go mod tidy and vendor

vendor/github.com/hashicorp/vault/api/client.go

@@ -427,10 +427,14 @@ func NewClient(c *Config) (*Client, error) {
 	}
 
 	client := &Client{
-		addr:   u,
-		config: c,
+		addr:    u,
+		config:  c,
+		headers: make(http.Header),
 	}
 
+	// Add the VaultRequest SSRF protection header
+	client.headers[consts.RequestHeaderName] = []string{"true"}
+
 	if token := os.Getenv(EnvVaultToken); token != "" {
 		client.token = token
 	}

vendor/github.com/hashicorp/vault/api/sys_raft.go

@@ -20,6 +20,7 @@ type RaftJoinRequest struct {
 	LeaderClientCert string `json:"leader_client_cert"`
 	LeaderClientKey  string `json:"leader_client_key"`
 	Retry            bool   `json:"retry"`
+	NonVoter         bool   `json:"non_voter"`
 }
 
 // RaftJoin adds the node from which this call is invoked from to the raft

vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go

@@ -12,6 +12,10 @@ const (
 	// AuthHeaderName is the name of the header containing the token.
 	AuthHeaderName = "X-Vault-Token"
 
+	// RequestHeaderName is the name of the header used by the Agent for
+	// SSRF protection.
+	RequestHeaderName = "X-Vault-Request"
+
 	// PerformanceReplicationALPN is the negotiated protocol used for
 	// performance replication.
 	PerformanceReplicationALPN = "replication_v1"