search

uhthomas / automata

Monorepo for Starjunk and subsidiaries
32 stars 2 forks source link

fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

Open renovate[bot] opened 1 month ago

renovate[bot] commented 1 month ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/external-secrets/external-secrets v0.9.11 -> v0.10.2 age adoption passing confidence

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-45041

Details

The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources(https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L49). It also has path/update verb of validatingwebhookconfigurations resources(https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L27). As a result, if a malicious user can access the worker node which has this deployment. he/she can:

  1. For the "get/list secrets" permission, he/she can abuse the SA token of this deployment to retrieve or get ALL secrets in the whole cluster, including the cluster-admin secret if created. After that, he/she can abuse the cluster-admin secret to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation.

  2. For the patch/update verb of validatingwebhookconfigurations, the malicious user can abuse these permissions to get sensitive data or lanuch DoS attacks:

For the privilege escalation attack, by updating/patching a Webhook to make it listen to Secret update operations, the attacker can capture and log all data from requests attempting to update Secrets. More specifically, when a Secret is updated, this Webhook sends the request data to the logging-service, which can then log the content of the Secret. This way, an attacker could indirectly gain access to the full contents of the Secret.

For the DoS attack, by updating/patching a Webhook, and making it deny all Pod create and update requests, the attacker can prevent any new Pods from being created or existing Pods from being updated, resulting in a Denial of Service (DoS) attack.

