commit kubeseal for openSUSE:Factory

Thu, 27 Mar 2025 14:35:44 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package kubeseal for openSUSE:Factory 
checked in at 2025-03-27 22:33:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubeseal (Old)
 and      /work/SRC/openSUSE:Factory/.kubeseal.new.2696 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "kubeseal"

Thu Mar 27 22:33:55 2025 rev:37 rq:1256463 version:0.29.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes        2025-01-16 
18:35:10.400529999 +0100
+++ /work/SRC/openSUSE:Factory/.kubeseal.new.2696/kubeseal.changes      
2025-03-27 22:34:32.882186151 +0100
@@ -1,0 +2,34 @@
+Thu Mar 27 12:52:41 UTC 2025 - [email protected]
+
+- Update to version 0.29.0:
+  * Release Notes for 0.29.0 (#1715)
+  * Bump to go1.23.7 (#1714)
+  * Bump github.com/onsi/gomega from 1.36.2 to 1.36.3 (#1712)
+  * Bump github.com/onsi/ginkgo/v2 from 2.23.0 to 2.23.3 (#1711)
+  * Bump k8s.io/code-generator from 0.32.2 to 0.32.3 (#1708)
+  * Bump k8s.io/client-go from 0.32.2 to 0.32.3 (#1705)
+  * Fix register a key using secret creationTimestamp instead of
+    certificate validity timestamp (#1681)
+  * Bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules
+    group (#1702)
+  * Bump golang.org/x/crypto from 0.35.0 to 0.36.0 (#1699)
+  * Bump github.com/prometheus/client_golang from 1.21.0 to 1.21.1
+    (#1700)
+  * Bump github.com/onsi/ginkgo/v2 from 2.22.2 to 2.23.0 (#1701)
+  * Bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0
+    (#1695)
+  * Bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#1696)
+  * Bump golang.org/x/crypto from 0.33.0 to 0.35.0 (#1697)
+  * Bump k8s.io/client-go from 0.32.1 to 0.32.2 (#1691)
+  * Bump k8s.io/code-generator from 0.32.1 to 0.32.2 (#1693)
+  * Update environment k8s version on CI (#1688)
+  * Update go tooling to 1.23.6 (#1686)
+  * Bump golang.org/x/crypto from 0.32.0 to 0.33.0 (#1685)
+  * Bump github.com/spf13/pflag from 1.0.5 to 1.0.6 (#1683)
+  * Bump k8s.io/client-go from 0.32.0 to 0.32.1 (#1678)
+  * Bump k8s.io/code-generator from 0.32.0 to 0.32.1 (#1677)
+  * Release carvel package 2.17.1 (#1676)
+  * Release chart 2.17.1 (#1675)
+  * Fix release process (#1674)
+
+-------------------------------------------------------------------

Old:
----
  kubeseal-0.28.0.obscpio

New:
----
  kubeseal-0.29.0.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ kubeseal.spec ++++++
--- /var/tmp/diff_new_pack.QMM6Et/_old  2025-03-27 22:34:33.602215955 +0100
+++ /var/tmp/diff_new_pack.QMM6Et/_new  2025-03-27 22:34:33.602215955 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           kubeseal
-Version:        0.28.0
+Version:        0.29.0
 Release:        0
 Summary:        CLI for encrypting secrets to SealedSecrets
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.QMM6Et/_old  2025-03-27 22:34:33.654218108 +0100
+++ /var/tmp/diff_new_pack.QMM6Et/_new  2025-03-27 22:34:33.658218274 +0100
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/bitnami-labs/sealed-secrets</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v0.28.0</param>
+    <param name="revision">v0.29.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.QMM6Et/_old  2025-03-27 22:34:33.678219102 +0100
+++ /var/tmp/diff_new_pack.QMM6Et/_new  2025-03-27 22:34:33.678219102 +0100
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://github.com/bitnami-labs/sealed-secrets</param>
-              <param 
name="changesrevision">6b1b331a2cd3a58569ce4d819a7cabc59c0a3e50</param></service></servicedata>
+              <param 
name="changesrevision">0d9cfaf99f23a344df8be86cf62d4aaad0d81be8</param></service></servicedata>
 (No newline at EOF)
 

++++++ kubeseal-0.28.0.obscpio -> kubeseal-0.29.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/.github/workflows/ci.yml 
new/kubeseal-0.29.0/.github/workflows/ci.yml
--- old/kubeseal-0.28.0/.github/workflows/ci.yml        2025-01-16 
10:43:46.000000000 +0100
+++ new/kubeseal-0.29.0/.github/workflows/ci.yml        2025-03-27 
11:50:13.000000000 +0100
@@ -155,7 +155,7 @@
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        k8s: ["1.24.15","1.25.11","1.26.6","1.27.3"]
+        k8s: ["1.29.13","1.30.9","1.31.5","1.32.1"]
     env:
       MINIKUBE_WANTUPDATENOTIFICATION: "false"
       MINIKUBE_WANTREPORTERRORPROMPT: "false"
@@ -178,9 +178,9 @@
     - name: Check out code into the Go module directory
       uses: actions/[email protected]
 
-    - uses: medyagh/[email protected]
+    - uses: medyagh/[email protected]
       with:
-        minikube-version: 1.30.1
+        minikube-version: 1.35.0
         kubernetes-version: ${{ matrix.k8s }}
 
     # need to delete old state of the cluster, see:
@@ -223,7 +223,7 @@
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        k8s: ["1.24.15","1.25.11","1.26.6","1.27.3"]
+        k8s: ["1.29.13","1.30.9","1.31.5","1.32.1"]
     env:
       MINIKUBE_WANTUPDATENOTIFICATION: "false"
       MINIKUBE_WANTREPORTERRORPROMPT: "false"
@@ -246,9 +246,9 @@
     - name: Check out code into the Go module directory
       uses: actions/[email protected]
 
-    - uses: medyagh/[email protected]
+    - uses: medyagh/[email protected]
       with:
-        minikube-version: 1.30.1
+        minikube-version: 1.35.0
         kubernetes-version: ${{ matrix.k8s }}
 
     - name: Install Helm
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/README.md 
new/kubeseal-0.29.0/README.md
--- old/kubeseal-0.28.0/README.md       2025-01-16 10:43:46.000000000 +0100
+++ new/kubeseal-0.29.0/README.md       2025-03-27 11:50:13.000000000 +0100
@@ -620,6 +620,18 @@
 Sealed secrets are not automatically rotated and old keys are not deleted
 when new keys are generated. Old `SealedSecret` resources can be still 
decrypted (that's because old sealing keys are not deleted).
 
+### Key registry init priority order
+
+When the controller starts, it will initialize the key registry. The most 
recent key is used to seal secrets. By default, this certificate is chosen 
based on the NotBefore attribute of the certificate. If you want to change the 
priority order of the keys in the registry, you can use the 
`--key-order-priority` flag. 
+
+The `--key-order-priority` flag accepts the following values:
+- `CertNotBefore`: (default) The key registry will be ordered based on the 
NotBefore attribute of the key certificate.
+- `SecretCreationTimestamp`: The key registry will be ordered based on the 
creation timestamp of the secret.
+
+This flag influences the public key used to encrypt secrets and the 
certificate retrieved by `kubeseal --fetch-cert`. 
+
+
+
 ### User secret rotation
 
 The *sealing key* renewal and SealedSecret rotation are **not a substitute** 
for rotating your actual secrets.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/RELEASE-NOTES.md 
new/kubeseal-0.29.0/RELEASE-NOTES.md
--- old/kubeseal-0.28.0/RELEASE-NOTES.md        2025-01-16 10:43:46.000000000 
+0100
+++ new/kubeseal-0.29.0/RELEASE-NOTES.md        2025-03-27 11:50:13.000000000 
+0100
@@ -4,6 +4,30 @@
 
 
[![](https://img.shields.io/github/release/bitnami-labs/sealed-secrets.svg)](https://github.com/bitnami-labs/sealed-secrets/releases/latest)
 
+## v0.29.0
+
+- Fix register a key using secret creationTimestamp instead of certificate 
validity timestamp 
([#1681](https://github.com/bitnami-labs/sealed-secrets/pull/1681))
+- Bump to go1.23.7 
([#1714](https://github.com/bitnami-labs/sealed-secrets/pull/1714))
+- Update environment k8s version on CI 
([#1688](https://github.com/bitnami-labs/sealed-secrets/pull/1688))
+- Update go tooling to 1.23.6 
([#1686](https://github.com/bitnami-labs/sealed-secrets/pull/1686))
+- Bump github.com/onsi/gomega from 1.36.2 to 1.36.3 
([#1712](https://github.com/bitnami-labs/sealed-secrets/pull/1712))
+- Bump github.com/onsi/ginkgo/v2 from 2.23.0 to 2.23.3 
([#1711](https://github.com/bitnami-labs/sealed-secrets/pull/1711))
+- Bump k8s.io/code-generator from 0.32.2 to 0.32.3 
([#1708](https://github.com/bitnami-labs/sealed-secrets/pull/1708))
+- Bump k8s.io/client-go from 0.32.2 to 0.32.3 
([#1705](https://github.com/bitnami-labs/sealed-secrets/pull/1705))
+- Bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group 
([#1702](https://github.com/bitnami-labs/sealed-secrets/pull/1702))
+- Bump golang.org/x/crypto from 0.35.0 to 0.36.0 
([#1699](https://github.com/bitnami-labs/sealed-secrets/pull/1699))
+- Bump github.com/prometheus/client_golang from 1.21.0 to 1.21.1 
([#1699](https://github.com/bitnami-labs/sealed-secrets/pull/1699))
+- Bump github.com/onsi/ginkgo/v2 from 2.22.2 to 2.23.0 
([#1701](https://github.com/bitnami-labs/sealed-secrets/pull/1701))
+- Bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 
([#1695](https://github.com/bitnami-labs/sealed-secrets/pull/1695))
+- Bump github.com/google/go-cmp from 0.6.0 to 0.7.0 
([#1696](https://github.com/bitnami-labs/sealed-secrets/pull/1696))
+- Bump golang.org/x/crypto from 0.33.0 to 0.35.0 
([#1697](https://github.com/bitnami-labs/sealed-secrets/pull/1697))
+- Bump k8s.io/client-go from 0.32.1 to 0.32.2 
([#1691](https://github.com/bitnami-labs/sealed-secrets/pull/1691))
+- Bump k8s.io/code-generator from 0.32.1 to 0.32.2 
([#1693](https://github.com/bitnami-labs/sealed-secrets/pull/1693))
+- Bump golang.org/x/crypto from 0.32.0 to 0.33.0 
([#1685](https://github.com/bitnami-labs/sealed-secrets/pull/1685))
+- Bump github.com/spf13/pflag from 1.0.5 to 1.0.6 
([#1683](https://github.com/bitnami-labs/sealed-secrets/pull/1683))
+- Bump k8s.io/client-go from 0.32.0 to 0.32.1 
([#1678](https://github.com/bitnami-labs/sealed-secrets/pull/1678))
+- Bump k8s.io/code-generator from 0.32.0 to 0.32.1 
([#1677](https://github.com/bitnami-labs/sealed-secrets/pull/1677))
+
 ## v0.28.0
 
 - fix: explicitly set resourceFieldRef.divisor 
([#1655](https://github.com/bitnami-labs/sealed-secrets/pull/1655))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/carvel/package.yaml 
new/kubeseal-0.29.0/carvel/package.yaml
--- old/kubeseal-0.28.0/carvel/package.yaml     2025-01-16 10:43:46.000000000 
+0100
+++ new/kubeseal-0.29.0/carvel/package.yaml     2025-03-27 11:50:13.000000000 
+0100
@@ -1,10 +1,10 @@
 apiVersion: data.packaging.carvel.dev/v1alpha1
 kind: Package
 metadata:
-  name: "sealedsecrets.bitnami.com.2.17.0"
+  name: "sealedsecrets.bitnami.com.2.17.1"
 spec:
   refName: "sealedsecrets.bitnami.com"
-  version: "2.17.0"
+  version: "2.17.1"
   valuesSchema:
     openAPIv3:
       title: Chart Values
@@ -424,7 +424,7 @@
     spec:
       fetch:
         - imgpkgBundle:
-            image: 
ghcr.io/bitnami-labs/sealed-secrets-carvel@sha256:f6ba576f32bcfd929b4e4bf3634bbb1dfec994c28b4c578bcb00d770980e64dc
+            image: 
ghcr.io/bitnami-labs/sealed-secrets-carvel@sha256:cf98d6d7e4cde265d04622f08316ac7a75fac0a4dedb5351807ff66f78f0924d
       template:
         - helmTemplate:
             path: sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/cmd/controller/main.go 
new/kubeseal-0.29.0/cmd/controller/main.go
--- old/kubeseal-0.28.0/cmd/controller/main.go  2025-01-16 10:43:46.000000000 
+0100
+++ new/kubeseal-0.29.0/cmd/controller/main.go  2025-03-27 11:50:13.000000000 
+0100
@@ -20,8 +20,9 @@
 )
 
 const (
-       flagEnvPrefix         = "SEALED_SECRETS"
-       defaultKeyRenewPeriod = 30 * 24 * time.Hour
+       flagEnvPrefix           = "SEALED_SECRETS"
+       defaultKeyRenewPeriod   = 30 * 24 * time.Hour
+       defaultKeyOrderPriority = "CertNotBefore"
 )
 
 var (
@@ -36,6 +37,7 @@
        fs.StringVar(&f.MyCN, "my-cn", "", "Common name to be used as 
issuer/subject DN in generated certificate.")
 
        fs.DurationVar(&f.KeyRenewPeriod, "key-renew-period", 
defaultKeyRenewPeriod, "New key generation period (automatic rotation 
deactivated if 0)")
+       fs.StringVar(&f.KeyOrderPriority, "key-order-priority", 
defaultKeyOrderPriority, "Ordering of keys based on NotBefore certificate 
attribute or secret creation timestamp.")
        fs.BoolVar(&f.AcceptV1Data, "accept-deprecated-v1-data", true, "Accept 
deprecated V1 data field.")
        fs.StringVar(&f.KeyCutoffTime, "key-cutoff-time", "", "Create a new key 
if latest one is older than this cutoff time. RFC1123 format with numeric 
timezone expected.")
        fs.BoolVar(&f.NamespaceAll, "all-namespaces", true, "Scan all 
namespaces or only the current namespace (default=true).")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/go.mod new/kubeseal-0.29.0/go.mod
--- old/kubeseal-0.28.0/go.mod  2025-01-16 10:43:46.000000000 +0100
+++ new/kubeseal-0.29.0/go.mod  2025-03-27 11:50:13.000000000 +0100
@@ -1,24 +1,24 @@
 module github.com/bitnami-labs/sealed-secrets
 
-go 1.23.4
+go 1.23.7
 
 require (
        github.com/Masterminds/sprig/v3 v3.3.0
-       github.com/google/go-cmp v0.6.0
+       github.com/google/go-cmp v0.7.0
        github.com/google/renameio v0.1.0
        github.com/mattn/go-isatty v0.0.20
        github.com/mkmik/multierror v0.4.0
-       github.com/onsi/ginkgo/v2 v2.22.2
-       github.com/onsi/gomega v1.36.2
-       github.com/prometheus/client_golang v1.20.5
-       github.com/spf13/pflag v1.0.5
+       github.com/onsi/ginkgo/v2 v2.23.3
+       github.com/onsi/gomega v1.36.3
+       github.com/prometheus/client_golang v1.21.1
+       github.com/spf13/pflag v1.0.6
        github.com/throttled/throttled v2.2.5+incompatible
-       golang.org/x/crypto v0.32.0
+       golang.org/x/crypto v0.36.0
        gopkg.in/yaml.v2 v2.4.0
-       k8s.io/api v0.32.0
-       k8s.io/apimachinery v0.32.0
-       k8s.io/client-go v0.32.0
-       k8s.io/code-generator v0.32.0
+       k8s.io/api v0.32.3
+       k8s.io/apimachinery v0.32.3
+       k8s.io/client-go v0.32.3
+       k8s.io/code-generator v0.32.3
        k8s.io/klog v1.0.0
        k8s.io/klog/v2 v2.130.1
        k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
@@ -49,7 +49,7 @@
        github.com/huandu/xstrings v1.5.0 // indirect
        github.com/josharian/intern v1.0.0 // indirect
        github.com/json-iterator/go v1.1.12 // indirect
-       github.com/klauspost/compress v1.17.9 // indirect
+       github.com/klauspost/compress v1.17.11 // indirect
        github.com/mailru/easyjson v0.7.7 // indirect
        github.com/mitchellh/copystructure v1.2.0 // indirect
        github.com/mitchellh/reflectwalk v1.0.2 // indirect
@@ -58,21 +58,21 @@
        github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // 
indirect
        github.com/pkg/errors v0.9.1 // indirect
        github.com/prometheus/client_model v0.6.1 // indirect
-       github.com/prometheus/common v0.55.0 // indirect
+       github.com/prometheus/common v0.62.0 // indirect
        github.com/prometheus/procfs v0.15.1 // indirect
        github.com/shopspring/decimal v1.4.0 // indirect
        github.com/spf13/cast v1.7.0 // indirect
        github.com/x448/float16 v0.8.4 // indirect
-       golang.org/x/mod v0.22.0 // indirect
-       golang.org/x/net v0.33.0 // indirect
-       golang.org/x/oauth2 v0.23.0 // indirect
-       golang.org/x/sync v0.10.0 // indirect
-       golang.org/x/sys v0.29.0 // indirect
-       golang.org/x/term v0.28.0 // indirect
-       golang.org/x/text v0.21.0 // indirect
+       golang.org/x/mod v0.23.0 // indirect
+       golang.org/x/net v0.37.0 // indirect
+       golang.org/x/oauth2 v0.24.0 // indirect
+       golang.org/x/sync v0.12.0 // indirect
+       golang.org/x/sys v0.31.0 // indirect
+       golang.org/x/term v0.30.0 // indirect
+       golang.org/x/text v0.23.0 // indirect
        golang.org/x/time v0.7.0 // indirect
-       golang.org/x/tools v0.28.0 // indirect
-       google.golang.org/protobuf v1.36.1 // indirect
+       golang.org/x/tools v0.30.0 // indirect
+       google.golang.org/protobuf v1.36.5 // indirect
        gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
        gopkg.in/inf.v0 v0.9.1 // indirect
        gopkg.in/yaml.v3 v3.0.1 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/go.sum new/kubeseal-0.29.0/go.sum
--- old/kubeseal-0.28.0/go.sum  2025-01-16 10:43:46.000000000 +0100
+++ new/kubeseal-0.29.0/go.sum  2025-03-27 11:50:13.000000000 +0100
@@ -40,8 +40,8 @@
 github.com/google/gnostic-models v0.6.8 
h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
 github.com/google/gnostic-models v0.6.8/go.mod 
h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.5.9/go.mod 
h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod 
h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod 
h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod 
h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod 
h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -61,8 +61,8 @@
 github.com/json-iterator/go v1.1.12/go.mod 
h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod 
h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod 
h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.9 
h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
-github.com/klauspost/compress v1.17.9/go.mod 
h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.11 
h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod 
h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod 
h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -86,21 +86,21 @@
 github.com/modern-go/reflect2 v1.0.2/go.mod 
h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 
h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod 
h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.22.2 
h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU=
-github.com/onsi/ginkgo/v2 v2.22.2/go.mod 
h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk=
-github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
-github.com/onsi/gomega v1.36.2/go.mod 
h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
+github.com/onsi/ginkgo/v2 v2.23.3 
h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
+github.com/onsi/ginkgo/v2 v2.23.3/go.mod 
h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
+github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
+github.com/onsi/gomega v1.36.3/go.mod 
h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod 
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod 
h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 
h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod 
h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.20.5 
h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
-github.com/prometheus/client_golang v1.20.5/go.mod 
h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_golang v1.21.1 
h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk=
+github.com/prometheus/client_golang v1.21.1/go.mod 
h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg=
 github.com/prometheus/client_model v0.6.1 
h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod 
h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.55.0 
h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
-github.com/prometheus/common v0.55.0/go.mod 
h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
+github.com/prometheus/common v0.62.0 
h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
+github.com/prometheus/common v0.62.0/go.mod 
h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 
h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod 
h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.12.0 
h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
@@ -109,12 +109,12 @@
 github.com/shopspring/decimal v1.4.0/go.mod 
h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
 github.com/spf13/cast v1.7.0/go.mod 
h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod 
h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod 
h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod 
h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod 
h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.9.0 
h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod 
h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 
h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod 
h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/throttled/throttled v2.2.5+incompatible 
h1:65UB52X0qNTYiT0Sohp8qLYVFwZQPDw85uSa65OljjQ=
 github.com/throttled/throttled v2.2.5+incompatible/go.mod 
h1:0BjlrEGQmvxps+HuXLsyRdqpSRvJpq0PNIsOtqP9Nos=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
@@ -126,51 +126,51 @@
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod 
h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod 
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod 
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod 
h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod 
h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
-golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
+golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod 
h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod 
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod 
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod 
h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
-golang.org/x/oauth2 v0.23.0/go.mod 
h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
+golang.org/x/oauth2 v0.24.0/go.mod 
h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod 
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod 
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod 
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod 
h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod 
h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod 
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod 
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod 
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod 
h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod 
h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod 
h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod 
h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
 golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod 
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod 
h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod 
h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod 
h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
-golang.org/x/tools v0.28.0/go.mod 
h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
+golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
+golang.org/x/tools v0.30.0/go.mod 
h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod 
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod 
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod 
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod 
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.36.1 
h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk=
-google.golang.org/protobuf v1.36.1/go.mod 
h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.5 
h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod 
h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod 
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c 
h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod 
h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -182,14 +182,14 @@
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE=
-k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
-k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
-k8s.io/apimachinery v0.32.0/go.mod 
h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
-k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8=
-k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8=
-k8s.io/code-generator v0.32.0 h1:s0lNN8VSWny8LBz5t5iy7MCdgwdOhdg7vAGVxvS+VWU=
-k8s.io/code-generator v0.32.0/go.mod 
h1:b7Q7KMZkvsYFy72A79QYjiv4aTz3GvW0f1T3UfhFq4s=
+k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
+k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
+k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
+k8s.io/apimachinery v0.32.3/go.mod 
h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
+k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
+k8s.io/code-generator v0.32.3 h1:31p2TVzC9+hVdSkAFruAk3JY+iSfzrJ83Qij1yZutyw=
+k8s.io/code-generator v0.32.3/go.mod 
h1:+mbiYID5NLsBuqxjQTygKM/DAdKpAjvBzrJd64NU1G8=
 k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 
h1:si3PfKm8dDYxgfbeA6orqrtLkvvIeH8UqffFJDl0bz4=
 k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9/go.mod 
h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/helm/sealed-secrets/Chart.yaml 
new/kubeseal-0.29.0/helm/sealed-secrets/Chart.yaml
--- old/kubeseal-0.28.0/helm/sealed-secrets/Chart.yaml  2025-01-16 
10:43:46.000000000 +0100
+++ new/kubeseal-0.29.0/helm/sealed-secrets/Chart.yaml  2025-03-27 
11:50:13.000000000 +0100
@@ -1,7 +1,7 @@
 annotations:
   category: DeveloperTools
 apiVersion: v2
-appVersion: 0.27.3
+appVersion: 0.28.0
 description: Helm chart for the sealed-secrets controller.
 home: https://github.com/bitnami-labs/sealed-secrets
 icon: 
https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png
@@ -14,6 +14,6 @@
     url: https://github.com/bitnami-labs/sealed-secrets
 name: sealed-secrets
 type: application
-version: 2.17.0
+version: 2.17.1
 sources:
   - https://github.com/bitnami-labs/sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/helm/sealed-secrets/README.md 
new/kubeseal-0.29.0/helm/sealed-secrets/README.md
--- old/kubeseal-0.28.0/helm/sealed-secrets/README.md   2025-01-16 
10:43:46.000000000 +0100
+++ new/kubeseal-0.29.0/helm/sealed-secrets/README.md   2025-03-27 
11:50:13.000000000 +0100
@@ -86,7 +86,7 @@
 | ------------------------------------------------- | 
------------------------------------------------------------------------------------------------------------------
 | ----------------------------------- |
 | `image.registry`                                  | Sealed Secrets image 
registry                                                                        
              | `docker.io`                         |
 | `image.repository`                                | Sealed Secrets image 
repository                                                                      
              | `bitnami/sealed-secrets-controller` |
-| `image.tag`                                       | Sealed Secrets image tag 
(immutable tags are recommended)                                                
          | `0.27.3`                            |
+| `image.tag`                                       | Sealed Secrets image tag 
(immutable tags are recommended)                                                
          | `0.28.0`                            |
 | `image.pullPolicy`                                | Sealed Secrets image 
pull policy                                                                     
              | `IfNotPresent`                      |
 | `image.pullSecrets`                               | Sealed Secrets image 
pull secrets                                                                    
              | `[]`                                |
 | `revisionHistoryLimit`                            | Number of old history to 
retain to allow rollback (If not set, default Kubernetes value is set to 10)    
          | `""`                                |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/helm/sealed-secrets/values.yaml 
new/kubeseal-0.29.0/helm/sealed-secrets/values.yaml
--- old/kubeseal-0.28.0/helm/sealed-secrets/values.yaml 2025-01-16 
10:43:46.000000000 +0100
+++ new/kubeseal-0.29.0/helm/sealed-secrets/values.yaml 2025-03-27 
11:50:13.000000000 +0100
@@ -39,7 +39,7 @@
 image:
   registry: docker.io
   repository: bitnami/sealed-secrets-controller
-  tag: 0.27.3
+  tag: 0.28.0
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/pkg/controller/controller_test.go 
new/kubeseal-0.29.0/pkg/controller/controller_test.go
--- old/kubeseal-0.28.0/pkg/controller/controller_test.go       2025-01-16 
10:43:46.000000000 +0100
+++ new/kubeseal-0.29.0/pkg/controller/controller_test.go       2025-03-27 
11:50:13.000000000 +0100
@@ -219,7 +219,7 @@
        keyLabel := SealedSecretsKeyLabel
        prefix := "test-keys"
        testKeySize := 4096
-       keyRegistry, err := initKeyRegistry(ctx, clientset, rand.Reader, ns, 
prefix, keyLabel, testKeySize)
+       keyRegistry, err := initKeyRegistry(ctx, clientset, rand.Reader, ns, 
prefix, keyLabel, testKeySize, "CertNotBefore")
        if err != nil {
                t.Fatalf("failed to provision key registry: %v", err)
        }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/pkg/controller/main.go 
new/kubeseal-0.29.0/pkg/controller/main.go
--- old/kubeseal-0.28.0/pkg/controller/main.go  2025-01-16 10:43:46.000000000 
+0100
+++ new/kubeseal-0.29.0/pkg/controller/main.go  2025-03-27 11:50:13.000000000 
+0100
@@ -40,6 +40,7 @@
        ValidFor              time.Duration
        MyCN                  string
        KeyRenewPeriod        time.Duration
+       KeyOrderPriority      string
        AcceptV1Data          bool
        KeyCutoffTime         string
        NamespaceAll          bool
@@ -62,7 +63,7 @@
        return validateKeyPrefix(keyPrefix)
 }
 
-func initKeyRegistry(ctx context.Context, client kubernetes.Interface, r 
io.Reader, namespace, prefix, label string, keysize int) (*KeyRegistry, error) {
+func initKeyRegistry(ctx context.Context, client kubernetes.Interface, r 
io.Reader, namespace, prefix, label string, keysize int, keyOrderPriority 
string) (*KeyRegistry, error) {
        slog.Info("Searching for existing private keys")
        secretList, err := client.CoreV1().Secrets(namespace).List(ctx, 
metav1.ListOptions{
                LabelSelector: keySelector.String(),
@@ -88,7 +89,11 @@
                if err != nil {
                        slog.Error("Error reading key", "secret", secret.Name, 
"error", err)
                }
-               if err := keyRegistry.registerNewKey(secret.Name, key, 
certs[0], certs[0].NotBefore); err != nil {
+
+               // Select ordering time based on the keyOrderPriority flag
+               orderingTime := getKeyOrderPriority(keyOrderPriority, certs[0], 
secret)
+
+               if err := keyRegistry.registerNewKey(secret.Name, key, 
certs[0], orderingTime); err != nil {
                        return nil, err
                }
                slog.Info("registered private key", "secretname", secret.Name)
@@ -96,6 +101,18 @@
        return keyRegistry, nil
 }
 
+func getKeyOrderPriority(keyOrderPriority string, cert *x509.Certificate, 
secret v1.Secret) time.Time {
+       switch keyOrderPriority {
+       case "CertNotBefore":
+               return cert.NotBefore
+       case "SecretCreationTimestamp":
+               return secret.GetCreationTimestamp().Time
+       default:
+               slog.Error("Invalid keyOrderPriority. Use CertNotBefore or 
SecretCreationTimestamp", "keyOrderPriority", keyOrderPriority)
+       }
+       return cert.NotBefore
+}
+
 func myNamespace() string {
        if ns := os.Getenv("POD_NAMESPACE"); ns != "" {
                return ns
@@ -169,7 +186,7 @@
                return err
        }
 
-       keyRegistry, err := initKeyRegistry(ctx, clientset, rand.Reader, myNs, 
prefix, SealedSecretsKeyLabel, f.KeySize)
+       keyRegistry, err := initKeyRegistry(ctx, clientset, rand.Reader, myNs, 
prefix, SealedSecretsKeyLabel, f.KeySize, f.KeyOrderPriority)
        if err != nil {
                return err
        }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/pkg/controller/main_test.go 
new/kubeseal-0.29.0/pkg/controller/main_test.go
--- old/kubeseal-0.28.0/pkg/controller/main_test.go     2025-01-16 
10:43:46.000000000 +0100
+++ new/kubeseal-0.29.0/pkg/controller/main_test.go     2025-03-27 
11:50:13.000000000 +0100
@@ -49,7 +49,7 @@
        client := fake.NewSimpleClientset()
        client.PrependReactor("create", "secrets", generateNameReactor)
 
-       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", "label", 1024)
+       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", "label", 1024, "CertNotBefore")
        if err != nil {
                t.Fatalf("initKeyRegistry() returned err: %v", err)
        }
@@ -69,7 +69,7 @@
 
        // Due to limitations of the fake client, we cannot test whether 
initKeyRegistry is able
        // to pick up existing keys
-       _, err = initKeyRegistry(ctx, client, rand, "namespace", "prefix", 
"label", 1024)
+       _, err = initKeyRegistry(ctx, client, rand, "namespace", "prefix", 
"label", 1024, "CertNotBefore")
        if err != nil {
                t.Fatalf("initKeyRegistry() returned err: %v", err)
        }
@@ -84,7 +84,7 @@
        client := fake.NewSimpleClientset()
        client.PrependReactor("create", "secrets", generateNameReactor)
 
-       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", "label", 1024)
+       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", "label", 1024, "CertNotBefore")
        if err != nil {
                t.Fatalf("initKeyRegistry() returned err: %v", err)
        }
@@ -125,7 +125,7 @@
        client := fake.NewSimpleClientset()
        client.PrependReactor("create", "secrets", generateNameReactor)
 
-       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", "label", 1024)
+       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", "label", 1024, "CertNotBefore")
        if err != nil {
                t.Fatalf("initKeyRegistry() returned err: %v", err)
        }
@@ -180,7 +180,7 @@
 
        client.ClearActions()
 
-       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", SealedSecretsKeyLabel, 1024)
+       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", SealedSecretsKeyLabel, 1024, "CertNotBefore")
        if err != nil {
                t.Fatalf("initKeyRegistry() returned err: %v", err)
        }
@@ -227,7 +227,7 @@
                t.Errorf("writeKey() failed with: %v", err)
        }
 
-       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", SealedSecretsKeyLabel, 1024)
+       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", SealedSecretsKeyLabel, 1024, "CertNotBefore")
        if err != nil {
                t.Fatalf("initKeyRegistry() returned err: %v", err)
        }
@@ -284,7 +284,7 @@
                t.Errorf("writeKey() failed with: %v", err)
        }
 
-       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", SealedSecretsKeyLabel, 1024)
+       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", SealedSecretsKeyLabel, 1024, "CertNotBefore")
        if err != nil {
                t.Fatalf("initKeyRegistry() returned err: %v", err)
        }
@@ -351,7 +351,7 @@
 
        client.ClearActions()
 
-       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", SealedSecretsKeyLabel, 1024)
+       registry, err := initKeyRegistry(ctx, client, rand, "namespace", 
"prefix", SealedSecretsKeyLabel, 1024, "CertNotBefore")
        if err != nil {
                t.Fatalf("initKeyRegistry() returned err: %v", err)
        }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/scripts/release-check 
new/kubeseal-0.29.0/scripts/release-check
--- old/kubeseal-0.28.0/scripts/release-check   2025-01-16 10:43:46.000000000 
+0100
+++ new/kubeseal-0.29.0/scripts/release-check   2025-03-27 11:50:13.000000000 
+0100
@@ -7,7 +7,7 @@
 }
 
 function find_release() {
-       curl -v --silent 
https://github.com/bitnami-labs/sealed-secrets/releases 2>&1 | grep -w $1 > 
/dev/null
+       curl -v --silent 
https://github.com/bitnami-labs/sealed-secrets/releases 2>&1 | grep -w 
kubeseal-$1 > /dev/null
        echo $?
 }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/kubeseal-0.28.0/versions.env 
new/kubeseal-0.29.0/versions.env
--- old/kubeseal-0.28.0/versions.env    2025-01-16 10:43:46.000000000 +0100
+++ new/kubeseal-0.29.0/versions.env    2025-03-27 11:50:13.000000000 +0100
@@ -1,2 +1,2 @@
-GO_VERSION=1.23.4
+GO_VERSION=1.23.7
 GO_VERSION_LIST="[\"$GO_VERSION\"]"

++++++ kubeseal.obsinfo ++++++
--- /var/tmp/diff_new_pack.QMM6Et/_old  2025-03-27 22:34:34.058234831 +0100
+++ /var/tmp/diff_new_pack.QMM6Et/_new  2025-03-27 22:34:34.058234831 +0100
@@ -1,5 +1,5 @@
 name: kubeseal
-version: 0.28.0
-mtime: 1737020626
-commit: 6b1b331a2cd3a58569ce4d819a7cabc59c0a3e50
+version: 0.29.0
+mtime: 1743072613
+commit: 0d9cfaf99f23a344df8be86cf62d4aaad0d81be8
 

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.kubeseal.new.2696/vendor.tar.gz differ: char 5, 
line 1

Reply via email to