helm/external-secrets-operator/external-secrets 2.2.0

v2.2.0

on Artifact Hub

Image: ghcr.io/external-secrets/external-secrets:v2.2.0
Image: ghcr.io/external-secrets/external-secrets:v2.2.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v2.2.0-ubi-boringssl

What's Changed

General

• chore: release charts v2.1.0 by @Skarlso in #6030
• chore: fix the stability doc by @Skarlso in #6035
• fix(security): Fix vulnerabilities by @othomann in #6052
• fix(aws): sync tags and resource policy even when secret value unchanged by @evs-secops in #6025
• fix: publish now uses docker build v4 which required some changes by @Skarlso in #6062
• feat(gcpsm): auto-detect projectID from GCP metadata server by @patjlm in #5922
• chore(templating): Remove years in license and their checks by @evrardj-roche in #5955
• docs: Add Roche to official ADOPTERS by @evrardj-roche in #6076
• feat: Add Last Sync column to ExternalSecret and PushSecret printers by @jaruwat-panturat in #6068
• fix(onepassword): support native item IDs by @chadxz in #6073
• feat: extract LGTM processor to external JS file with tests by @mateenali66 in #6074
• feat: fail fast if LGTM label does not exist in repository by @mateenali66 in #6078
• feat(passbolt): add support for Passbolt V5 API by @cedricherzog-passbolt in #5919
• fix(infisical): dataFrom.find.path should filter by secret path not name by @johnvox in #6086
• fix: disable the priority queue which misbehaves at scale by @Skarlso in #6083
• chore: update go version to 1.26.1 by @Skarlso in #6072
• docs(aws): fix PushSecret metadata indentation in resource policy exa... by @Br1an67 in #6056
• fix(aws): prevent EC2 IMDS fallback when explicit credentials are pro... by @Br1an67 in #6036
• feat(templating): Add certSANs function to extract SANs from certificates by @mzdeb in #6058
• docs: document template.metadata labels/annotations behavior by @lucpas in #6102
• fix: CODEOWNERS are seriously out of date by @Skarlso in #6106
• feat(helm): add readinessProbe support for external-secrets deployment by @AlexOQ in #5831
• fix: update grpc for CVE-2026-33186 by @Skarlso in #6108
• feat(azurekv): add expiration time to azure kv secret by @muraliavarma in #5935
• feat: add path to cloud.ru provider by @heavyandrew in #5952
• fix(add-eso-version): fix separator line pattern in add_eso_version.sh script by @riccardomc in #6113

Dependencies

• chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 by @dependabot[bot] in #6038
• chore(deps): bump charset-normalizer from 3.4.4 to 3.4.5 in /hack/api-docs by @dependabot[bot] in #6047
• chore(deps): bump platformdirs from 4.9.2 to 4.9.4 in /hack/api-docs by @dependabot[bot] in #6050
• chore(deps): bump mkdocs-material from 9.7.3 to 9.7.4 in /hack/api-docs by @dependabot[bot] in #6049
• chore(deps): bump github/codeql-action from 4.32.4 to 4.32.6 by @dependabot[bot] in #6039
• chore(deps): bump step-security/harden-runner from 2.15.0 to 2.15.1 by @dependabot[bot] in #6043
• chore(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @dependabot[bot] in #6040
• chore(deps): bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0 by @dependabot[bot] in #6044
• chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 by @dependabot[bot] in #6042
• chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 by @dependabot[bot] in #6041
• chore(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 by @dependabot[bot] in #6046
• chore(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.35.0 by @dependabot[bot] in #6048
• chore(deps): bump anchore/sbom-action from 0.23.0 to 0.23.1 by @dependabot[bot] in #6093
• chore(deps): bump distroless/static from 28efbe9 to 47b2d72 by @dependabot[bot] in #6088
• chore(deps): bump ubi9/ubi from cecb1cd to 6ed9f6f by @dependabot[bot] in #6087
• chore(deps): bump mkdocs-material from 9.7.4 to 9.7.5 in /hack/api-docs by @dependabot[bot] in #6096
• chore(deps): bump tornado from 6.5.4 to 6.5.5 in /hack/api-docs by @dependabot[bot] in #6094
• chore(deps): bump charset-normalizer from 3.4.5 to 3.4.6 in /hack/api-docs by @dependabot[bot] in #6095
• chore(deps): bump step-security/harden-runner from 2.15.1 to 2.16.0 by @dependabot[bot] in #6089
• chore(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 by @dependabot[bot] in #6092
• chore(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 by @dependabot[bot] in #6090
• chore(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0 by @dependabot[bot] in #6091

New Contributors

• @othomann made their first contribution in #6052
• @evs-secops made their first contribution in #6025
• @patjlm made their first contribution in #5922
• @jaruwat-panturat made their first contribution in #6068
• @chadxz made their first contribution in #6073
• @mateenali66 made their first contribution in #6074
• @cedricherzog-passbolt made their first contribution in #5919
• @johnvox made their first contribution in #6086
• @Br1an67 made their first contribution in #6056
• @mzdeb made their first contribution in #6058
• @lucpas made their first contribution in #6102
• @AlexOQ made their first contribution in #5831
• @muraliavarma made their first contribution in #5935
• @heavyandrew made their first contribution in #5952

Full Changelog: v2.1.0...v2.2.0