PoC

Please see the "Details" section

Impact

Privilege escalation

Release Notes

external-secrets/external-secrets (github.com/external-secrets/external-secrets) ### [`v0.10.2`](https://redirect.github.com/external-secrets/external-secrets/releases/tag/v0.10.2) [Compare Source](https://redirect.github.com/external-secrets/external-secrets/compare/v0.10.1...v0.10.2) Image: `ghcr.io/external-secrets/external-secrets:v0.10.2` Image: `ghcr.io/external-secrets/external-secrets:v0.10.2-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.10.2-ubi-boringssl` ##### What's Changed - release: update helm charts to version v0.10.1 by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3842](https://redirect.github.com/external-secrets/external-secrets/pull/3842) - fix: add watch to validatingwebhookconfigs by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3845](https://redirect.github.com/external-secrets/external-secrets/pull/3845) **Full Changelog**: https://github.com/external-secrets/external-secrets/compare/v0.10.1...v0.10.2 ### [`v0.10.1`](https://redirect.github.com/external-secrets/external-secrets/releases/tag/v0.10.1) [Compare Source](https://redirect.github.com/external-secrets/external-secrets/compare/v0.10.0...v0.10.1) Image: `ghcr.io/external-secrets/external-secrets:v0.10.1` Image: `ghcr.io/external-secrets/external-secrets:v0.10.1-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.10.1-ubi-boringssl` ##### What's Changed - release: update helm chart to v0.10.0 by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3758](https://redirect.github.com/external-secrets/external-secrets/pull/3758) - doc: add maintainer of the bitwarden secret manager provider by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3762](https://redirect.github.com/external-secrets/external-secrets/pull/3762) - chore(deps): bump mkdocs-material from 9.5.30 to 9.5.31 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3763](https://redirect.github.com/external-secrets/external-secrets/pull/3763) - fix: decrypt remote parameter for SecureString type by [@​vsantos](https://redirect.github.com/vsantos) in [https://github.com/external-secrets/external-secrets/pull/3761](https://redirect.github.com/external-secrets/external-secrets/pull/3761) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3766](https://redirect.github.com/external-secrets/external-secrets/pull/3766) - chore(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3765](https://redirect.github.com/external-secrets/external-secrets/pull/3765) - chore(deps): bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3764](https://redirect.github.com/external-secrets/external-secrets/pull/3764) - feat: add beyondtrust provider by [@​btfhernandez](https://redirect.github.com/btfhernandez) in [https://github.com/external-secrets/external-secrets/pull/3683](https://redirect.github.com/external-secrets/external-secrets/pull/3683) - chore: add minimal policy for fetching parameters from ssm by [@​KrisJohnstone](https://redirect.github.com/KrisJohnstone) in [https://github.com/external-secrets/external-secrets/pull/3770](https://redirect.github.com/external-secrets/external-secrets/pull/3770) - Add Grafana Labs to ADOPTERS.md by [@​Duologic](https://redirect.github.com/Duologic) in [https://github.com/external-secrets/external-secrets/pull/3787](https://redirect.github.com/external-secrets/external-secrets/pull/3787) - chore(deps): bump golang from 1.22.5 to 1.22.6 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3778](https://redirect.github.com/external-secrets/external-secrets/pull/3778) - chore(deps): bump pyyaml from 6.0.1 to 6.0.2 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3779](https://redirect.github.com/external-secrets/external-secrets/pull/3779) - chore(deps): bump zipp from 3.19.2 to 3.20.0 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3780](https://redirect.github.com/external-secrets/external-secrets/pull/3780) - chore(deps): bump babel from 2.15.0 to 2.16.0 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3781](https://redirect.github.com/external-secrets/external-secrets/pull/3781) - chore(deps): bump golang from 1.22.5-bookworm to 1.22.6-bookworm in /e2e by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3783](https://redirect.github.com/external-secrets/external-secrets/pull/3783) - chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3784](https://redirect.github.com/external-secrets/external-secrets/pull/3784) - chore(deps): bump fossas/fossa-action from 1.3.3 to 1.4.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3785](https://redirect.github.com/external-secrets/external-secrets/pull/3785) - chore(deps): bump watchdog from 4.0.1 to 4.0.2 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3782](https://redirect.github.com/external-secrets/external-secrets/pull/3782) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3786](https://redirect.github.com/external-secrets/external-secrets/pull/3786) - chore: update security best practice by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3794](https://redirect.github.com/external-secrets/external-secrets/pull/3794) - feat: add CAProvider to Bitwarden provider by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3699](https://redirect.github.com/external-secrets/external-secrets/pull/3699) - fix: run helm.test.update on main branch by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3816](https://redirect.github.com/external-secrets/external-secrets/pull/3816) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3815](https://redirect.github.com/external-secrets/external-secrets/pull/3815) - chore(deps): bump importlib-resources from 6.4.0 to 6.4.3 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3810](https://redirect.github.com/external-secrets/external-secrets/pull/3810) - chore(deps): bump markdown from 3.6 to 3.7 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3811](https://redirect.github.com/external-secrets/external-secrets/pull/3811) - Bump helm-docs image version to v1.7.0 in Makefile by [@​PrateekKumar1709](https://redirect.github.com/PrateekKumar1709) in [https://github.com/external-secrets/external-secrets/pull/3806](https://redirect.github.com/external-secrets/external-secrets/pull/3806) - chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3812](https://redirect.github.com/external-secrets/external-secrets/pull/3812) - chore(deps): bump golang from 1.22.6-bookworm to 1.23.0-bookworm in /e2e by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3813](https://redirect.github.com/external-secrets/external-secrets/pull/3813) - chore: update go version of the project to 1.23 by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3829](https://redirect.github.com/external-secrets/external-secrets/pull/3829) - Use maps package from standard library by [@​BooleanCat](https://redirect.github.com/BooleanCat) in [https://github.com/external-secrets/external-secrets/pull/3828](https://redirect.github.com/external-secrets/external-secrets/pull/3828) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3836](https://redirect.github.com/external-secrets/external-secrets/pull/3836) - add the resourceNames(git commit -s) by [@​younaman](https://redirect.github.com/younaman) in [https://github.com/external-secrets/external-secrets/pull/3822](https://redirect.github.com/external-secrets/external-secrets/pull/3822) - chore(deps): bump mkdocs-material from 9.5.31 to 9.5.33 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3830](https://redirect.github.com/external-secrets/external-secrets/pull/3830) - chore(deps): bump importlib-metadata from 8.2.0 to 8.4.0 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3831](https://redirect.github.com/external-secrets/external-secrets/pull/3831) - chore(deps): bump paginate from 0.5.6 to 0.5.7 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3832](https://redirect.github.com/external-secrets/external-secrets/pull/3832) - chore(deps): bump golang from 1.22.6 to 1.23.