fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

renovate · 2024-09-09T18:53:44Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/external-secrets/external-secrets	`v0.9.11` -> `v0.10.2`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-45041

Details

The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources(https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L49). It also has path/update verb of validatingwebhookconfigurations resources(https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L27). As a result, if a malicious user can access the worker node which has this deployment. he/she can:

For the "get/list secrets" permission, he/she can abuse the SA token of this deployment to retrieve or get ALL secrets in the whole cluster, including the cluster-admin secret if created. After that, he/she can abuse the cluster-admin secret to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation.
For the patch/update verb of validatingwebhookconfigurations, the malicious user can abuse these permissions to get sensitive data or lanuch DoS attacks:

For the privilege escalation attack, by updating/patching a Webhook to make it listen to Secret update operations, the attacker can capture and log all data from requests attempting to update Secrets. More specifically, when a Secret is updated, this Webhook sends the request data to the logging-service, which can then log the content of the Secret. This way, an attacker could indirectly gain access to the full contents of the Secret.

For the DoS attack, by updating/patching a Webhook, and making it deny all Pod create and update requests, the attacker can prevent any new Pods from being created or existing Pods from being updated, resulting in a Denial of Service (DoS) attack.

PoC

Please see the "Details" section

Impact

Privilege escalation

Release Notes

external-secrets/external-secrets (github.com/external-secrets/external-secrets)

`v0.10.2`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.2
Image: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi-boringssl

What's Changed

release: update helm charts to version v0.10.1 by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3842
fix: add watch to validatingwebhookconfigs by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3845

Full Changelog: external-secrets/external-secrets@v0.10.1...v0.10.2

`v0.10.1`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.1
Image: ghcr.io/external-secrets/external-secrets:v0.10.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.1-ubi-boringssl

⚠️ :red-alert: BREAKING CHANGE :red-alert: ⚠️

Webhook Generator
Webhook generator labels have changed from generators.external-secrets.io/type: webhook to external-secrets.io/type: webhook.
Webhook Provider
Webhook provider now can only use secrets that are labeled with external-secrets.io/type: webhook. This enforces explicit setup for webhook secrets by users.

Fixing the issue:

add the label for the secret used by the webhook:

apiVersion: v1
kind: Secret
metadata:
  name: your-secret
  labels:
    external-secrets.io/type: webhook ### <<<<<<<<<<<<< ADD THIS
data:
...

Image: ghcr.io/external-secrets/external-secrets:v0.10.0
Image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi-boringssl

