Update hashicorp/consul Docker tag to v1.20.2

[soerenschneider]

This PR contains the following updates:

Package	Update	Change
hashicorp/consul (source)	minor	1.19.2 -> 1.20.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

hashicorp/consul (hashicorp/consul)

v1.20.2

Compare Source

1.20.2 (December 26, 2024)

SECURITY:

• Removed ability to use bexpr to filter results without ACL read on endpoint [GH-21950]
• Resolved issue where hcl would allow duplicates of the same key in acl policy configuration. [GH-21908]
• Update github.com/golang-jwt/jwt/v4 to v4.5.1 to address GHSA-29wx-vh33-7x7r. [GH-21951]
• Update golang.org/x/crypto to v0.31.0 to address GO-2024-3321. [GH-22001]
• Update golang.org/x/net to v0.33.0 to address GO-2024-3333. [GH-22021]
• Update registry.access.redhat.com/ubi9-minimal image to 9.5 to address CVE-2024-3596,CVE-2024-2511,CVE-2024-26458. [GH-22011]
• api: Enforces strict content-type header validation to protect against XSS vulnerability. [GH-21930]

FEATURES:

• docs: added the docs for the grafana dashboards [GH-21795]

BUG FIXES:

• proxycfg: fix a bug where peered upstreams watches are canceled even when another target needs it. [GH-21871]
• state: ensure that identical manual virtual IP updates result in not bumping the modify indexes [GH-21909]

v1.20.1

Compare Source

BREAKING CHANGES:

• mesh: Enable Envoy HttpConnectionManager.normalize_path by default on inbound traffic to mesh proxies. This resolves CVE-2024-10005. [GH-21816]

SECURITY:

• mesh: Add contains and ignoreCase to L7 Intentions HTTP header matching criteria to support configuration resilient to variable casing and multiple values. This resolves CVE-2024-10006. [GH-21816]
• mesh: Add http.incoming.requestNormalization to Mesh configuration entry to support inbound service traffic request normalization. This resolves CVE-2024-10005 and CVE-2024-10006. [GH-21816]

IMPROVEMENTS:

• api: remove dependency on proto-public, protobuf, and grpc [GH-21780]
• snapshot agent: (Enterprise only) Implement Service Principal Auth for snapshot agent on azure.
• xds: configures Envoy to load balance over all instances of an external service configured with hostnames when "envoy_dns_discovery_type" is set to "STRICT_DNS" [GH-21655]

v1.20.0

Compare Source

SECURITY:

• Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [GH-21704]
• Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [GH-21711]
• UI: Remove codemirror linting due to package dependency [GH-21726]
• Upgrade Go to use 1.22.7. This addresses CVE
  CVE-2024-34155 [GH-21705]
• Upgrade to support aws/aws-sdk-go v1.55.5 or higher. This resolves CVEs
  CVE-2020-8911 and
  CVE-2020-8912. [GH-21684]
• ui: Pin a newer resolution of Braces [GH-21710]
• ui: Pin a newer resolution of Codemirror [GH-21715]
• ui: Pin a newer resolution of Markdown-it [GH-21717]
• ui: Pin a newer resolution of ansi-html [GH-21735]

FEATURES:

• grafana: added the dashboards service-to-service dashboard, service dashboard, and consul dataplane dashboard [GH-21806]
• server: remove v2 tenancy, catalog, and mesh experiments [GH-21592]

IMPROVEMENTS:

• security: upgrade ubi base image to 9.4 [GH-21750]
• connect: Add Envoy 1.31 and 1.30 to support matrix [GH-21616]

BUG FIXES:

• jwt-provider: change dns lookup family from the default of AUTO which would prefer ipv6 to ALL if LOGICAL_DNS is used or PREFER_IPV4 if STRICT_DNS is used to gracefully handle transitions to ipv6. [GH-21703]

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.