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3814](https://redirect.github.com/external-secrets/external-secrets/pull/3814) - chore(deps): bump github/codeql-action from 3.26.2 to 3.26.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3835](https://redirect.github.com/external-secrets/external-secrets/pull/3835) - chore(deps): bump idna from 3.7 to 3.8 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3834](https://redirect.github.com/external-secrets/external-secrets/pull/3834) - chore(deps): bump importlib-resources from 6.4.3 to 6.4.4 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3833](https://redirect.github.com/external-secrets/external-secrets/pull/3833) - feat: implement GetSecretMap for Bitwarden provider by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3800](https://redirect.github.com/external-secrets/external-secrets/pull/3800) - Demonstrate new slices/maps packages by [@​BooleanCat](https://redirect.github.com/BooleanCat) in [https://github.com/external-secrets/external-secrets/pull/3839](https://redirect.github.com/external-secrets/external-secrets/pull/3839) ##### New Contributors - [@​btfhernandez](https://redirect.github.com/btfhernandez) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3683](https://redirect.github.com/external-secrets/external-secrets/pull/3683) - [@​KrisJohnstone](https://redirect.github.com/KrisJohnstone) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3770](https://redirect.github.com/external-secrets/external-secrets/pull/3770) - [@​PrateekKumar1709](https://redirect.github.com/PrateekKumar1709) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3806](https://redirect.github.com/external-secrets/external-secrets/pull/3806) - [@​BooleanCat](https://redirect.github.com/BooleanCat) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3828](https://redirect.github.com/external-secrets/external-secrets/pull/3828) - [@​younaman](https://redirect.github.com/younaman) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3822](https://redirect.github.com/external-secrets/external-secrets/pull/3822) **Full Changelog**: https://github.com/external-secrets/external-secrets/compare/v0.10.0...v0.10.1 ### [`v0.10.0`](https://redirect.github.com/external-secrets/external-secrets/releases/tag/v0.10.0) [Compare Source](https://redirect.github.com/external-secrets/external-secrets/compare/v0.9.20...v0.10.0) :warning: :red-alert: BREAKING CHANGE :red-alert: :warning: - Webhook Generator Webhook generator labels have changed from `generators.external-secrets.io/type: webhook` to `external-secrets.io/type: webhook`. - Webhook Provider Webhook provider now can only use secrets that are labeled with `external-secrets.io/type: webhook`. This enforces explicit setup for webhook secrets by users. ##### Fixing the issue: add the label for the secret used by the webhook: apiVersion: v1 kind: Secret metadata: name: your-secret labels: external-secrets.io/type: webhook ### <<<<<<<<<<<<< ADD THIS data: ... Image: `ghcr.io/external-secrets/external-secrets:v0.10.0` Image: `ghcr.io/external-secrets/external-secrets:v0.10.0-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.10.0-ubi-boringssl` ##### What's Changed - chore: bump to 0.9.20 by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3660](https://redirect.github.com/external-secrets/external-secrets/pull/3660) - chore(deps): bump golang from 1.22.4 to 1.22.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3662](https://redirect.github.com/external-secrets/external-secrets/pull/3662) - chore(deps): bump distroless/static from `4197211` to `ce46866` by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3663](https://redirect.github.com/external-secrets/external-secrets/pull/3663) - chore(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3665](https://redirect.github.com/external-secrets/external-secrets/pull/3665) - chore(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3666](https://redirect.github.com/external-secrets/external-secrets/pull/3666) - chore(deps): bump mkdocs-material from 9.5.27 to 9.5.28 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3667](https://redirect.github.com/external-secrets/external-secrets/pull/3667) - chore(deps): bump certifi from 2024.6.2 to 2024.7.4 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3668](https://redirect.github.com/external-secrets/external-secrets/pull/3668) - chore(deps): bump golang from 1.22.4-bookworm to 1.22.5-bookworm in /e2e by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3669](https://redirect.github.com/external-secrets/external-secrets/pull/3669) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3670](https://redirect.github.com/external-secrets/external-secrets/pull/3670) - sets eso-service-account for creating e2e comments by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3678](https://redirect.github.com/external-secrets/external-secrets/pull/3678) - use github token for the actions check by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3679](https://redirect.github.com/external-secrets/external-secrets/pull/3679) - Add support for Delinea Secret Server by [@​pacificcode](https://redirect.github.com/pacificcode) in [https://github.com/external-secrets/external-secrets/pull/3468](https://redirect.github.com/external-secrets/external-secrets/pull/3468) - Fix: Only URL encode data being passed to URLs ([#​3652](https://redirect.github.com/external-secrets/external-secrets/issues/3652)) by [@​ryanmeans](https://redirect.github.com/ryanmeans) in [https://github.com/external-secrets/external-secrets/pull/3674](https://redirect.github.com/external-secrets/external-secrets/pull/3674) - Commenting secrets manifest from hashicorp vault integration [#​3661](https://redirect.github.com/external-secrets/external-secrets/issues/3661) by [@​jeffmachado](https://redirect.github.com/jeffmachado) in [https://github.com/external-secrets/external-secrets/pull/3680](https://redirect.github.com/external-secrets/external-secrets/pull/3680) - docs: Fix `namespaceRegexes` in full-cluster-secret-store.yaml by [@​excalq](https://redirect.github.com/excalq) in [https://github.com/external-secrets/external-secrets/pull/3681](https://redirect.github.com/external-secrets/external-secrets/pull/3681) - Support for Oracle PushSecret.property [#​2911](https://redirect.github.com/external-secrets/external-secrets/issues/2911) by [@​Aeyk](https://redirect.github.com/Aeyk) in [https://github.com/external-secrets/external-secrets/pull/3577](https://redirect.github.com/external-secrets/external-secrets/pull/3577) - support for adding headers in vault provider by [@​abhinav1708](https://redirect.github.com/abhinav1708) in [https://github.com/external-secrets/external-secrets/pull/3677](https://redirect.github.com/external-secrets/external-secrets/pull/3677) - chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3688](https://redirect.github.com/external-secrets/external-secrets/pull/3688) - chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3691](https://redirect.github.com/external-secrets/external-secrets/pull/3691) - chore(deps): bump actions/setup-python from 5.1.0 to 5.1.1 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3690](https://redirect.github.com/external-secrets/external-secrets/pull/3690) - chore(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3689](https://redirect.github.com/external-secrets/external-secrets/pull/3689) - chore(deps): bump golang from `8c9183f` to `8c9183f` by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3687](https://redirect.github.com/external-secrets/external-secrets/pull/3687) - chore(deps): bump mkdocs-material from 9.5.28 to 9.5.29 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3692](https://redirect.github.com/external-secrets/external-secrets/pull/3692) - fix: aws secretmanager's SecretExists returns true for non-existent secrets by [@​mintbomb27](https://redirect.github.com/mintbomb27) in [https://github.com/external-secrets/external-secrets/pull/3684](https://redirect.github.com/external-secrets/external-secrets/pull/3684) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3693](https://redirect.github.com/external-secrets/external-secrets/pull/3693) - Added 2 articles I wrote on AWS secrets injection and ESO templating by [@​alinadir44](https://redirect.github.com/alinadir44) in [https://github.com/external-secrets/external-secrets/pull/3707](https://redirect.github.com/external-secrets/external-secrets/pull/3707) - Update docs for namespaceSelectors usage and namespaceSelector deprecation by [@​mtougeron](https://redirect.github.com/mtougeron) in [https://github.com/external-secrets/external-secrets/pull/3695](https://redirect.github.com/external-secrets/external-secrets/pull/3695) - fix: add namespace to path and route construction by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3632](https://redirect.github.com/external-secrets/external-secrets/pull/3632) - chore(deps): bump softprops/action-gh-release from 2.0.6 to 2.0.8 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3708](https://redirect.github.com/external-secrets/external-secrets/pull/3708) - chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3709](https://redirect.github.com/external-secrets/external-secrets/pull/3709) - Update bitwarden-secrets-manager.md by [@​zazathomas](https://redirect.github.com/zazathomas) in [https://github.com/external-secrets/external-secrets/pull/3710](https://redirect.github.com/external-secrets/external-secrets/pull/3710) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3711](https://redirect.github.com/external-secrets/external-secrets/pull/3711) - feat: add `PushSecret` support for Pulumi ESC by [@​dirien](https://redirect.github.com/dirien) in [https://github.com/external-secrets/external-secrets/pull/3597](https://redirect.github.com/external-secrets/external-secrets/pull/3597) - remove redundant parameter grab call, we already have the data by [@​rumenvasilev](https://redirect.github.com/rumenvasilev) in [https://github.com/external-secrets/external-secrets/pull/3722](https://redirect.github.com/external-secrets/external-secrets/pull/3722) - chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3729](https://redirect.github.com/external-secrets/external-secrets/pull/3729) - chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3727](https://redirect.github.com/external-secrets/external-secrets/pull/3727) - chore(deps): bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3728](https://redirect.github.com/external-secrets/external-secrets/pull/3728) - chore(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3731](https://redirect.github.com/external-secrets/external-secrets/pull/3731) - chore(deps): bump github/codeql-action from 3.25.13 to 3.25.15 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3730](https://redirect.github.com/external-secrets/external-secrets/pull/3730) - chore(deps): bump alpine from `77726ef` to `0a4eaa0` by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3733](https://redirect.github.com/external-secrets/external-secrets/pull/3733) - chore(deps): bump golang from `8c9183f` to `0d3653d` by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3732](https://redirect.github.com/external-secrets/external-secrets/pull/3732) - feat: increase verbosity of error message during validation by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3742](https://redirect.github.com/external-secrets/external-secrets/pull/3742) - chore(deps): bump golang from `6c27802` to `af9b40f` in /e2e by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3734](https://redirect.github.com/external-secrets/external-secrets/pull/3734) - chore(deps): bump alpine from 3.20.1 to 3.20.2 in /e2e by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3735](https://redirect.github.com/external-secrets/external-secrets/pull/3735) - chore(deps): bump alpine from `b89d9c9` to `0a4eaa0` in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3736](https://redirect.github.com/external-secrets/external-secrets/pull/3736) - chore(deps): bump regex from 2024.5.15 to 2024.7.24 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3737](https://redirect.github.com/external-secrets/external-secrets/pull/3737) - chore(deps): bump mkdocs-material from 9.5.29 to 9.5.30 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3738](https://redirect.github.com/external-secrets/external-secrets/pull/3738) - chore(deps): bump importlib-metadata from 8.0.0 to 8.2.0 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3739](https://redirect.github.com/external-secrets/external-secrets/pull/3739) - chore(deps): bump pymdown-extensions from 10.8.1 to 10.9 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3740](https://redirect.github.com/external-secrets/external-secrets/pull/3740) - docs: Remove references to pemCertificate and pemPrivateKey functions by [@​trenslow](https://redirect.github.com/trenslow) in [https://github.com/external-secrets/external-secrets/pull/3744](https://redirect.github.com/external-secrets/external-secrets/pull/3744) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3741](https://redirect.github.com/external-secrets/external-secrets/pull/3741) - docs: Improvements in the ExternalSecret comments in API section by [@​c-neto](https://redirect.github.com/c-neto) in [https://github.com/external-secrets/external-secrets/pull/3725](https://redirect.github.com/external-secrets/external-secrets/pull/3725) - feat: add prefix definition to all secret keys for aws parameter store