chore(deps): update all non-major dependencies

[locmai]

This PR contains the following updates:

Package	Type	Update	Change
alpine	final	minor	3.20 -> 3.21
argo-cd		patch	7.7.6 -> 7.7.11
cassandra (source)		minor	12.0.5 -> 12.1.0
cloudflare (source)	required_provider	minor	~> 4.47.0 -> ~> 4.49.0
coroot		patch	0.16.3 -> 0.16.11
external-secrets		minor	0.10.7 -> 0.12.1
ingress-nginx		minor	4.11.3 -> 4.12.0
kubernetes (source)	required_provider	minor	~> 2.34.0 -> ~> 2.35.0
opentelemetry-collector (source)		minor	0.110.3 -> 0.111.0
six		minor	==1.16.0 -> ==1.17.0

---

Release Notes

argoproj/argo-helm (argo-cd)

v7.7.11

Compare Source

A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.

What's Changed

• chore(deps): update actions/create-github-app-token action to v1.11.1 by @​argoproj-renovate in https://github.com/argoproj/argo-helm/pull/3085
• chore(deps): bump the dependencies group with 3 updates by @​dependabot in https://github.com/argoproj/argo-helm/pull/3086
• fix(argo-cd): add functionality to en/disable argocd-ssh-known-hosts-cm by @​gajicdev in https://github.com/argoproj/argo-helm/pull/3083

New Contributors

• @​gajicdev made their first contribution in https://github.com/argoproj/argo-helm/pull/3083

Full Changelog: argoproj/argo-helm@argo-workflows-0.45.2...argo-cd-7.7.11

v7.7.10

Compare Source

A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.

What's Changed

• chore(argo-cd): Update dependency argoproj/argo-cd to v2.13.2 by @​argoproj-renovate in https://github.com/argoproj/argo-helm/pull/3076

Full Changelog: argoproj/argo-helm@argo-cd-7.7.9...argo-cd-7.7.10

v7.7.9

Compare Source

A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.

What's Changed

• chore(deps): update renovatebot/github-action action to v41.0.6 by @​argoproj-renovate in https://github.com/argoproj/argo-helm/pull/3071
• fix(argo-cd): Fix repo-server honorLabels config template by @​symaras in https://github.com/argoproj/argo-helm/pull/3075

New Contributors

• @​symaras made their first contribution in https://github.com/argoproj/argo-helm/pull/3075

Full Changelog: argoproj/argo-helm@argo-cd-7.7.8...argo-cd-7.7.9

v7.7.8

Compare Source

A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.

What's Changed

• chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 in the dependencies group by @​dependabot in https://github.com/argoproj/argo-helm/pull/3069
• feat(argo-cd): Bump argocd-extension-installer to 0.0.8 by @​mikutas in https://github.com/argoproj/argo-helm/pull/3070

Full Changelog: argoproj/argo-helm@argo-workflows-0.45.1...argo-cd-7.7.8

v7.7.7

Compare Source

A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.

What's Changed

• chore(deps): bump renovatebot/github-action from 41.0.4 to 41.0.5 in the dependencies group by @​dependabot in https://github.com/argoproj/argo-helm/pull/3061
• chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38.142.7 by @​argoproj-renovate in https://github.com/argoproj/argo-helm/pull/3062
• chore(deps): update ghcr.io/renovatebot/renovate docker tag to v39 by @​argoproj-renovate in https://github.com/argoproj/argo-helm/pull/3063
• feat(argo-cd): Template server ingress extraTls arguments by @​garryod in https://github.com/argoproj/argo-helm/pull/3056

New Contributors

• @​garryod made their first contribution in https://github.com/argoproj/argo-helm/pull/3056

Full Changelog: argoproj/argo-helm@argo-cd-7.7.6...argo-cd-7.7.7

bitnami/charts (cassandra)

v12.1.0

• [bitnami/cassandra] Detect non-standard images (#​30866)

cloudflare/terraform-provider-cloudflare (cloudflare)

v4.49.1

Compare Source

Functionally the same as v4.49.0 but retagged to fix the Terraform Registry having a bad checksum due to a failed build asset being used.

v4.49.0

Compare Source

NOTES:

• resource/cloudflare_teams_location: remove unusable policy_ids attribute (#​4817)

FEATURES:

• New Resource: cloudflare_content_scanning_expression (#​4734)
• New Resource: cloudflare_content_scanning (#​4719)

ENHANCEMENTS:

• resource/access_application: support multi-valued + Access service token authentication for SCIM provisioning to Access applications (#​4743)

BUG FIXES:

• resource/cloudflare_ruleset: handle when disable_stale_while_updating is an empty object but not nil (#​4814)

DEPENDENCIES:

• provider: bump github.com/cloudflare/cloudflare-go from 0.111.0 to 0.112.0 (#​4803)
• provider: bump github.com/hashicorp/terraform-plugin-framework-validators from 0.15.0 to 0.16.0 (#​4762)
• provider: bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /tools (#​4755)
• provider: bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#​4756)
• provider: bump golang.org/x/net from 0.32.0 to 0.33.0 (#​4802)

v4.48.0

Compare Source

NOTES:

• resource/cloudflare_ruleset: rules must now be given an explicit ref to avoid their IDs changing across ruleset updates, see https://developers.cloudflare.com/terraform/troubleshooting/rule-id-changes/ (#​4697)

FEATURES:

• New Resource: cloudflare_leaked_credential_check (#​4674)
• New Resource: cloudflare_leaked_credential_check_rule (#​4676)
• New Resource: cloudflare_snippet (#​4565)
• New Resource: cloudflare_snippet_rules (#​4565)

ENHANCEMENTS:

• resource/access_application: add support for destinations and domain_type (#​4661)
• resource/access_identity_provider: document scim_config fields (#​4721)
• resource/cloudflare_access_policy: adds support for Access infrastructure allow_email_alias connection rule flag (#​4665)
• resource/cloudflare_ruleset: improve diffs when only some rules are changed (#​4697)
• resource/cloudflare_teams_list: use PUT call to update list items (#​4737)
• resource/cloudflare_zero_trust_access_policy: adds support for Access infrastructure allow_email_alias connection rule flag (#​4665)

BUG FIXES:

• resource/cloudflare_authenticated_origin_pulls: Fix issue where resources are disabled instead of being destroyed on tf destroy (#​4649)
• resource/cloudflare_leaked_credential_check_rule: Fix bug in update method (#​4741)

DEPENDENCIES:

• provider: bump github.com/cloudflare/cloudflare-go from 0.110.0 to 0.111.0 (#​4709)
• provider: bump golang.org/x/net from 0.31.0 to 0.32.0 (#​4718)

coroot/helm-charts (coroot)

v0.16.11

Compare Source

A monitoring and troubleshooting tool for microservice architectures.

v0.16.10

Compare Source

A monitoring and troubleshooting tool for microservice architectures.

v0.16.9

Compare Source

A monitoring and troubleshooting tool for microservice architectures.

v0.16.8

Compare Source

A monitoring and troubleshooting tool for microservice architectures.

v0.16.7

Compare Source

A monitoring and troubleshooting tool for microservice architectures.

v0.16.6

Compare Source

A monitoring and troubleshooting tool for microservice architectures.

v0.16.5

Compare Source

A monitoring and troubleshooting tool for microservice architectures.

v0.16.4

Compare Source

A monitoring and troubleshooting tool for microservice architectures.

external-secrets/external-secrets (external-secrets)

v0.12.1

Compare Source

RELEASE VERSION

My apologies, when creating the release, 0.12.0 failed. The branch and tag however, have been created and I was unable to delete them. Thus, the version has been increased to 0.12.1 after the fix and now that's the current version. I hand updated the release notes to include everyone into the changes.

BREAKING CHANGES

The following breaking changes have been introduced into this release:

• Permission update for AWS provider adding BulkFetch when getting multiple secrets ( significant API reduce but comes with adding a permission for bulk endpoint )
• fixed a typo for a generator in the json tag where before it was ecrRAuthorizationTokenSpec with an extra R
• We standardized the GCP Secrets Manager Metadata structure for PushSecrets ( be aware that existing manifests will stop working until updated to the standardized version ) for more info see https://github.com/external-secrets/external-secrets/pull/4210

Images

Image: ghcr.io/external-secrets/external-secrets:v0.12.1
Image: ghcr.io/external-secrets/external-secrets:v0.12.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.12.1-ubi-boringssl

What's Changed

• chore(deps): bump ubi8/ubi from 7287624 to 37cdac4 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4245
• revert: softprops update failing the release process by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4248
• chore: bump helm chart version v0.11.0 by @​Skarlso https://github.com/external-secrets/external-secrets/pull/4166
• chore(deps): bump mkdocs-material in /hack/api-docs by @​dependabot https://github.com/external-secrets/external-secrets/pull/4165
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4169
• Gc/fix clusterexternalsecret metrics by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4170
• chore(deps): bump distroless/static from f4a57e8 to 5c7e2b4 by @​dependabot https://github.com/external-secrets/external-secrets/pull/4164
• chore: deprecate olm proposal by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4175
• fix: error handling for gitlab variable fetch by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4177
• fix: v1 templates with metadata + always cleanup orphaned secrets by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4174
• fix: handle empty template engine version by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4182
• chore(deps): bump actions/cache from 4.1.2 to 4.2.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4190
• chore(deps): bump actions/attest-build-provenance from 1.4.4 to 2.0.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4189
• chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4188
• update dependencies in https://github.com/external-secrets/external-secrets/pull/4196
• chore(deps): bump codecov/codecov-action from 5.0.7 to 5.1.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4187
• chore(deps): bump alpine from 3.20.3 to 3.21.0 in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4184
• chore(deps): bump golang from 1.23.3-bookworm to 1.23.4-bookworm by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4185
• chore(deps): bump alpine from 3.20 to 3.21 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4186
• chore(deps): bump alpine from 1e42bbe to 21dc606 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4191
• chore(deps): bump golang from 1.23.3 to 1.23.4 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4192
• chore(deps): bump six from 1.16.0 to 1.17.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4193
• chore(deps): bump mkdocs-material in /hack/api-docs by dependabot in by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4194

• feat: 1password add support for tags and configurable PushSecret vault by @​Dariusch (#​4173)
• fix: ensure existing labels are retained for secrets in GCP secrets by @​newtondev (#​4160)
• fix: return not found error when there is no secret for vault provider by @​Skarlso (#​4183)
• fix: error in order of function call UpdateEnvironment by @​dirien (#​4201)
• BREAKING: Standardize GCP Secret Manager PushSecret metadata format and add CMEK support @​janlauber in (#​4210)
• docs: add raw markdown tags to PushSecret example in Google Secrets Manager documentation by @​janlauber in (#​4213)
• Design/target custom resources by @​gusfcarvalho (#​3449)
• chore(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @​dependabot (#​4215)
• chore(deps): bump actions/attest-build-provenance from 2.0.1 to 2.1.0 by @​dependabot in (#​4216)
• feat: update to use Batch value get instead of List and Fetch all secrets for AWS provider by @​Skarlso in (#​4181)
• fix: increase default QPS/Burst to 50/100 by @​thesuperzapper (#​4202)
• chore(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 by @​dependabot (#​4217)
• chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @​dependabot (#​4218)
• chore(deps): bump certifi from 2024.8.30 to 2024.12.14 by @​dependabot
• chore(deps): bump golang from 6c5c959 to 6c5c959 by @​dependabot (#​4220)
• chore: update dependencies by @​eso-service-account-app (#​4223)
• Add AWS ECR Public authorization token support by @​pmcenery (#​4229)
• fix: typo in the ecrAuthorizationTokenSpec json tag by @​Skarlso (#​4212)
• feat: fix a bunch of Sonar issues by @​Skarlso (#​4208)
• fix: Dockerfile.ubi using the wrong registry by @​Skarlso (#​4234)
• feat: add filterCertChain template helper function by @​sboschman (#​3934)
• fix: SonarCloud security hotspot by @​Skarlso in (#​4235)

Full Changelog: external-secrets/external-secrets@v0.11.0...v0.12.1

v0.11.0

Compare Source

Deprecation of OLM Releases

As of 0.11.0 is the last release available for OLM until further notice. Depending on the way this goes, we might still have OLM support (ideally with a properly built operator for that), but for sure in a different support scheme as to not overload maintainers anymore.
Also a valid note - you can still use 0.11.0 OLM release and the newest ESO images, you just need to set image.tag appropriately in your setup.

Kubernetes API load and significant decrease

A new way of reconciling external secrets has been added with pull request #​4086.

This significantly reduces the number of API calls that we make to the kubernetes API server.

1. Memory usage might increase if you are not already using --enable-secrets-caching
   1. If you are using --enable-secrets-caching and want to decrease memory usage at the expense of slightly higher API usage, you can disable it and only enable --enable-managed-secrets-caching (which is the new default)
2. In ALL cases (even when CreationPolicy is Merge), if a data key in the target Secret was created by the ExternalSecret, and it no longer exists in the template (or data/dataFrom), it will be removed from the target secret:
   1. This might cause some peoples secrets to be "cleaned of data keys" when updating to 0.11.
   2. Previously, the behaviour was undefined, and confusing because it was sort of broken when the template feature was added.
   3. The one exception is that ALL the data suddenly becomes empty and the DeletionPolicy is retain, in which case we will not even report and error, just change the SecretSynced message to explain that the secret was retained.
3. When CreationPolicy is Owner, we now will NEVER retain any keys and fully calculate the "desired state" of the target secret each loop:
   1. This means that some peoples secrets might have keys removed when updating to 0.11.

Generators and ClusterGenerator

We added ClusterGenerators and Generator caching as well. This might create some problems in the way generators are defined now.

CRD Admission Restrictions

All of the CRDs now have proper kubebuilder markers for validation. This might surprise someone leaving out some data that was essentially actually required or expected in a certain format. This is now validated in #​4104.

Images

Image: ghcr.io/external-secrets/external-secrets:v0.11.0
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi-boringssl

What's Changed

• chore: bump version v0.10.7 by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4141
• feat: significantly reduce api calls and introduce partial secret cache by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4086
• chore(deps): bump mkdocs-material from 9.5.44 to 9.5.45 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4143
• chore(deps): bump tornado from 6.4.1 to 6.4.2 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4144
• chore(deps): bump codecov/codecov-action from 5.0.2 to 5.0.7 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4145
• chore(deps): bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4146
• chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4147
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4148
• fix: gitlab empty response by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4152
• feat: add ability to push expiration date to secret in azure key vault by @​deggja in https://github.com/external-secrets/external-secrets/pull/4149
• feat: implement a cluster-wide generator by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4140
• feat: Add API key auth support on BeyondTrust provider by @​dtejadav in https://github.com/external-secrets/external-secrets/pull/4101
• Add support for multiple Items fields in DelineSecretServer secrets by @​ronaldosaheki in https://github.com/external-secrets/external-secrets/pull/4051
• chore: deprecation policy and deprecating process by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4154
• fix: use cache when retrieving generators by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4153
• fix: e2e test for AWS not setting name and namespace by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4157
• fix: handle managed identity ClientID or ResourceID in acr generator by @​bonddim in https://github.com/external-secrets/external-secrets/pull/4150
• feat: add CRD validation for resource name/key fields by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4104
• fix: issues with generators by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4163

New Contributors

• @​thesuperzapper made their first contribution in https://github.com/external-secrets/external-secrets/pull/4086
• @​deggja made their first contribution in https://github.com/external-secrets/external-secrets/pull/4149
• @​dtejadav made their first contribution in https://github.com/external-secrets/external-secrets/pull/4101
• @​ronaldosaheki made their first contribution in https://github.com/external-secrets/external-secrets/pull/4051
• @​bonddim made their first contribution in https://github.com/external-secrets/external-secrets/pull/4150

Full Changelog: external-secrets/external-secrets@v0.10.7...v0.11.0

hashicorp/terraform-provider-kubernetes (kubernetes)

v2.35.1

Compare Source

BUG FIXES:

• resource/kubernetes_job_v1: revert the changes introduced in v2.34.0, where ttl_seconds_after_finished was set to 0. [GH-2650]
• resource/kubernetes_daemon_set_v1: fix issue where fields spec.strategy.rolling_update.max_surge and spec.strategy.rolling_update.max_unavailable were not being validated correctly. [GH-2653]

v2.35.0

Compare Source

FEATURES:

• resources_kubernetes_daemon_set_v1 : Added max_surge argument for to rolling_update block. [GH-2630]

open-telemetry/opentelemetry-helm-charts (opentelemetry-collector)

v0.111.0

Compare Source

OpenTelemetry Collector Helm chart for Kubernetes

What's Changed

• feat(helm): publish OCI helm charts by @​M0NsTeRRR in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1430
• [collector]: bump appVersion to 0.115.1 by @​TylerHelmuth in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1465

New Contributors

• @​M0NsTeRRR made their first contribution in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1430

Full Changelog: open-telemetry/opentelemetry-helm-charts@opentelemetry-operator-0.75.1...opentelemetry-collector-0.111.0

v0.110.7

Compare Source

OpenTelemetry Collector Helm chart for Kubernetes

What's Changed

• Bump kyverno/action-install-chainsaw from 0.2.11 to 0.2.12 by @​dependabot in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1456
• fix(collector): Whitespace/newline issues regarding additionalLabels by @​brdotv2 in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1445

New Contributors

• @​brdotv2 made their first contribution in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1445

Full Changelog: open-telemetry/opentelemetry-helm-charts@opentelemetry-collector-0.110.6...opentelemetry-collector-0.110.7

v0.110.6

Compare Source

OpenTelemetry Collector Helm chart for Kubernetes

What's Changed

• Change k8sobjects typo in values.yaml comment by @​timofey-drozhzhin in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1451

New Contributors

• @​timofey-drozhzhin made their first contribution in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1451

Full Changelog: open-telemetry/opentelemetry-helm-charts@opentelemetry-operator-0.75.0...opentelemetry-collector-0.110.6

v0.110.5

Compare Source

OpenTelemetry Collector Helm chart for Kubernetes

What's Changed

• fix(prometheusrule): simplify deployment logic by @​crutonjohn in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1449

New Contributors

• @​crutonjohn made their first contribution in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1449

Full Changelog: open-telemetry/opentelemetry-helm-charts@opentelemetry-collector-0.110.4...opentelemetry-collector-0.110.5

v0.110.4

Compare Source

OpenTelemetry Collector Helm chart for Kubernetes

What's Changed

• [collector] configMap.existingName support tpl by @​JaredTan95 in https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1443

Full Changelog: open-telemetry/opentelemetry-helm-charts@opentelemetry-demo-0.33.7...opentelemetry-collector-0.110.4

benjaminp/six (six)

v1.17.0

Compare Source

• Pull request #​388: Remove URLopener and FancyURLopener classes from
  urllib.request when running on Python 3.14 or greater.

• Pull request #​365, issue #​283: six.moves.UserDict now points to
  UserDict.IterableUserDict instead of UserDict.UserDict on Python 2.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

This PR has been generated by Renovate Bot.

---

This change is