Update Helm release keda to v2.17.0

[renovate]

This PR contains the following updates:

Package	Update	Change
keda	minor	2.16.1 -> 2.17.0

---

Release Notes

kedacore/keda (keda)

v2.17.0

Compare Source

New

• General: Add support for time-bound Kubernetes ServiceAccount tokens as a source for TriggerAuthentication (#​6136)
• General: Introduce new NSQ scaler (#​3281)
• General: Introduce new Temporal scaler (#​4724)

Improvements

• General: Add Fallback option behavior for dynamic fallback calculation (#​6450)
• General: Add SecretKey to AWS SecretsManager TriggerAuthentication to allow parsing JSON / Key/Value Pairs in secrets (#​5940)
• General: Enable OpenSSF Scorecard to enhance security practices across the project (#​5913)
• General: Operator flag to control patching of webhook resources certificates (#​6184)
• Azure Log Analytics Scaler: Add custom HTTP client timeout (#​6607)
• Azure Pipelines Scaler: Introduce requireAllDemandsAndIgnoreOthers to match job demands while ignoring extras (#​5579)
• Elasticsearch Scaler: Support IgnoreNullValues at Elasticsearch scaler (#​6599)
• GitHub Scaler: Add support to use ETag for conditional requests against the Github API (#​6503)
• GitHub Scaler: Filter workflows via query parameter for improved queue count accuracy (#​6519)
• IBMMQ Scaler: Handling StatusNotFound in IBMMQ scaler (#​6472)
• MongoDB Scaler: Support float queryValue for MongoDB scaler (#​6574)
• Prometheus Scaler: Add custom HTTP client timeout (#​6607)
• RabbitMQ Scaler: Support use of the ‘vhostName’ parameter in the ‘TriggerAuthentication’ resource (#​6369)
• Selenium Grid: Add trigger param for Node enables managed downloads capability (#​6570)
• Selenium Grid: Add trigger param to set custom capabilities for matching specific Nodes (#​6536)
• Selenium Grid: Selenium Grid: Trigger param enableManagedDownloads set as true by default (#​6684)

Fixes

• General: Centralize and improve automaxprocs configuration with proper structured logging (#​5970)
• General: Fix CVE-2025-27144 and CVE-2025-22868 (#​6613)
• General: Fix CVE-2025-29786 (#​6637)
• General: Fix CVE-2025-30204 (#​6641)
• General: Fix event text when deactivation fails (#​6469)
• General: Fix fallback validation check bug (#​6407)
• General: Fix the check whether Fallback is enabled when using ScalingModifiers (#​6521)
• General: Fix waiting to reach failureThreshold before fallback (#​6520)
• General: Make sure the exposed metrics (from KEDA operator) are updated when there is a change to triggers (#​6618)
• General: Paused ScaledObject count is reported correctly after operator restart (#​6321)
• General: Reiterate fix (after #​6407) for fallback validation in admission webhook. (#​6538)
• General: ScaledJobs ready status set to true when recoverred problem (#​6329)
• AWS Scalers: Add AWS region to the AWS Config Cache key (#​6128)
• External Scaler: Support server TLS without custom CA (#​6606)
• GCP Storage: GCP Storage scaler ignores folders (#​6531)
• Metrics API: Fix text format parsing error resulting in unexpected end of input stream (#​6559)
• NATS JetStream: Support for looking up account using an ID (#​6611)
• Redis Streams: Allow default value of 0 for activationLagCount (#​6478)
• Selenium Grid: Scaler logic on platformName is set empty or any (#​6477)

Deprecations

You can find all deprecations in this overview and join the discussion here.

New deprecation(s):

• NATS Streaming scaler: Deprecate NATS Streaming Server (aka Stan) (#​6362)

Breaking Changes

• General: Change InitialCooldownPeriod from int32 to *int32 (#​6423)
• General: Remove Prometheus metric deprecations (#​6339)
• External Scaler: Remove deprecated tlsCertFile from External scaler (#​4549)

Other

• General: Add debug logs tracking validation of ScaledObjects on webhook (#​6498)
• General: New eventreason KEDAScalersInfo to display important information (#​6328)
• Apache Kafka Scaler: Remove unused awsEndpoint in Apache Kafka scaler (#​6627)
• External Scalers: Allow float64 values in externalmetrics' MetricValue & TargetSize. The old fields are still there because of backward compatibility. (#​5159)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[qodo-merge-pro]

CI Feedback 🧐

(Feedback updated until commit 30accb5)

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Rerun workflow when failure

Failed stage: Authenticate GitHub CLI for PR [❌]

Failure summary: The action failed because the GitHub CLI authentication failed with the error: "missing required scope 'read:org'". The token provided in the GH_CLI_TOKEN_PR environment variable does not have the necessary permissions to perform the required operations. Specifically, it's missing the 'read:org' scope which is required for the GitHub CLI to authenticate properly.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 22: Issues: write 23: Metadata: read 24: Models: read 25: Packages: write 26: Pages: write 27: PullRequests: write 28: RepositoryProjects: write 29: SecurityEvents: write 30: Statuses: write 31: ##[endgroup] 32: Secret source: Actions 33: Prepare workflow directory 34: Prepare all required actions 35: Getting action download info 36: Download action repository 'actions/checkout@main' (SHA:85e6279cec87321a52edac9c87bce653a07cf6c2) 37: Complete job name: Rerun workflow when failure 38: ##[group]Run actions/checkout@main ... 42: ssh-strict: true 43: ssh-user: git 44: persist-credentials: true 45: clean: true 46: sparse-checkout-cone-mode: true 47: fetch-depth: 1 48: fetch-tags: false 49: show-progress: true 50: lfs: false 51: submodules: false 52: set-safe-directory: true 53: env: 54: GH_CLI_TOKEN: *** 55: GH_CLI_TOKEN_PR: *** 56: RUN_ID: 14309593009 57: RERUN_FAILED_ONLY: true 58: RUN_ATTEMPT: 1 ... 113: Or undo this operation with: 114: git switch - 115: Turn off this advice by setting config variable advice.detachedHead to false 116: HEAD is now at 51e4e8d Merge 30accb5df877874975474ef185b56884bc5cc7d7 into 8309321489a873f91972ce748c3c378721efd257 117: ##[endgroup] 118: [command]/usr/bin/git log -1 --format=%H 119: 51e4e8dc79f5859779283c98a39b665b8cc04c35 120: ##[group]Run sudo apt update 121: �[36;1msudo apt update�[0m 122: �[36;1msudo apt install gh�[0m 123: shell: /usr/bin/bash -e {0} 124: env: 125: GH_CLI_TOKEN: *** 126: GH_CLI_TOKEN_PR: *** 127: RUN_ID: 14309593009 128: RERUN_FAILED_ONLY: true 129: RUN_ATTEMPT: 1 ... 168: Reading state information... 169: 118 packages can be upgraded. Run 'apt list --upgradable' to see them. 170: WARNING: apt does not have a stable CLI interface. Use with caution in scripts. 171: Reading package lists... 172: Building dependency tree... 173: Reading state information... 174: gh is already the newest version (2.69.0). 175: 0 upgraded, 0 newly installed, 0 to remove and 118 not upgraded. 176: ##[group]Run echo "$GH_CLI_TOKEN_PR" | gh auth login --with-token 177: �[36;1mecho "$GH_CLI_TOKEN_PR" | gh auth login --with-token�[0m 178: shell: /usr/bin/bash -e {0} 179: env: 180: GH_CLI_TOKEN: *** 181: GH_CLI_TOKEN_PR: *** 182: RUN_ID: 14309593009 183: RERUN_FAILED_ONLY: true 184: RUN_ATTEMPT: 1 185: ##[endgroup] 186: error validating token: missing required scope 'read:org' 187: ##[error]Process completed with exit code 1. 188: Post job cleanup.