chore(deps): update secrets-store-csi-driver to v1.6.0 #6384

renovate-bot · 2026-04-29T18:03:39Z

renovate-bot commented

2026-04-29 18:03:39 +00:00

This PR contains the following updates:

Package	Update	Change
kubernetes-sigs/secrets-store-csi-driver	minor	`1.5.6` → `1.6.0`
secrets-store-csi-driver	minor	`1.5.6` → `1.6.0`

Release Notes

kubernetes-sigs/secrets-store-csi-driver (kubernetes-sigs/secrets-store-csi-driver)

`v1.6.0`

Compare Source

v1.6.0 - 2026-04-29

Secret Rotation via RequiresRepublish

The dedicated secret rotation controller has been replaced with the CSI RequiresRepublish mechanism. The CSIDriver now sets requiresRepublish: true, causing kubelet to periodically call NodePublishVolume, which re-fetches secrets from the provider when --enable-secret-rotation=true. The --rotation-poll-interval now acts as a minimum cache duration between rotations. This change removes the need for privileged RBAC permissions (listing pods, secrets, and creating service account tokens) that were previously required by the rotation controller. Rotation-specific RBAC resources (rbac-secretproviderrotation.yaml, rbac-secretprovidertokenrequest.yaml) have been removed and can be cleaned up from manual deployments.

Note: Please review the upgrade notes before upgrading.

Changelog

Bug Fixes 🐞

fix: set authority to localhost by @aramase in #1953
fix: configure requiresRepublish value in helm charts and metrics update by @dargudear-google in #1968

Build 🏭

fix(build): disable provenance and SBOM in buildx to fix manifest cre… by @aramase in #2028

Continuous Integration 💜

ci: add area/dependency label for dependabot PRs by @aramase in #1802
ci: use ubuntu-latest for gh workflows by @aramase in #1804
ci: update azure scripts to use rbac for keyvault permissions by @aramase in #1918
ci: ignore CVE-2023-2878 false positive from Trivy version detection by @aramase in #1927
ci: resolve azure e2e test flakes with rbac, windows vm size by @aramase in #1929
ci: Fix codegen, add GH action verifying it by @stlaz in #1978
ci: fix action version comments to match pinned SHAs by @aramase in #2017
ci: add sts.amazonaws.com audience to e2e-helm-deploy tokenRequests by @aramase in #2020
ci: fix govulncheck tools step with doc.go by @aramase in #2024
ci: replace broken setup-kind action with direct kind by @aramase in #2031

Documentation 📘

docs: Add OpenBao provider by @JoeMurray in #1914
docs: update manifest_staging/charts/secrets-store-csi-driver/README.md by @ThirdEyeSqueegee in #2005
docs: add missing OpenBao reference to concepts.md by @kangetsu121 in #2015

Features 🌈

feat: Use RequiresRepublish for secret rotation by @dargudear-google in #1622
feat: Support CSI serviceAccountTokenInSecrets for Kubernetes 1.35+ by @aramase in #1979

Maintenance 🔧

chore: bump actions/dependency-review-action from 4.3.4 to 4.6.0 by @dependabot[bot] in #1781
chore: bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot[bot] in #1791
chore: move nilekhc to emeritus_reviewers by @aramase in #1795
chore: bump golang.org/x/net from 0.37.0 to 0.38.0 in /hack/tools by @dependabot[bot] in #1796
chore: bump step-security/harden-runner from 2.10.3 to 2.12.0 by @dependabot[bot] in #1799
chore: bump github/codeql-action from 3.28.8 to 3.28.15 by @dependabot[bot] in #1803
chore: bump codecov/codecov-action from 5.1.2 to 5.4.2 by @dependabot[bot] in #1790
chore: bump github.com/google/go-cmp from 0.6.0 to 0.7.0 in /test/e2eprovider by @dependabot[bot] in #1763
chore: bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot[bot] in #1723
chore: bump engineerd/setup-kind from 0.5.0 to 0.6.2 by @dependabot[bot] in #1684
chore: bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in #1806
chore: bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in #1810
chore: bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @dependabot[bot] in #1807
chore: bump gaurav-nelson/github-action-markdown-link-check from 1.0.16 to 1.0.17 by @dependabot[bot] in #1809
chore: bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot[bot] in #1811
chore: bump livenessprobe to v2.15.0 and node-driver-registrar to v2.13.0 by @aramase in #1812
chore: bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot[bot] in #1815
chore: bump actions/dependency-review-action from 4.6.0 to 4.7.0 by @dependabot[bot] in #1816
chore: update to go 1.23.9 by @aramase in #1819
chore: bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot[bot] in #1826
chore: bump actions/dependency-review-action from 4.7.0 to 4.7.1 by @dependabot[bot] in #1828
chore: bump codecov/codecov-action from 5.4.2 to 5.4.3 by @dependabot[bot] in #1827
chore: bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in #1839
chore: bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot[bot] in #1843
chore: update debian-base to bookworm-v1.0.5 by @aramase in #1853
chore: bump github/codeql-action from 3.28.19 to 3.29.2 by @dependabot[bot] in #1866
chore: bump step-security/harden-runner from 2.12.0 to 2.12.2 by @dependabot[bot] in #1865
chore: bump golang.org/x/oauth2 from 0.7.0 to 0.27.0 by @dependabot[bot] in #1870
chore: bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in #1882
chore: update to go 1.24.6 by @aramase in #1888
chore: update to go 1.24.7 and bump base image by @aramase in #1915
chore: Upgrade controller-runtime to v0.18.7 by @johngmyers in #1938
chore: Take the Go version for codecov and scan-vulns from go.mod by @johngmyers in #1951
chore: update to go 1.24.9 by @aramase in #1949
chore: update to go 1.24.11 and bump golang.org/x/crypto to v0.46.0 by @aramase in #1967
chore: add helm configuration for automountServiceAccountToken by @EladCirt in #1975
chore: update to go 1.25.6 and kubectl v1.34.3 by @aramase in #1980
chore: bump livenessprobe and csi-node-driver-registrar by @ThirdEyeSqueegee in #2004
chore: bump trivy to v0.69.3 by @aramase in #2002
chore: limit dependabot PRs, replace it with govulncheck, harden GH actions by @aramase in #2010
chore: bump google.golang.org/grpc from 1.58.3 to 1.79.3 by @dependabot[bot] in #2012
chore: bump the all group with 9 updates by @dependabot[bot] in #2014
chore: bump the all group with 4 updates by @dependabot[bot] in #2019
chore: bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 by @dependabot[bot] in #2021
chore: bump Go to 1.25.9 to resolve CVE-2026-32281, CVE-2026-32288, CVE-2026-32289 by @aramase in #2022
chore: update project ownership and move ritazh to emeritus by @aramase in #2023
chore: bump version to v1.6.0 in release-1.6 by @aramase in #2026
chore: bump version to v1.6.0 in release-1.6 (part 2) by @aramase in #2027

Security Fix 🛡️

security: bump to go 1.23.10 to resolve CVE-2025-22874 by @aramase in #1846
security: bump to go 1.25.7 to resolve CVE-2025-68121 by @aramase in #1990

Testing 💚

test: update aks federated-credential command to add --audiences by @aramase in #1840
test: add e2e for openbao csi provider by @eyenx in #1902

New Contributors

@johngmyers made their first contribution in #1938
@EladCirt made their first contribution in #1975
@stlaz made their first contribution in #1978
@JoeMurray made their first contribution in #1914
@ThirdEyeSqueegee made their first contribution in #2004
@kangetsu121 made their first contribution in #2015

Full Changelog: https://github.com/kubernetes-sigs/secrets-store-csi-driver/compare/v1.5.6...v1.6.0

Configuration

📅 Schedule: (in timezone America/Chicago)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [kubernetes-sigs/secrets-store-csi-driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) | minor | `1.5.6` → `1.6.0` | | [secrets-store-csi-driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) | minor | `1.5.6` → `1.6.0` | --- ### Release Notes <details> <summary>kubernetes-sigs/secrets-store-csi-driver (kubernetes-sigs/secrets-store-csi-driver)</summary> ### [`v1.6.0`](https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v1.6.0) [Compare Source](https://github.com/kubernetes-sigs/secrets-store-csi-driver/compare/v1.5.6...v1.6.0) ##### v1.6.0 - 2026-04-29 ##### Secret Rotation via RequiresRepublish The dedicated secret rotation controller has been replaced with the [CSI RequiresRepublish](https://kubernetes-csi.github.io/docs/csi-driver-object.html) mechanism. The CSIDriver now sets `requiresRepublish: true`, causing kubelet to periodically call `NodePublishVolume`, which re-fetches secrets from the provider when `--enable-secret-rotation=true`. The `--rotation-poll-interval` now acts as a minimum cache duration between rotations. This change removes the need for privileged RBAC permissions (listing pods, secrets, and creating service account tokens) that were previously required by the rotation controller. Rotation-specific RBAC resources (`rbac-secretproviderrotation.yaml`, `rbac-secretprovidertokenrequest.yaml`) have been removed and can be cleaned up from manual deployments. > **Note:** Please review the [upgrade notes](https://secrets-store-csi-driver.sigs.k8s.io/getting-started/upgrades#pre-v160) before upgrading. ##### Changelog ##### Bug Fixes 🐞 - fix: set authority to localhost by [@aramase](https://github.com/aramase) in [#1953](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1953) - fix: configure requiresRepublish value in helm charts and metrics update by [@dargudear-google](https://github.com/dargudear-google) in [#1968](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1968) ##### Build 🏭 - fix(build): disable provenance and SBOM in buildx to fix manifest cre… by [@aramase](https://github.com/aramase) in [#2028](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2028) ##### Continuous Integration 💜 - ci: add area/dependency label for dependabot PRs by [@aramase](https://github.com/aramase) in [#1802](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1802) - ci: use ubuntu-latest for gh workflows by [@aramase](https://github.com/aramase) in [#1804](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1804) - ci: update azure scripts to use rbac for keyvault permissions by [@aramase](https://github.com/aramase) in [#1918](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1918) - ci: ignore CVE-2023-2878 false positive from Trivy version detection by [@aramase](https://github.com/aramase) in [#1927](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1927) - ci: resolve azure e2e test flakes with rbac, windows vm size by [@aramase](https://github.com/aramase) in [#1929](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1929) - ci: Fix codegen, add GH action verifying it by [@stlaz](https://github.com/stlaz) in [#1978](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1978) - ci: fix action version comments to match pinned SHAs by [@aramase](https://github.com/aramase) in [#2017](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2017) - ci: add `sts.amazonaws.com` audience to `e2e-helm-deploy` tokenRequests by [@aramase](https://github.com/aramase) in [#2020](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2020) - ci: fix govulncheck tools step with doc.go by [@aramase](https://github.com/aramase) in [#2024](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2024) - ci: replace broken setup-kind action with direct kind by [@aramase](https://github.com/aramase) in [#2031](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2031) ##### Documentation 📘 - docs: Add OpenBao provider by [@JoeMurray](https://github.com/JoeMurray) in [#1914](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1914) - docs: update `manifest_staging/charts/secrets-store-csi-driver/README.md` by [@ThirdEyeSqueegee](https://github.com/ThirdEyeSqueegee) in [#2005](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2005) - docs: add missing OpenBao reference to concepts.md by [@kangetsu121](https://github.com/kangetsu121) in [#2015](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2015) ##### Features 🌈 - feat: Use RequiresRepublish for secret rotation by [@dargudear-google](https://github.com/dargudear-google) in [#1622](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1622) - feat: Support CSI serviceAccountTokenInSecrets for Kubernetes 1.35+ by [@aramase](https://github.com/aramase) in [#1979](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1979) ##### Maintenance 🔧 - chore: bump actions/dependency-review-action from 4.3.4 to 4.6.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1781](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1781) - chore: bump actions/setup-go from 5.3.0 to 5.4.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1791](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1791) - chore: move nilekhc to emeritus\_reviewers by [@aramase](https://github.com/aramase) in [#1795](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1795) - chore: bump golang.org/x/net from 0.37.0 to 0.38.0 in /hack/tools by [@dependabot](https://github.com/dependabot)\[bot] in [#1796](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1796) - chore: bump step-security/harden-runner from 2.10.3 to 2.12.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1799](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1799) - chore: bump github/codeql-action from 3.28.8 to 3.28.15 by [@dependabot](https://github.com/dependabot)\[bot] in [#1803](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1803) - chore: bump codecov/codecov-action from 5.1.2 to 5.4.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#1790](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1790) - chore: bump github.com/google/go-cmp from 0.6.0 to 0.7.0 in /test/e2eprovider by [@dependabot](https://github.com/dependabot)\[bot] in [#1763](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1763) - chore: bump actions/checkout from 4.2.1 to 4.2.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#1723](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1723) - chore: bump engineerd/setup-kind from 0.5.0 to 0.6.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#1684](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1684) - chore: bump github/codeql-action from 3.28.15 to 3.28.16 by [@dependabot](https://github.com/dependabot)\[bot] in [#1806](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1806) - chore: bump actions/upload-artifact from 4.5.0 to 4.6.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#1810](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1810) - chore: bump ossf/scorecard-action from 2.4.0 to 2.4.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#1807](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1807) - chore: bump gaurav-nelson/github-action-markdown-link-check from 1.0.16 to 1.0.17 by [@dependabot](https://github.com/dependabot)\[bot] in [#1809](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1809) - chore: bump github/codeql-action from 3.28.16 to 3.28.17 by [@dependabot](https://github.com/dependabot)\[bot] in [#1811](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1811) - chore: bump livenessprobe to v2.15.0 and node-driver-registrar to v2.13.0 by [@aramase](https://github.com/aramase) in [#1812](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1812) - chore: bump actions/setup-go from 5.4.0 to 5.5.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1815](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1815) - chore: bump actions/dependency-review-action from 4.6.0 to 4.7.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1816](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1816) - chore: update to go 1.23.9 by [@aramase](https://github.com/aramase) in [#1819](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1819) - chore: bump github/codeql-action from 3.28.17 to 3.28.18 by [@dependabot](https://github.com/dependabot)\[bot] in [#1826](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1826) - chore: bump actions/dependency-review-action from 4.7.0 to 4.7.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#1828](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1828) - chore: bump codecov/codecov-action from 5.4.2 to 5.4.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#1827](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1827) - chore: bump ossf/scorecard-action from 2.4.1 to 2.4.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#1839](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1839) - chore: bump github/codeql-action from 3.28.18 to 3.28.19 by [@dependabot](https://github.com/dependabot)\[bot] in [#1843](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1843) - chore: update debian-base to bookworm-v1.0.5 by [@aramase](https://github.com/aramase) in [#1853](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1853) - chore: bump github/codeql-action from 3.28.19 to 3.29.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#1866](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1866) - chore: bump step-security/harden-runner from 2.12.0 to 2.12.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#1865](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1865) - chore: bump golang.org/x/oauth2 from 0.7.0 to 0.27.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1870](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1870) - chore: bump github/codeql-action from 3.29.2 to 3.29.5 by [@dependabot](https://github.com/dependabot)\[bot] in [#1882](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1882) - chore: update to go 1.24.6 by [@aramase](https://github.com/aramase) in [#1888](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1888) - chore: update to go 1.24.7 and bump base image by [@aramase](https://github.com/aramase) in [#1915](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1915) - chore: Upgrade controller-runtime to v0.18.7 by [@johngmyers](https://github.com/johngmyers) in [#1938](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1938) - chore: Take the Go version for codecov and scan-vulns from go.mod by [@johngmyers](https://github.com/johngmyers) in [#1951](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1951) - chore: update to go 1.24.9 by [@aramase](https://github.com/aramase) in [#1949](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1949) - chore: update to go 1.24.11 and bump golang.org/x/crypto to v0.46.0 by [@aramase](https://github.com/aramase) in [#1967](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1967) - chore: add helm configuration for automountServiceAccountToken by [@EladCirt](https://github.com/EladCirt) in [#1975](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1975) - chore: update to go 1.25.6 and kubectl v1.34.3 by [@aramase](https://github.com/aramase) in [#1980](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1980) - chore: bump `livenessprobe` and `csi-node-driver-registrar` by [@ThirdEyeSqueegee](https://github.com/ThirdEyeSqueegee) in [#2004](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2004) - chore: bump trivy to v0.69.3 by [@aramase](https://github.com/aramase) in [#2002](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2002) - chore: limit dependabot PRs, replace it with govulncheck, harden GH actions by [@aramase](https://github.com/aramase) in [#2010](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2010) - chore: bump google.golang.org/grpc from 1.58.3 to 1.79.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#2012](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2012) - chore: bump the all group with 9 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#2014](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2014) - chore: bump the all group with 4 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#2019](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2019) - chore: bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#2021](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2021) - chore: bump Go to 1.25.9 to resolve CVE-2026-32281, CVE-2026-32288, CVE-2026-32289 by [@aramase](https://github.com/aramase) in [#2022](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2022) - chore: update project ownership and move ritazh to emeritus by [@aramase](https://github.com/aramase) in [#2023](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2023) - chore: bump version to v1.6.0 in release-1.6 by [@aramase](https://github.com/aramase) in [#2026](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2026) - chore: bump version to v1.6.0 in release-1.6 (part 2) by [@aramase](https://github.com/aramase) in [#2027](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2027) ##### Security Fix 🛡️ - security: bump to go 1.23.10 to resolve CVE-2025-22874 by [@aramase](https://github.com/aramase) in [#1846](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1846) - security: bump to go 1.25.7 to resolve CVE-2025-68121 by [@aramase](https://github.com/aramase) in [#1990](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1990) ##### Testing 💚 - test: update aks federated-credential command to add --audiences by [@aramase](https://github.com/aramase) in [#1840](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1840) - test: add e2e for openbao csi provider by [@eyenx](https://github.com/eyenx) in [#1902](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1902) ##### New Contributors - [@johngmyers](https://github.com/johngmyers) made their first contribution in [#1938](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1938) - [@EladCirt](https://github.com/EladCirt) made their first contribution in [#1975](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1975) - [@stlaz](https://github.com/stlaz) made their first contribution in [#1978](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1978) - [@JoeMurray](https://github.com/JoeMurray) made their first contribution in [#1914](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/1914) - [@ThirdEyeSqueegee](https://github.com/ThirdEyeSqueegee) made their first contribution in [#2004](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2004) - [@kangetsu121](https://github.com/kangetsu121) made their first contribution in [#2015](https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/2015) **Full Changelog**: <https://github.com/kubernetes-sigs/secrets-store-csi-driver/compare/v1.5.6...v1.6.0> </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

renovate-bot changed title from ~~chore(deps): update dependency kubernetes-sigs/secrets-store-csi-driver to v1.6.0~~ to chore(deps): update secrets-store-csi-driver to v1.6.0

2026-04-29 19:05:01 +00:00

renovate-bot added the helm label 2026-04-29 19:05:03 +00:00

renovate-bot added 1 commit 2026-05-01 23:24:27 +00:00

chore(deps): update secrets-store-csi-driver to v1.6.0

lint-test-helm / lint-helm (pull_request) Successful in 41s

Details

lint-test-helm / validate-kubeconform (pull_request) Successful in 23s

Details

render-manifests / render-manifests (pull_request) Successful in 2m10s

Details

16c8524aae

renovate-bot force-pushed renovate/unified-secrets-store-csi-driver from b0e81435e9 to 16c8524aae

2026-05-01 23:24:27 +00:00

Compare

alexlebens merged commit ceb5951f68 into main

2026-05-02 00:06:52 +00:00

alexlebens referenced this issue from a commit

2026-05-02 00:06:52 +00:00

Merge pull request 'chore(deps): update secrets-store-csi-driver to v1.6.0' (#6384) from renovate/unified-secrets-store-csi-driver into main

alexlebens deleted branch renovate/unified-secrets-store-csi-driver

2026-05-02 00:06:55 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#6384