Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kubeseal for openSUSE:Factory
checked in at 2025-06-13 18:45:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubeseal (Old)
and /work/SRC/openSUSE:Factory/.kubeseal.new.19631 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeseal"
Fri Jun 13 18:45:48 2025 rev:38 rq:1285315 version:0.30.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes 2025-03-27
22:34:32.882186151 +0100
+++ /work/SRC/openSUSE:Factory/.kubeseal.new.19631/kubeseal.changes
2025-06-13 18:46:09.392560766 +0200
@@ -1,0 +2,28 @@
+Fri Jun 13 05:05:59 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 0.30.0:
+ * Release notes 0.30 (#1744)
+ * Bump golang to 1.24.4 (#1743)
+ * Bump golang.org/x/crypto from 0.38.0 to 0.39.0 (#1742)
+ * Bump k8s.io/client-go from 0.33.0 to 0.33.1 (#1734)
+ * Bump k8s.io/api from 0.33.0 to 0.33.1 (#1733)
+ * Bump k8s.io/code-generator from 0.33.0 to 0.33.1 (#1732)
+ * Bump golang.org/x/crypto from 0.37.0 to 0.38.0 (#1731)
+ * Bump k8s.io/client-go from 0.32.3 to 0.33.0 (#1729)
+ * Bump k8s.io/code-generator from 0.32.3 to 0.33.0 (#1728)
+ * Bump k8s.io/api from 0.32.3 to 0.33.0 (#1730)
+ * Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules
+ group (#1725)
+ * Bump github.com/prometheus/client_golang from 1.21.1 to 1.22.0
+ (#1724)
+ * Bump github.com/onsi/gomega from 1.36.3 to 1.37.0 (#1722)
+ * Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#1723)
+ * Bump golang.org/x/crypto from 0.36.0 to 0.37.0 (#1721)
+ * Fix typo in RBAC namespaced roles documentation (#1720)
+ * Bump to go1.24.1 (#1713)
+ * Fix potential controller sensitive data exposure by sprig
+ template functions (#1703)
+ * Release carvel package 2.17.2 (#1718)
+ * Release chart 2.17.2 (#1716)
+
+-------------------------------------------------------------------
Old:
----
kubeseal-0.29.0.obscpio
New:
----
kubeseal-0.30.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubeseal.spec ++++++
--- /var/tmp/diff_new_pack.pXx3Hk/_old 2025-06-13 18:46:12.720697251 +0200
+++ /var/tmp/diff_new_pack.pXx3Hk/_new 2025-06-13 18:46:12.736697907 +0200
@@ -17,7 +17,7 @@
Name: kubeseal
-Version: 0.29.0
+Version: 0.30.0
Release: 0
Summary: CLI for encrypting secrets to SealedSecrets
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.pXx3Hk/_old 2025-06-13 18:46:12.972707585 +0200
+++ /var/tmp/diff_new_pack.pXx3Hk/_new 2025-06-13 18:46:13.008709062 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/bitnami-labs/sealed-secrets</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.29.0</param>
+ <param name="revision">v0.30.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.pXx3Hk/_old 2025-06-13 18:46:13.140714475 +0200
+++ /var/tmp/diff_new_pack.pXx3Hk/_new 2025-06-13 18:46:13.160715295 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/bitnami-labs/sealed-secrets</param>
- <param
name="changesrevision">0d9cfaf99f23a344df8be86cf62d4aaad0d81be8</param></service></servicedata>
+ <param
name="changesrevision">6e0beae85afcd1e981b4b56f22399ded6cbe6a88</param></service></servicedata>
(No newline at EOF)
++++++ kubeseal-0.29.0.obscpio -> kubeseal-0.30.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.gitattributes
new/kubeseal-0.30.0/.gitattributes
--- old/kubeseal-0.29.0/.gitattributes 2025-03-27 11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.gitattributes 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-vendor_jsonnet/ linguist-generated=true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/CODEOWNERS
new/kubeseal-0.30.0/.github/CODEOWNERS
--- old/kubeseal-0.29.0/.github/CODEOWNERS 2025-03-27 11:50:13.000000000
+0100
+++ new/kubeseal-0.30.0/.github/CODEOWNERS 1970-01-01 01:00:00.000000000
+0100
@@ -1,5 +0,0 @@
-# These owners will be the default owners for everything in
-# the repo. Unless a later match takes precedence,
-# @alvneiayu @agarcia-oss @alemorcuq will be requested for
-# review when someone opens a pull request.
-* @alvneiayu @agarcia-oss
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/ISSUE_TEMPLATE/bug_report.md
new/kubeseal-0.30.0/.github/ISSUE_TEMPLATE/bug_report.md
--- old/kubeseal-0.29.0/.github/ISSUE_TEMPLATE/bug_report.md 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/ISSUE_TEMPLATE/bug_report.md 1970-01-01
01:00:00.000000000 +0100
@@ -1,42 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: triage
-assignees: ''
-
----
-
-<!--
- Before you open the bug report please review the following FAQ:
-
- - [Sealed Secrets FAQ](https://github.com/bitnami-labs/sealed-secrets#faq)
- -->
-
-**Which component**:
-The name (and version) of the affected component (controller or kubeseal)
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-Steps to reproduce the behavior:
-
-1. Go to '...'
-2. Run the command '....'
-3. Wait for '....'
-4. See error
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Version of Kubernetes**:
-
-- Output of `kubectl version`:
-
-```
-(paste your output here)
-```
-
-**Additional context**
-Add any other context about the problem here.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeseal-0.29.0/.github/ISSUE_TEMPLATE/feature_request.md
new/kubeseal-0.30.0/.github/ISSUE_TEMPLATE/feature_request.md
--- old/kubeseal-0.29.0/.github/ISSUE_TEMPLATE/feature_request.md
2025-03-27 11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/ISSUE_TEMPLATE/feature_request.md
1970-01-01 01:00:00.000000000 +0100
@@ -1,23 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-title: ''
-labels: triage
-assignees: ''
-
----
-
-**Which component**:
-The name (and version) of the affected component (controller or kubeseal)
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always
frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features
you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/PULL_REQUEST_TEMPLATE.md
new/kubeseal-0.30.0/.github/PULL_REQUEST_TEMPLATE.md
--- old/kubeseal-0.29.0/.github/PULL_REQUEST_TEMPLATE.md 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/PULL_REQUEST_TEMPLATE.md 1970-01-01
01:00:00.000000000 +0100
@@ -1,33 +0,0 @@
-<!--
- Before you open the request please review the following guidelines and tips
to help it be more easily integrated:
-
- - Describe the scope of your change - i.e. what the change does.
- - Describe any known limitations with your change.
- - Please run any tests or examples that can exercise your modified code.
-
- Thank you for contributing! We will try to test and integrate the change as
soon as we can, but be aware we have many GitHub repositories to manage and
can't immediately respond to every request. There is no need to bump or check
in on a pull request (it will clutter the discussion of the request).
-
- Also don't be worried if the request is closed or not integrated sometimes
the priorities of Bitnami might not match the priorities of the pull request.
Don't fret, the open source community thrives on forks and GitHub makes it easy
to keep your changes in a forked repo.
- -->
-
-**Description of the change**
-
-<!-- Describe the scope of your change - i.e. what the change does. -->
-
-**Benefits**
-
-<!-- What benefits will be realized by the code change? -->
-
-**Possible drawbacks**
-
-<!-- Describe any known limitations with your change -->
-
-**Applicable issues**
-
-<!-- Enter any applicable Issues here (You can reference an issue using #) -->
-- fixes #
-
-**Additional information**
-
-<!-- If there's anything else that's important and relevant to your pull
-request, mention that information here.-->
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/dependabot.yml
new/kubeseal-0.30.0/.github/dependabot.yml
--- old/kubeseal-0.29.0/.github/dependabot.yml 2025-03-27 11:50:13.000000000
+0100
+++ new/kubeseal-0.30.0/.github/dependabot.yml 1970-01-01 01:00:00.000000000
+0100
@@ -1,11 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-#
https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
- - package-ecosystem: "gomod" # See documentation for possible values
- directory: "/" # Location of package manifests
- schedule:
- interval: "weekly"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/workflows/ci.yml
new/kubeseal-0.30.0/.github/workflows/ci.yml
--- old/kubeseal-0.29.0/.github/workflows/ci.yml 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/workflows/ci.yml 1970-01-01
01:00:00.000000000 +0100
@@ -1,286 +0,0 @@
-name: CI
-
-on:
- push:
- branches: [ main ]
- pull_request:
- branches: [ main ]
-
-env:
- controller_registry: docker.io
- controller_repository: bitnami/sealed-secrets-controller
- controller_tag: latest
-
-jobs:
- load-versions:
- name: Load versions.env
- runs-on: ubuntu-latest
- steps:
- - name: checkout repo
- uses: actions/checkout@v3.1.0
- - id: load-versions
- run: |
- source $GITHUB_WORKSPACE/versions.env
- # env vars
- echo "GO_VERSION=$GO_VERSION" >> $GITHUB_ENV
- echo "GO_VERSION_LIST=$GO_VERSION_LIST" >> $GITHUB_ENV
- # outputs
- echo "go_version=${GO_VERSION}" >> $GITHUB_OUTPUT
- echo "go_version_list=${GO_VERSION_LIST}" >> $GITHUB_OUTPUT
- outputs:
- go_version: ${{ steps.load-versions.outputs.go_version }}
- go_version_list: ${{ steps.load-versions.outputs.go_version_list }}
- linter:
- needs: load-versions
- name: Run linters
- runs-on: ubuntu-latest
- strategy:
- matrix:
- go: ${{ fromJSON(needs.load-versions.outputs.go_version_list) }}
- os: [ubuntu-latest]
- golangci-lint: ["1.62.2"]
- gosec: ["2.19.0"]
- steps:
- - name: Set up Go 1.x
- uses: actions/setup-go@v3.3.1
- with:
- go-version: ${{ matrix.go }}
- id: go
-
- - name: Check out code into the Go module directory
- uses: actions/checkout@v3.1.0
-
- - name: Install dependencies
- run: |
- go install github.com/golangci/golangci-lint/cmd/golangci-lint@v${{
matrix.golangci-lint }}
- go install github.com/securego/gosec/v2/cmd/gosec@v${{ matrix.gosec }}
-
- - name: Run linter
- run: make lint
-
- - name: Run gosec
- run: make lint-gosec
-
- test:
- needs: load-versions
- name: Build
- runs-on: ${{ matrix.os }}
- strategy:
- matrix:
- go: ${{ fromJSON(needs.load-versions.outputs.go_version_list) }}
- os: [macos-latest, windows-latest, ubuntu-latest]
- gotestsum: ["1.8.1"]
- steps:
-
- - name: Set up Go 1.x
- uses: actions/setup-go@v3.3.1
- with:
- go-version: ${{ matrix.go }}
- id: go
-
- - name: Check out code into the Go module directory
- uses: actions/checkout@v3.1.0
-
- - name: Install dependencies
- run: |
- go install gotest.tools/gotestsum@v${{ matrix.gotestsum }}
-
- - name: Test
- run: make GO_FLAGS="--junitfile report.xml --format testname" test
-
- - name: Test Summary
- uses: test-summary/action@v2
- with:
- paths: |
- report.xml
-
- container:
- needs: load-versions
- name: Build Container
- runs-on: ubuntu-latest
- steps:
- - name: "Set environmental variables"
- run: |
- echo
"CONTROLLER_IMAGE=$controller_registry/$controller_repository:$controller_tag"
>> $GITHUB_ENV
-
- - name: Check out code
- uses: actions/checkout@v3.1.0
-
- - name: Install Cosign
- uses: sigstore/cosign-installer@v3.4.0
- with:
- cosign-release: v2.2.3
-
- - name: Distroless verify
- run: |
- diff <(grep FROM docker/kubeseal.Dockerfile | awk '{print $2}') \
- <(grep FROM docker/controller.Dockerfile | awk '{print $2}')
- cosign verify "$(grep FROM docker/controller.Dockerfile | awk '{print
$2}')" --certificate-oidc-issuer https://accounts.google.com
--certificate-identity keyl...@distroless.iam.gserviceaccount.com
-
- - name: Setup kubecfg
- run: |
- mkdir -p ~/bin
- curl -sLf
https://github.com/kubecfg/kubecfg/releases/download/v0.26.0/kubecfg_Linux_X64
>~/bin/kubecfg
- chmod +x ~/bin/kubecfg
-
- - name: Set up Go 1.x
- uses: actions/setup-go@v3.3.1
- with:
- go-version: ${{ needs.load-versions.outputs.go_version }}
- id: go
-
- - name: Docker build
- run: |
- export PATH=~/bin:$PATH
- make CONTROLLER_IMAGE=$CONTROLLER_IMAGE IMAGE_PULL_POLICY=Never
controller.yaml
- make CONTROLLER_IMAGE=$CONTROLLER_IMAGE controller.image.linux-amd64
- docker tag $CONTROLLER_IMAGE-linux-amd64 $CONTROLLER_IMAGE
- docker save $CONTROLLER_IMAGE -o /tmp/controller-image.tar
-
- - name: Upload manifest artifact
- uses: actions/upload-artifact@v4.4.0
- with:
- name: controller-manifest
- path: controller.yaml
-
- - name: Upload container image artifact
- uses: actions/upload-artifact@v4.4.0
- with:
- name: controller-image
- path: /tmp/controller-image.tar
-
- integration-yaml:
- needs: [ load-versions, container ]
- name: Integration (controller.yaml)
- runs-on: ubuntu-latest
- strategy:
- matrix:
- k8s: ["1.29.13","1.30.9","1.31.5","1.32.1"]
- env:
- MINIKUBE_WANTUPDATENOTIFICATION: "false"
- MINIKUBE_WANTREPORTERRORPROMPT: "false"
- CHANGE_MINIKUBE_NONE_USER: "true"
- steps:
- - name: "Set environmental variables"
- run: |
- echo
"CONTROLLER_IMAGE=$controller_registry/$controller_repository:$controller_tag"
>> $GITHUB_ENV
-
- - name: Set up Go 1.x
- uses: actions/setup-go@v3.3.1
- with:
- go-version: ${{ needs.load-versions.outputs.go_version }}
- id: go
-
- - name: Set up Ginkgo
- run: |
- go install github.com/onsi/ginkgo/ginkgo@v1.16.4
-
- - name: Check out code into the Go module directory
- uses: actions/checkout@v3.1.0
-
- - uses: medyagh/setup-minikube@v0.0.19
- with:
- minikube-version: 1.35.0
- kubernetes-version: ${{ matrix.k8s }}
-
- # need to delete old state of the cluster, see:
- # https://github.com/kubernetes/minikube/issues/8765
- - name: K8s setup
- run: |
- minikube delete
- minikube config set kubernetes-version v${{ matrix.k8s }}
- minikube start --vm-driver=docker
- minikube update-context
- kubectl cluster-info
-
- - name: Download manifest artifact
- uses: actions/download-artifact@v4.1.7
- with:
- name: controller-manifest
-
- - name: Download container image artifact
- uses: actions/download-artifact@v4.1.7
- with:
- name: controller-image
-
- - name: Load docker image
- run: |
- eval $(minikube docker-env)
- docker load -i controller-image.tar
- docker inspect $CONTROLLER_IMAGE
-
- - name: Testing environment setup
- run: |
- kubectl apply -f controller.yaml
- kubectl rollout status deployment/sealed-secrets-controller -n
kube-system -w --timeout=1m || kubectl -n kube-system describe pod
-lname=sealed-secrets-controller
-
- - name: Integration tests
- run: make integrationtest CONTROLLER_IMAGE=$CONTROLLER_IMAGE
GINKGO="ginkgo -v --randomizeSuites --failOnPending --trace --progress
--compilers=2 --nodes=4"
-
- integration-chart:
- needs: [ load-versions, container ]
- name: Integration (Helm Chart)
- runs-on: ubuntu-latest
- strategy:
- matrix:
- k8s: ["1.29.13","1.30.9","1.31.5","1.32.1"]
- env:
- MINIKUBE_WANTUPDATENOTIFICATION: "false"
- MINIKUBE_WANTREPORTERRORPROMPT: "false"
- CHANGE_MINIKUBE_NONE_USER: "true"
- steps:
- - name: "Set environmental variables"
- run: |
- echo
"CONTROLLER_IMAGE=$controller_registry/$controller_repository:$controller_tag"
>> $GITHUB_ENV
-
- - name: Set up Go 1.x
- uses: actions/setup-go@v3.3.1
- with:
- go-version: ${{ needs.load-versions.outputs.go_version }}
- id: go
-
- - name: Set up Ginkgo
- run: |
- go install github.com/onsi/ginkgo/ginkgo@v1.16.4
-
- - name: Check out code into the Go module directory
- uses: actions/checkout@v3.1.0
-
- - uses: medyagh/setup-minikube@v0.0.19
- with:
- minikube-version: 1.35.0
- kubernetes-version: ${{ matrix.k8s }}
-
- - name: Install Helm
- uses: azure/setup-helm@v3.5
- with:
- version: v3.12.0
-
- # need to delete old state of the cluster, see:
- # https://github.com/kubernetes/minikube/issues/8765
- - name: K8s setup
- run: |
- minikube delete
- minikube config set kubernetes-version v${{ matrix.k8s }}
- minikube start --vm-driver=docker
- minikube update-context
- kubectl cluster-info
-
- - name: Download container image artifact
- uses: actions/download-artifact@v4.1.7
- with:
- name: controller-image
-
- - name: Load docker image
- run: |
- eval $(minikube docker-env)
- docker load -i controller-image.tar
- docker inspect $CONTROLLER_IMAGE
-
- - name: Testing environment setup
- run: |
- helm install sealed-secrets -n kube-system --set
fullnameOverride=sealed-secrets-controller --set
image.registry=$controller_registry --set
image.repository=$controller_repository --set image.tag=$controller_tag --set
image.pullPolicy=Never helm/sealed-secrets
- kubectl rollout status deployment/sealed-secrets-controller -n
kube-system -w --timeout=1m || kubectl -n kube-system describe pod
-lapp.kubernetes.io/name=sealed-secrets
-
- - name: Integration tests
- run: make integrationtest CONTROLLER_IMAGE=$CONTROLLER_IMAGE
GINKGO="ginkgo -v --randomizeSuites --failOnPending --trace --progress
--compilers=2 --nodes=4"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/workflows/cosign.pub
new/kubeseal-0.30.0/.github/workflows/cosign.pub
--- old/kubeseal-0.29.0/.github/workflows/cosign.pub 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/workflows/cosign.pub 1970-01-01
01:00:00.000000000 +0100
@@ -1,4 +0,0 @@
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEseWNtEaI73oDVgjfLzU4eQYHE11i
-MzRSNs1TA+cTT/Lw70ckfCC/vHnOXKACF2dnhsZsNNj647p9mAiYNVl9ug==
------END PUBLIC KEY-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/workflows/helm-release.yaml
new/kubeseal-0.30.0/.github/workflows/helm-release.yaml
--- old/kubeseal-0.29.0/.github/workflows/helm-release.yaml 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/workflows/helm-release.yaml 1970-01-01
01:00:00.000000000 +0100
@@ -1,84 +0,0 @@
-name: Release Helm Chart and Carvel package
-
-on:
- push:
- paths:
- # update this file to trigger helm chart release
- - 'helm/sealed-secrets/Chart.yaml'
- branches:
- - main
-
-jobs:
- release:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v3.1.0
- with:
- fetch-depth: 0
-
- - name: Configure Git
- run: |
- git config user.name "$GITHUB_ACTOR"
- git config user.email "$github_ac...@users.noreply.github.com"
-
- - name: Install Helm
- uses: azure/setup-helm@v3.4
- with:
- version: v3.4.2
-
- - name: Run chart-releaser
- uses: helm/chart-releaser-action@v1.4.1
- with:
- charts_dir: helm
- env:
- CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- CR_RELEASE_NAME_TEMPLATE: "helm-v{{ .Version }}"
-
- - name: Install Carvel
- uses: carvel-dev/setup-action@v1.3.0
- with:
- only: kbld, imgpkg
- token: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Install yq
- run: |
- mkdir -p ~/bin
- wget
https://github.com/mikefarah/yq/releases/download/v4.30.8/yq_linux_amd64 -O
~/bin/yq
- chmod +x ~/bin/yq
-
- - name: Get chart version
- run: |
- export PATH=~/bin:$PATH
- echo "chart_version=$(yq .version <
./helm/sealed-secrets/Chart.yaml)" >> $GITHUB_ENV
-
- - name: Create imglock file
- working-directory: ./helm
- run: |
- mkdir -p .imgpkg
- kbld -f <(helm template sealed-secrets) --imgpkg-lock-output
.imgpkg/images.yml
-
- - name: Push imgpkg bundle
- working-directory: ./helm
- env:
- IMGPKG_REGISTRY_HOSTNAME: ghcr.io
- IMGPKG_REGISTRY_USERNAME: ${{ github.actor }}
- IMGPKG_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- run: |
- imgpkg push -b ghcr.io/${{ github.repository_owner
}}/sealed-secrets-carvel:${{ env.chart_version }} -f . --json > output
- echo carvel_pkg=$(cat output | grep Pushed | cut -d "'" -f2 ) >>
$GITHUB_ENV
-
- - name: Update package.yaml
- run: |
- yq -i '.spec.version = "${{ env.chart_version }}"'
carvel/package.yaml
- yq -i '.metadata.name = "sealedsecrets.bitnami.com.${{
env.chart_version }}"' carvel/package.yaml
- yq -i '.spec.template.spec.fetch.0.imgpkgBundle.image = "${{
env.carvel_pkg }}"' carvel/package.yaml
- git checkout -B 'release-carvel-${{ env.chart_version }}'
- git add carvel/package.yaml
- git commit -sm 'Release carvel package ${{ env.chart_version }}'
- git push origin 'release-carvel-${{ env.chart_version }}'
-
- - name: Create PR
- run: gh pr create --fill --base main --repo $GITHUB_REPOSITORY
- env:
- GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/workflows/helm-vib-lint.yaml
new/kubeseal-0.30.0/.github/workflows/helm-vib-lint.yaml
--- old/kubeseal-0.29.0/.github/workflows/helm-vib-lint.yaml 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/workflows/helm-vib-lint.yaml 1970-01-01
01:00:00.000000000 +0100
@@ -1,26 +0,0 @@
-name: Lint Helm Chart
-on:
- workflow_dispatch:
- pull_request_target:
- branches:
- - main
- - bitnami-labs:main
- paths:
- - 'helm/**'
-
-env:
- CSP_API_URL: https://console.tanzu.broadcom.com
- CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
- VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
-
-jobs:
- # make sure chart is linted/safe
- vib-validate:
- runs-on: ubuntu-latest
- name: Lint chart
- steps:
- - uses: actions/checkout@v3.1.0
- with:
- ref: ${{github.event.pull_request.head.ref}}
- repository: ${{github.event.pull_request.head.repo.full_name}}
- - uses: vmware-labs/vmware-image-builder-action@v0.6.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/workflows/helm-vib.yaml
new/kubeseal-0.30.0/.github/workflows/helm-vib.yaml
--- old/kubeseal-0.29.0/.github/workflows/helm-vib.yaml 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/workflows/helm-vib.yaml 1970-01-01
01:00:00.000000000 +0100
@@ -1,47 +0,0 @@
-name: Verify Helm Chart
-on:
- workflow_dispatch:
- push:
- branches:
- - main
- paths:
- - 'helm/**'
-
-env:
- CSP_API_URL: https://console.tanzu.broadcom.com
- CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
- VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
-
-jobs:
- # verify chart in multiple target platforms
- vib-k8s-verify:
- runs-on: ubuntu-latest
- environment: vmware-image-builder
- strategy:
- matrix:
- include:
- - name: GKE
- target-platform: gke
- target-platform-id: 91d398a2-25c4-4cda-8732-75a3cfc179a1
- target-pipeline: vib-platform-verify.json
- - name: GKE Skip Recreate
- target-platform: gke
- target-platform-id: 91d398a2-25c4-4cda-8732-75a3cfc179a1
- target-pipeline: vib-platform-verify-skip-recreate.json
- - name: Openshift
- target-platform: openshift
- target-platform-id: ebac9e0d-3931-4515-ba54-e6adada1f174
- target-pipeline: vib-platform-verify-openshift.json
- fail-fast: false
- name: Verify chart (${{ matrix.name }})
- steps:
- - uses: actions/checkout@v3.1.0
- with:
- ref: ${{ github.event.pull_request.head.ref }}
- repository: ${{ github.event.pull_request.head.repo.full_name }}
- - uses: vmware-labs/vmware-image-builder-action@v0.6.0
- with:
- pipeline: ${{ matrix.target-pipeline }}
- max-pipeline-duration: 7200
- env:
- TARGET_PLATFORM: ${{ matrix.target-platform-id }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeseal-0.29.0/.github/workflows/publish-release.yaml
new/kubeseal-0.30.0/.github/workflows/publish-release.yaml
--- old/kubeseal-0.29.0/.github/workflows/publish-release.yaml 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/workflows/publish-release.yaml 1970-01-01
01:00:00.000000000 +0100
@@ -1,195 +0,0 @@
-name: Publish Release
-
-on:
- workflow_dispatch:
- inputs:
- chart:
- description: 'Chart version (e.g. 2.11.3)'
- required: true
- type: string
-
-jobs:
- release:
- runs-on: ubuntu-latest
- env:
- controller_dockerhub_image_name:
docker.io/bitnami/sealed-secrets-controller
- controller_ghcr_image_name:
ghcr.io/bitnami-labs/sealed-secrets-controller
- kubeseal_dockerhub_image_name: docker.io/bitnami/sealed-secrets-kubeseal
- kubeseal_ghcr_image_name: ghcr.io/bitnami-labs/sealed-secrets-kubeseal
- steps:
- # Checkout and set env
- - name: Checkout
- uses: actions/checkout@v3.1.0
- with:
- fetch-depth: 0
- - id: load-version
- run: |
- source $GITHUB_WORKSPACE/versions.env
- echo "GO_VERSION=$GO_VERSION" >> $GITHUB_ENV
- - name: Set up Go
- uses: actions/setup-go@v3.3.1
- with:
- go-version: ${{ env.GO_VERSION }}
- - name: Setup kubecfg
- run: |
- mkdir -p ~/bin
- curl -sLf
https://github.com/kubecfg/kubecfg/releases/download/v0.26.0/kubecfg_Linux_X64
>~/bin/kubecfg
- chmod +x ~/bin/kubecfg
-
- - name: Install dependencies
- run: |
- go install gotest.tools/gotestsum@v1.8.1
-
- # Setup env tools to copy images
- - name: Set up regctl
- uses: iarekylew00t/regctl-installer@v1
- with:
- regctl-release: v0.4.7
-
- # Check Release
- - name: Check Release
- run: |
- VERSION_TAG=$(git describe --tags --match "v[0-9]*" --abbrev=0 | tr
-d v)
- echo "Tag looking for $VERSION_TAG"
- CHECK_CONTROLLER=$(./scripts/release-check ${{
env.controller_dockerhub_image_name }} $VERSION_TAG)
- CHECK_KUBESEAL=$(./scripts/release-check ${{
env.kubeseal_dockerhub_image_name }} $VERSION_TAG)
- echo "RELEASE=$(($CHECK_CONTROLLER * $CHECK_KUBESEAL))" >>
$GITHUB_ENV
- echo "VERSION_TAG=$VERSION_TAG" >> $GITHUB_ENV
- echo "GORELEASER_CURRENT_TAG=v$VERSION_TAG" >> $GITHUB_ENV
-
- # Run tests
- - name: Tests
- if: env.RELEASE == 1
- run: make test
-
- # Generate K8s manifests
- - name: K8s manifests
- if: env.RELEASE == 1
- run: |
- export PATH=~/bin:$PATH
- make CONTROLLER_IMAGE=${{ env.controller_dockerhub_image_name
}}:${VERSION_TAG} controller.yaml controller-norbac.yaml
-
- # Setup Cosign
- - name: Install Cosign
- uses: sigstore/cosign-installer@v3.4.0
- with:
- cosign-release: v2.2.3
-
- if: env.RELEASE == 1
- - name: Write Cosign key
- if: env.RELEASE == 1
- run: echo "$COSIGN_KEY" > /tmp/cosign.key
- env:
- COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
-
- - name: Checkout version
- run: git checkout "$GORELEASER_CURRENT_TAG"
-
- # Build & Release binaries
- - name: Run GoReleaser
- uses: goreleaser/goreleaser-action@v3.1.0
- if: success() && startsWith(github.ref, 'refs/heads/') && env.RELEASE
== 1
- with:
- version: v1.10.3
- args: release --rm-dist
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-
- # Build & Publish multi-arch image
- - name: Login to Docker Hub
- if: env.RELEASE == 1
- uses: docker/login-action@v2.0.0
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_PASSWORD }}
- - name: Login to GHRC
- if: env.RELEASE == 1
- uses: docker/login-action@v2.0.0
- with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
- - name: Extract metadata (tags, labels) for Docker controller image
- if: env.RELEASE == 1
- id: meta_controller
- uses: docker/metadata-action@v4.0.1
- with:
- images: |
- ${{ env.controller_dockerhub_image_name }}
- ${{ env.controller_ghcr_image_name }}
- tags: |
- type=raw,value=${{ env.VERSION_TAG }}
- type=raw,value=latest
- - name: Copy controller image
- if: env.RELEASE == 1
- run: |
- regctl image copy ${{ env.controller_dockerhub_image_name }}:latest
${{ env.controller_ghcr_image_name }}:latest
- regctl image copy ${{ env.controller_dockerhub_image_name
}}:${VERSION_TAG} ${{ env.controller_ghcr_image_name }}:${VERSION_TAG}
- - name: Extract metadata (tags, labels) for Docker kubeseal image
- if: env.RELEASE == 1
- id: meta_kubeseal
- uses: docker/metadata-action@v4.0.1
- with:
- images: |
- ${{ env.kubeseal_dockerhub_image_name }}
- ${{ env.kubeseal_ghcr_image_name }}
- tags: |
- type=raw,value=${{ env.VERSION_TAG }}
- type=raw,value=latest
- - name: Copy kubeseal image
- if: env.RELEASE == 1
- run: |
- regctl image copy ${{ env.kubeseal_dockerhub_image_name }}:latest
${{ env.kubeseal_ghcr_image_name }}:latest
- regctl image copy ${{ env.kubeseal_dockerhub_image_name
}}:${VERSION_TAG} ${{ env.kubeseal_ghcr_image_name }}:${VERSION_TAG}
- - name: Sign controller image with a key in GHCR
- if: env.RELEASE == 1
- run: |
- echo -n "$COSIGN_PASSWORD" | cosign sign --key /tmp/cosign.key --yes
$TAG_CURRENT
- env:
- COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
- TAG_CURRENT: ${{ steps.meta_controller.outputs.tags }}
- COSIGN_REPOSITORY: ${{ env.controller_ghcr_image_name }}/signs
- - name: Sign kubeseal image with a key in GHCR
- if: env.RELEASE == 1
- run: |
- echo -n "$COSIGN_PASSWORD" | cosign sign --key /tmp/cosign.key --yes
$TAG_CURRENT
- env:
- COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
- TAG_CURRENT: ${{ steps.meta_kubeseal.outputs.tags }}
- COSIGN_REPOSITORY: ${{ env.kubeseal_ghcr_image_name }}/signs
-
- chart-pr:
- needs: release
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- with:
- fetch-depth: 0
-
- - name: Config Git
- run: |
- git config user.name "$GITHUB_ACTOR"
- git config user.email "$github_ac...@users.noreply.github.com"
-
- - name: Fetch Versions
- run: |
- echo NEW_VERSION=$(git describe --tags --match "v[0-9]*" --abbrev=0
| tr -d v) >> "$GITHUB_ENV"
- echo PREV_VERSION=$(grep appVersion helm/sealed-secrets/Chart.yaml |
grep -o '[0-9.]*') >> "$GITHUB_ENV"
-
- - name: Update Version
- run: |
- sed -i "s/version: .*/version: ${{ inputs.chart }}/"
helm/sealed-secrets/Chart.yaml
- sed -i "s/appVersion: .*/appVersion: $NEW_VERSION/"
helm/sealed-secrets/Chart.yaml
- sed -i "s/tag: .*/tag: $NEW_VERSION/" helm/sealed-secrets/values.yaml
- sed -i "s/\`$PREV_VERSION\`/\`$NEW_VERSION\`/"
helm/sealed-secrets/README.md
- git checkout -B 'release-chart-${{ inputs.chart }}'
- git add helm/sealed-secrets/Chart.yaml
helm/sealed-secrets/values.yaml helm/sealed-secrets/README.md
- git commit -sm 'Release chart ${{ inputs.chart }}'
- git push origin 'release-chart-${{ inputs.chart }}'
-
- - name: Create PR
- run: gh pr create --fill --base main --repo $GITHUB_REPOSITORY
- env:
- GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/workflows/release.yaml
new/kubeseal-0.30.0/.github/workflows/release.yaml
--- old/kubeseal-0.29.0/.github/workflows/release.yaml 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/workflows/release.yaml 1970-01-01
01:00:00.000000000 +0100
@@ -1,48 +0,0 @@
-name: Prepare Release
-
-# Only release when a new GH release branch is pushed
-on:
- push:
- branches:
- - 'release/v[0-9]+.[0-9]+.[0-9]+'
-
-jobs:
- build:
- runs-on: ubuntu-latest
- steps:
- # Checkout and set env
- - name: Checkout
- uses: actions/checkout@v3.1.0
- - id: load-version
- run: |
- source $GITHUB_WORKSPACE/versions.env
- echo "GO_VERSION=$GO_VERSION" >> $GITHUB_ENV
- - name: Configure Git
- run: |
- git config user.name "$GITHUB_ACTOR"
- git config user.email "$github_ac...@users.noreply.github.com"
- - name: Set up Go
- uses: actions/setup-go@v3.3.1
- with:
- go-version: ${{ env.GO_VERSION }}
- - name: Setup kubecfg
- run: |
- mkdir -p ~/bin
- curl -sLf
https://github.com/kubecfg/kubecfg/releases/download/v0.26.0/kubecfg_Linux_X64
>~/bin/kubecfg
- chmod +x ~/bin/kubecfg
-
- - name: Install dependencies
- run: |
- go install gotest.tools/gotestsum@v1.8.1
-
- # Run tests
- - name: Tests
- run: make test
-
- # Tag for GoReleaser from release branch name
- - name: Tag Release
- run: |
- RELEASE_BRANCH="${{ github.ref }}"
- VERSION_TAG=$(echo "${RELEASE_BRANCH}" | awk -F'/' '{print $NF}')
- git tag -a "${VERSION_TAG}" -m "Tag autogenerated ${VERSION_TAG}"
- git push origin "${VERSION_TAG}"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.github/workflows/stale.yml
new/kubeseal-0.30.0/.github/workflows/stale.yml
--- old/kubeseal-0.29.0/.github/workflows/stale.yml 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.github/workflows/stale.yml 1970-01-01
01:00:00.000000000 +0100
@@ -1,22 +0,0 @@
-name: 'Close stale issues and PRs'
-on:
- schedule:
- # Stalebot will be executed at 1:00 AM every day
- - cron: '0 1 * * *'
-
-jobs:
- stale:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/stale@v6.0.0
- with:
- repo-token: ${{ secrets.GITHUB_TOKEN }}
- stale-issue-message: 'This Issue has been automatically marked as
"stale" because it has not had recent activity (for 15 days). It will be closed
if no further activity occurs. Thanks for the feedback.'
- stale-pr-message: 'This Pull Request has been automatically marked
as "stale" because it has not had recent activity (for 15 days). It will be
closed if no further activity occurs. Thank you for your contribution.'
- close-issue-message: 'Due to the lack of activity in the last 7 days
since it was marked as "stale", we proceed to close this Issue. Do not hesitate
to reopen it later if necessary.'
- close-pr-message: 'Due to the lack of activity in the last 7 days
since it was marked as "stale", we proceed to close this Pull Request. Do not
hesitate to reopen it later if necessary.'
- days-before-stale: 15
- days-before-close: 7
- exempt-issue-labels: 'backlog,help wanted,triage'
- exempt-pr-labels: 'backlog,help wanted,triage'
- operations-per-run: 500
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.gitignore
new/kubeseal-0.30.0/.gitignore
--- old/kubeseal-0.29.0/.gitignore 2025-03-27 11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.gitignore 1970-01-01 01:00:00.000000000 +0100
@@ -1,46 +0,0 @@
-# Binaries for programs and plugins
-*.exe
-*.dll
-*.so
-*.dylib
-
-# Test binary, build with `go test -c`
-*.test
-
-# Output of the go coverage tool, specifically when used with LiteIDE
-*.out
-
-# Project-local glide cache, RE:
https://github.com/Masterminds/glide/issues/736
-.glide/
-
-# Project-local vscode config
-.vscode/
-
-/controller
-/kubeseal
-/kubeseal-arm
-/kubeseal-arm64
-
-/controller.image
-/controller.image.*
-/kubeseal.image
-/kubeseal.image.*
-/pushed.controller.image.*
-/pushed.kubeseal.image.*
-/controller-manifest-*
-/push-controller-image
-/*-static
-/*-static-*
-/controller.yaml
-/controller-norbac.yaml
-/controller-podmonitor.yaml
-/docker/controller
-*.iml
-.idea
-
-# GoReleaser output dir
-dist/
-
-# Vendor folder
-vendor/
-report.xml
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/.golangci.yaml
new/kubeseal-0.30.0/.golangci.yaml
--- old/kubeseal-0.29.0/.golangci.yaml 2025-03-27 11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/.golangci.yaml 2025-06-12 10:37:26.000000000 +0200
@@ -215,7 +215,7 @@
#- errorlint # finds code that will cause problems with the error wrapping
scheme introduced in Go 1.13
#- execinquery # checks query string in Query function which reads your Go
src files and warning it finds
- exhaustive # checks exhaustiveness of enum switch statements
- - exportloopref # checks for pointers to enclosing loop variables
+ #- exportloopref # checks for pointers to enclosing loop variables
#- forbidigo # forbids identifiers
#- funlen # tool for detection of long functions
#- gochecknoinits # checks that no init functions are present in Go code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/README.md
new/kubeseal-0.30.0/README.md
--- old/kubeseal-0.29.0/README.md 2025-03-27 11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/README.md 2025-06-12 10:37:26.000000000 +0200
@@ -117,7 +117,7 @@
To capture this distinction, the `SealedSecret` object has a `template`
section which encodes all the fields you want the controller to put in the
unsealed `Secret`.
-The [Sprig function library](https://masterminds.github.io/sprig/) is
available in addition to the default Go Text Template functions.
+The [Sprig function library](https://masterminds.github.io/sprig/) is
available (except for `env`, `expandenv` and `getHostByName`) in addition to
the default Go Text Template functions.
The `metadata` block is copied as is (the `ownerReference` field will be
updated [unless disabled](#seal-secret-which-can-skip-set-owner-references)).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/RELEASE-NOTES.md
new/kubeseal-0.30.0/RELEASE-NOTES.md
--- old/kubeseal-0.29.0/RELEASE-NOTES.md 2025-03-27 11:50:13.000000000
+0100
+++ new/kubeseal-0.30.0/RELEASE-NOTES.md 2025-06-12 10:37:26.000000000
+0200
@@ -4,6 +4,26 @@
[](https://github.com/bitnami-labs/sealed-secrets/releases/latest)
+## v0.30.0
+
+- Bump golang to 1.24.4
([#1743](https://github.com/bitnami-labs/sealed-secrets/pull/1743))
+- Fix typo in RBAC namespaced roles documentation
([#1720](https://github.com/bitnami-labs/sealed-secrets/pull/1720))
+- Bump to go1.24.1
([#1713](https://github.com/bitnami-labs/sealed-secrets/pull/1713))
+- Fix potential controller sensitive data exposure by sprig template functions
([#1703](https://github.com/bitnami-labs/sealed-secrets/pull/1703))
+- Bump golang.org/x/crypto from 0.38.0 to 0.39.0
([#1742](https://github.com/bitnami-labs/sealed-secrets/pull/1742))
+- Bump k8s.io/client-go from 0.33.0 to 0.33.1
([#1734](https://github.com/bitnami-labs/sealed-secrets/pull/1734))
+- Bump k8s.io/api from 0.33.0 to 0.33.1
([#1733](https://github.com/bitnami-labs/sealed-secrets/pull/1733))
+- Bump k8s.io/code-generator from 0.33.0 to 0.33.1
([#1732](https://github.com/bitnami-labs/sealed-secrets/pull/1732))
+- Bump golang.org/x/crypto from 0.37.0 to 0.38.0
([#1731](https://github.com/bitnami-labs/sealed-secrets/pull/1731))
+- Bump k8s.io/client-go from 0.32.3 to 0.33.0
([#1729](https://github.com/bitnami-labs/sealed-secrets/pull/1729))
+- Bump k8s.io/code-generator from 0.32.3 to 0.33.0
([#1728](https://github.com/bitnami-labs/sealed-secrets/pull/1728))
+- Bump k8s.io/api from 0.32.3 to 0.33.0
([#1730](https://github.com/bitnami-labs/sealed-secrets/pull/1730))
+- Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group
([#1725](https://github.com/bitnami-labs/sealed-secrets/pull/1725))
+- Bump github.com/prometheus/client_golang from 1.21.1 to 1.22.0
([#1724](https://github.com/bitnami-labs/sealed-secrets/pull/1724))
+- Bump github.com/onsi/gomega from 1.36.3 to 1.37.0
([#1722](https://github.com/bitnami-labs/sealed-secrets/pull/1722))
+- Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4
([#1723](https://github.com/bitnami-labs/sealed-secrets/pull/1723))
+- Bump golang.org/x/crypto from 0.36.0 to 0.37.0
([#1721](https://github.com/bitnami-labs/sealed-secrets/pull/1721))
+
## v0.29.0
- Fix register a key using secret creationTimestamp instead of certificate
validity timestamp
([#1681](https://github.com/bitnami-labs/sealed-secrets/pull/1681))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/carvel/package.yaml
new/kubeseal-0.30.0/carvel/package.yaml
--- old/kubeseal-0.29.0/carvel/package.yaml 2025-03-27 11:50:13.000000000
+0100
+++ new/kubeseal-0.30.0/carvel/package.yaml 2025-06-12 10:37:26.000000000
+0200
@@ -1,10 +1,10 @@
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: Package
metadata:
- name: "sealedsecrets.bitnami.com.2.17.1"
+ name: "sealedsecrets.bitnami.com.2.17.2"
spec:
refName: "sealedsecrets.bitnami.com"
- version: "2.17.1"
+ version: "2.17.2"
valuesSchema:
openAPIv3:
title: Chart Values
@@ -424,7 +424,7 @@
spec:
fetch:
- imgpkgBundle:
- image:
ghcr.io/bitnami-labs/sealed-secrets-carvel@sha256:cf98d6d7e4cde265d04622f08316ac7a75fac0a4dedb5351807ff66f78f0924d
+ image:
ghcr.io/bitnami-labs/sealed-secrets-carvel@sha256:2cf177c3d8a91413e3e04fedf6c355228d0e30797ffb5db7dd7d008c0e28e983
template:
- helmTemplate:
path: sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/go.mod new/kubeseal-0.30.0/go.mod
--- old/kubeseal-0.29.0/go.mod 2025-03-27 11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/go.mod 2025-06-12 10:37:26.000000000 +0200
@@ -1,6 +1,6 @@
module github.com/bitnami-labs/sealed-secrets
-go 1.23.7
+go 1.24.4
require (
github.com/Masterminds/sprig/v3 v3.3.0
@@ -8,17 +8,17 @@
github.com/google/renameio v0.1.0
github.com/mattn/go-isatty v0.0.20
github.com/mkmik/multierror v0.4.0
- github.com/onsi/ginkgo/v2 v2.23.3
- github.com/onsi/gomega v1.36.3
- github.com/prometheus/client_golang v1.21.1
+ github.com/onsi/ginkgo/v2 v2.23.4
+ github.com/onsi/gomega v1.37.0
+ github.com/prometheus/client_golang v1.22.0
github.com/spf13/pflag v1.0.6
github.com/throttled/throttled v2.2.5+incompatible
- golang.org/x/crypto v0.36.0
+ golang.org/x/crypto v0.39.0
gopkg.in/yaml.v2 v2.4.0
- k8s.io/api v0.32.3
- k8s.io/apimachinery v0.32.3
- k8s.io/client-go v0.32.3
- k8s.io/code-generator v0.32.3
+ k8s.io/api v0.33.1
+ k8s.io/apimachinery v0.33.1
+ k8s.io/client-go v0.33.1
+ k8s.io/code-generator v0.33.1
k8s.io/klog v1.0.0
k8s.io/klog/v2 v2.130.1
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
@@ -39,17 +39,14 @@
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
- github.com/golang/protobuf v1.5.4 // indirect
github.com/gomodule/redigo v2.0.0+incompatible // indirect
- github.com/google/gnostic-models v0.6.8 // indirect
- github.com/google/gofuzz v1.2.0 // indirect
- github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
+ github.com/google/gnostic-models v0.6.9 // indirect
+ github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
github.com/huandu/xstrings v1.5.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
- github.com/klauspost/compress v1.17.11 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
@@ -63,22 +60,24 @@
github.com/shopspring/decimal v1.4.0 // indirect
github.com/spf13/cast v1.7.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
- golang.org/x/mod v0.23.0 // indirect
- golang.org/x/net v0.37.0 // indirect
- golang.org/x/oauth2 v0.24.0 // indirect
- golang.org/x/sync v0.12.0 // indirect
- golang.org/x/sys v0.31.0 // indirect
- golang.org/x/term v0.30.0 // indirect
- golang.org/x/text v0.23.0 // indirect
- golang.org/x/time v0.7.0 // indirect
- golang.org/x/tools v0.30.0 // indirect
+ go.uber.org/automaxprocs v1.6.0 // indirect
+ golang.org/x/mod v0.25.0 // indirect
+ golang.org/x/net v0.40.0 // indirect
+ golang.org/x/oauth2 v0.27.0 // indirect
+ golang.org/x/sync v0.15.0 // indirect
+ golang.org/x/sys v0.33.0 // indirect
+ golang.org/x/term v0.32.0 // indirect
+ golang.org/x/text v0.26.0 // indirect
+ golang.org/x/time v0.9.0 // indirect
+ golang.org/x/tools v0.33.0 // indirect
google.golang.org/protobuf v1.36.5 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 // indirect
- k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+ k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 // indirect
+ k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
- sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
+ sigs.k8s.io/randfill v1.0.0 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/go.sum new/kubeseal-0.30.0/go.sum
--- old/kubeseal-0.29.0/go.sum 2025-03-27 11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/go.sum 2025-06-12 10:37:26.000000000 +0200
@@ -33,20 +33,16 @@
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod
h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod
h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/protobuf v1.5.4
h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
-github.com/golang/protobuf v1.5.4/go.mod
h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/gomodule/redigo v2.0.0+incompatible
h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
github.com/gomodule/redigo v2.0.0+incompatible/go.mod
h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
-github.com/google/gnostic-models v0.6.8
h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
-github.com/google/gnostic-models v0.6.8/go.mod
h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/gnostic-models v0.6.9
h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod
h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
github.com/google/go-cmp v0.5.9/go.mod
h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod
h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/gofuzz v1.0.0/go.mod
h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod
h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad
h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
-github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod
h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20250403155104-27863c87afa6
h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
+github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod
h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
github.com/google/renameio v0.1.0
h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
github.com/google/renameio v0.1.0/go.mod
h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -61,8 +57,8 @@
github.com/json-iterator/go v1.1.12/go.mod
h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/kisielk/errcheck v1.5.0/go.mod
h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod
h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.11
h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
-github.com/klauspost/compress v1.17.11/go.mod
h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/klauspost/compress v1.18.0
h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod
h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod
h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -86,25 +82,26 @@
github.com/modern-go/reflect2 v1.0.2/go.mod
h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod
h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.23.3
h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
-github.com/onsi/ginkgo/v2 v2.23.3/go.mod
h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
-github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
-github.com/onsi/gomega v1.36.3/go.mod
h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
+github.com/onsi/ginkgo/v2 v2.23.4
h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
+github.com/onsi/ginkgo/v2 v2.23.4/go.mod
h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
+github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
+github.com/onsi/gomega v1.37.0/go.mod
h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0
h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod
h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod
h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.21.1
h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk=
-github.com/prometheus/client_golang v1.21.1/go.mod
h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg=
+github.com/prashantv/gostub v1.1.0
h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
+github.com/prashantv/gostub v1.1.0/go.mod
h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
+github.com/prometheus/client_golang v1.22.0
h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
+github.com/prometheus/client_golang v1.22.0/go.mod
h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
github.com/prometheus/client_model v0.6.1
h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
github.com/prometheus/client_model v0.6.1/go.mod
h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
github.com/prometheus/common v0.62.0
h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
github.com/prometheus/common v0.62.0/go.mod
h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
github.com/prometheus/procfs v0.15.1
h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
github.com/prometheus/procfs v0.15.1/go.mod
h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/rogpeppe/go-internal v1.12.0
h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod
h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rogpeppe/go-internal v1.13.1
h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod
h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/shopspring/decimal v1.4.0
h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
github.com/shopspring/decimal v1.4.0/go.mod
h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
@@ -112,6 +109,8 @@
github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
github.com/spf13/pflag v1.0.6/go.mod
h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod
h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod
h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.3.0/go.mod
h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.10.0
h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod
h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
@@ -121,50 +120,52 @@
github.com/x448/float16 v0.8.4/go.mod
h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/yuin/goldmark v1.1.27/go.mod
h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod
h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
+go.uber.org/automaxprocs v1.6.0/go.mod
h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod
h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod
h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod
h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
+golang.org/x/crypto v0.39.0/go.mod
h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
-golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod
h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod
h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
-golang.org/x/oauth2 v0.24.0/go.mod
h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
+golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
+golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
+golang.org/x/oauth2 v0.27.0/go.mod
h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.12.0/go.mod
h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod
h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod
h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod
h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod
h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
-golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
-golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod
h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
+golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
+golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod
h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod
h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod
h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
-golang.org/x/tools v0.30.0/go.mod
h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
+golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
+golang.org/x/tools v0.33.0/go.mod
h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -182,27 +183,30 @@
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
-k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
-k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
-k8s.io/apimachinery v0.32.3/go.mod
h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
-k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
-k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
-k8s.io/code-generator v0.32.3 h1:31p2TVzC9+hVdSkAFruAk3JY+iSfzrJ83Qij1yZutyw=
-k8s.io/code-generator v0.32.3/go.mod
h1:+mbiYID5NLsBuqxjQTygKM/DAdKpAjvBzrJd64NU1G8=
-k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9
h1:si3PfKm8dDYxgfbeA6orqrtLkvvIeH8UqffFJDl0bz4=
-k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9/go.mod
h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
+k8s.io/api v0.33.1 h1:tA6Cf3bHnLIrUK4IqEgb2v++/GYUtqiu9sRVk3iBXyw=
+k8s.io/api v0.33.1/go.mod h1:87esjTn9DRSRTD4fWMXamiXxJhpOIREjWOSjsW1kEHw=
+k8s.io/apimachinery v0.33.1 h1:mzqXWV8tW9Rw4VeW9rEkqvnxj59k1ezDUl20tFK/oM4=
+k8s.io/apimachinery v0.33.1/go.mod
h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
+k8s.io/client-go v0.33.1 h1:ZZV/Ks2g92cyxWkRRnfUDsnhNn28eFpt26aGc8KbXF4=
+k8s.io/client-go v0.33.1/go.mod h1:JAsUrl1ArO7uRVFWfcj6kOomSlCv+JpvIsp6usAGefA=
+k8s.io/code-generator v0.33.1 h1:ZLzIRdMsh3Myfnx9BaooX6iQry29UJjVfVG+BuS+UMw=
+k8s.io/code-generator v0.33.1/go.mod
h1:HUKT7Ubp6bOgIbbaPIs9lpd2Q02uqkMCMx9/GjDrWpY=
+k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7
h1:2OX19X59HxDprNCVrWi6jb7LW1PoqTlYqEq5H2oetog=
+k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7/go.mod
h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f
h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
-k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod
h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff
h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod
h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod
h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3
h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod
h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.2
h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod
h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
+sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod
h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
+sigs.k8s.io/randfill v1.0.0/go.mod
h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/structured-merge-diff/v4 v4.6.0
h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc=
+sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod
h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/helm/sealed-secrets/Chart.yaml
new/kubeseal-0.30.0/helm/sealed-secrets/Chart.yaml
--- old/kubeseal-0.29.0/helm/sealed-secrets/Chart.yaml 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/helm/sealed-secrets/Chart.yaml 2025-06-12
10:37:26.000000000 +0200
@@ -1,7 +1,7 @@
annotations:
category: DeveloperTools
apiVersion: v2
-appVersion: 0.28.0
+appVersion: 0.29.0
description: Helm chart for the sealed-secrets controller.
home: https://github.com/bitnami-labs/sealed-secrets
icon:
https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png
@@ -14,6 +14,6 @@
url: https://github.com/bitnami-labs/sealed-secrets
name: sealed-secrets
type: application
-version: 2.17.1
+version: 2.17.2
sources:
- https://github.com/bitnami-labs/sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/helm/sealed-secrets/README.md
new/kubeseal-0.30.0/helm/sealed-secrets/README.md
--- old/kubeseal-0.29.0/helm/sealed-secrets/README.md 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/helm/sealed-secrets/README.md 2025-06-12
10:37:26.000000000 +0200
@@ -86,7 +86,7 @@
| ------------------------------------------------- |
------------------------------------------------------------------------------------------------------------------
| ----------------------------------- |
| `image.registry` | Sealed Secrets image
registry
| `docker.io` |
| `image.repository` | Sealed Secrets image
repository
| `bitnami/sealed-secrets-controller` |
-| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended)
| `0.28.0` |
+| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended)
| `0.29.0` |
| `image.pullPolicy` | Sealed Secrets image
pull policy
| `IfNotPresent` |
| `image.pullSecrets` | Sealed Secrets image
pull secrets
| `[]` |
| `revisionHistoryLimit` | Number of old history to
retain to allow rollback (If not set, default Kubernetes value is set to 10)
| `""` |
@@ -193,7 +193,7 @@
| `rbac.clusterRole` | Specifies whether the Cluster Role resource
should be created | `true`
|
| `rbac.clusterRoleName` | Specifies the name for the Cluster Role
resource |
`secrets-unsealer`
|
| `rbac.namespacedRoles` | Specifies whether the namespaced Roles
should be created (in each of the specified additionalNamespaces) | `false`
|
-| `rbac.namespacedRolesName` | Specifies the name for the namesapced Role
resource |
`secrets-unsealer`
|
+| `rbac.namespacedRolesName` | Specifies the name for the namespaced Role
resource |
`secrets-unsealer`
|
| `rbac.labels` | Extra labels to be added to RBAC resources
| `{}`
|
| `rbac.pspEnabled` | PodSecurityPolicy
| `false`
|
| `rbac.serviceProxier.create` | Specifies whether to create the "proxier"
role, to allow external users to access the SealedSecret API | `true`
|
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/helm/sealed-secrets/values.yaml
new/kubeseal-0.30.0/helm/sealed-secrets/values.yaml
--- old/kubeseal-0.29.0/helm/sealed-secrets/values.yaml 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/helm/sealed-secrets/values.yaml 2025-06-12
10:37:26.000000000 +0200
@@ -39,7 +39,7 @@
image:
registry: docker.io
repository: bitnami/sealed-secrets-controller
- tag: 0.28.0
+ tag: 0.29.0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -429,7 +429,7 @@
## @param rbac.namespacedRoles Specifies whether the namespaced Roles should
be created (in each of the specified additionalNamespaces)
##
namespacedRoles: false
- ## @param rbac.namespacedRolesName Specifies the name for the namesapced
Role resource
+ ## @param rbac.namespacedRolesName Specifies the name for the namespaced
Role resource
##
namespacedRolesName: "secrets-unsealer"
## @param rbac.labels Extra labels to be added to RBAC resources
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeseal-0.29.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go
new/kubeseal-0.30.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go
---
old/kubeseal-0.29.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go
2025-03-27 11:50:13.000000000 +0100
+++
new/kubeseal-0.30.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go
2025-06-12 10:37:26.000000000 +0200
@@ -35,8 +35,17 @@
var (
// TODO(mkm): remove after a release.
AcceptDeprecatedV1Data = false
+
+ sprigFuncMap = sprig.GenericFuncMap() // a singleton for better
performance
)
+func init() {
+ // Avoid allowing the user to learn things about the environment.
+ delete(sprigFuncMap, "env")
+ delete(sprigFuncMap, "expandenv")
+ delete(sprigFuncMap, "getHostByName")
+}
+
// SealedSecretExpansion has methods to work with SealedSecrets resources.
type SealedSecretExpansion interface {
Unseal(codecs runtimeserializer.CodecFactory, privKeys
map[string]*rsa.PrivateKey) (*v1.Secret, error)
@@ -291,7 +300,8 @@
for key, value := range s.Spec.Template.Data {
var plaintext bytes.Buffer
- template, err :=
template.New(key).Funcs(sprig.FuncMap()).Parse(value)
+
+ template, err :=
template.New(key).Funcs(sprigFuncMap).Parse(value)
if err != nil {
errs = append(errs, multierror.Tag(key, err))
continue
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/pkg/controller/keys_test.go
new/kubeseal-0.30.0/pkg/controller/keys_test.go
--- old/kubeseal-0.29.0/pkg/controller/keys_test.go 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/pkg/controller/keys_test.go 2025-06-12
10:37:26.000000000 +0200
@@ -38,7 +38,7 @@
func TestReadKey(t *testing.T) {
rand := testRand()
- key, err := rsa.GenerateKey(rand, 512)
+ key, err := rsa.GenerateKey(rand, 2048)
if err != nil {
t.Fatalf("Failed to generate test key: %v", err)
}
@@ -77,7 +77,7 @@
func TestWriteKey(t *testing.T) {
ctx := context.Background()
rand := testRand()
- key, err := rsa.GenerateKey(rand, 512)
+ key, err := rsa.GenerateKey(rand, 2048)
if err != nil {
t.Fatalf("Failed to generate test key: %v", err)
}
@@ -125,7 +125,7 @@
labelKey := strings.Split(label, "=")[0]
labelValue := strings.Split(label, "=")[1]
if labels.(map[string]interface{})[labelKey] != labelValue {
- t.Errorf("writeKey didn't set label " + labelKey + " to
value '" + labelValue + "'")
+ t.Errorf("writeKey didn't set label %v to value '%v'",
labelKey, labelValue)
}
}
@@ -133,7 +133,7 @@
annotationKey := strings.Split(annotation, "=")[0]
annotationValue := strings.Split(annotation, "=")[1]
if annotations.(map[string]interface{})[annotationKey] !=
annotationValue {
- t.Errorf("writeKey didn't set annotation '" +
annotationKey + "' to value '" + annotationValue + "'")
+ t.Errorf("writeKey didn't set annotation '%v' to value
'%v'", annotationKey, annotationValue)
}
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/pkg/controller/main_test.go
new/kubeseal-0.30.0/pkg/controller/main_test.go
--- old/kubeseal-0.29.0/pkg/controller/main_test.go 2025-03-27
11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/pkg/controller/main_test.go 2025-06-12
10:37:26.000000000 +0200
@@ -160,7 +160,7 @@
func TestReuseKey(t *testing.T) {
ctx := context.Background()
rand := testRand()
- key, err := rsa.GenerateKey(rand, 512)
+ key, err := rsa.GenerateKey(rand, 2048)
if err != nil {
t.Fatalf("Failed to generate test key: %v", err)
}
@@ -199,7 +199,7 @@
func TestRenewStaleKey(t *testing.T) {
ctx := context.Background()
rand := testRand()
- key, err := rsa.GenerateKey(rand, 512)
+ key, err := rsa.GenerateKey(rand, 2048)
if err != nil {
t.Fatalf("Failed to generate test key: %v", err)
}
@@ -259,7 +259,7 @@
func TestKeyCutoff(t *testing.T) {
ctx := context.Background()
rand := testRand()
- key, err := rsa.GenerateKey(rand, 512)
+ key, err := rsa.GenerateKey(rand, 2048)
if err != nil {
t.Fatalf("Failed to generate test key: %v", err)
}
@@ -331,7 +331,7 @@
func TestLegacySecret(t *testing.T) {
ctx := context.Background()
rand := testRand()
- key, err := rsa.GenerateKey(rand, 512)
+ key, err := rsa.GenerateKey(rand, 2048)
if err != nil {
t.Fatalf("Failed to generate test key: %v", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/pkg/crypto/crypto.go
new/kubeseal-0.30.0/pkg/crypto/crypto.go
--- old/kubeseal-0.29.0/pkg/crypto/crypto.go 2025-03-27 11:50:13.000000000
+0100
+++ new/kubeseal-0.30.0/pkg/crypto/crypto.go 2025-06-12 10:37:26.000000000
+0200
@@ -59,6 +59,7 @@
// First 2 bytes are RSA ciphertext length, so we can separate
// all the pieces later.
ciphertext := make([]byte, 2)
+ // #nosec G115
binary.BigEndian.PutUint16(ciphertext, uint16(len(rsaCiphertext)))
ciphertext = append(ciphertext, rsaCiphertext...)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/pkg/crypto/keys_test.go
new/kubeseal-0.30.0/pkg/crypto/keys_test.go
--- old/kubeseal-0.29.0/pkg/crypto/keys_test.go 2025-03-27 11:50:13.000000000
+0100
+++ new/kubeseal-0.30.0/pkg/crypto/keys_test.go 2025-06-12 10:37:26.000000000
+0200
@@ -17,7 +17,7 @@
func TestSignKey(t *testing.T) {
rand := testRand()
- key, err := rsa.GenerateKey(rand, 512)
+ key, err := rsa.GenerateKey(rand, 2048)
if err != nil {
t.Fatalf("Failed to generate test key: %v", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.29.0/versions.env
new/kubeseal-0.30.0/versions.env
--- old/kubeseal-0.29.0/versions.env 2025-03-27 11:50:13.000000000 +0100
+++ new/kubeseal-0.30.0/versions.env 2025-06-12 10:37:26.000000000 +0200
@@ -1,2 +1,2 @@
-GO_VERSION=1.23.7
+GO_VERSION=1.24.4
GO_VERSION_LIST="[\"$GO_VERSION\"]"
++++++ kubeseal.obsinfo ++++++
--- /var/tmp/diff_new_pack.pXx3Hk/_old 2025-06-13 18:46:14.940788295 +0200
+++ /var/tmp/diff_new_pack.pXx3Hk/_new 2025-06-13 18:46:14.972789608 +0200
@@ -1,5 +1,5 @@
name: kubeseal
-version: 0.29.0
-mtime: 1743072613
-commit: 0d9cfaf99f23a344df8be86cf62d4aaad0d81be8
+version: 0.30.0
+mtime: 1749717446
+commit: 6e0beae85afcd1e981b4b56f22399ded6cbe6a88
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz
/work/SRC/openSUSE:Factory/.kubeseal.new.19631/vendor.tar.gz differ: char 5,
line 1
