Skip to content

chore(deps): update module github.com/hashicorp/consul to v1.20.0 [security] (release-2.9.x) #19431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-2.9.x
Choose a base branch
from
Open

chore(deps): update module github.com/hashicorp/consul to v1.20.0 [security] (release-2.9.x) #19431

wants to merge 1 commit into from

Conversation

renovate-sh-app[bot]
Copy link

@renovate-sh-app renovate-sh-app bot commented Oct 8, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
github.com/hashicorp/consul v1.5.1 -> v1.20.0 age confidence

Denial of Service (DoS) in HashiCorp Consul

BIT-consul-2020-7219 / CVE-2020-7219 / GHSA-23jv-v6qj-3fhh / GO-2022-0776

More information

Details

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

Specific Go Packages Affected

github.com/hashicorp/consul/agent/consul

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

BIT-consul-2020-7219 / CVE-2020-7219 / GHSA-23jv-v6qj-3fhh / GO-2022-0776

More information

Details

Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

BIT-consul-2020-7955 / CVE-2020-7955 / GHSA-r9w6-rhh9-7v53 / GO-2022-0874

More information

Details

Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Incorrect Authorization in HashiCorp Consul

BIT-consul-2020-7955 / CVE-2020-7955 / GHSA-r9w6-rhh9-7v53 / GO-2022-0874

More information

Details

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Allocation of Resources Without Limits or Throttling in Hashicorp Consul

BIT-consul-2020-13250 / CVE-2020-13250 / GHSA-rqjq-mrgx-85hp / GO-2022-0879

More information

Details

HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service.

Specific Go Packages Affected

github.com/hashicorp/consul/agent/config

Fix

The vulnerability is fixed in versions 1.6.6 and 1.7.4.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

BIT-consul-2020-13250 / CVE-2020-13250 / GHSA-rqjq-mrgx-85hp / GO-2022-0879

More information

Details

Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Privilege Escalation in HashiCorp Consul

BIT-consul-2020-28053 / CVE-2020-28053 / GHSA-6m72-467w-94rh / GO-2024-2505

More information

Details

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

BIT-consul-2020-28053 / CVE-2020-28053 / GHSA-6m72-467w-94rh / GO-2024-2505

More information

Details

Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

BIT-consul-2020-25864 / CVE-2020-25864 / GHSA-8xmx-h8rq-h94j / GO-2023-1851

More information

Details

HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul Cross-site Scripting vulnerability

BIT-consul-2020-25864 / CVE-2020-25864 / GHSA-8xmx-h8rq-h94j / GO-2023-1851

More information

Details

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul Privilege Escalation Vulnerability

BIT-consul-2021-37219 / CVE-2021-37219 / GHSA-ccw8-7688-vqx4 / GO-2022-0593

More information

Details

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

Severity

  • CVSS Score: 8.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

BIT-consul-2021-38698 / CVE-2021-38698 / GHSA-6hw5-6gcx-phmw / GO-2022-0559

More information

Details

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.

BIT-consul-2021-38698 / CVE-2021-38698 / GHSA-6hw5-6gcx-phmw / GO-2022-0559

More information

Details

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

BIT-consul-2021-37219 / CVE-2021-37219 / GHSA-ccw8-7688-vqx4 / GO-2022-0593

More information

Details

HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector

BIT-consul-2022-29153 / CVE-2022-29153 / GHSA-q6h7-4qgw-2j9p / GO-2022-0615

More information

Details

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

BIT-consul-2022-29153 / CVE-2022-29153 / GHSA-q6h7-4qgw-2j9p / GO-2022-0615

More information

Details

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul L7 deny intention results in an allow action

BIT-consul-2021-36213 / CVE-2021-36213 / GHSA-8h2g-r292-j8xh / GO-2022-0895

More information

Details

In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

BIT-consul-2021-36213 / CVE-2021-36213 / GHSA-8h2g-r292-j8xh / GO-2022-0895

More information

Details

HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

BIT-consul-2021-32574 / CVE-2021-32574 / GHSA-25gf-8qrr-g78r / GO-2022-0894

More information

Details

Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Hashicorp Consul Missing SSL Certificate Validation

BIT-consul-2021-32574 / CVE-2021-32574 / GHSA-25gf-8qrr-g78r / GO-2022-0894

More information

Details

HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul vulnerable to authorization bypass

BIT-consul-2022-40716 / CVE-2022-40716 / GHSA-m69r-9g56-7mv8 / GO-2022-1029

More information

Details

HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names. This issue has been fixed in versions 1.11.9, 1.12.5, and 1.13.2. There are no known workarounds.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