by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3718](https://redirect.github.com/external-secrets/external-secrets/pull/3718) - feat: do not modify the secret in case of a NotModified by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3746](https://redirect.github.com/external-secrets/external-secrets/pull/3746) - feat: webhook secrets must be labeled by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3753](https://redirect.github.com/external-secrets/external-secrets/pull/3753) - feat: support pkcs12 with chain in pushsecret to Azure KeyVault by [@​mysteq](https://redirect.github.com/mysteq) in [https://github.com/external-secrets/external-secrets/pull/3747](https://redirect.github.com/external-secrets/external-secrets/pull/3747) - docs: document fullPemToPkcs12 and fullPemToPkcs12Pass helper functions by [@​mysteq](https://redirect.github.com/mysteq) in [https://github.com/external-secrets/external-secrets/pull/3749](https://redirect.github.com/external-secrets/external-secrets/pull/3749) ##### New Contributors - [@​ryanmeans](https://redirect.github.com/ryanmeans) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3674](https://redirect.github.com/external-secrets/external-secrets/pull/3674) - [@​jeffmachado](https://redirect.github.com/jeffmachado) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3680](https://redirect.github.com/external-secrets/external-secrets/pull/3680) - [@​excalq](https://redirect.github.com/excalq) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3681](https://redirect.github.com/external-secrets/external-secrets/pull/3681) - [@​Aeyk](https://redirect.github.com/Aeyk) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3577](https://redirect.github.com/external-secrets/external-secrets/pull/3577) - [@​abhinav1708](https://redirect.github.com/abhinav1708) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3677](https://redirect.github.com/external-secrets/external-secrets/pull/3677) - [@​mintbomb27](https://redirect.github.com/mintbomb27) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3684](https://redirect.github.com/external-secrets/external-secrets/pull/3684) - [@​alinadir44](https://redirect.github.com/alinadir44) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3707](https://redirect.github.com/external-secrets/external-secrets/pull/3707) - [@​mtougeron](https://redirect.github.com/mtougeron) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3695](https://redirect.github.com/external-secrets/external-secrets/pull/3695) - [@​zazathomas](https://redirect.github.com/zazathomas) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3710](https://redirect.github.com/external-secrets/external-secrets/pull/3710) - [@​rumenvasilev](https://redirect.github.com/rumenvasilev) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3722](https://redirect.github.com/external-secrets/external-secrets/pull/3722) - [@​trenslow](https://redirect.github.com/trenslow) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3744](https://redirect.github.com/external-secrets/external-secrets/pull/3744) - [@​c-neto](https://redirect.github.com/c-neto) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3725](https://redirect.github.com/external-secrets/external-secrets/pull/3725) - [@​mysteq](https://redirect.github.com/mysteq) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3747](https://redirect.github.com/external-secrets/external-secrets/pull/3747) **Full Changelog**: https://github.com/external-secrets/external-secrets/compare/v0.9.20...v0.10.0 ### [`v0.9.20`](https://redirect.github.com/external-secrets/external-secrets/releases/tag/v0.9.20) [Compare Source](https://redirect.github.com/external-secrets/external-secrets/compare/v0.9.19...v0.9.20) Image: `ghcr.io/external-secrets/external-secrets:v0.9.20` Image: `ghcr.io/external-secrets/external-secrets:v0.9.20-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.9.20-ubi-boringssl` #### What's Changed - bump 0.9.19 by [@​knelasevero](https://redirect.github.com/knelasevero) in [https://github.com/external-secrets/external-secrets/pull/3553](https://redirect.github.com/external-secrets/external-secrets/pull/3553) - Fix typo: temaplate --> template by [@​lindhe](https://redirect.github.com/lindhe) in [https://github.com/external-secrets/external-secrets/pull/3554](https://redirect.github.com/external-secrets/external-secrets/pull/3554) - Oracle Vault Provider Documentation by [@​anders-swanson](https://redirect.github.com/anders-swanson) in [https://github.com/external-secrets/external-secrets/pull/3551](https://redirect.github.com/external-secrets/external-secrets/pull/3551) - feat: add location to GCP push secret by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3502](https://redirect.github.com/external-secrets/external-secrets/pull/3502) - add log.level and log.encoding to all components by [@​KyriosGN0](https://redirect.github.com/KyriosGN0) in [https://github.com/external-secrets/external-secrets/pull/3558](https://redirect.github.com/external-secrets/external-secrets/pull/3558) - chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3561](https://redirect.github.com/external-secrets/external-secrets/pull/3561) - chore(deps): bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3562](https://redirect.github.com/external-secrets/external-secrets/pull/3562) - chore(deps): bump tornado from 6.4 to 6.4.1 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3563](https://redirect.github.com/external-secrets/external-secrets/pull/3563) - chore(deps): bump packaging from 24.0 to 24.1 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3564](https://redirect.github.com/external-secrets/external-secrets/pull/3564) - chore(deps): bump mkdocs-material from 9.5.25 to 9.5.26 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3565](https://redirect.github.com/external-secrets/external-secrets/pull/3565) - chore(deps): bump zipp from 3.19.1 to 3.19.2 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3566](https://redirect.github.com/external-secrets/external-secrets/pull/3566) - chore(deps): bump ubi8/ubi-minimal from `9e458f4` to `5f1cd34` by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3568](https://redirect.github.com/external-secrets/external-secrets/pull/3568) - chore(deps): bump golang from 1.22.3-bookworm to 1.22.4-bookworm in /e2e by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3569](https://redirect.github.com/external-secrets/external-secrets/pull/3569) - chore(deps): bump golang from 1.22.3 to 1.22.4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3567](https://redirect.github.com/external-secrets/external-secrets/pull/3567) - Infisical provider by [@​akhilmhdh](https://redirect.github.com/akhilmhdh) in [https://github.com/external-secrets/external-secrets/pull/3477](https://redirect.github.com/external-secrets/external-secrets/pull/3477) - feat: kick github actions on main by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3572](https://redirect.github.com/external-secrets/external-secrets/pull/3572) - feat: add support to set Type for AWS parameter store by [@​vsantos](https://redirect.github.com/vsantos) in [https://github.com/external-secrets/external-secrets/pull/3576](https://redirect.github.com/external-secrets/external-secrets/pull/3576) - Remove shuheiktgw from maintainers by [@​shuheiktgw](https://redirect.github.com/shuheiktgw) in [https://github.com/external-secrets/external-secrets/pull/3573](https://redirect.github.com/external-secrets/external-secrets/pull/3573) - Add device42 provider by [@​smcavallo](https://redirect.github.com/smcavallo) in [https://github.com/external-secrets/external-secrets/pull/3571](https://redirect.github.com/external-secrets/external-secrets/pull/3571) - ref: parameter store should be called only once by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3584](https://redirect.github.com/external-secrets/external-secrets/pull/3584) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3570](https://redirect.github.com/external-secrets/external-secrets/pull/3570) - feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache by [@​toVersus](https://redirect.github.com/toVersus) in [https://github.com/external-secrets/external-secrets/pull/3588](https://redirect.github.com/external-secrets/external-secrets/pull/3588) - Support glob for namespaces condition in ClusterSecretStore by [@​speedfl](https://redirect.github.com/speedfl) in [https://github.com/external-secrets/external-secrets/pull/2920](https://redirect.github.com/external-secrets/external-secrets/pull/2920) - Fix typo privatKey in multiple files by [@​IdanAdar](https://redirect.github.com/IdanAdar) in [https://github.com/external-secrets/external-secrets/pull/3578](https://redirect.github.com/external-secrets/external-secrets/pull/3578) - chore(deps): bump mkdocs-material from 9.5.26 to 9.5.27 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3595](https://redirect.github.com/external-secrets/external-secrets/pull/3595) - chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3591](https://redirect.github.com/external-secrets/external-secrets/pull/3591) - chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3592](https://redirect.github.com/external-secrets/external-secrets/pull/3592) - chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3590](https://redirect.github.com/external-secrets/external-secrets/pull/3590) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3596](https://redirect.github.com/external-secrets/external-secrets/pull/3596) - chore(deps): bump golang from `aec4784` to `9678844` in /e2e by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3593](https://redirect.github.com/external-secrets/external-secrets/pull/3593) - chore(deps): bump golang from `9bdd569` to `6522f0c` by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3594](https://redirect.github.com/external-secrets/external-secrets/pull/3594) - feat(chart): Enable partial cache for certcontroller when installCRDs=true by [@​toVersus](https://redirect.github.com/toVersus) in [https://github.com/external-secrets/external-secrets/pull/3589](https://redirect.github.com/external-secrets/external-secrets/pull/3589) - Add skip unmanaged store logic for push secret controller by [@​Bude8](https://redirect.github.com/Bude8) in [https://github.com/external-secrets/external-secrets/pull/3123](https://redirect.github.com/external-secrets/external-secrets/pull/3123) - fix(vault): Fix crash when caching is enabled and a token expires by [@​agunnerson-elastic](https://redirect.github.com/agunnerson-elastic) in [https://github.com/external-secrets/external-secrets/pull/3598](https://redirect.github.com/external-secrets/external-secrets/pull/3598) - Remove the use of "golang.org/x/crypto/pkcs12" by [@​yihuaf](https://redirect.github.com/yihuaf) in [https://github.com/external-secrets/external-secrets/pull/3601](https://redirect.github.com/external-secrets/external-secrets/pull/3601) - Make UBI more tolerable from OS vulnerabilities by [@​IdanAdar](https://redirect.github.com/IdanAdar) in [https://github.com/external-secrets/external-secrets/pull/3607](https://redirect.github.com/external-secrets/external-secrets/pull/3607) - fix: explicitly fetch status subresource due to inconsistencies by [@​moolen](https://redirect.github.com/moolen) in [https://github.com/external-secrets/external-secrets/pull/3608](https://redirect.github.com/external-secrets/external-secrets/pull/3608) - Adds codepath for removing finalizers by [@​lllamnyp](https://redirect.github.com/lllamnyp) in [https://github.com/external-secrets/external-secrets/pull/3610](https://redirect.github.com/external-secrets/external-secrets/pull/3610) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3624](https://redirect.github.com/external-secrets/external-secrets/pull/3624) - chore(deps): bump alpine from 3.20.0 to 3.20.1 in /e2e by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3622](https://redirect.github.com/external-secrets/external-secrets/pull/3622) - chore(deps): bump alpine from `77726ef` to `b89d9c9` in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3621](https://redirect.github.com/external-secrets/external-secrets/pull/3621) - chore(deps): bump golang from `6522f0c` to `ace6cc3` by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3620](https://redirect.github.com/external-secrets/external-secrets/pull/3620) - chore(deps): bump urllib3 from 2.2.1 to 2.2.2 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3618](https://redirect.github.com/external-secrets/external-secrets/pull/3618) - chore(deps): bump importlib-metadata from 7.1.0 to 7.2.1 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3617](https://redirect.github.com/external-secrets/external-secrets/pull/3617) - chore(deps): bump livereload from 2.6.3 to 2.7.0 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3616](https://redirect.github.com/external-secrets/external-secrets/pull/3616) - chore(deps): bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3615](https://redirect.github.com/external-secrets/external-secrets/pull/3615) - chore(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.6 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3614](https://redirect.github.com/external-secrets/external-secrets/pull/3614) - Fix ACR External Secret example by [@​ellenfieldn](https://redirect.github.com/ellenfieldn) in [https://github.com/external-secrets/external-secrets/pull/3626](https://redirect.github.com/external-secrets/external-secrets/pull/3626) - feat: add bitwarden secret manager support by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3603](https://redirect.github.com/external-secrets/external-secrets/pull/3603) - fix: e2e installation of ESO needs to update dependencies first by [@​Skarlso](https://redirect.github.com/Skarlso) in [https://github.com/external-secrets/external-secrets/pull/3635](https://redirect.github.com/external-secrets/external-secrets/pull/3635) - added secretserver env vars to e2e.yml by [@​pacificcode](https://redirect.github.com/pacificcode) in [https://github.com/external-secrets/external-secrets/pull/3636](https://redirect.github.com/external-secrets/external-secrets/pull/3636) - docs: fix dataFrom.find in ExternalSecret api example by [@​sboschman](https://redirect.github.com/sboschman) in [https://github.com/external-secrets/external-secrets/pull/3633](https://redirect.github.com/external-secrets/external-secrets/pull/3633) - chore: update dependencies by [@​eso-service-account-app](https://redirect.github.com/eso-service-account-app) in [https://github.com/external-secrets/external-secrets/pull/3641](https://redirect.github.com/external-secrets/external-secrets/pull/3641) - chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3640](https://redirect.github.com/external-secrets/external-secrets/pull/3640) - chore(deps): bump importlib-metadata from 7.2.1 to 8.0.0 in /hack/api-docs by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/external-secrets/external-secrets/pull/3639](https://redirect.github.com/external-secrets/external-secrets/pull/3639) - add AuthRef to kubernetes provider fixes [#​3627](https://redirect.github.com/external-secrets/external-secrets/issues/3627) by [@​kaedwen](https://redirect.github.com/kaedwen) in [https://github.com/external-secrets/external-secrets/pull/3628](https://redirect.github.com/external-secrets/external-secrets/pull/3628) - fix: implement handling for pushing whole k8s secret to gcsm by [@​thejosephstevens](https://redirect.github.com/thejosephstevens) in [https://github.com/external-secrets/external-secrets/pull/3644](https://redirect.github.com/external-secrets/external-secrets/pull/3644) - bump e2e pipeline by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3646](https://redirect.github.com/external-secrets/external-secrets/pull/3646) - fix e2e permissions by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3647](https://redirect.github.com/external-secrets/external-secrets/pull/3647) - bump docs with e2e commands by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3648](https://redirect.github.com/external-secrets/external-secrets/pull/3648) - also needs pull-requests by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3649](https://redirect.github.com/external-secrets/external-secrets/pull/3649) - use github token to allow comment by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3651](https://redirect.github.com/external-secrets/external-secrets/pull/3651) - fix(webhook): perform conversion of data by [@​cardoe](https://redirect.github.com/cardoe) in [https://github.com/external-secrets/external-secrets/pull/3638](https://redirect.github.com/external-secrets/external-secrets/pull/3638) - feat: implement pushing whole k8s secret to Azure Keyvault by [@​CCOLLOT](https://redirect.github.com/CCOLLOT) in [https://github.com/external-secrets/external-secrets/pull/3650](https://redirect.github.com/external-secrets/external-secrets/pull/3650) - fix(vault): Treat tokens expiring in <60s as expired by [@​agunnerson-elastic](https://redirect.github.com/agunnerson-elastic) in [https://github.com/external-secrets/external-secrets/pull/3637](https://redirect.github.com/external-secrets/external-secrets/pull/3637) - Allow specifying the same namespace for SecretStores by [@​shuheiktgw](https://redirect.github.com/shuheiktgw) in [https://github.com/external-secrets/external-secrets/pull/3555](https://redirect.github.com/external-secrets/external-secrets/pull/3555) - docs: add proposal for PushSecret metadata by [@​moolen](https://redirect.github.com/moolen) in [https://github.com/external-secrets/external-secrets/pull/3612](https://redirect.github.com/external-secrets/external-secrets/pull/3612) - fix github credentials by [@​gusfcarvalho](https://redirect.github.com/gusfcarvalho) in [https://github.com/external-secrets/external-secrets/pull/3656](https://redirect.github.com/external-secrets/external-secrets/pull/3656) - docs: updated k8s support for ESO v0.9 by [@​shazib-summar](https://redirect.github.com/shazib-summar) in [https://github.com/external-secrets/external-secrets/pull/3659](https://redirect.github.com/external-secrets/external-secrets/pull/3659) #### New Contributors - [@​lindhe](https://redirect.github.com/lindhe) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3554](https://redirect.github.com/external-secrets/external-secrets/pull/3554) - [@​KyriosGN0](https://redirect.github.com/KyriosGN0) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3558](https://redirect.github.com/external-secrets/external-secrets/pull/3558) - [@​akhilmhdh](https://redirect.github.com/akhilmhdh) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3477](https://redirect.github.com/external-secrets/external-secrets/pull/3477) - [@​smcavallo](https://redirect.github.com/smcavallo) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3571](https://redirect.github.com/external-secrets/external-secrets/pull/3571) - [@​toVersus](https://redirect.github.com/toVersus) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3588](https://redirect.github.com/external-secrets/external-secrets/pull/3588) - [@​speedfl](https://redirect.github.com/speedfl) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/2920](https://redirect.github.com/external-secrets/external-secrets/pull/2920) - [@​Bude8](https://redirect.github.com/Bude8) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3123](https://redirect.github.com/external-secrets/external-secrets/pull/3123) - [@​agunnerson-elastic](https://redirect.github.com/agunnerson-elastic) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3598](https://redirect.github.com/external-secrets/external-secrets/pull/3598) - [@​yihuaf](https://redirect.github.com/yihuaf) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3601](https://redirect.github.com/external-secrets/external-secrets/pull/3601) - [@​lllamnyp](https://redirect.github.com/lllamnyp) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3610](https://redirect.github.com/external-secrets/external-secrets/pull/3610) - [@​ellenfieldn](https://redirect.github.com/ellenfieldn) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3626](https://redirect.github.com/external-secrets/external-secrets/pull/3626) - [@​pacificcode](https://redirect.github.com/pacificcode) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3636](https://redirect.github.com/external-secrets/external-secrets/pull/3636) - [@​sboschman](https://redirect.github.com/sboschman) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3633](https://redirect.github.com/external-secrets/external-secrets/pull/3633) - [@​kaedwen](https://redirect.github.com/kaedwen) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3628](https://redirect.github.com/external-secrets/external-secrets/pull/3628) - [@​thejosephstevens](https://redirect.github.com/thejosephstevens) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3644](https://redirect.github.com/external-secrets/external-secrets/pull/3644) - [@​cardoe](https://redirect.github.com/cardoe) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3638](https://redirect.github.com/external-secrets/external-secrets/pull/3638) - [@​CCOLLOT](https://redirect.github.com/CCOLLOT) made their first contribution in [https://github.com/external-secrets/external-secrets/pull/3650](https://redirect.github.com/external-secrets/external-secrets/pull/3650) - [@​shazib-summar](https://redirect.github.com/shazib-summar) made their first contribution in [https://github.com/external-secrets/ex