What's Changed

chore: bump to 0.9.20 by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3660
chore(deps): bump golang from 1.22.4 to 1.22.5 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3662
chore(deps): bump distroless/static from 4197211 to ce46866 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3663
chore(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3665
chore(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3666
chore(deps): bump mkdocs-material from 9.5.27 to 9.5.28 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3667
chore(deps): bump certifi from 2024.6.2 to 2024.7.4 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3668
chore(deps): bump golang from 1.22.4-bookworm to 1.22.5-bookworm in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3669
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3670
sets eso-service-account for creating e2e comments by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3678
use github token for the actions check by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3679
Add support for Delinea Secret Server by @pacificcode in https://github.com/external-secrets/external-secrets/pull/3468
Fix: Only URL encode data being passed to URLs (#3652) by @ryanmeans in https://github.com/external-secrets/external-secrets/pull/3674
Commenting secrets manifest from hashicorp vault integration #3661 by @jeffmachado in https://github.com/external-secrets/external-secrets/pull/3680
docs: Fix namespaceRegexes in full-cluster-secret-store.yaml by @excalq in https://github.com/external-secrets/external-secrets/pull/3681
Support for Oracle PushSecret.property #2911 by @Aeyk in https://github.com/external-secrets/external-secrets/pull/3577
support for adding headers in vault provider by @abhinav1708 in https://github.com/external-secrets/external-secrets/pull/3677
chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3688
chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3691
chore(deps): bump actions/setup-python from 5.1.0 to 5.1.1 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3690
chore(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3689
chore(deps): bump golang from 8c9183f to 8c9183f by @dependabot in https://github.com/external-secrets/external-secrets/pull/3687
chore(deps): bump mkdocs-material from 9.5.28 to 9.5.29 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3692
fix: aws secretmanager's SecretExists returns true for non-existent secrets by @mintbomb27 in https://github.com/external-secrets/external-secrets/pull/3684
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3693
Added 2 articles I wrote on AWS secrets injection and ESO templating by @alinadir44 in https://github.com/external-secrets/external-secrets/pull/3707
Update docs for namespaceSelectors usage and namespaceSelector deprecation by @mtougeron in https://github.com/external-secrets/external-secrets/pull/3695
fix: add namespace to path and route construction by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3632
chore(deps): bump softprops/action-gh-release from 2.0.6 to 2.0.8 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3708
chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3709
Update bitwarden-secrets-manager.md by @zazathomas in https://github.com/external-secrets/external-secrets/pull/3710
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3711
feat: add PushSecret support for Pulumi ESC by @dirien in https://github.com/external-secrets/external-secrets/pull/3597
remove redundant parameter grab call, we already have the data by @rumenvasilev in https://github.com/external-secrets/external-secrets/pull/3722
chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3729
chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3727
chore(deps): bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3728
chore(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3731
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.15 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3730
chore(deps): bump alpine from 77726ef to 0a4eaa0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3733
chore(deps): bump golang from 8c9183f to 0d3653d by @dependabot in https://github.com/external-secrets/external-secrets/pull/3732
feat: increase verbosity of error message during validation by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3742
chore(deps): bump golang from 6c27802 to af9b40f in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3734
chore(deps): bump alpine from 3.20.1 to 3.20.2 in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3735
chore(deps): bump alpine from b89d9c9 to 0a4eaa0 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3736
chore(deps): bump regex from 2024.5.15 to 2024.7.24 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3737
chore(deps): bump mkdocs-material from 9.5.29 to 9.5.30 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3738
chore(deps): bump importlib-metadata from 8.0.0 to 8.2.0 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3739
chore(deps): bump pymdown-extensions from 10.8.1 to 10.9 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3740
docs: Remove references to pemCertificate and pemPrivateKey functions by @trenslow in https://github.com/external-secrets/external-secrets/pull/3744
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3741
docs: Improvements in the ExternalSecret comments in API section by @c-neto in https://github.com/external-secrets/external-secrets/pull/3725
feat: add prefix definition to all secret keys for aws parameter store by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3718
feat: do not modify the secret in case of a NotModified by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3746
feat: webhook secrets must be labeled by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3753
feat: support pkcs12 with chain in pushsecret to Azure KeyVault by @mysteq in https://github.com/external-secrets/external-secrets/pull/3747
docs: document fullPemToPkcs12 and fullPemToPkcs12Pass helper functions by @mysteq in https://github.com/external-secrets/external-secrets/pull/3749

New Contributors

@ryanmeans made their first contribution in https://github.com/external-secrets/external-secrets/pull/3674
@jeffmachado made their first contribution in https://github.com/external-secrets/external-secrets/pull/3680
@excalq made their first contribution in https://github.com/external-secrets/external-secrets/pull/3681
@Aeyk made their first contribution in https://github.com/external-secrets/external-secrets/pull/3577
@abhinav1708 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3677
@mintbomb27 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3684
@alinadir44 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3707
@mtougeron made their first contribution in https://github.com/external-secrets/external-secrets/pull/3695
@zazathomas made their first contribution in https://github.com/external-secrets/external-secrets/pull/3710
@rumenvasilev made their first contribution in https://github.com/external-secrets/external-secrets/pull/3722
@trenslow made their first contribution in https://github.com/external-secrets/external-secrets/pull/3744
@c-neto made their first contribution in https://github.com/external-secrets/external-secrets/pull/3725
@mysteq made their first contribution in https://github.com/external-secrets/external-secrets/pull/3747

Full Changelog: external-secrets/external-secrets@v0.9.20...v0.10.0

`v0.9.20`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.9.20
Image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi-boringssl

What's Changed

bump 0.9.19 by @knelasevero in https://github.com/external-secrets/external-secrets/pull/3553
Fix typo: temaplate --> template by @lindhe in https://github.com/external-secrets/external-secrets/pull/3554
Oracle Vault Provider Documentation by @anders-swanson in https://github.com/external-secrets/external-secrets/pull/3551
feat: add location to GCP push secret by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3502
add log.level and log.encoding to all components by @KyriosGN0 in https://github.com/external-secrets/external-secrets/pull/3558
chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3561
chore(deps): bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3562
chore(deps): bump tornado from 6.4 to 6.4.1 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3563
chore(deps): bump packaging from 24.0 to 24.1 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3564
chore(deps): bump mkdocs-material from 9.5.25 to 9.5.26 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3565
chore(deps): bump zipp from 3.19.1 to 3.19.2 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3566
chore(deps): bump ubi8/ubi-minimal from 9e458f4 to 5f1cd34 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3568
chore(deps): bump golang from 1.22.3-bookworm to 1.22.4-bookworm in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3569
chore(deps): bump golang from 1.22.3 to 1.22.4 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3567
Infisical provider by @akhilmhdh in https://github.com/external-secrets/external-secrets/pull/3477
feat: kick github actions on main by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3572
feat: add support to set Type for AWS parameter store by @vsantos in https://github.com/external-secrets/external-secrets/pull/3576
Remove shuheiktgw from maintainers by @shuheiktgw in https://github.com/external-secrets/external-secrets/pull/3573
Add device42 provider by @smcavallo in https://github.com/external-secrets/external-secrets/pull/3571
ref: parameter store should be called only once by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3584
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3570
feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache by @toVersus in https://github.com/external-secrets/external-secrets/pull/3588
Support glob for namespaces condition in ClusterSecretStore by @speedfl in https://github.com/external-secrets/external-secrets/pull/2920
Fix typo privatKey in multiple files by @IdanAdar in https://github.com/external-secrets/external-secrets/pull/3578
chore(deps): bump mkdocs-material from 9.5.26 to 9.5.27 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3595
chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3591
chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3592
chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3590
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3596
chore(deps): bump golang from aec4784 to 9678844 in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3593
chore(deps): bump golang from 9bdd569 to 6522f0c by @dependabot in https://github.com/external-secrets/external-secrets/pull/3594
feat(chart): Enable partial cache for certcontroller when installCRDs=true by @toVersus in https://github.com/external-secrets/external-secrets/pull/3589
Add skip unmanaged store logic for push secret controller by @Bude8 in https://github.com/external-secrets/external-secrets/pull/3123
fix(vault): Fix crash when caching is enabled and a token expires by @agunnerson-elastic in https://github.com/external-secrets/external-secrets/pull/3598
Remove the use of "golang.org/x/crypto/pkcs12" by @yihuaf in https://github.com/external-secrets/external-secrets/pull/3601
Make UBI more tolerable from OS vulnerabilities by @IdanAdar in https://github.com/external-secrets/external-secrets/pull/3607
fix: explicitly fetch status subresource due to inconsistencies by @moolen in https://github.com/external-secrets/external-secrets/pull/3608
Adds codepath for removing finalizers by @lllamnyp in https://github.com/external-secrets/external-secrets/pull/3610
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3624
chore(deps): bump alpine from 3.20.0 to 3.20.1 in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3622
chore(deps): bump alpine from 77726ef to b89d9c9 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3621
chore(deps): bump golang from 6522f0c to ace6cc3 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3620
chore(deps): bump urllib3 from 2.2.1 to 2.2.2 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3618
chore(deps): bump importlib-metadata from 7.1.0 to 7.2.1 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3617
chore(deps): bump livereload from 2.6.3 to 2.7.0 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3616
chore(deps): bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3615
chore(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.6 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3614
Fix ACR External Secret example by @ellenfieldn in https://github.com/external-secrets/external-secrets/pull/3626
feat: add bitwarden secret manager support by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3603
fix: e2e installation of ESO needs to update dependencies first by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3635
added secretserver env vars to e2e.yml by @pacificcode in https://github.com/external-secrets/external-secrets/pull/3636
docs: fix dataFrom.find in ExternalSecret api example by @sboschman in https://github.com/external-secrets/external-secrets/pull/3633
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3641
chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3640
chore(deps): bump importlib-metadata from 7.2.1 to 8.0.0 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3639
add AuthRef to kubernetes provider fixes #3627 by @kaedwen in https://github.com/external-secrets/external-secrets/pull/3628
fix: implement handling for pushing whole k8s secret to gcsm by @thejosephstevens in https://github.com/external-secrets/external-secrets/pull/3644
bump e2e pipeline by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3646
fix e2e permissions by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3647
bump docs with e2e commands by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3648
also needs pull-requests by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3649
use github token to allow comment by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3651
fix(webhook): perform conversion of data by @cardoe in https://github.com/external-secrets/external-secrets/pull/3638
feat: implement pushing whole k8s secret to Azure Keyvault by @CCOLLOT in https://github.com/external-secrets/external-secrets/pull/3650
fix(vault): Treat tokens expiring in <60s as expired by @agunnerson-elastic in https://github.com/external-secrets/external-secrets/pull/3637
Allow specifying the same namespace for SecretStores by @shuheiktgw in https://github.com/external-secrets/external-secrets/pull/3555
docs: add proposal for PushSecret metadata by @moolen in https://github.com/external-secrets/external-secrets/pull/3612
fix github credentials by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3656
docs: updated k8s support for ESO v0.9 by @shazib-summar in https://github.com/external-secrets/external-secrets/pull/3659