BIT-consul-2022-40716 / CVE-2022-40716 / GHSA-m69r-9g56-7mv8 / GO-2022-1029

More information

Details

HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Hashicorp Consul vulnerable to denial of service

BIT-consul-2023-1297 / CVE-2023-1297 / GHSA-c57c-7hrj-6q6v / GO-2023-1827

More information

Details

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Severity

  • CVSS Score: 4.9 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

BIT-consul-2023-1297 / CVE-2023-1297 / GHSA-c57c-7hrj-6q6v / GO-2023-1827

More information

Details

Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Hashicorp Consul Cross-site Scripting vulnerability

BIT-consul-2024-10086 / CVE-2024-10086 / GHSA-99wr-c2px-grmh / GO-2024-3242

More information

Details

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

BIT-consul-2024-10086 / CVE-2024-10086 / GHSA-99wr-c2px-grmh / GO-2024-3242

More information

Details

Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Release Notes

hashicorp/consul (github.com/hashicorp/consul)

v1.20.0

Compare Source

1.20.0 (October 14, 2024)

SECURITY:

  • Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [GH-21704]
  • Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [GH-21711]
  • UI: Remove codemirror linting due to package dependency [GH-21726]
  • Upgrade Go to use 1.22.7. This addresses CVE
    CVE-2024-34155 [GH-21705]
  • Upgrade to support aws/aws-sdk-go v1.55.5 or higher. This resolves CVEs
    CVE-2020-8911 and
    CVE-2020-8912. [GH-21684]
  • ui: Pin a newer resolution of Braces [GH-21710]
  • ui: Pin a newer resolution of Codemirror [GH-21715]
  • ui: Pin a newer resolution of Markdown-it [GH-21717]
  • ui: Pin a newer resolution of ansi-html [GH-21735]

FEATURES:

  • grafana: added the dashboards service-to-service dashboard, service dashboard, and consul dataplane dashboard [GH-21806]
  • server: remove v2 tenancy, catalog, and mesh experiments [GH-21592]

IMPROVEMENTS:

  • security: upgrade ubi base image to 9.4 [GH-21750]
  • connect: Add Envoy 1.31 and 1.30 to support matrix [GH-21616]

BUG FIXES:

  • jwt-provider: change dns lookup family from the default of AUTO which would prefer ipv6 to ALL if LOGICAL_DNS is used or PREFER_IPV4 if STRICT_DNS is used to gracefully handle transitions to ipv6. [GH-21703]

v1.19.2

Compare Source

1.19.2 (August 26, 2024)

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0 [GH-21588]

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]

BUG FIXES:

  • api-gateway: (Enterprise only) ensure clusters are properly created for JWT providers with a remote URI for the JWKS endpoint [GH-21604]

v1.19.1

Compare Source

1.19.1 (July 11, 2024)

SECURITY:

IMPROVEMENTS:

  • mesh: update supported envoy version 1.29.5 in addition to 1.28.4, 1.27.6. [GH-21277]

BUG FIXES:

  • core: Fix multiple incorrect type conversion for potential overflows [GH-21251]
  • core: Fix panic runtime error on AliasCheck [GH-21339]
  • dns: Fix a regression where DNS SRV questions were returning duplicate hostnames instead of encoded IPs.
    This affected Nomad integrations with Consul. [GH-21361]
  • dns: Fix a regression where DNS tags using the standard lookup syntax, tag.name.service.consul, were being disregarded. [GH-21361]
  • dns: Fixes a spam log message "Failed to parse TTL for prepared query..."
    that was always being logged on each prepared query evaluation. [GH-21381]
  • terminating-gateway: (Enterprise Only) Fixed issue where enterprise metadata applied to linked services was the terminating-gateways enterprise metadata and not the linked services enterprise metadata. [GH-21382]
  • txn: Fix a bug where mismatched Consul server versions could result in undetected data loss for when using newer Transaction verbs. [GH-21519]

v1.19.0

Compare Source

1.19.0 (June 12, 2024)

BREAKING CHANGES:

  • telemetry: State store usage metrics with a double consul element in the metric name have been removed. Please use the same metric without the second consul instead. As an example instead of consul.consul.state.config_entries use consul.state.config_entries [GH-20674]

SECURITY:

FEATURES:

  • dns: queries now default to a refactored DNS server that is v1 and v2 Catalog compatible.
    Use v1dns in the experiments agent config to disable.
    The legacy server will be removed in a future release of Consul.
    See the Consul 1.19.x Release Notes for removed DNS features. [GH-20715]
  • gateways: api-gateway can leverage listener TLS certificates available on the gateway's local filesystem by specifying the public certificate and private key path in the new file-system-certificate configuration entry [GH-20873]

IMPROVEMENTS:

  • dns: new version was not supporting partition or namespace being set to 'default' in CE version. [GH-21230]
  • mesh: update supported envoy version 1.29.4 in addition to 1.28.3, 1.27.5, 1.26.8. [GH-21142]
  • upgrade go version to v1.22.4. [GH-21265]
  • Upgrade github.com/envoyproxy/go-control-plane to 0.12.0. [GH-20973]
  • dns: DNS-over-grpc when using consul-dataplane now accepts partition, namespace, token as metadata to default those query parameters.
    consul-dataplane v1.5+ will send this information automatically. [GH-20899]
  • snapshot: Add consul snapshot decode CLI command to output a JSON object stream of all the snapshots data. [GH-20824]
  • telemetry: Add telemetry.disable_per_tenancy_usage_metrics in agent configuration to disable setting tenancy labels on usage metrics. This significantly decreases CPU utilization in clusters with many admin partitions or namespaces.
  • telemetry: Improved the performance usage metrics emission by not outputting redundant metrics. [GH-20674]

DEPRECATIONS:

  • snapshot agent: (Enterprise only) Top level single snapshot destinations local_storage, aws_storage, azure_blob_storage, and google_storage in snapshot agent configuration files are now deprecated. Use the backup_destinations config object instead.

BUG FIXES:

v1.18.2

Compare Source

1.18.2 (May 14, 2024)

Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.

SECURITY:

IMPROVEMENTS:

  • gateways: service defaults configuration entries can now be used to set default upstream limits for mesh-gateways [GH-20945]
  • connect: Add ability to disable Auto Host Header Rewrite on Terminating Gateway at the service level [GH-20802]

BUG FIXES:

  • dns: fix a bug with sameness group queries in DNS where responses did not respect DefaultForFailover.
    DNS requests against

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@renovate-sh-app
chore(deps): update module github.com/hashicorp/consul to v1.20.0 [se…
271e001 
…curity]

| datasource | package                     | from   | to      |
| ---------- | --------------------------- | ------ | ------- |
| go         | github.com/hashicorp/consul | v1.5.1 | v1.20.0 |


Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
@renovate-sh-app renovate-sh-app bot requested a review from a team as a code owner October 8, 2025 12:18
@renovate-sh-app
Copy link
Author

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 23 additional dependencies were updated

Details:

Package Change
github.com/aws/aws-sdk-go v1.44.321 -> v1.55.5
github.com/davecgh/go-spew v1.1.1 -> v1.1.2-0.20180830191138-d8f796af33cc
github.com/hashicorp/consul/api v1.21.0 -> v1.29.5
github.com/opentracing/opentracing-go v1.2.0 -> v1.2.1-0.20220228012449-10b1cf09e00b
github.com/prometheus/client_model v0.4.0 -> v0.5.0
golang.org/x/exp v0.0.0-20230321023759-10a507213a29 -> v0.0.0-20230817173708-d852ddb80c63
github.com/Azure/azure-sdk-for-go v65.0.0+incompatible -> v68.0.0+incompatible
github.com/envoyproxy/go-control-plane v0.11.1 -> v0.12.0
github.com/go-openapi/analysis v0.21.4 -> v0.21.5
github.com/go-openapi/errors v0.20.3 -> v0.21.0
github.com/go-openapi/jsonpointer v0.19.6 -> v0.20.1
github.com/go-openapi/jsonreference v0.20.2 -> v0.20.3
github.com/go-openapi/loads v0.21.2 -> v0.21.3
github.com/go-openapi/spec v0.20.8 -> v0.20.12
github.com/go-openapi/strfmt v0.21.3 -> v0.21.10
github.com/go-openapi/swag v0.22.3 -> v0.22.5
github.com/go-openapi/validate v0.22.1 -> v0.22.4
github.com/hashicorp/go-msgpack v0.5.5 -> v1.1.5
github.com/mitchellh/copystructure v1.0.0 -> v1.2.0
github.com/mitchellh/reflectwalk v1.0.1 -> v1.0.2
github.com/shopspring/decimal v1.2.0 -> v1.3.1
github.com/spf13/cast v1.3.1 -> v1.5.0
go.mongodb.org/mongo-driver v1.11.2 -> v1.13.1

@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/security automerge-security-update severity:UNKNOWN

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CLAassistant