fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

renovate · 2024-09-09T18:53:44Z

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/external-secrets/external-secrets	`v0.9.11` -> `v0.10.2`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-45041

Details

The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources(https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L49). It also has path/update verb of validatingwebhookconfigurations resources(https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L27). As a result, if a malicious user can access the worker node which has this deployment. he/she can:

For the "get/list secrets" permission, he/she can abuse the SA token of this deployment to retrieve or get ALL secrets in the whole cluster, including the cluster-admin secret if created. After that, he/she can abuse the cluster-admin secret to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation.
For the patch/update verb of validatingwebhookconfigurations, the malicious user can abuse these permissions to get sensitive data or lanuch DoS attacks:

For the privilege escalation attack, by updating/patching a Webhook to make it listen to Secret update operations, the attacker can capture and log all data from requests attempting to update Secrets. More specifically, when a Secret is updated, this Webhook sends the request data to the logging-service, which can then log the content of the Secret. This way, an attacker could indirectly gain access to the full contents of the Secret.

For the DoS attack, by updating/patching a Webhook, and making it deny all Pod create and update requests, the attacker can prevent any new Pods from being created or existing Pods from being updated, resulting in a Denial of Service (DoS) attack.

PoC

Please see the "Details" section

Impact

Privilege escalation

Release Notes

external-secrets/external-secrets (github.com/external-secrets/external-secrets)

`v0.10.2`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.2
Image: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi-boringssl

What's Changed

release: update helm charts to version v0.10.1 by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3842
fix: add watch to validatingwebhookconfigs by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3845

Full Changelog: external-secrets/external-secrets@v0.10.1...v0.10.2

`v0.10.1`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.1
Image: ghcr.io/external-secrets/external-secrets:v0.10.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.1-ubi-boringssl

⚠️ :red-alert: BREAKING CHANGE :red-alert: ⚠️

Webhook Generator
Webhook generator labels have changed from generators.external-secrets.io/type: webhook to external-secrets.io/type: webhook.
Webhook Provider
Webhook provider now can only use secrets that are labeled with external-secrets.io/type: webhook. This enforces explicit setup for webhook secrets by users.

Fixing the issue:

add the label for the secret used by the webhook:

apiVersion: v1
kind: Secret
metadata:
  name: your-secret
  labels:
    external-secrets.io/type: webhook ### <<<<<<<<<<<<< ADD THIS
data:
...

Image: ghcr.io/external-secrets/external-secrets:v0.10.0
Image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi-boringssl

What's Changed

chore: bump to 0.9.20 by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3660
chore(deps): bump golang from 1.22.4 to 1.22.5 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3662
chore(deps): bump distroless/static from 4197211 to ce46866 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3663
chore(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3665
chore(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3666
chore(deps): bump mkdocs-material from 9.5.27 to 9.5.28 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3667
chore(deps): bump certifi from 2024.6.2 to 2024.7.4 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3668
chore(deps): bump golang from 1.22.4-bookworm to 1.22.5-bookworm in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3669
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3670
sets eso-service-account for creating e2e comments by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3678
use github token for the actions check by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3679
Add support for Delinea Secret Server by @pacificcode in https://github.com/external-secrets/external-secrets/pull/3468
Fix: Only URL encode data being passed to URLs (#3652) by @ryanmeans in https://github.com/external-secrets/external-secrets/pull/3674
Commenting secrets manifest from hashicorp vault integration #3661 by @jeffmachado in https://github.com/external-secrets/external-secrets/pull/3680
docs: Fix namespaceRegexes in full-cluster-secret-store.yaml by @excalq in https://github.com/external-secrets/external-secrets/pull/3681
Support for Oracle PushSecret.property #2911 by @Aeyk in https://github.com/external-secrets/external-secrets/pull/3577
support for adding headers in vault provider by @abhinav1708 in https://github.com/external-secrets/external-secrets/pull/3677
chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3688
chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3691
chore(deps): bump actions/setup-python from 5.1.0 to 5.1.1 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3690
chore(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3689
chore(deps): bump golang from 8c9183f to 8c9183f by @dependabot in https://github.com/external-secrets/external-secrets/pull/3687
chore(deps): bump mkdocs-material from 9.5.28 to 9.5.29 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3692
fix: aws secretmanager's SecretExists returns true for non-existent secrets by @mintbomb27 in https://github.com/external-secrets/external-secrets/pull/3684
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3693
Added 2 articles I wrote on AWS secrets injection and ESO templating by @alinadir44 in https://github.com/external-secrets/external-secrets/pull/3707
Update docs for namespaceSelectors usage and namespaceSelector deprecation by @mtougeron in https://github.com/external-secrets/external-secrets/pull/3695
fix: add namespace to path and route construction by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3632
chore(deps): bump softprops/action-gh-release from 2.0.6 to 2.0.8 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3708
chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3709
Update bitwarden-secrets-manager.md by @zazathomas in https://github.com/external-secrets/external-secrets/pull/3710
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3711
feat: add PushSecret support for Pulumi ESC by @dirien in https://github.com/external-secrets/external-secrets/pull/3597
remove redundant parameter grab call, we already have the data by @rumenvasilev in https://github.com/external-secrets/external-secrets/pull/3722
chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3729
chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3727
chore(deps): bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3728
chore(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3731
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.15 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3730
chore(deps): bump alpine from 77726ef to 0a4eaa0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3733
chore(deps): bump golang from 8c9183f to 0d3653d by @dependabot in https://github.com/external-secrets/external-secrets/pull/3732
feat: increase verbosity of error message during validation by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3742
chore(deps): bump golang from 6c27802 to af9b40f in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3734
chore(deps): bump alpine from 3.20.1 to 3.20.2 in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3735
chore(deps): bump alpine from b89d9c9 to 0a4eaa0 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3736
chore(deps): bump regex from 2024.5.15 to 2024.7.24 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3737
chore(deps): bump mkdocs-material from 9.5.29 to 9.5.30 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3738
chore(deps): bump importlib-metadata from 8.0.0 to 8.2.0 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3739
chore(deps): bump pymdown-extensions from 10.8.1 to 10.9 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3740
docs: Remove references to pemCertificate and pemPrivateKey functions by @trenslow in https://github.com/external-secrets/external-secrets/pull/3744
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3741
docs: Improvements in the ExternalSecret comments in API section by @c-neto in https://github.com/external-secrets/external-secrets/pull/3725
feat: add prefix definition to all secret keys for aws parameter store by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3718
feat: do not modify the secret in case of a NotModified by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3746
feat: webhook secrets must be labeled by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3753
feat: support pkcs12 with chain in pushsecret to Azure KeyVault by @mysteq in https://github.com/external-secrets/external-secrets/pull/3747
docs: document fullPemToPkcs12 and fullPemToPkcs12Pass helper functions by @mysteq in https://github.com/external-secrets/external-secrets/pull/3749

New Contributors

@ryanmeans made their first contribution in https://github.com/external-secrets/external-secrets/pull/3674
@jeffmachado made their first contribution in https://github.com/external-secrets/external-secrets/pull/3680
@excalq made their first contribution in https://github.com/external-secrets/external-secrets/pull/3681
@Aeyk made their first contribution in https://github.com/external-secrets/external-secrets/pull/3577
@abhinav1708 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3677
@mintbomb27 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3684
@alinadir44 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3707
@mtougeron made their first contribution in https://github.com/external-secrets/external-secrets/pull/3695
@zazathomas made their first contribution in https://github.com/external-secrets/external-secrets/pull/3710
@rumenvasilev made their first contribution in https://github.com/external-secrets/external-secrets/pull/3722
@trenslow made their first contribution in https://github.com/external-secrets/external-secrets/pull/3744
@c-neto made their first contribution in https://github.com/external-secrets/external-secrets/pull/3725
@mysteq made their first contribution in https://github.com/external-secrets/external-secrets/pull/3747

Full Changelog: external-secrets/external-secrets@v0.9.20...v0.10.0

`v0.9.20`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.9.20
Image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi-boringssl

What's Changed

bump 0.9.19 by @knelasevero in https://github.com/external-secrets/external-secrets/pull/3553
Fix typo: temaplate --> template by @lindhe in https://github.com/external-secrets/external-secrets/pull/3554
Oracle Vault Provider Documentation by @anders-swanson in https://github.com/external-secrets/external-secrets/pull/3551
feat: add location to GCP push secret by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3502
add log.level and log.encoding to all components by @KyriosGN0 in https://github.com/external-secrets/external-secrets/pull/3558
chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3561
chore(deps): bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3562
chore(deps): bump tornado from 6.4 to 6.4.1 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3563
chore(deps): bump packaging from 24.0 to 24.1 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3564
chore(deps): bump mkdocs-material from 9.5.25 to 9.5.26 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3565
chore(deps): bump zipp from 3.19.1 to 3.19.2 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3566
chore(deps): bump ubi8/ubi-minimal from 9e458f4 to 5f1cd34 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3568
chore(deps): bump golang from 1.22.3-bookworm to 1.22.4-bookworm in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3569
chore(deps): bump golang from 1.22.3 to 1.22.4 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3567
Infisical provider by @akhilmhdh in https://github.com/external-secrets/external-secrets/pull/3477
feat: kick github actions on main by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3572
feat: add support to set Type for AWS parameter store by @vsantos in https://github.com/external-secrets/external-secrets/pull/3576
Remove shuheiktgw from maintainers by @shuheiktgw in https://github.com/external-secrets/external-secrets/pull/3573
Add device42 provider by @smcavallo in https://github.com/external-secrets/external-secrets/pull/3571
ref: parameter store should be called only once by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3584
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3570
feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache by @toVersus in https://github.com/external-secrets/external-secrets/pull/3588
Support glob for namespaces condition in ClusterSecretStore by @speedfl in https://github.com/external-secrets/external-secrets/pull/2920
Fix typo privatKey in multiple files by @IdanAdar in https://github.com/external-secrets/external-secrets/pull/3578
chore(deps): bump mkdocs-material from 9.5.26 to 9.5.27 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3595
chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3591
chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3592
chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3590
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3596
chore(deps): bump golang from aec4784 to 9678844 in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3593
chore(deps): bump golang from 9bdd569 to 6522f0c by @dependabot in https://github.com/external-secrets/external-secrets/pull/3594
feat(chart): Enable partial cache for certcontroller when installCRDs=true by @toVersus in https://github.com/external-secrets/external-secrets/pull/3589
Add skip unmanaged store logic for push secret controller by @Bude8 in https://github.com/external-secrets/external-secrets/pull/3123
fix(vault): Fix crash when caching is enabled and a token expires by @agunnerson-elastic in https://github.com/external-secrets/external-secrets/pull/3598
Remove the use of "golang.org/x/crypto/pkcs12" by @yihuaf in https://github.com/external-secrets/external-secrets/pull/3601
Make UBI more tolerable from OS vulnerabilities by @IdanAdar in https://github.com/external-secrets/external-secrets/pull/3607
fix: explicitly fetch status subresource due to inconsistencies by @moolen in https://github.com/external-secrets/external-secrets/pull/3608
Adds codepath for removing finalizers by @lllamnyp in https://github.com/external-secrets/external-secrets/pull/3610
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3624
chore(deps): bump alpine from 3.20.0 to 3.20.1 in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/3622
chore(deps): bump alpine from 77726ef to b89d9c9 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3621
chore(deps): bump golang from 6522f0c to ace6cc3 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3620
chore(deps): bump urllib3 from 2.2.1 to 2.2.2 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3618
chore(deps): bump importlib-metadata from 7.1.0 to 7.2.1 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3617
chore(deps): bump livereload from 2.6.3 to 2.7.0 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3616
chore(deps): bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3615
chore(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.6 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3614
Fix ACR External Secret example by @ellenfieldn in https://github.com/external-secrets/external-secrets/pull/3626
feat: add bitwarden secret manager support by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3603
fix: e2e installation of ESO needs to update dependencies first by @Skarlso in https://github.com/external-secrets/external-secrets/pull/3635
added secretserver env vars to e2e.yml by @pacificcode in https://github.com/external-secrets/external-secrets/pull/3636
docs: fix dataFrom.find in ExternalSecret api example by @sboschman in https://github.com/external-secrets/external-secrets/pull/3633
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3641
chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in https://github.com/external-secrets/external-secrets/pull/3640
chore(deps): bump importlib-metadata from 7.2.1 to 8.0.0 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/3639
add AuthRef to kubernetes provider fixes #3627 by @kaedwen in https://github.com/external-secrets/external-secrets/pull/3628
fix: implement handling for pushing whole k8s secret to gcsm by @thejosephstevens in https://github.com/external-secrets/external-secrets/pull/3644
bump e2e pipeline by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3646
fix e2e permissions by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3647
bump docs with e2e commands by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3648
also needs pull-requests by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3649
use github token to allow comment by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3651
fix(webhook): perform conversion of data by @cardoe in https://github.com/external-secrets/external-secrets/pull/3638
feat: implement pushing whole k8s secret to Azure Keyvault by @CCOLLOT in https://github.com/external-secrets/external-secrets/pull/3650
fix(vault): Treat tokens expiring in <60s as expired by @agunnerson-elastic in https://github.com/external-secrets/external-secrets/pull/3637
Allow specifying the same namespace for SecretStores by @shuheiktgw in https://github.com/external-secrets/external-secrets/pull/3555
docs: add proposal for PushSecret metadata by @moolen in https://github.com/external-secrets/external-secrets/pull/3612
fix github credentials by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3656
docs: updated k8s support for ESO v0.9 by @shazib-summar in https://github.com/external-secrets/external-secrets/pull/3659

New Contributors

@lindhe made their first contribution in https://github.com/external-secrets/external-secrets/pull/3554
@KyriosGN0 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3558
@akhilmhdh made their first contribution in https://github.com/external-secrets/external-secrets/pull/3477
@smcavallo made their first contribution in https://github.com/external-secrets/external-secrets/pull/3571
@toVersus made their first contribution in https://github.com/external-secrets/external-secrets/pull/3588
@speedfl made their first contribution in https://github.com/external-secrets/external-secrets/pull/2920
@Bude8 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3123
@agunnerson-elastic made their first contribution in https://github.com/external-secrets/external-secrets/pull/3598
@yihuaf made their first contribution in https://github.com/external-secrets/external-secrets/pull/3601
@lllamnyp made their first contribution in https://github.com/external-secrets/external-secrets/pull/3610
@ellenfieldn made their first contribution in https://github.com/external-secrets/external-secrets/pull/3626
@pacificcode made their first contribution in https://github.com/external-secrets/external-secrets/pull/3636
@sboschman made their first contribution in [https://github.com/docs: fix dataFrom.find in ExternalSecret api example external-secrets/external-secrets#3633

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2024-09-09T18:53:46Z

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

6 additional dependencies were updated

Details:

Package	Change
`github.com/go-jose/go-jose/v4`	`v4.0.2` -> `v4.0.4`
`github.com/hashicorp/vault/api`	`v1.13.0` -> `v1.14.0`
`github.com/hashicorp/vault/api/auth/approle`	`v0.5.0` -> `v0.7.0`
`github.com/hashicorp/vault/api/auth/kubernetes`	`v0.5.0` -> `v0.7.0`
`github.com/spf13/cast`	`v1.6.0` -> `v1.7.0`
`go.mongodb.org/mongo-driver`	`v1.14.0` -> `v1.16.1`

… to v0.10.2 [security]

renovate bot force-pushed the renovate/go-github.com-external-secrets-external-secrets-vulnerability branch from ff3b50a to af68b08 Compare September 24, 2024 02:38

renovate bot force-pushed the renovate/go-github.com-external-secrets-external-secrets-vulnerability branch from af68b08 to 1289d5f Compare January 5, 2025 23:03

renovate bot force-pushed the renovate/go-github.com-external-secrets-external-secrets-vulnerability branch from 1289d5f to 0488d08 Compare January 16, 2025 04:29

fix(deps): update module github.com/external-secrets/external-secrets…

89f4f2d

… to v0.10.2 [security]

renovate bot force-pushed the renovate/go-github.com-external-secrets-external-secrets-vulnerability branch from 0488d08 to 89f4f2d Compare July 20, 2025 21:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

Uh oh!

renovate bot commented Sep 9, 2024 •

edited

Loading

Uh oh!

renovate bot commented Sep 9, 2024 •

edited

Loading

Uh oh!

Uh oh!

fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

Are you sure you want to change the base?

fix(deps): update module github.com/external-secrets/external-secrets to v0.10.2 [security] #522

Uh oh!

Conversation

renovate bot commented Sep 9, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

CVE-2024-45041

Details

PoC

Impact

Release Notes

v0.10.2

What's Changed

v0.10.1

What's Changed

New Contributors

v0.10.0

Fixing the issue:

What's Changed

New Contributors

v0.9.20

What's Changed

New Contributors

Configuration

Uh oh!

renovate bot commented Sep 9, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ Artifact update notice

File name: go.mod

Uh oh!

Uh oh!

renovate bot commented Sep 9, 2024 •

edited

Loading

`v0.10.2`

`v0.10.1`

`v0.10.0`

`v0.9.20`

renovate bot commented Sep 9, 2024 •

edited

Loading