New Contributors

@lindhe made their first contribution in https://github.com/external-secrets/external-secrets/pull/3554
@KyriosGN0 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3558
@akhilmhdh made their first contribution in https://github.com/external-secrets/external-secrets/pull/3477
@smcavallo made their first contribution in https://github.com/external-secrets/external-secrets/pull/3571
@toVersus made their first contribution in https://github.com/external-secrets/external-secrets/pull/3588
@speedfl made their first contribution in https://github.com/external-secrets/external-secrets/pull/2920
@Bude8 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3123
@agunnerson-elastic made their first contribution in https://github.com/external-secrets/external-secrets/pull/3598
@yihuaf made their first contribution in https://github.com/external-secrets/external-secrets/pull/3601
@lllamnyp made their first contribution in https://github.com/external-secrets/external-secrets/pull/3610
@ellenfieldn made their first contribution in https://github.com/external-secrets/external-secrets/pull/3626
@pacificcode made their first contribution in https://github.com/external-secrets/external-secrets/pull/3636
@sboschman made their first contribution in https://github.com/external-secrets/external-secrets/pull/3633
@kaedwen made their first contribution in https://github.com/external-secrets/external-secrets/pull/3628
@thejosephstevens made their first contribution in https://github.com/external-secrets/external-secrets/pull/3644
@cardoe made their first contribution in https://github.com/external-secrets/external-secrets/pull/3638
@CCOLLOT made their first contribution in https://github.com/external-secrets/external-secrets/pull/3650
@shazib-summar made their first contribution in [https://github.com/external-secrets/externa

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2024-09-09T18:53:46Z

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

47 additional dependencies were updated
The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.22.3` -> `1.23.4`
`k8s.io/api`	`v0.30.2` -> `v0.31.0`
`k8s.io/apiextensions-apiserver`	`v0.30.2` -> `v0.31.0`
`github.com/Azure/azure-sdk-for-go/sdk/azcore`	`v1.12.0` -> `v1.14.0`
`github.com/Azure/azure-sdk-for-go/sdk/azidentity`	`v1.6.0` -> `v1.7.0`
`github.com/Azure/azure-sdk-for-go/sdk/internal`	`v1.9.0` -> `v1.10.0`
`github.com/aws/aws-sdk-go`	`v1.53.3` -> `v1.55.5`
`github.com/emicklei/go-restful/v3`	`v3.12.0` -> `v3.12.1`
`github.com/go-jose/go-jose/v4`	`v4.0.2` -> `v4.0.4`
`github.com/go-logr/logr`	`v1.4.1` -> `v1.4.2`
`github.com/hashicorp/vault/api`	`v1.13.0` -> `v1.14.0`
`github.com/hashicorp/vault/api/auth/approle`	`v0.5.0` -> `v0.7.0`
`github.com/hashicorp/vault/api/auth/kubernetes`	`v0.5.0` -> `v0.7.0`
`github.com/klauspost/compress`	`v1.17.4` -> `v1.17.9`
`github.com/prometheus/client_golang`	`v1.19.1` -> `v1.20.2`
`github.com/prometheus/common`	`v0.53.0` -> `v0.55.0`
`github.com/spf13/cast`	`v1.6.0` -> `v1.7.0`
`go.mongodb.org/mongo-driver`	`v1.14.0` -> `v1.16.1`
`go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc`	`v0.51.0` -> `v0.54.0`
`go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`	`v0.51.0` -> `v0.54.0`
`go.opentelemetry.io/otel`	`v1.27.0` -> `v1.29.0`
`go.opentelemetry.io/otel/exporters/otlp/otlptrace`	`v1.26.0` -> `v1.28.0`
`go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`	`v1.26.0` -> `v1.27.0`
`go.opentelemetry.io/otel/metric`	`v1.27.0` -> `v1.29.0`
`go.opentelemetry.io/otel/sdk`	`v1.26.0` -> `v1.28.0`
`go.opentelemetry.io/otel/trace`	`v1.27.0` -> `v1.29.0`
`go.opentelemetry.io/proto/otlp`	`v1.2.0` -> `v1.3.1`
`golang.org/x/crypto`	`v0.24.0` -> `v0.26.0`
`golang.org/x/exp`	`v0.0.0-20240613232115-7f521ea00fb8` -> `v0.0.0-20240808152545-0cdaa3abc0fa`
`golang.org/x/mod`	`v0.18.0` -> `v0.20.0`
`golang.org/x/net`	`v0.26.0` -> `v0.28.0`
`golang.org/x/oauth2`	`v0.20.0` -> `v0.22.0`
`golang.org/x/sync`	`v0.7.0` -> `v0.8.0`
`golang.org/x/sys`	`v0.21.0` -> `v0.24.0`
`golang.org/x/term`	`v0.21.0` -> `v0.23.0`
`golang.org/x/text`	`v0.16.0` -> `v0.17.0`
`golang.org/x/time`	`v0.5.0` -> `v0.6.0`
`golang.org/x/tools`	`v0.22.0` -> `v0.24.0`
`google.golang.org/genproto/googleapis/api`	`v0.0.0-20240515191416-fc5f0ca64291` -> `v0.0.0-20240823204242-4ba0660f739c`
`google.golang.org/genproto/googleapis/rpc`	`v0.0.0-20240624140628-dc46fd24d27d` -> `v0.0.0-20240823204242-4ba0660f739c`
`google.golang.org/grpc`	`v1.64.1` -> `v1.65.0`
`k8s.io/apimachinery`	`v0.30.2` -> `v0.31.0`
`k8s.io/apiserver`	`v0.30.2` -> `v0.31.0`
`k8s.io/component-base`	`v0.30.2` -> `v0.31.0`
`k8s.io/klog/v2`	`v2.120.1` -> `v2.130.1`
`k8s.io/kube-openapi`	`v0.0.0-20240430033511-f0e62f92d13f` -> `v0.0.0-20240822171749-76de80e0abd9`
`k8s.io/utils`	`v0.0.0-20240502163921-fe8a2dddb1d0` -> `v0.0.0-20240821151609-f90d01438635`
`sigs.k8s.io/controller-runtime`	`v0.18.4` -> `v0.19.0`

… to v0.10.2 [security]

renovate bot force-pushed the renovate/go-github.com-external-secrets-external-secrets-vulnerability branch from ff3b50a to af68b08 Compare September 24, 2024 02:38

renovate bot force-pushed the renovate/go-github.com-external-secrets-external-secrets-vulnerability branch from af68b08 to 1289d5f Compare January 5, 2025 23:03

fix(deps): update module github.com/external-secrets/external-secrets…

0488d08

… to v0.10.2 [security]

renovate bot force-pushed the renovate/go-github.com-external-secrets-external-secrets-vulnerability branch from 1289d5f to 0488d08 Compare January 16, 2025 04:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

renovate bot commented Sep 9, 2024 •

edited

Loading

renovate bot commented Sep 9, 2024 •

edited

Loading

fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

Are you sure you want to change the base?

fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

Conversation

renovate bot commented Sep 9, 2024 • edited Loading

GitHub Vulnerability Alerts

CVE-2024-45041

Details

PoC

Impact

Release Notes

v0.10.2

What's Changed

v0.10.1

What's Changed

New Contributors

v0.10.0

Fixing the issue:

What's Changed

New Contributors

v0.9.20

What's Changed

New Contributors

Configuration

renovate bot commented Sep 9, 2024 • edited Loading

ℹ Artifact update notice

File name: go.mod

renovate bot commented Sep 9, 2024 •

edited

Loading

`v0.10.2`

`v0.10.1`

`v0.10.0`

`v0.9.20`

renovate bot commented Sep 9, 2024 •

edited

Loading