chore(deps): bump the terraform-providers group across 1 directory with 2 updates

[dependabot]

Bumps the terraform-providers group with 2 updates in the /src directory: hashicorp/vault and stackitcloud/stackit.

Updates hashicorp/vault from 5.9.0 to 5.10.1

Release notes

Sourced from hashicorp/vault's releases.

v5.10.1

5.10.1 (June 26, 2026)

BREAKING CHANGES:

Reverted the 5.10.0 support for pkcs12_bundle and jks_bundle formats in formats in vault_pki_secret_backend_cert, vault_pki_secret_backend_root_cert, vault_pki_secret_backend_root_sign_intermediate, and vault_pki_secret_backend_sign that forced resource recreation. Configurations using these formats or their related arguments are no longer supported. (#2945)

v5.10.0

5.10.0 (June 23, 2026)

FEATURES:

• New Resource: vault_config_ui_default_auth - Manages UI default authentication configuration for the Vault GUI login form. Controls which authentication methods are displayed by default and as backup options for specific namespaces. Supports inheritance control for child namespaces. Enterprise-only feature requiring Vault 1.20.0+. (#2846)
• vault_config_control_group: Added initial implementation for vault_config_control_group resource in sys/config/control-group. (#2840)
• New Resource: vault_config_ui_header - Manages custom HTTP headers for the Vault UI. Supports security headers (CSP, HSTS, X-Frame-Options), CORS configuration, and custom organizational headers. Requires Vault 1.16.0+. (#2842)
• New Resource: Add support for RADIUS auth backend: vault_radius_auth_backend and vault_radius_auth_backend_user resource and vault_radius_auth_login ephemeral resource.(#2814)
• New Resource: vault_activation_flags for managing Vault features that are gated by one-time flags. Requires Vault 1.16 or later. Needs Vault enterprise license(#2861)
• New Resource: vault_oauth_resource_server_config_profile for managing OAuth Resource Server Configuration profiles in Vault Enterprise. Enables JWT-based authentication by defining how Vault validates JWT tokens from OAuth 2.0 resource servers. Supports both JWKS-based and static PEM key validation. Requires Vault 2.0.1+. (#2890)
• New Resource: vault_agent_registrationfor managing Agent Registry records in Vault Enterprise. Allows registering Vault agents with specific identity entities and configuring ceiling policies that limit maximum agent permissions. Requires Vault 2.0.1+. (#2885,2935)
• New Resource: vault_oauth_resource_server_config_profile Add optional_authorization_details to make RAR optional on OAuth resource server and agent registration. Requires Vault 2.0.3+.(#2930,#2933)
• New Resources: vault_userpass_auth_backend_user for user creation, deletion, password updates, and policy updates, and ephemeral resource vault_userpass_auth_login for authenticating with Userpass. (#2859)
• Add support for write only parameters for s3 backends for vault_raft_snapshot_agent_config by @​drewmullen ([#2825]hashicorp/terraform-provider-vault#2825)
• vault_transform_transformation: Added mapping_mode, stores and convergent fields to the resource. (#2820 hashicorp/terraform-provider-vault#2820)
• New Ephemeral Resource: vault_token for creating Vault tokens with automatic revocation. Supports service and batch tokens, as well as entity alias association, which was not supported in the SDKv2 resource. (#2877)
• New Resource: vault_config_group_policy_application - Manages the global group policy application mode for Vault Enterprise. Controls how policies attached to identity groups are applied across namespace boundaries. Supports within_namespace_hierarchy (default) and any modes. Requires Vault Enterprise 1.13.8+. (#2863)
• Add support for pkcs12_bundle and jks_bundle formats in vault_pki_secret_backend_cert, vault_pki_secret_backend_root_cert, vault_pki_secret_backend_root_sign_intermediate, and vault_pki_secret_backend_sign (#2908). Requires Vault 2.1+.
• vault_policy: Added allow_overwrite to optionally prevent overwriting Vault policies.(#2895)
• vault_managed_keys: Added support for usages and max_parallel fields. (#2887)

IMPROVEMENTS:

• resource/vault_token: Added deprecation warning to guide users toward the new ephemeral vault_token resource for better security and batch token support. (#2877)

• Replaced backend with mount in vault_aws_access_credentials resource's documentation and improved descriptions for a few other parameters.(#2911)

• Updated dependencies:

  • cloud.google.com/go/iam v1.9.0 -> v1.11.0
  • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1 -> v1.22.0
  • github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 -> v1.14.0
  • github.com/Azure/go-ntlmssp v0.1.0 -> v0.1.1
  • github.com/aws/aws-sdk-go-v2 v1.41.6 -> v1.42.0
  • github.com/aws/aws-sdk-go-v2/service/iam v1.53.8 -> v1.54.5
  • github.com/aws/aws-sdk-go-v2/service/sts v1.42.0 -> v1.43.3
  • github.com/aws/smithy-go v1.25.0 -> v1.27.2
  • github.com/go-sql-driver/mysql v1.9.3 -> v1.10.0
  • github.com/hashicorp/consul/api v1.34.1 -> v1.34.3
  • github.com/hashicorp/terraform-plugin-sdk/v2 v2.40.0 -> v2.40.1
  • github.com/hashicorp/terraform-plugin-testing v1.15.0 -> v1.16.0
  • github.com/hashicorp/vault-plugin-auth-jwt v0.26.1 -> v0.26.3
  • github.com/jackc/pgx/v5 v5.9.1 -> v5.9.2
  • github.com/moby/moby/client v0.4.1 -> v0.5.0

... (truncated)

Changelog

Sourced from hashicorp/vault's changelog.

