chore(deps): update all non-major dependencies #25
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
⚠ Artifact update problemRenovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: go.sum |
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
8580462
to
be0a293
Compare
|
Versions are very specific to the kubernetes cluster we provide |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.11.0->v1.13.0v2.21.4->v2.21.6v0.26.0->v0.28.2v0.26.0->v0.28.2v0.26.0->v0.28.2v0.26.0->v0.28.2Release Notes
cert-manager/cert-manager (github.com/cert-manager/cert-manager)
v1.13.0Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This is the 1.13 release of cert-manager!
cert-manager 1.13 brings support for DNS over HTTPS, support for loading options from a versioned
config file for the cert-manager controller, and more. This release also includes the promotion of
the StableCertificateRequestName and SecretsFilteredCaching feature gates to Beta.
Breaking Changes (You MUST read this before you upgrade!)
.featureGatesvalue set, the features defined there will no longer be passed to cert-manager webhook, only to cert-manager controller. Usewebhook.featureGatesfield instead to define features to be enabled on webhook. (#6093, @irbekrm)--feature-gatesflag, this will now break (unless the webhook actually has a feature by that name). (#6093, @irbekrm)Community
Welcome to these new cert-manager members (more info - https://github.com/cert-manager/cert-manager/pull/6260):
@jsoref
@FlorianLiebhart
@hawksight
@erikgb
Thanks again to all open-source contributors with commits in this release, including:
@AcidLeroy
@FlorianLiebhart
@lucacome
@cypres
@erikgb
@ubergesundheit
@jkroepke
@jsoref
@gdvalle
@rouke-broersma
@schrodit
@zhangzhiqiangcs
@arukiidou
@hawksight
@Richardds
@kahirokunn
Thanks also to the following cert-manager maintainers for their contributions during this release:
@SgtCoDFish
@maelvls
@irbekrm
@inteon
Equally thanks to everyone who provided feedback, helped users and raised issues on Github and Slack and joined our meetings!
Special thanks to @AcidLeroy for adding "load options from a versioned config file" support for the cert-manager controller! This has been on our wishlist for a very long time. (see https://github.com/cert-manager/cert-manager/pull/5337)
Also, thanks a lot to @FlorianLiebhart for adding support for DNS over HTTPS for the ACME DNS self-check. This is very useful in case all traffic must be HTTP(S) trafic, eg. when using a HTTPS_PROXY. (see https://github.com/cert-manager/cert-manager/pull/5003)
Thanks also to the CNCF, which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the PrivateCA Issuer.
In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects.
Changes since v1.12.0
Feature
cluster-readeraggregated cluster role (#6241, @erikgb)enableServiceLinksconfigurable for all Deployments andstartupapicheckJob in Helm chart. (#6292, @ubergesundheit)Design
The DNS check method to be used is controlled through the command line flag:
--dns01-recursive-nameservers-only=truein combination with--dns01-recursive-nameservers=https://<DoH-endpoint>(e.g.https://8.8.8.8/dns-query). It keeps using DNS lookup as a default method. (#5003, @FlorianLiebhart)Bug or Regression
cmctl check api --wait 0exited without output and exit code 1; we now make sure we perform the API check at least once and return with the correct error code (#6109, @inteon).featureGatesvalue set, the features defined there will no longer be passed to cert-manager webhook, only to cert-manager controller. Usewebhook.featureGatesfield instead to define features to be enabled on webhook.--feature-gatesflag, this will now break (unless the webhook actually has a feature by that name). (#6093, @irbekrm)net.IP.String()function would have printed that address. (#6293, @SgtCoDFish)enableServiceLinksoption for our ACME http solver pods, because the option caused the pod to be in a crash loop in a cluster with lot of services. (#6143, @schrodit)Other (Cleanup or Flake)
cert-manager.io/common-name,cert-manager.io/alt-names, ... annotations on Secrets are kept at their correct value. (#6176, @inteon)v0.27.2. (#6077, @lucacome)v0.27.4. (#6227, @lucacome)v1.12.4Compare Source
v1.12.4 contains an important security fix that addresses CVE-2023-29409.
Changes since v1.12.3
e compared equal. This would be most noticeable when using an IPv6 address which doesn't match how Go's
net.IP.Str ing()function would have printed that address. (#6297, @SgtCoDFish)crypto/tlslibrary. (#6318, @maelvls)v1.12.3Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.12.3 contains a bug fix for the cainjector which addresses a memory leak!
Changes by Kind
Bugfixes
v1.12.2Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.12.2 is a bugfix release, but includes a known issue. You should prefer v1.12.3 instead!
Known issues
Changes by Kind
Bugfixes
cmctl check api --wait 0exited without output; we now make sure we perform the API check at least once (#6116, @jetstack-bot)v1.12.1Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.12.1 release contains a couple dependency bumps and changes to ACME external webhook library.
Known issues
cmctlAPI check is broken in v1.12.1. We suggest that you do not upgradecmctlto this version. The fix will be released in v1.12.2.See #6116 for context.
https://github.com/cert-manager/cert-manager/pull/62326232 for context.
Changes by Kind
Other (Cleanup or Flake)
Uncategorized
v0.27.2. (#6077, @lucacome)v0.15.0(#6098, @lucacome)v1.12.0Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager v1.12 brings support for JSON logging, a lower memory footprint, support for ephemeral service account tokens with Vault, improved dependency management and support for the ingressClassName field.
The full release notes are available at https://cert-manager.io/docs/release-notes/release-notes-1.12.
Known issues
cmctlAPI check is broken in v1.12.1. We suggest that you do not upgradecmctlto this version. The fix will be released in v1.12.2.See #6116 for context.
https://github.com/cert-manager/cert-manager/pull/62326232 for context.
Community
Thanks again to all open-source contributors with commits in this release, including:
Thanks also to the following cert-manager maintainers for their contributions during this release:
Equally thanks to everyone who provided feedback, helped users and raised issues on Github and Slack, joined our meetings and talked to us at Kubecon!
Special thanks to @erikgb for continuously great input and feedback and to @lucacome for always ensuring that our kube deps are up to date!
Thanks also to the CNCF, which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the PrivateCA Issuer.
In addition, massive thanks to Jetstack (by Venafi) for contributing developer time and resources towards the continued maintenance of cert-manager projects.
Changes by Kind
Feature
--concurrent-workersflag that lets you control the number of concurrent workers for each of our controllers. (#5936, @inteon)acme.solvers.http01.ingress.podTemplate.spec.imagePullSecretsfield to issuer spec to allow to specify image pull secrets for the ACME HTTP01 solver pod. (#5801, @malovme)--watch-certsflag was renamed to--enable-certificates-data-source. (#5766, @irbekrm)--dns01-recursive-nameservers,--enable-certificate-owner-ref, and--dns01-recursive-nameservers-onlythrough Helm values. (#5614, @jkroepke)ingressClassName. The credit goes to @dsonck92 for implementing the initial PR. (#5849, @maelvls)serviceAccountReffield, cert-manager generates a short-lived token associated to the service account to authenticate to Vault. Along with this new feature, we have added validation logic in the webhook in order to check thevault.authfield when creating an Issuer or ClusterIssuer. Previously, it was possible to create an Issuer or ClusterIssuer with an invalid value forvault.auth. (#5502, @maelvls)/livezendpoint and a default liveness probe, which fails if leader election has been lost and for some reason the process has not exited. The liveness probe is disabled by default. (#5962, @wallrj)--v=5flag) (#5975, @tobotg)Design
This is not necessarily a breaking change as due to a race condition this may already have been the case. (#5887, @irbekrm)
Documentation
values.yamlare now working (#5999, @SgtCoDFish)Bug or Regression
cmctl x install. (#5720, @irbekrm)--acme-http01-solver-imagegiven to the variableacmesolver.extraArgsnow has precedence over the variableacmesolver.image. (#5693, @SgtCoDFish)jksandpkcs12fields on a Certificate resource with a CA issuer that doesn't set theca.crtin the Secret resource, cert-manager no longer loop trying to copyca.crtintotruststore.jksortruststore.p12. (#5972, @vinzent)literalSubjectfield on a Certificate resource, the IPs, URIs, DNS names, and email addresses segments are now properly compared. (#5747, @inteon)Other (Cleanup or Flake)
make go-workspacetarget for generating a go.work file for local development (#5935, @SgtCoDFish)**BREAKING:*- users who are relying on cainjector to work when
certificates.cert-manager.ioCRD is not installed in the cluster, now need to pass--watch-certificates=falseflag to cainjector else it will not start.Users who only use cainjector as cert-manager's internal component and have a large number of
Certificateresources in cluster can pass--watch-certificates=falseto avoid cainjector from cachingCertificateresources and save some memory. (#5746, @irbekrm)automountServiceAccountTokenturned off. (#5754, @wallrj)SecretsFilteredCachingfeature flag. The filtering mechanism might, in some cases, slightly slow down issuance or cause additional requests to kube-apiserver because unlabelled Secret resources that cert-manager controller needs will now be retrieved from kube-apiserver instead of being cached locally. To prevent this from happening, users can label all issuer Secret resources with thecontroller.cert-manager.io/fao: truelabel. (#5824, @irbekrm)POTENTIALLY BREAKING: this PR slightly changes how the name of the Challenge resources are calculated. To avoid duplicate issuances due to the Challenge resource being recreated, ensure that there is no in-progress ACME certificate issuance when you upgrade to this version of cert-manager. (#5901, @irbekrm)
v0.26.2. (#5820, @lucacome)v0.26.3. (#5907, @lucacome)v0.27.1. (#5961, @lucacome)certificate.spec.secretNameis a validSecretname (#5967, @avi-08)certificate.spec.secretNameSecrets will now be labelled withcontroller.cert-manager.io/faolabel (#5660, @irbekrm)Uncategorized
v1.11.5Compare Source
v1.11.5 contains an important security fix that addresses CVE-2023-29409.
Changes since v1.11.4
crypto/tlslibrary. (#6317, @maelvls)v1.11.4Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager v1.11.4 contains some version bumps to address reported CVEs (although we don't expect that cert-manager was actually vulnerable to anything!)
Changes by Kind
Other (Cleanup or Flake)
Dependencies
Changed
v1.11.3Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.11.3 mostly contains ACME library changes. API Priority and Fairness feature is now disabled in the external webhook's extension apiserver.
Changes by Kind
Other (Cleanup or Flake)
v1.11.2Compare Source
Changelog since v1.11.1
Changes by Kind
Bug or Regression
Other (Cleanup or Flake)
Bump the distroless base images (#5930, @maelvls)
Bumps Docker libraries to fix vulnerability scan alert for CVE-2023-28840, CVE-2023-28841, CVE-2023-28842 (#6037, @irbekrm)
Cert-manager was not actually affected by these CVEs which are all to do with Docker daemon's overlay network.
Bumps Kube libraries v0.26.0 -> v0.26.4 (#6038, @irbekrm)
This might help with running cert-manager v1.11 on Kubernetes v1.27, see #6038
v1.11.1Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
In v1.11.1, we updated the base images used for cert-manager containers. In addition, the users of the Venafi issuer will see less certificates repeatedly failing.
If you are a user of Venafi TPP and have been having issues with the error message
This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry, please use this version.Changes since v1.11.0
Bug or Regression
cmctl x install, to work around a hardcoded Kubernetes version in Helm. (#5726, @SgtCoDFish)Other (Cleanup or Flake)
github/codeql-action (github/codeql-action)
v2.21.6Compare Source
v2.21.5Compare Source
kubernetes/api (k8s.io/api)
v0.28.2Compare Source
v0.28.1Compare Source
v0.28.0Compare Source
v0.27.6Compare Source
v0.27.5Compare Source
v0.27.4Compare Source
v0.27.3Compare Source
v0.27.2Compare Source
v0.27.1Compare Source
v0.27.0Compare Source
v0.26.9Compare Source
v0.26.8Compare Source
v0.26.7Compare Source
v0.26.6Compare Source
v0.26.5Compare Source
v0.26.4Compare Source
v0.26.3Compare Source
v0.26.2Compare Source
v0.26.1Compare Source
kubernetes/apiextensions-apiserver (k8s.io/apiextensions-apiserver)
v0.28.2Compare Source
v0.28.1v0.28.0v0.27.5v0.27.3v0.27.2v0.27.1v0.27.0Compare Source
v0.26.9Compare Source
v0.26.8v0.26.7v0.26.6v0.26.5v0.26.4v0.26.3v0.26.2v0.26.1kubernetes/apimachinery (k8s.io/apimachinery)
v0.28.2v0.28.1v0.28.0Compare Source
v0.27.6Compare Source
v0.27.5Compare Source
v0.27.4v0.27.3Compare Source
v0.27.2Compare Source
v0.27.1Compare Source
v0.27.0Compare Source
v0.26.9Compare Source
v0.26.8Compare Source
v0.26.7Compare Source
v0.26.6Compare Source
v0.26.5Compare Source
v0.26.4Compare Source
v0.26.3Compare Source
v0.26.2Compare Source
v0.26.1Compare Source
kubernetes/client-go (k8s.io/client-go)
v0.28.2Compare Source
v0.28.1Compare Source
v0.28.0Compare Source
v0.27.6Compare Source
v0.27.5Compare Source
v0.27.4Compare Source
v0.27.3Compare Source
v0.27.2Compare Source
v0.27.1Compare Source
v0.27.0Compare Source
v0.26.9Compare Source
v0.26.8Compare Source
v0.26.7Compare Source
v0.26.6Compare Source
v0.26.5Compare Source
v0.26.4Compare Source
v0.26.3Compare Source
v0.26.2Compare Source
v0.26.1Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.