Skip to content

Bump vault from 0.18.2 to 0.19.0#163

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/vault-0.19.0
Open

Bump vault from 0.18.2 to 0.19.0#163
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/vault-0.19.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 31, 2025
edited
Loading

Bumps vault from 0.18.2 to 0.19.0.

Release notes

Sourced from vault's releases.

v0.19.0

What's Changed

Full Changelog: hashicorp/vault-ruby@v0.18.2...v0.19.0

Changelog

Sourced from vault's changelog.

v0.19.0 (December 3, 2025)

BREAKING CHANGES

  • Set minimum Ruby version to 3.1. All EOL Ruby versions are no longer supported. GH-352

IMPROVEMENTS

  • Upgraded vendored net-http-persistent from 3.0.0 to upstream gem 4.0.2+, which includes:
    • Fixes compatibility with connection-pool 2.4
    • Supports TLS min/max and IPv6
    • Fixes a memory leak in connection pooling
    • Many bugfixes GH-345
  • Upgraded vendored connection-pool from 2.2.0 to upstream gem 2.4+, which includes:
    • Fixes argument forwarding for Ruby 2.7+
    • Automatically drops all connections after fork GH-345
  • Added dependency on base64 gem for Ruby 3.4 compatibility GH-352
  • Added Ruby 3.3 and 3.4 to CI matrix GH-352
  • Added modern Vault versions (1.16, 1.19, 1.20, 1.21) to CI matrix GH-352
  • Replaced deprecated JSON.fast_generate with JSON.generate GH-349

BUG FIXES

  • Fixed HTTP client shutdown to be lock-protected, ensuring thread-safe access to @nhp GH-329

v0.18.1 (September 14, 2023)

BUG FIXES

  • Restored the ability to use this gem with older Ruby versions that do not have the OpenSSL::SSL::TLS1_2_VERSION constant.

v0.18.0 (September 14, 2023)

IMPROVEMENTS

  • Added support for TLS v1.3 by replacing ssl_version with min_version.

v0.17.0 (May 11, 2022)

IMPROVEMENTS

  • Added MissingRequiredStateErr error type to refer to 412s returned by Vault 1.10 when the WAL index on the node does not match the index in the Server-Side Consistent Token. This error type can be passed as a parameter to #with_retries, and will also be retried automatically when #with_retries is used with no parameters.

v0.16.0 (March 17, 2021)

IMPROVEMENTS

  • The timeout used to get a connection from the connection pool that talks with vault is now configurable. Using Vault.pool_timeout or the env var VAULT_POOL_TIMEOUT.

... (truncated)

Commits
  • 5e0e2bb Prep for v0.19.0
  • fb4e0f6 http client's shutdown should be lock-protected
  • f596b69 Replace deprecated JSON.fast_generate
  • 3b07590 Reraise broken connection as HTTPConnectionError
  • 557f8c9 Update net-http-persistent and connection_pool
  • 6ed497c Set minimum ruby version to 3.1
  • 0fd1ebd Add modern vault versions to CI matrix
  • b4d4f56 Add ruby 3.3 and 3.4 to CI matrix
  • 03dfeb4 Upgrade checkout and setup-ruby actions for CI
  • b40af59 Add dependency on base64 (for ruby 3.4)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump vault from 0.18.2 to 0.19.0
6136733 
Bumps [vault](https://github.com/hashicorp/vault-ruby) from 0.18.2 to 0.19.0.
- [Release notes](https://github.com/hashicorp/vault-ruby/releases)
- [Changelog](https://github.com/hashicorp/vault-ruby/blob/master/CHANGELOG.md)
- [Commits](hashicorp/vault-ruby@v0.18.2...v0.19.0)

---
updated-dependencies:
- dependency-name: vault
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Dec 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants