chore(deps): update helm release vault-secrets-operator to v0.5.0

[dezeroku]

This PR contains the following updates:

Package	Update	Change
vault-secrets-operator	minor	0.2.0 -> 0.5.0

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the logs for more information.

---

Release Notes

hashicorp/vault-secrets-operator (vault-secrets-operator)

v0.5.0

Compare Source

Features:

• Sync: add support for secret data transformation: GH-437

Improvements:

• Core: set CLI options from VSO_ environment variables: GH-551
• Sync: Reconcile on secret deletion: GH-587
• Sync: support excluding _raw from the destination: GH-546
• Sync: take ownership of an existing destination secret: GH-545
• Sync: add support for userIDs in VaultPKISecret: GH-552
• OLM: set OLM bundle to "Seamless Upgrades": GH-581
• Helm: add annotations to the cleanup job: GH-284
• Helm: support setting imagePullPolicy: GH-601
• Helm: support setting VaultAuth allowedNamespaces: GH-602

Fix:

• Sync: sync HCPVaultSecretsApp on lastGeneration change: GH-591
• Sync: properly handle secret type changes: GH-605

Build:

• Install the operator-sdk CLI and check sdk-generate in CI: GH-590
• Bump some GH action versions: GH-583

Dependency Updates:

• Bump github.com/go-openapi/runtime from 0.26.2 to 0.27.1: GH-572
• Bump github.com/google/uuid from 1.5.0 to 1.6.0: GH-570
• Bump github.com/gruntwork-io/terratest from 0.46.8 to 0.46.11: GH-550
• Bump github.com/hashicorp/go-secure-stdlib/awsutil from 0.2.3-0.20230606170242-1a4b95565d57 to 0.3.0: GH-579
• Bump github.com/hashicorp/vault/api from 1.11.0 to 1.12.0: GH-595
• Bump github.com/hashicorp/vault/sdk from 0.10.2 to 0.11.0: GH-596
• Bump github.com/onsi/gomega from 1.30.0 to 1.31.1: GH-558
• Bump google.golang.org/api from 0.161.0 to 0.163.0: GH-594
• Bump k8s.io/api from 0.29.0 to 0.29.1: GH-556
• Bump k8s.io/client-go from 0.29.0 to 0.29.1: GH-554
• Bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.17.1: GH-597
• Bump ubi9/ubi-micro from 9.3-9 to 9.3-13: GH-566
• Bump ubi9/ubi-minimal from 9.3-1475 to 9.3-1552: GH-565

v0.4.3

Compare Source

Fix:

• Helm: rename and truncate the pre-delete cleanup job to 63 characters: GH-506
• VDS: remediate deleted destination secret: GH-532
• Update paused deployment error message: GH-528
• VC: provide default value for spec.skipTLSVerify: GH-527
• CCS: ensure invalid storage objects are deleted: GH-525
• VDS: Log and record Vault request failures: GH-508
• VPS: Sync on any update: GH-479

Dependency Updates:

• update go version to fix CVE-2023-45284,CVE-2023-39326,CVE-2023-48795: GH-541
• Bump google.golang.org/api from 0.154.0 to 0.155.0: GH-542
• Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0: GH-540
• Bump github.com/go-openapi/strfmt from 0.21.9 to 0.22.0: GH-539
• Bump github.com/go-logr/logr from 1.3.0 to 1.4.1: GH-536
• Bump golang.org/x/crypto from 0.16.0 to 0.17.0: GH-524
• Bump k8s.io/client-go from 0.28.4 to 0.29.0: GH-523
• Bump google.golang.org/api from 0.153.0 to 0.154.0: GH-522
• Bump github.com/hashicorp/go-hclog from 1.6.1 to 1.6.2: GH-521
• Bump github.com/google/uuid from 1.4.0 to 1.5.0: GH-520
• Bump ubi9/ubi-minimal from 9.3-1361.1699548032 to 9.3-1475: GH-516
• Bump ubi9/ubi-micro from 9.3-6 to 9.3-9: GH-515
• Bump github.com/go-openapi/strfmt from 0.21.8 to 0.21.9: GH-514
• Bump github.com/hashicorp/go-hclog from 1.5.0 to 1.6.1: GH-513
• Bump github.com/go-openapi/runtime from 0.26.0 to 0.26.2: GH-512
• Bump github.com/gruntwork-io/terratest from 0.46.6 to 0.46.8: GH-497
• Bump google.golang.org/api from 0.152.0 to 0.153.0: GH-496

v0.4.2

Compare Source

Fix:

• Include viewer and editor RBAC roles in the chart: GH-501
• Build: image/ubi: add separate target and build job for RedHat: GH-503

Dependency Updates:

• Bump github.com/go-openapi/strfmt from 0.21.7 to 0.21.8: GH-490
• Bump google.golang.org/api from 0.151.0 to 0.152.0: GH-489

v0.4.1

Compare Source

Improvements:

• Manager: setting controller.manager.maxConcurrentReconciles now applies to all Syncable Secret controllers. The previous flag for the manager --max-concurrent-reconciles-vds is now deprecated and replaced by --max-concurrent-reconciles which applies to all controllers. GH-483

Fix:

• Helm: prefix all helper functions with vso to avoid subchart name collisions: GH-487
• VSS: Ensure all resource updates are synced: GH-492
• VDS: Fix compute static-creds rotation horizon: GH-488

Dependency Updates:

• Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1: GH-475
• Bump google.golang.org/api from 0.150.0 to 0.151.0: GH-470
• Bump k8s.io/client-go from 0.28.3 to 0.28.4: GH-469

v0.4.0

Compare Source

Features:

• VaultAuth: Support for the GCP authentication method when using GKE workload identity: GH-411
• VDS: Support rotation for non-renewable secrets: GH-397

Fix:

• Remove unneeded instantiation of the VSO ConfigMap watcher: GH-446
• VDS: Correctly compute the lease renewal horizon after a new VSO leader has been elected and the lease is still within its renewal window: GH-397

Dependency Updates:

• Upgrade kube-rbac-proxy to v0.15.0: GH-458
• Bump github.com/onsi/gomega from 1.29.0 to 1.30.0: GH-456
• Bump github.com/gruntwork-io/terratest from 0.46.5 to 0.46.6: GH-455
• Bump google.golang.org/api from 0.149.0 to 0.150.0: GH-454
• Bump ubi9/ubi-minimal from 9.2-750.1697625013 to 9.3-1361.1699548032: GH-444 GH-460
• Bump ubi9/ubi-micro from 9.2-15.1696515526 to 9.3-6: GH-443
• Bump github.com/gruntwork-io/terratest from 0.46.1 to 0.46.5: GH-440
• Bump google.golang.org/api from 0.148.0 to 0.149.0: GH-439
• Bump github.com/go-logr/logr from 1.2.4 to 1.3.0: GH-435
• Bump github.com/google/uuid from 1.3.1 to 1.4.0: GH-434
• Bump github.com/onsi/gomega from 1.28.1 to 1.29.0: GH-433
• Bump google.golang.org/grpc from 1.57.0 to 1.57.1: GH-428
• Bump k8s.io/apimachinery from 0.28.2 to 0.28.3: GH-421
• Bump github.com/onsi/gomega from 1.28.0 to 1.28.1: GH-420
• Bump k8s.io/api from 0.28.2 to 0.28.3: GH-419
• Bump github.com/gruntwork-io/terratest from 0.46.0 to 0.46.1: GH-418
• Bump sigs.k8s.io/controller-runtime from 0.16.2 to 0.16.3: GH-417

v0.3.4

Compare Source

Fix:

• UBI image: Include the tls-ca-bundle.pem from ubi-minimal: GH-415

v0.3.3

Compare Source

Fix:

• Important security update to address some Golang vulnerabilities GH-414

Dependency Updates:

• Upgrade kube-rbac-proxy to v0.14.4 for CVE-2023-39325 GH-414
• Bump to Go 1.21.3 for CVE-2023-39325: GH-408
• Bump github.com/hashicorp/vault/sdk from 0.10.0 to 0.10.2: GH-410
• Bump github.com/gruntwork-io/terratest from 0.45.0 to 0.46.0: GH-409
• Bump golang.org/x/net from 0.14.0 to 0.17.0: GH-407

v0.3.2

Compare Source

Fix:

• Handle invalid Client race after restoration: GH-400

Dependency Updates:

• Bump ubi9/ubi-micro from 9.2-15 to 9.2-15.1696515526: GH-404
• Bump github.com/hashicorp/hcp-sdk-go from 0.64.0 to 0.65.0: GH-403
• Bump github.com/gruntwork-io/terratest from 0.44.0 to 0.45.0: GH-402
• Bump github.com/prometheus/client_model from 0.4.1-0.20230718164431-9a2bf3000d16 to 0.5.0: GH-401
• Bump github.com/go-openapi/runtime from 0.25.0 to 0.26.0: GH-394
• Bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0: GH-393
• Bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7: GH-392
• Bump github.com/onsi/gomega from 1.27.10 to 1.28.0: GH-391
• Bump github.com/hashicorp/hcp-sdk-go from 0.63.0 to 0.64.0: GH-390

v0.3.1

Compare Source

Fix:

• Helm: bump the chart version and default tags to 0.3.1: GH-386

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[dezeroku]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: helmfile/core/helmfile.lock

Command failed: install-tool helmfile 0.0.0-dev
Download failed: https://github.com/helmfile/helmfile/releases/download/v0.0.0-dev/helmfile_0.0.0-dev_linux_amd64.tar.gz
[01:51:34.643] INFO (181): Downloading file ...
    url: "https://github.com/helmfile/helmfile/releases/download/v0.0.0-dev/helmfile_0.0.0-dev_linux_amd64.tar.gz"
    output: "/tmp/renovate/cache/containerbase/017ae06813f9e6408177127ce17646bb6e53a2540e60fcfe9a0df3114c0a60b4/helmfile_0.0.0-dev_linux_amd64.tar.gz"
[01:51:34.796] FATAL (181): Response code 404 (Not Found)
    err: {
      "type": "HTTPError",
      "message": "Response code 404 (Not Found)",
      "stack":
          HTTPError: Response code 404 (Not Found)
              at _Request._onResponseBase (/snapshot/dist/containerbase-cli.js:32025:25)
              at _Request._onResponse (/snapshot/dist/containerbase-cli.js:32080:18)
              at ClientRequest.<anonymous> (/snapshot/dist/containerbase-cli.js:32095:17)
              at Object.onceWrapper (node:events:652:26)
              at ClientRequest.emit (node:events:549:35)
              at ClientRequest.emit (node:domain:482:12)
              at HTTPParser.parserOnIncomingClient (node:_http_client:642:27)
              at HTTPParser.parserOnHeadersComplete (node:_http_common:117:17)
              at TLSSocket.socketOnData (node:_http_client:505:22)
              at TLSSocket.emit (node:events:537:28)
      "code": "ERR_NON_2XX_3XX_RESPONSE",
      "timings": {
        "start": 1708307494650,
        "socket": 1708307494652,
        "lookup": 1708307494653,
        "connect": 1708307494675,
        "secureConnect": 1708307494701,
        "upload": 1708307494702,
        "response": 1708307494790,
        "end": 1708307494793,
        "phases": {
          "wait": 2,
          "dns": 1,
          "tcp": 22,
          "tls": 26,
          "request": 1,
          "firstByte": 88,
          "download": 3,
          "total": 143
        }
      },
      "name": "HTTPError",
      "options": {
        "agent": {},
        "decompress": true,
        "timeout": {},
        "prefixUrl": "",
        "ignoreInvalidCookies": false,
        "context": {},
        "hooks": {
          "init": [],
          "beforeRequest": [],
          "beforeError": [],
          "beforeRedirect": [],
          "beforeRetry": [],
          "afterResponse": []
        },
        "followRedirect": true,
        "maxRedirects": 10,
        "throwHttpErrors": true,
        "username": "",
        "password": "",
        "http2": false,
        "allowGetBody": false,
        "headers": {
          "user-agent": "got (https://github.com/sindresorhus/got)",
          "accept-encoding": "gzip, deflate, br"
        },
        "methodRewriting": false,
        "retry": {
          "limit": 2,
          "methods": [
            "GET",
            "PUT",
            "HEAD",
            "DELETE",
            "OPTIONS",
            "TRACE"
          ],
          "statusCodes": [
            408,
            413,
            429,
            500,
            502,
            503,
            504,
            521,
            522,
            524
          ],
          "errorCodes": [
            "ETIMEDOUT",
            "ECONNRESET",
            "EADDRINUSE",
            "ECONNREFUSED",
            "EPIPE",
            "ENOTFOUND",
            "ENETUNREACH",
            "EAI_AGAIN"
          ],
          "backoffLimit": null,
          "noise": 100
        },
        "method": "GET",
        "cacheOptions": {},
        "https": {},
        "resolveBodyOnly": false,
        "isStream": true,
        "responseType": "text",
        "url": "https://github.com/helmfile/helmfile/releases/download/v0.0.0-dev/helmfile_0.0.0-dev_linux_amd64.tar.gz",
        "pagination": {
          "countLimit": null,
          "backoff": 0,
          "requestLimit": 10000,
          "stackAllItems": false
        },
        "setHost": true,
        "enableUnixSockets": false
      }
    }
[01:51:34.809] INFO (181): Download completed with errors  in 166ms.