chore(deps): bump github.com/hashicorp/consul/api from 1.13.0 to 1.34.1

[dependabot]

Bumps github.com/hashicorp/consul/api from 1.13.0 to 1.34.1.

Release notes

Sourced from github.com/hashicorp/consul/api's releases.

v1.22.6

1.22.6 (March 23, 2026)

SECURITY:

• security: upgrade envoy version to 1.35.9 and 1.34.13 [GH-23372]
• security: update google.golang.org/grpc to fix CVE-2026-33186 [GH-23379]
• security: upgrade go version to 1.25.8 [GH-23322]
• security: bump golang.org/x/* dependencies to align with consul-enterprise and address security vulnerabilities. [GH-23322]

IMPROVEMENTS:

• api-gateway: Add support to disable traffic with weight 0 in services for HTTPRoute backends, allowing explicit zero-weight backends to be excluded from traffic. [GH-23216]
• ui: Fixed Consul UI to work in non-secure environments by enabling Ember Data's UUID polyfill for crypto.randomUUID. [GH-23341]
• ui: Fixed Consul UI services page navigation by ensuring route transitions trigger the expected model hook behavior after Ember upgrade. [GH-23271]
• ui: Replaced deprecated SideNav component with AppSideNav for improved navigation structure. [GH-23289]

v1.22.5

1.22.5 (February 26, 2026)

SECURITY:

• security: upgrade go version to 1.25.7 [GH-23204]
• dockerfile: the Consul build Go base image to alpine3.23 [GH-23194]
• connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
• security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]
• security: Patched Vault CA provider to prevent arbitrary file reads via Kubernetes, JWT, and AppRole methods. [GH-23249]
• security: Introduced debounce timing for synchronization operations within federationStateAntiEntropySync. [GH-23196]

IMPROVEMENTS:

• api-gateway: Fixed "duplicate matcher" errors in Envoy when using multiple file-system certificates on a single TLS listener. The certificates are now consolidated into a single filter chain, allowing Envoy to select the correct one. [GH-23212]
• agent: Fix vault provider failure when signing intermediate CA with isCA=true in CSR [GH-23202]
• cli: Added --aws-iam-endpoint flag to consul login command for AWS IAM auth method to support custom IAM endpoint configuration [GH-23109]
• docs: Refreshed the security documentation to include the new HTTP server timeout defaults and relevant configuration options. [GH-23246]
• api: Cancel context check for watches cache fetch to stop execution when manager deregisters the watch. [GH-23157]

v1.22.4

⚠️ Important Notice

We have identified an issue in Consul and Consul Enterprise Feb Patch Release (1.22.4, 1.22.4-ent, 1.21.10-ent, 1.18.20-ent) that requires a corrective patch release.

We recommend that customers avoid using these versions in production environments and wait for the upcoming patch release.

Customers who have upgraded to these versions should temporarily revert to the previous stable release while we prepare a corrected update.

A new patched release is expected by the end of the this month.

Further updates will be shared once the new version is available. We apologize for the inconvenience and appreciate your patience.

1.22.4 (February 18, 2026)

... (truncated)

Changelog

Sourced from github.com/hashicorp/consul/api's changelog.

1.22.6 (March 23, 2026)

SECURITY:

• security: upgrade envoy version to 1.35.9 and 1.34.13 [GH-23372]
• security: update google.golang.org/grpc to fix CVE-2026-33186 [GH-23379]
• security: upgrade go version to 1.25.8 [GH-23322]
• security: bump golang.org/x/* dependencies to align with consul-enterprise and address security vulnerabilities. [GH-23322]

IMPROVEMENTS:

• api-gateway: Add support to disable traffic with weight 0 in services for HTTPRoute backends, allowing explicit zero-weight backends to be excluded from traffic. [GH-23216]
• ui: Fixed Consul UI to work in non-secure environments by enabling Ember Data's UUID polyfill for crypto.randomUUID. [GH-23341]
• ui: Fixed Consul UI services page navigation by ensuring route transitions trigger the expected model hook behavior after Ember upgrade. [GH-23271]
• ui: Replaced deprecated SideNav component with AppSideNav for improved navigation structure. [GH-23289]

1.22.6 Enterprise (March 23, 2026)

SECURITY:

• security: upgrade envoy version to 1.35.9 and 1.34.13 [GH-23372]
• security: update google.golang.org/grpc to fix CVE-2026-33186 [GH-23379]
• security: upgrade go version to 1.25.8 [GH-23322]
• security: bump golang.org/x/* dependencies to align with consul-enterprise and address security vulnerabilities. [GH-23322]

IMPROVEMENTS:

• api-gateway: Add support to disable traffic with weight 0 in services for HTTPRoute backends, allowing explicit zero-weight backends to be excluded from traffic. [GH-23216]
• ui: Fixed Consul UI to work in non-secure environments by enabling Ember Data's UUID polyfill for crypto.randomUUID. [GH-23341]
• ui: Fixed Consul UI services page navigation by ensuring route transitions trigger the expected model hook behavior after Ember upgrade. [GH-23271]
• ui: Replaced deprecated SideNav component with AppSideNav for improved navigation structure. [GH-23289]

1.21.12 Enterprise (March 23, 2026)

SECURITY:

• security: upgrade go version to 1.25.8 [GH-23300]
• security: bump golang.org/x/* dependencies to align with consul-enterprise and address security vulnerabilities. [GH-23322]

IMPROVEMENTS:

• api-gateway: Add support to disable traffic with weight 0 in services for HTTPRoute backends, allowing explicit zero-weight backends to be excluded from traffic. [GH-23216]
• ui: Fixed Consul UI to work in non-secure environments by enabling Ember Data's UUID polyfill for crypto.randomUUID. [GH-23341]
• ui: Fixed Consul UI services page navigation by ensuring route transitions trigger the expected model hook behavior after Ember upgrade. [GH-23271]
• ui: Replaced deprecated SideNav component with AppSideNav for improved navigation structure. [GH-23289]

1.18.22 Enterprise (March 23, 2026)

Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.

... (truncated)

Commits

• 90f9bb1 create new submodule version
• 5b0d788 fix(delta-tests): mock agent bind address in xds delta test scenarios (#23453)
• c035ddb API Gateway SDS Certificate Support (#23354)
• 19a5d72 Bump github.com/hashicorp/consul from 1.18.1 to 1.22.5 in /test/integration/c...
• 70a190a ACL token name using auth method token name format (#23444)
• 41836bd use hds tooltip and remove custom tooltip component (#23441)
• d428353 CVE update (#23443)
• 1fc86cb version update for go-jose/v3 & go-jose/v4, cve suppression for linux… (#23440)
• 5c06bf7 test-sds-server: bump github.com/hashicorp/consul to v1.22.5 (#23437)
• 959c0b0 Adding order for slice hash (#23435)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)