Configuration

šŸ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

šŸš¦ Automerge: Enabled.

ā™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

šŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] commented 1 month ago

ā„¹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

Details:

Package Change
go 1.22.3 -> 1.23.1
k8s.io/api v0.30.1 -> v0.31.0
k8s.io/apiextensions-apiserver v0.30.0 -> v0.31.0
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 -> v1.14.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 -> v1.7.0
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 -> v1.10.0
github.com/aws/aws-sdk-go v1.53.3 -> v1.55.5
github.com/cespare/xxhash/v2 v2.2.0 -> v2.3.0
github.com/emicklei/go-restful/v3 v3.12.0 -> v3.12.1
github.com/go-logr/logr v1.4.1 -> v1.4.2
github.com/google/cel-go v0.17.8 -> v0.20.1
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 -> v2.20.0
github.com/hashicorp/go-retryablehttp v0.7.5 -> v0.7.7
github.com/hashicorp/vault/api v1.10.0 -> v1.14.0
github.com/hashicorp/vault/api/auth/approle v0.5.0 -> v0.7.0
github.com/hashicorp/vault/api/auth/kubernetes v0.5.0 -> v0.7.0
github.com/klauspost/compress v1.17.4 -> v1.17.9
github.com/prometheus/client_golang v1.19.1 -> v1.20.2
github.com/prometheus/common v0.53.0 -> v0.55.0
github.com/prometheus/procfs v0.12.0 -> v0.15.1
github.com/rogpeppe/go-internal v1.11.1-0.20231026093722-fa6a31e0812c -> v1.12.0
github.com/spf13/cast v1.6.0 -> v1.7.0
github.com/spf13/cobra v1.8.0 -> v1.8.1
go.mongodb.org/mongo-driver v1.14.0 -> v1.16.1
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 -> v0.54.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 -> v0.54.0
go.opentelemetry.io/otel v1.24.0 -> v1.29.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 -> v1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 -> v1.27.0
go.opentelemetry.io/otel/metric v1.24.0 -> v1.29.0
go.opentelemetry.io/otel/sdk v1.21.0 -> v1.28.0
go.opentelemetry.io/otel/trace v1.24.0 -> v1.29.0
go.opentelemetry.io/proto/otlp v1.0.0 -> v1.3.1
go.uber.org/zap v1.26.0 -> v1.27.0
golang.org/x/crypto v0.23.0 -> v0.26.0
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f -> v0.0.0-20240808152545-0cdaa3abc0fa
golang.org/x/mod v0.17.0 -> v0.20.0
golang.org/x/net v0.25.0 -> v0.28.0
golang.org/x/oauth2 v0.20.0 -> v0.22.0
golang.org/x/sync v0.7.0 -> v0.8.0
golang.org/x/sys v0.20.0 -> v0.24.0
golang.org/x/term v0.20.0 -> v0.23.0
golang.org/x/text v0.15.0 -> v0.17.0
golang.org/x/time v0.5.0 -> v0.6.0
golang.org/x/tools v0.20.0 -> v0.24.0
google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be -> v0.0.0-20240823204242-4ba0660f739c
google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 -> v0.0.0-20240823204242-4ba0660f739c
google.golang.org/grpc v1.63.2 -> v1.65.0
google.golang.org/protobuf v1.34.1 -> v1.34.2
k8s.io/apimachinery v0.30.1 -> v0.31.0
k8s.io/apiserver v0.30.0 -> v0.31.0
k8s.io/component-base v0.30.0 -> v0.31.0
k8s.io/klog/v2 v2.120.1 -> v2.130.1
k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 -> v0.0.0-20240822171749-76de80e0abd9
k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 -> v0.0.0-20240821151609-f90d01438635
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 -> v0.30.3
sigs.k8s.io/controller-runtime v0.18.2 -> v0.19.0