.8
• b8a1e5bea00875a7f437902b7f419cf6118f3017 chore: bump actions/setup-go from 5.2.0 to 5.3.0
• 4aad87b2c506c3c4f670da9b59d530b46f518e13 chore: bump golang.org/x/net from 0.28.0 to 0.33.0 in /hack/tools
• 25d77569bac10e152ac953a831e436b034625083 chore: bump gaurav-nelson/github-action-markdown-link-check
• c3cb4ffc0b68bd2016311a3f74ea876cf26733ea chore: bump step-security/harden-runner from 2.10.2 to 2.10.3
• 911b494b4f2c366ca98a27ec3a21f8da5e691db2 chore: bump codecov/codecov-action from 5.1.1 to 5.1.2
• aaa4a3c875f4cbdfd846813ce2f431b70340f943 chore: bump github/codeql-action from 3.26.13 to 3.28.0
• 5a8d6b55097564533003a6d2f7b8622a51184b51 chore: bump actions/upload-artifact from 4.4.1 to 4.5.0
• 7c04af1d155af55ef88b090d092c26fa7b8048c0 chore: bump actions/setup-go from 5.0.2 to 5.2.0
• a24d2fdd75c68c6febbbaeb85cfb003cb9e7b7de chore: bump golang.org/x/crypto from 0.22.0 to 0.31.0
• 5fe63f79191efaaf40f6584b32de872d5c643d8a chore: bump codecov/codecov-action from 4.5.0 to 5.1.1
• 658a778626e0fb91a72e1dc3c2bd8264ca6c62e3 chore: bump golang/govulncheck-action from 1.0.3 to 1.0.4
• 041d14233cbc642caee545b148f68683cc0a9b57 chore: bump to golang 1.22 builder image in dockerfile
• c5d2bd300190d1e790b165ae683fe73f632cacb1 chore: bump trivy to v0.57.1 to mitigate rate limit issues
• f6bd4d8b091289af9f064e60ac11d1c78fd1e604 chore: bump step-security/harden-runner from 2.9.1 to 2.10.2
• 88d1253a7c01e26fd6d97339e7077f9c3527f0b8 chore: bump actions/checkout from 4.1.7 to 4.2.1
• 44e76537659cffffeabdd9838b1283f0461f43af chore: bump github/codeql-action from 3.26.6 to 3.26.13
• cb6fd1e86f84a27442f85d1d03a625ac793089f8 chore: bumps base images
• ef8f5eb3bf682774ea4e8df84ca9a0e9bb54c359 chore: bump actions/upload-artifact from 4.4.0 to 4.4.1
• 2f6e7d0324bc624ac33217b82da0e22e0198423f chore: bump actions/upload-artifact from 4.3.6 to 4.4.0
• 92c73a029323480d0f9d4940d7488f0bed552b46 chore: bump github/codeql-action from 3.26.5 to 3.26.6
• 77109220c4c75a827c77ea78c6305c86425d9c7a chore: bump actions/dependency-review-action from 4.3.2 to 4.3.4

... (truncated)

Commits

• cb4f2d9 Merge pull request #1831aramase/automated-cherry-pick-of-#1830
• ad256c2 release: update manifest and helm charts for v1.5.1
• 4fbe81c Merge pull request #1823 from aramase/aramase/c/bump_release_1.5_v1.5.1
• 7c3f763 chore: bump version to v1.5.1 in release-1.5
• eb6e97f Merge pull request #1820aramase/automated-cherry-pick-of-#1819
• f51dd55 chore: update to go 1.23.9
• b2563c1 Merge pull request #1813aramase/automated-cherry-pick-of-#1812
• 1cb4afa chore: bump node-driver-registrar to v2.13.0
• 96e559d chore: bump livenessprobe to v2.15.0
• 3dc124d Merge pull request #1789aramase/automated-cherry-pick-of-#1788
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions