We take a risk-based approach to adopting dependency updates including security fixes as part of our ongoing product development lifecycle. You’ll generally see these addressed in future releases.
github.com/hashicorp/nomad/api: The vulnerabilities listed affect the Nomad service, and not the client API. The use of the Nomad API client in Vault does not introduce further risk to Vault.