chore(aws-sdk-v2): update dependencies to accept new aws regions#5577
Merged
Skarlso merged 4 commits intoexternal-secrets:mainfrom Nov 17, 2025
Merged
chore(aws-sdk-v2): update dependencies to accept new aws regions#5577Skarlso merged 4 commits intoexternal-secrets:mainfrom
Skarlso merged 4 commits intoexternal-secrets:mainfrom
Conversation
8a8d3c5 to
f9c5d50
Compare
Member
|
@moolen maybe something wrong with the go mod bumper that we have? 🤔 |
Skarlso
reviewed
Nov 15, 2025
Signed-off-by: damien.puig <damien.puig@gmail.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Contributor
|
This looks okay now, but we have a problem with the publishing workflow. :/ I don't think it's related to your changes however. |
Contributor
Author
no worries - sounds like it s passing now |
|
Skarlso
approved these changes
Nov 17, 2025
alexlebens
pushed a commit
to alexlebens/infrastructure
that referenced
this pull request
Nov 22, 2025
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://github.com/external-secrets/external-secrets) | minor | `1.0.0` -> `1.1.0` | --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets)</summary> ### [`v1.1.0`](https://github.com/external-secrets/external-secrets/releases/tag/v1.1.0) [Compare Source](external-secrets/external-secrets@v1.0.0...v1.1.0) Image: `ghcr.io/external-secrets/external-secrets:v1.1.0` Image: `ghcr.io/external-secrets/external-secrets:v1.1.0-ubi` Image: `ghcr.io/external-secrets/external-secrets:v1.1.0-ubi-boringssl` <!-- Release notes generated using configuration in .github/release.yml at main --> #### What's Changed !*NOTE*!: During last community meeting we discussed that we are retiring our scarf account. With that, we will be changing back to [ghcr.io/external-secrets/external-secrets](http://ghcr.io/external-secrets/external-secrets) instead of [oci.external-secrets.io/external-secrets/external-secrets](http://oci.external-secrets.io/external-secrets/external-secrets). For now, the old domain will live for a couple months to give people to change back. With this release , the helm chart switched back to ghcr. ##### General - chore(chart): release helm chart 1.0.0 by [@​Skarlso](https://github.com/Skarlso) in [#​5552](external-secrets/external-secrets#5552) - feat(security): add support for ECDSA ssh keys by [@​bigjazzsound](https://github.com/bigjazzsound) in [#​5559](external-secrets/external-secrets#5559) - fix: minor typo in comment of KeeperSecurity example by [@​mdjong1](https://github.com/mdjong1) in [#​5573](external-secrets/external-secrets#5573) - docs(gcp): update documentation for using WorkloadIdentityFederation in non-GKE cluster by [@​jennweir](https://github.com/jennweir) in [#​5556](external-secrets/external-secrets#5556) - chore(release): add darwin\_arm64 releases by [@​lbordowitz](https://github.com/lbordowitz) in [#​5583](external-secrets/external-secrets#5583) - feat: support override IAM endpoint in IBM provider for APIkey auth by [@​fidel-ruiz](https://github.com/fidel-ruiz) in [#​5550](external-secrets/external-secrets#5550) - feat(security): build tags for all the providers to disable them on d… by [@​ShimonDarshan](https://github.com/ShimonDarshan) in [#​5578](external-secrets/external-secrets#5578) - fix: do not include the last element of the path in the iteration by [@​Skarlso](https://github.com/Skarlso) in [#​5588](external-secrets/external-secrets#5588) - fix(k8s): support deleting whole secret by [@​tiagolobocastro](https://github.com/tiagolobocastro) in [#​5538](external-secrets/external-secrets#5538) - fix(provider): configure TLS for secret server provider by [@​Lumexralph](https://github.com/Lumexralph) in [#​5558](external-secrets/external-secrets#5558) - chore(aws): remove any usage of aws-sdk-v1 by [@​Skarlso](https://github.com/Skarlso) in [#​5590](external-secrets/external-secrets#5590) - fix(gcp): check for secret version exists in PushSecret by [@​bpalko](https://github.com/bpalko) in [#​5593](external-secrets/external-secrets#5593) - feat(vault): add GCP Workload Identity authentication support by [@​SamuelMolling](https://github.com/SamuelMolling) in [#​5356](external-secrets/external-secrets#5356) - chore: fix sonar cloud issues by [@​Skarlso](https://github.com/Skarlso) in [#​5405](external-secrets/external-secrets#5405) - chore(aws-sdk-v2): update dependencies to accept new aws regions by [@​damienpuig](https://github.com/damienpuig) in [#​5577](external-secrets/external-secrets#5577) - feat(chart): use ghcr.io instead of our own domain by [@​evrardjp](https://github.com/evrardjp) in [#​5617](external-secrets/external-secrets#5617) ##### Dependencies - chore(deps): bump golang from 1.25.3 to 1.25.4 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5560](external-secrets/external-secrets#5560) - chore(deps): bump golang from 1.25.3-bookworm to 1.25.4-bookworm in /e2e by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5568](external-secrets/external-secrets#5568) - chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5561](external-secrets/external-secrets#5561) - chore(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5564](external-secrets/external-secrets#5564) - chore(deps): bump helm/chart-testing-action from 2.7.0 to 2.8.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5565](external-secrets/external-secrets#5565) - chore(deps): bump aws-actions/configure-aws-credentials from [`0d00a56`](external-secrets/external-secrets@0d00a56) to [`2475ef7`](external-secrets/external-secrets@2475ef7) by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5562](external-secrets/external-secrets#5562) - chore(deps): bump helm/kind-action from 1.12.0 to 1.13.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5563](external-secrets/external-secrets#5563) - chore(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5567](external-secrets/external-secrets#5567) - chore(deps): bump regex from 2025.10.23 to 2025.11.3 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5570](external-secrets/external-secrets#5570) - chore(deps): bump markdown from 3.9 to 3.10 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5569](external-secrets/external-secrets#5569) - chore(deps): bump hashicorp/setup-terraform from [`982f6f0`](external-secrets/external-secrets@982f6f0) to [`4c5fdab`](external-secrets/external-secrets@4c5fdab) by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5566](external-secrets/external-secrets#5566) - chore(deps): bump golang from `d3f0cf7` to `d3f0cf7` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5595](external-secrets/external-secrets#5595) - chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5596](external-secrets/external-secrets#5596) - chore(deps): bump click from 8.3.0 to 8.3.1 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5602](external-secrets/external-secrets#5602) - chore(deps): bump ubi9/ubi from `dec374e` to `dcd8128` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5594](external-secrets/external-secrets#5594) - chore(deps): bump aws-actions/configure-aws-credentials from [`2475ef7`](external-secrets/external-secrets@2475ef7) to [`f2964c7`](external-secrets/external-secrets@f2964c7) by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5597](external-secrets/external-secrets#5597) - chore(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5598](external-secrets/external-secrets#5598) - chore(deps): bump pymdown-extensions from 10.16.1 to 10.17.1 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5599](external-secrets/external-secrets#5599) - chore(deps): bump certifi from 2025.10.5 to 2025.11.12 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5600](external-secrets/external-secrets#5600) - chore(deps): bump mkdocs-material from 9.6.23 to 9.7.0 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5601](external-secrets/external-secrets#5601) - chore(deps): bump mkdocs-macros-plugin from 1.4.1 to 1.5.0 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5603](external-secrets/external-secrets#5603) #### New Contributors - [@​bigjazzsound](https://github.com/bigjazzsound) made their first contribution in [#​5559](external-secrets/external-secrets#5559) - [@​mdjong1](https://github.com/mdjong1) made their first contribution in [#​5573](external-secrets/external-secrets#5573) - [@​jennweir](https://github.com/jennweir) made their first contribution in [#​5556](external-secrets/external-secrets#5556) - [@​lbordowitz](https://github.com/lbordowitz) made their first contribution in [#​5583](external-secrets/external-secrets#5583) - [@​fidel-ruiz](https://github.com/fidel-ruiz) made their first contribution in [#​5550](external-secrets/external-secrets#5550) - [@​ShimonDarshan](https://github.com/ShimonDarshan) made their first contribution in [#​5578](external-secrets/external-secrets#5578) - [@​bpalko](https://github.com/bpalko) made their first contribution in [#​5593](external-secrets/external-secrets#5593) - [@​SamuelMolling](https://github.com/SamuelMolling) made their first contribution in [#​5356](external-secrets/external-secrets#5356) - [@​damienpuig](https://github.com/damienpuig) made their first contribution in [#​5577](external-secrets/external-secrets#5577) **Full Changelog**: <external-secrets/external-secrets@v1.0.0...v1.1.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41LjAiLCJ1cGRhdGVkSW5WZXIiOiI0Mi41LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImNoYXJ0Il19--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2081 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
tokiwong
pushed a commit
to tokiwong/external-secrets
that referenced
this pull request
Dec 9, 2025
…ernal-secrets#5577) Signed-off-by: Alvin Wong <alvin.wong@forgerock.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem Statement
External-secrets was using outdated AWS SDK v2 packages that didn't support newly launched AWS regions, including the Mexico (Central) region mx-central-1 which launched on January 14, 2025.
Additionally, the codebase lacked comprehensive region validation tests, making it difficult to verify support for all AWS regions across different partitions.
Related Issue
Fixes support for new AWS regions including mx-central-1 and 8 other regions added in AWS SDK v2 v1.39.12+.
Proposed Changes
AWS SDK Upgrade
Upgraded all AWS SDK v2 packages to their latest versions across all modules:
Comprehensive Region Testing
Added TestAllAWSRegions function that validates 48 region/service combinations across all AWS partitions:
This approach ensures:
Test Consolidation
Removed redundant individual test cases from TestValidateStore that duplicated region validation coverage, reducing code duplication and
improving maintainability.
Dependency Cleanup
Ran go mod tidy on all modules to remove stale dependency entries from go.sum files, removing 28 lines of outdated package references.
New Regions Supported
Checklist