Bump sigs.k8s.io/secrets-store-csi-driver from 1.3.3 to 1.4.2

[dependabot]

Bumps sigs.k8s.io/secrets-store-csi-driver from 1.3.3 to 1.4.2.

Release notes

Sourced from sigs.k8s.io/secrets-store-csi-driver's releases.

v1.4.2 - 2024-03-11

Changelog

Maintenance 🔧

• 9039cc90 chore: bump version to v1.4.2 in release-1.4
• 9fd198c3 chore: update node-driver-registrar:v2.10.0, livenessprobe:v2.12.0
• b303fae0 chore: update debian-base to bookworm-v1.0.1

v1.4.1 - 2024-01-16

Changelog

Continuous Integration 💜

• 10b07c1c ci: remove low quota regions for aks windows job
• d4e169bf ci: remove aks-engine job templates
• 80637cac ci: add script for aks windows cluster

Maintenance 🔧

• 2884c1d2 chore: bump version to v1.4.1 in release-1.4
• b9101a72 chore: update to go 1.21.6 in docker

Security Fix 🛡️

• eb644a30 security: bump golang.org/x/crypto to v0.17.0 to fix CVE-2023-48795

v1.4.0 - 2023-11-20

Breaking Changes ⚠️

• total_ prefix in the metrics name has been dropped as part of the latest otel bump in the driver. For Prometheus counters, by default the otel library appends total suffix.
  • total_rotation_reconcile -> rotation_reconcile_total
  • total_rotation_reconcile_error -> rotation_reconcile_error_total
  • total_node_publish -> node_publish_total
  • total_node_unpublish -> node_unpublish_total
  • total_node_publish_error -> node_publish_error_total
  • total_node_unpublish_error -> node_unpublish_error_total
  • total_sync_k8s_secret -> sync_k8s_secret_total

Changelog

Bug Fixes 🐞

• 604019ce fix: make manifest diff
• a1380ba0 fix: update nodeserver publish logs
• cdf0b778 fix: put annotations in right position of daemonset
• bb1815ab fix: escape dot in target path regex
• 97d34520 fix: fix CVE-2022-32149 and CVE-2022-27664 (#1059)
• d98c93cb fix: handles pfx certs in k8s secrets sync
• 9fcdbb2c fix: update base image reference in script
• ede4c706 fix: sanitize service account tokens in logs
• 2ee77ca0 fix: use os.Lstat to resolve os.Stat issue in windows
• 3ae12bd2 fix: remove files before cleanup mount point in unpublish
• 0af24830 fix: panic when using --log-format-json
• 830d184a fix: update err variable in defer to prevent err shadowing
• c452ac46 fix: add unit test to validate error shadowed bug

Code Refactoring 💎

• b0af2b93 refactor: use NewSharedInformerFactoryWithOptions for new shared informer

... (truncated)

Commits

• 2d0b596 Merge pull request #1465aramase/automated-cherry-pick-of-#1463
• 7526f1a release: update manifest and helm charts for v1.4.2
• 0f50b4c Merge pull request #1461 from aramase/aramase/c/bump_release_1.4_v1.4.2
• 9039cc9 chore: bump version to v1.4.2 in release-1.4
• ed51ed4 Merge pull request #1460aramase/automated-cherry-pick-of-#1459
• 9fd198c chore: update node-driver-registrar:v2.10.0, livenessprobe:v2.12.0
• 330cdf2 Merge pull request #1458aramase/automated-cherry-pick-of-#1457
• b303fae chore: update debian-base to bookworm-v1.0.1
• d2cc6c4 Merge pull request #1424aramase/automated-cherry-pick-of-#1423
• 148e1dd release: update manifest and helm charts for v1.4.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)