build(deps): bump github.com/hashicorp/consul/api from 1.20.0 to 1.25.1

[dependabot]

Bumps github.com/hashicorp/consul/api from 1.20.0 to 1.25.1.

Changelog

Sourced from github.com/hashicorp/consul/api's changelog.

1.16.1 (August 8, 2023)

KNOWN ISSUES:

• connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by GH-18636.

SECURITY:

• Update golang.org/x/net to v0.13.0 to address CVE-2023-3978. [GH-18358]
• Upgrade golang.org/x/net to address CVE-2023-29406 [GH-18186]
• Upgrade to use Go 1.20.6. This resolves CVE-2023-29406(net/http) for uses of the standard library. A separate change updates dependencies on golang.org/x/net to use 0.12.0. [GH-18190]
• Upgrade to use Go 1.20.7. This resolves vulnerability CVE-2023-29409(crypto/tls). [GH-18358]

FEATURES:

• cli: consul members command uses -filter expression to filter members based on bexpr. [GH-18223]
• cli: consul operator raft list-peers command shows the number of commits each follower is trailing the leader by to aid in troubleshooting. [GH-17582]
• cli: consul watch command uses -filter expression to filter response from checks, services, nodes, and service. [GH-17780]
• reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true [GH-17565]
• ui: consul version is displayed in nodes list with filtering and sorting based on versions [GH-17754]

IMPROVEMENTS:

• Fix some typos in metrics docs [GH-18080]
• acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only) [GH-18319]
• acl: allow for a single slash character in policy names [GH-18319]
• connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [GH-17888]
• connect: Improve transparent proxy support for virtual services and failovers. [GH-17757]
• connect: update supported envoy versions to 1.23.12, 1.24.10, 1.25.9, 1.26.4 [GH-18303]
• debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE' [GH-17596]
• extensions: Improve validation and error feedback for property-override builtin Envoy extension [GH-17759]
• hcp: Add dynamic configuration support for the export of server metrics to HCP. [GH-18168]
• hcp: Removes requirement for HCP to provide a management token [GH-18140]
• http: GET API operator/usage endpoint now returns node count cli: consul operator usage command now returns node count [GH-17939]
• mesh: Expose remote jwks cluster configuration through jwt-provider config entry [GH-17978]
• mesh: Stop jwt providers referenced by intentions from being deleted. [GH-17755]
• ui: the topology view now properly displays services with mixed connect and non-connect instances. [GH-13023]
• xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager [GH-18150]

BUG FIXES:

• Fix a bug that wrongly trims domains when there is an overlap with DC name. [GH-17160]
• api-gateway: fix race condition in proxy config generation when Consul is notified of the bound-api-gateway config entry before it is notified of the api-gateway config entry. [GH-18291]
• api: Fix client deserialization errors by marking new Enterprise-only prepared query fields as omit empty [GH-18184]
• ca: Fixes a Vault CA provider bug where updating RootPKIPath but not IntermediatePKIPath would not renew leaf signing certificates [GH-18112]
• connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters [GH-17846]

... (truncated)

Commits

• 072476c Update for 1.25.1
• 91930bd Backport of Add operator audit endpoint changes into release/1.16.x (#18901)
• ad696e2 Update Consul API Version for 1.16.x (#18867)
• 5e7693b NET-4519 Collecting journald logs in "consul debug" bundle (#18797) (#18884)
• e411c03 Backport of Remove flaky test assertions into release/1.16.x (#18871)
• ce99c74 Backport of Fix typo in permissive mTLS docs into release/1.16.x (#18589)
• 333883d Backport of Fix gateway services cleanup where proxy deregistration happens a...
• 38f4d1b Backport of docs: Fix typo in description for server_addresses into release/1...
• d732000 Backport of docs: K8s secondary DC requirements into release/1.16.x (#18386)
• 41d2fea add changes from failed backport (#18841)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #150.