5.10.1 (June 26, 2026)

BREAKING CHANGES:

Reverted the 5.10.0 support for pkcs12_bundle and jks_bundle formats in formats in vault_pki_secret_backend_cert, vault_pki_secret_backend_root_cert, vault_pki_secret_backend_root_sign_intermediate, and vault_pki_secret_backend_sign that forced resource recreation. Configurations using these formats or their related arguments are no longer supported. (#2945)

5.10.0 (June 23, 2026)

FEATURES:

• New Resource: vault_config_ui_default_auth - Manages UI default authentication configuration for the Vault GUI login form. Controls which authentication methods are displayed by default and as backup options for specific namespaces. Supports inheritance control for child namespaces. Enterprise-only feature requiring Vault 1.20.0+. (#2846)
• vault_config_control_group: Added initial implementation for vault_config_control_group resource in sys/config/control-group. (#2840)
• New Resource: vault_config_ui_header - Manages custom HTTP headers for the Vault UI. Supports security headers (CSP, HSTS, X-Frame-Options), CORS configuration, and custom organizational headers. Requires Vault 1.16.0+. (#2842)
• New Resource: Add support for RADIUS auth backend: vault_radius_auth_backend and vault_radius_auth_backend_user resource and vault_radius_auth_login ephemeral resource.(#2814)
• New Resource: vault_activation_flags for managing Vault features that are gated by one-time flags. Requires Vault 1.16 or later. Needs Vault enterprise license(#2861)
• New Resource: vault_oauth_resource_server_config_profile for managing OAuth Resource Server Configuration profiles in Vault Enterprise. Enables JWT-based authentication by defining how Vault validates JWT tokens from OAuth 2.0 resource servers. Supports both JWKS-based and static PEM key validation. Requires Vault 2.0.1+. (#2890)
• New Resource: vault_agent_registrationfor managing Agent Registry records in Vault Enterprise. Allows registering Vault agents with specific identity entities and configuring ceiling policies that limit maximum agent permissions. Requires Vault 2.0.1+. (#2885,2935)
• New Resource: vault_oauth_resource_server_config_profile Add optional_authorization_details to make RAR optional on OAuth resource server and agent registration. Requires Vault 2.0.3+.(#2930,#2933)
• New Resources: vault_userpass_auth_backend_user for user creation, deletion, password updates, and policy updates, and ephemeral resource vault_userpass_auth_login for authenticating with Userpass. (#2859)
• Add support for write only parameters for s3 backends for vault_raft_snapshot_agent_config by @​drewmullen ([#2825]hashicorp/terraform-provider-vault#2825)
• vault_transform_transformation: Added mapping_mode, stores and convergent fields to the resource. (#2820 hashicorp/terraform-provider-vault#2820)
• New Ephemeral Resource: vault_token for creating Vault tokens with automatic revocation. Supports service and batch tokens, as well as entity alias association, which was not supported in the SDKv2 resource. (#2877)
• New Resource: vault_config_group_policy_application - Manages the global group policy application mode for Vault Enterprise. Controls how policies attached to identity groups are applied across namespace boundaries. Supports within_namespace_hierarchy (default) and any modes. Requires Vault Enterprise 1.13.8+. (#2863)
• Add support for pkcs12_bundle and jks_bundle formats in vault_pki_secret_backend_cert, vault_pki_secret_backend_root_cert, vault_pki_secret_backend_root_sign_intermediate, and vault_pki_secret_backend_sign (#2908). Requires Vault 2.1+.
• vault_policy: Added allow_overwrite to optionally prevent overwriting Vault policies.(#2895)
• vault_managed_keys: Added support for usages and max_parallel fields. (#2887)

IMPROVEMENTS:

• resource/vault_token: Added deprecation warning to guide users toward the new ephemeral vault_token resource for better security and batch token support. (#2877)

• Replaced backend with mount in vault_aws_access_credentials resource's documentation and improved descriptions for a few other parameters.(#2911)

• Updated dependencies:

  • cloud.google.com/go/iam v1.9.0 -> v1.11.0
  • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1 -> v1.22.0
  • github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 -> v1.14.0
  • github.com/Azure/go-ntlmssp v0.1.0 -> v0.1.1
  • github.com/aws/aws-sdk-go-v2 v1.41.6 -> v1.42.0
  • github.com/aws/aws-sdk-go-v2/service/iam v1.53.8 -> v1.54.5
  • github.com/aws/aws-sdk-go-v2/service/sts v1.42.0 -> v1.43.3
  • github.com/aws/smithy-go v1.25.0 -> v1.27.2
  • github.com/go-sql-driver/mysql v1.9.3 -> v1.10.0
  • github.com/hashicorp/consul/api v1.34.1 -> v1.34.3
  • github.com/hashicorp/terraform-plugin-sdk/v2 v2.40.0 -> v2.40.1
  • github.com/hashicorp/terraform-plugin-testing v1.15.0 -> v1.16.0
  • github.com/hashicorp/vault-plugin-auth-jwt v0.26.1 -> v0.26.3
  • github.com/jackc/pgx/v5 v5.9.1 -> v5.9.2
  • github.com/moby/moby/client v0.4.1 -> v0.5.0
  • github.com/spiffe/go-spiffe/v2 v2.6.0 -> v2.8.1

... (truncated)

Commits

• fa0a334 Prepare for v5.10.1 patch release (#2948)
• e822881 Remove PKCS12 and JKS fields to fix forced recreating pki resources (#2945)
• 51ccf1f Prepare for v5.10.0 release of Terraform Vault Provider (#2938)
• 04f7af3 build(deps): bump the gomod-backward-compatible group with 4 updates (#2937)
• 769c662 Add Owner Field to Agent Registrations (#2935)
• 0dac306 VAULT-45590: fix agent registration text formatting (#2933)
• 0e5a3ee VAULT-45590: add rar support for agent and oauth (#2930)
• d4d9f11 build(deps): bump the gomod-backward-compatible group with 7 updates (#2928)
• 0732588 Implement OAuth Resource Server Configuration Profile resource (#2890)
• 4992990 TFVP: implement support for Agent Registry (#2885)
• Additional commits viewable in compare view

Updates stackitcloud/stackit from 0.99.0 to 0.100.0

Release notes

Sourced from stackitcloud/stackit's releases.

v0.100.0

Changelog

• 3c46b1b0daef732b622555b4b216c1807b710890: chore(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#1536) (@​dependabot[bot])
• e8c94c7c92ccd134c61550610168165eae1d29f5: chore(deps): bump actions/setup-go from 6 to 6.4.0 (#1535) (@​dependabot[bot])
• fe1a802e630db4b7aebec8e98a652f875ae0a584: chore(deps): bump golang.org/x/mod from 0.36.0 to 0.37.0 (#1520) (@​dependabot[bot])
• 6fc7f3bc45c985f38fd82c8b836e7e16807014e2: chore(deps): bump the stackit group across 1 directory with 23 updates (#1530) (@​dependabot[bot])
• ffa60e66b90353ccdc074632a90c76bc3fe9cb0a: chore(objectstorage): add warning on bucket deletion (#1527) (@​Fyusel)
• 077feb0ed61803ac35288622167d94cb0a064be1: docs(alb): fix wrong defined alb example (#1539) (@​marceljk)
• 8129fe41a6135963eb11a79ffa94e29cc86b22c9: feat(ci): re-enable linting rule to prevent usage of deprecated code (#1522) (@​rubenhoenle)
• c99973ccc2e2d91171829c597a13bf588fdfcd0d: feat(intake): add create_time and uri fields to runner resource and datasource (#1521) (@​yago-123)
• a9294cc218aa8e54c71316b3ed8fc3174ded184e: feature(vpn): onboard vpn gateway status endpoint (#1515) (@​Manuelvaas)
• 388e438c61066a156b0a7eb6cefd7a8096942e02: fix(loadbalancer): update docs of security group reference (#1493) (@​david-mey-STACKIT)
• 209e540c94d8de67dab9b2ba6e2b2ad674cda021: fix(mariadb, opensearch, rabbitmq, redis): don't reuse resource model in datasource (#1524) (@​cgoetz-inovex)
• 3074092ef84454561e8646a57c03ca733517eabb: fix(observability): validate alertgroup/rules/annotations values whitespace (#1538) (@​cgoetz-inovex)
• ab87bd5e2e1f25b555c4c4cdeb2be86f161e6217: fix(postgresql): changing storage size was not possible (#1531) (@​marceljk)
• 4e42f8cbdfa26fee29aaf9d116f66e682c1d7b33: fix(validate): extend allowed full version regex to allow patch/pre-release version (#1542) (@​RiRa12621)

Commits

• 4e42f8c fix(validate): extend allowed full version regex to allow patch/pre-release v...
• 3074092 fix(observability): validate alertgroup/rules/annotations values whitespace (...
• 077feb0 docs(alb): fix wrong defined alb example (#1539)
• 6fc7f3b chore(deps): bump the stackit group across 1 directory with 23 updates (#1530)
• 209e540 fix(mariadb, opensearch, rabbitmq, redis): don't reuse resource model in data...
• 3c46b1b chore(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#1536)
• e8c94c7 chore(deps): bump actions/setup-go from 6 to 6.4.0 (#1535)
• ab87bd5 fix(postgresql): changing storage size was not possible (#1531)
• c99973c feat(intake): add create_time and uri fields to runner resource and datasourc...
• 388e438 fix(loadbalancer): update docs of security group reference (#1493)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions