[backport] build(deps): Bump github.com/hashicorp/consul/api from 1.32.4 to 1.33.0 (#1160)

[mergify]

Bumps github.com/hashicorp/consul/api from 1.32.4 to 1.33.0.

Changelog

Sourced from github.com/hashicorp/consul/api's changelog.

1.22.0 Enterprise (October 24, 2025)

SECURITY:

• connect: Upgrade Consul's bundled Envoy version to 1.35.3 and remove support for 1.31.10. This update also includes a fix to prevent Envoy (v1.35+) startup failures by only configuring the TLS transport socket when the CA bundle is present. [GH-22824]
• security: Adding warning when remote/local script checks are enabled without enabling ACL's [GH-22877]
• security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacksCVE-2025-11374 [GH-22916]
• security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves CVE-2025-11375. [GH-22836]
• security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves CVE-2025-11392. [GH-22850]

FEATURES:

• Added support to register a service in consul with multiple ports [GH-22769]
• agent: Added IsDualStack utility function to detect if the agent is configured for both IPv4 and IPv6 (dual-stack mode) based on its bind address retrieved from "agent/self" API. [GH-22741]
• install: Updated license information displayed during post-install
• ipv6: addtition of ip6tables changes for ipv6 and dual stack support [GH-22787]
• oidc: add client authentication using JWT assertion and PKCE. default PKCE is enabled. [GH-22732]

IMPROVEMENTS:

• security: Upgrade golang to 1.25.3. [GH-22926]
• ui: Fixes computed property override issues currently occurring and in some cases pre-emptively as this has been deprecated in ember v4 [GH-22947]
• ui: removes send action instances as part of https://deprecations.emberjs.com/id/ember-component-send-action/ [GH-22938]
• ui: replaced ember partials with components as an incremental step to upgrade to ember v4 [GH-22888]
• api: Added a new API (/v1/operator/utilization) to support enterprise API for Manual Snapshot Reporting [GH-22837]
• cmd: Added new subcommand consul operator utilization [-today-only] [-message] [-y] to generate a bundle with census utilization snapshot. Main flow is implemented in consul-enterprise http: Added a new API Handler for /v1/operator/utilization. Core functionality to be implemented in consul-enterprise agent: Always enabled census metrics collection with configurable option to export it to Hashicorp Reporting [GH-22843]
• cli: snapshot agent now supports authenticating to Azure Blob Storage using Azure Managed Service Identities (MSI). [GH-11171]
• command: connect envoy bootstrap defaults to 127.0.0.1 in IPv4-only environment and to ::1 in IPv6/DualStack environment. [GH-22763]
• connect: default upstream.local_bind_address to ::1 for IPv6 agent bind address [GH-22773]
• proxy: default proxy.local_service_address to ::1 for IPv6 agent bind address [GH-22772]
• ui: Improved accessibility features in the Consul UI to enhance usability for users with disabilities [GH-22770]
• ui: Replace yarn with pnpm for package management [GH-22790]
• ui: auth method config values were overflowing. This PR fixes the issue and adds word break for table elements with large content. [GH-22813]

BUG FIXES:

• ui: Allow FQDN to be displayed in the Consul web interface. [GH-22779]
• ui: fixes the issue where namespaces where disappearing and Welcome to Namespace screen showed up after tab switching [GH-22789]
• ui: fixes the issue where when doing deletes of multiple tokens or policies, the three dots on the right hand side stops responding after the first delete. [GH-22752]
• cmd: Fix consul operator utilization --help to show only available options without extra parameters. [GH-22912]

1.22.0 (October 24, 2025)

SECURITY:

• connect: Upgrade Consul's bundled Envoy version to 1.35.3 and remove support for 1.31.10. This update also includes a fix to prevent Envoy (v1.35+) startup failures by only configuring the TLS transport socket when the CA bundle is present. [GH-22824]
• security: Adding warning when remote/local script checks are enabled without enabling ACL's [GH-22877]
• security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacksCVE-2025-11374 [GH-22916]

... (truncated)

Commits

• 1a47ec5 submodule version update
• 5d2aa72 post release changes (#22950) (#22980)
• c0922f9 Backport of [UI] replace direct use of transitionTo with router service's tra...
• f7c80bc Backport of upgrade: logrus to v1.9.3 into release/1.22.x (#22974)
• 5efc188 Backport of upgrade golang to latest patch into release/1.22.x (#22968)
• 36140dc Backport of upgrades ember-collection into release/1.22.x (#22966)
• 504ec51 [UI] deprecation this property fallback into 1.22.x(#22928) (#22964)
• 9562c06 Backport of [UI] Remove send Action deprecation into release/1.22.x (#22957)
• 70583a7 Backport of UI/Deprecation Computed property override into release/1.22.x (#2...
• 0b00c01 Backport of UI/deprecation ember views partial into release/1.22.x (#22952)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

This is an automatic backport of pull request #1160 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of 15fc41f has failed:

On branch mergify/bp/release/v1.5/pr-1160
Your branch is up to date with 'origin/release/v1.5'.

You are currently cherry-picking commit 15fc41f.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   go.mod
	both modified:   go.sum

no changes added to commit (use "git add" and/or "git commit -a")

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[mergify]

❗❗❗
All commits in this PR must be signed off.
Please sign all commits by:

git rebase HEAD~1 --signoff
git push --force-with-lease origin mergify/bp/release/v1.5/pr-1160

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🔴 Enforce verified commits

This rule is failing.

Make sure that we have verified commits

• #commits-unverified = 0

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(\[wip\]|\[backport\]|\[cherry-pick\])?( )?(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🟢 Enforce linear history

Wonderful, this rule succeeded.

Make sure that we have a linear history, no merge commits are allowed

• linear-history