chore(deps): update helm chart mosquitto to v2

[xunholy]

This PR contains the following updates:

Package	Update	Change
mosquitto	major	1.3.1 -> 2.1.1

---

Release Notes

eclipse/mosquitto

v2.0.1

Compare Source

==================

Security:

• CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a
  malformed CONNACK message to the broker a NULL pointer dereference occurred,
  most likely resulting in a segfault. This will be updated with the CVE
  number when it is assigned.
  Affects versions 2.0.0 to 2.0.9 inclusive.

Broker:

• Don't over write new receive-maximum if a v5 client connects and takes over
  an old session. Closes #​2134.
• Fix CVE-xxxx-xxxx. Closes #​2163.

Clients:

• Set receive-maximum to not exceed the -C message count in mosquitto_sub
  and mosquitto_rr, to avoid potentially lost messages. Closes #​2134.
• Fix TLS-PSK mode not working with port 8883. Closes #​2152.

Client library:

• Fix possible socket leak. This would occur if a client was using
  mosquitto_loop_start(), then if the connection failed due to the remote
  server being inaccessible they called mosquitto_loop_stop(, true) and
  recreated the mosquitto object.

Build:

• A variety of minor build related fixes, like functions not having previous
  declarations.
• Fix CMake cross compile builds not finding opensslconf.h. Closes #​2160.
• Fix build on Solaris non-sparc. Closes #​2136.

v2.0.0

==================

Breaking changes:

• When the Mosquitto broker is run without configuring any listeners it will
  now bind to the loopback interfaces 127.0.0.1 and/or ::1. This means that
  only connections from the local host will be possible.

  Running the broker as mosquitto or mosquitto -p 1883 will bind to the
  loopback interface.

  Running the broker with a configuration file with no listeners configured
  will bind to the loopback interface with port 1883.

  Running the broker with a listener defined will bind by default to 0.0.0.0
  / :: and so will be accessible from any interface. It is still possible to
  bind to a specific address/interface.

  If the broker is run as mosquitto -c mosquitto.conf -p 1884, and a
  listener is defined in the configuration file, then the port defined on the
  command line will be IGNORED, and no listener configured for it.

• All listeners now default to allow_anonymous false unless explicitly set
  to true in the configuration file. This means that when configuring a
  listener the user must either configure an authentication and access control
  method, or set allow_anonymous true. When the broker is run without a
  configured listener, and so binds to the loopback interface, anonymous
  connections are allowed.

• If Mosquitto is run on as root on a unix like system, it will attempt to
  drop privileges as soon as the configuration file has been read. This is in
  contrast to the previous behaviour where elevated privileges were only
  dropped after listeners had been started (and hence TLS certificates loaded)
  and logging had been started. The change means that clients will never be
  able to connect to the broker when it is running as root, unless the user
  explicitly sets it to run as root, which is not advised. It also means that
  all locations that the broker needs to access must be available to the
  unprivileged user. In particular those people using TLS certificates from
  Lets Encrypt will need to do something to allow Mosquitto to access
  those certificates. An example deploy renewal hook script to help with this
  is at misc/letsencrypt/mosquitto-copy.sh.
  The user that Mosquitto will change to are the one provided in the
  configuration, mosquitto, or nobody, in order of availability.

• The pid_file option will now always attempt to write a pid file,
  regardless of whether the -d argument is used when running the broker.

• The tls_version option now defines the minimum TLS protocol version to
  be used, rather than the exact version. Closes #​1258.

• The max_queued_messages option has been increased from 100 to 1000 by
  default, and now also applies to QoS 0 messages, when a client is connected.

• The mosquitto_sub, mosquitto_pub, and mosquitto_rr clients will now load
  OS provided CA certificates by default if -L mqtts://... is used, or if
  the port is set to 8883 and no other CA certificates are loaded.

• Minimum support libwebsockets version is now 2.4.0

• The license has changed from "EPL-1.0 OR EDL-1.0" to "EPL-2.0 OR EDL-1.0".

Broker features:

• New plugin interface which is more flexible, easier to develop for and
  easier to extend.
• New dynamic security plugin, which allows clients, groups, and roles to be
  defined and updated as the broker is running.
• Performance improvements, particularly for higher numbers of clients.
• When running as root, if dropping privileges to the "mosquitto" user fails,
  then try "nobody" instead. This reduces the burden on users installing
  Mosquitto themselves.
• Add support for Unix domain socket listeners.
• Add bridge_outgoing_retain option, to allow outgoing messages from a
  bridge to have the retain bit completely disabled, which is useful when
  bridging to e.g. Amazon or Google.
• Add support for MQTT v5 bridges to handle the "retain-available" property
  being false.
• Allow MQTT v5.0 outgoing bridges to fall back to MQTT v3.1.1 if connecting
  to a v3.x only broker.
• DLT logging is now configurable at runtime with log_dest dlt.
  Closes #​1735.
• Add mosquitto_broker_publish() and mosquitto_broker_publish_copy()
  functions, which can be used by plugins to publish messages.
• Add mosquitto_client_protocol_version() function which can be used by
  plugins to determine which version of MQTT a client has connected with.
• Add mosquitto_kick_client_by_clientid() and mosquitto_kick_client_by_username()
  functions, which can be used by plugins to disconnect clients.
• Add support for handling $CONTROL/ topics in plugins.
• Add support for PBKDF2-SHA512 password hashing.
• Enabling certificate based TLS encryption is now through certfile and
  keyfile, not capath or cafile.
• Added support for controlling UNSUBSCRIBE calls in v5 plugin ACL checks.
• Add "deny" acl type. Closes #​1611.
• The broker now sends the receive-maximum property for MQTT v5 CONNACKs.
• Add the bridge_max_packet_size option. Closes #​265.
• Add the bridge_bind_address option. Closes #​1311.
• TLS certificates for the server are now reloaded on SIGHUP.
• Default for max_queued_messages has been changed to 1000.
• Add ciphers_tls1.3 option, to allow setting TLS v1.3 ciphersuites.
  Closes #​1825.
• Bridges now obey MQTT v5 server-keepalive.
• Add bridge support for the MQTT v5 maximum-qos property.
• Log client port on new connections. Closes #​1911.

Broker fixes:

• Send DISCONNECT with malformed-packet reason code on invalid PUBLISH,
  SUBSCRIBE, and UNSUBSCRIBE packets.
• Document that X509_free() must be called after using
  mosquitto_client_certificate(). Closes #​1842.
• Fix listener not being reassociated with client when reloading a persistence
  file and per_listener_settings true is set and the client did not set a
  username. Closes #​1891.
• Fix bridge sock not being removed from sock hash on error. Closes #​1897.
• mosquitto_password now forbids the : character. Closes #​1833.
• Fix log_timestamp_format not applying to log_dest topic. Closes #​1862.
• Fix crash on Windows if loading a plugin fails. Closes #​1866.
• Fix file logging on Windows. Closes #​1880.
• Report an error if the config file is set to a directory. Closes #​1814.
• Fix bridges incorrectly setting Wills to manage remote notifications when
  notifications_local_only was set true. Closes #​1902.

Client library features:

• Client no longer generates random client ids for v3.1.1 clients, these are
  now expected to be generated on the broker. This matches the behaviour for
  v5 clients. Closes #​291.
• Add support for connecting to brokers through Unix domain sockets.
• Add mosquitto_property_identifier(), for retrieving the identifier integer
  for a property.
• Add mosquitto_property_identifier_to_string() for converting a property
  identifier integer to the corresponding property name string.
• Add mosquitto_property_next() to retrieve the next property in a list, for
  iterating over property lists.
• mosquitto_pub now handles the MQTT v5 retain-available property by never
  setting the retain bit.
• Added MOSQ_OPT_TCP_NODELAY, to allow disabling Nagle's algorithm on client
  sockets. Closes #​1526.
• Add mosquitto_ssl_get() to allow clients to access their SSL structure and
  perform additional verification.
• Add MOSQ_OPT_BIND_ADDRESS to allow setting of a bind address independently
  of the mosquitto_connect*() call.
• Add MOSQ_OPT_TLS_USE_OS_CERTS option, to instruct the client to load and
  trust OS provided CA certificates for use with TLS connections.

Client library fixes:

• Fix send quota being incorrecly reset on reconnect. Closes #​1822.
• Don't use logging until log mutex is initialised. Closes #​1819.
• Fix missing mach/mach_time.h header on OS X. Closes #​1831.
• Fix connect properties not being sent when the client automatically
  reconnects. Closes #​1846.

Client features:

• Add timeout return code (27) for mosquitto_sub -W <secs> and
  mosquitto_rr -W <secs>. Closes #​275.
• Add support for connecting to brokers through Unix domain sockets with the
  --unix argument.
• Use cJSON library for producing JSON output, where available. Closes #​1222.
• Add support for outputting MQTT v5 property information to mosquitto_sub/rr
  JSON output. Closes #​1416.
• Add --pretty option to mosquitto_sub/rr for formatted/unformatted JSON
  output.
• Add support for v5 property printing to mosquitto_sub/rr in non-JSON mode.
  Closes #​1416.
• Add --nodelay to all clients to allow them to use the MOSQ_OPT_TCP_NODELAY
  option.
• Add -x to all clients to all the session-expiry-interval property to be
  easily set for MQTT v5 clients.
• Add --random-filter to mosquitto_sub, to allow only a certain proportion
  of received messages to be printed.
• mosquitto_sub %j and %J timestamps are now in a ISO 8601 compatible format.
• mosquitto_sub now supports extra format specifiers for field width and
  precision for some parameters.
• Add --version for all clients.
• All clients now load OS provided CA certificates if used with -L mqtts://..., or if port is set to 8883 and no other CA certificates are
  used. Closes #​1824.
• Add the --tls-use-os-certs option to all clients.

Client fixes:

• mosquitto_sub will now exit if all subscriptions were denied.
• mosquitto_pub now sends 0 length files without an error when using -f.
• Fix description of -e and -t arguments in mosquitto_rr. Closes #​1881.
• mosquitto_sub will now quit with an error if the %U option is used on
  Windows, rather than just quitting. Closes #​1908.

---

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.