chore(deps): update helm release cert-manager to v1.16.3 #31

Open

renovate wants to merge 1 commits from renovate/kubezero-cert-manager-kubezero-cert-manager-dependencies into main

pull from: renovate/kubezero-cert-manager-kubezero-cert-manager-dependencies

merge into: ZeroDownTime:main

ZeroDownTime:main

ZeroDownTime:renovate/kubezero-metrics-major-kubezero-metrics-dependencies

ZeroDownTime:renovate/kubezero-telemetry-kubezero-telemetry-dependencies

ZeroDownTime:renovate/kubezero-ci-kubezero-ci-dependencies

ZeroDownTime:renovate/kubezero-auth-kubezero-auth-dependencies

ZeroDownTime:renovate/kubezero-network-kubezero-network-dependencies

ZeroDownTime:renovate/kubezero-addons-kubezero-addons-dependencies

ZeroDownTime:renovate/kubezero-falco-kubezero-falco-dependencies

ZeroDownTime:renovate/kubezero-operators-kubezero-operators-dependencies

ZeroDownTime:renovate/kubezero-mq-kubezero-mq-dependencies

ZeroDownTime:renovate/kubezero-logging-kubezero-logging-dependencies

ZeroDownTime:renovate/kubezero-mq-major-kubezero-mq-dependencies

ZeroDownTime:renovate/kubezero-metrics-kubezero-metrics-dependencies

ZeroDownTime:renovate/kubezero-cache-kubezero-cache-dependencies

ZeroDownTime:renovate/kubezero-sql-kubezero-sql-dependencies

ZeroDownTime:renovate/kubezero-istio-major-kubezero-istio-dependencies

ZeroDownTime:renovate/kubezero-argo-kubezero-argo-dependencies

ZeroDownTime:renovate/kubezero-storage-kubezero-storage-dependencies

ZeroDownTime:renovate/manticore-major-manticore-dependencies

ZeroDownTime:renovate/registry.k8s.io-autoscaling-cluster-autoscaler-1.x

ZeroDownTime:renovate/kubezero-istio-kubezero-istio-dependencies

ZeroDownTime:renovate/kubezero-istio-gateway-kubezero-istio-gateway-dependencies

ZeroDownTime:renovate/nats-2.x

ZeroDownTime:renovate/ghcr.io-k8snetworkplumbingwg-multus-cni-4.x

ZeroDownTime:renovate/natsio-prometheus-nats-exporter-0.x

ZeroDownTime:renovate/natsio-nats-server-config-reloader-0.x

ZeroDownTime:release/v1.30

ZeroDownTime:renovate/public.ecr.aws-zero-downtime-fluentd-concenter-1.x

ZeroDownTime:renovate/manticore-manticore-dependencies

ZeroDownTime:release/v1.29

Conversation 0 Commits 1 Files Changed 1 +2 -2

renovate commented 2024-11-21 03:02:52 +00:00

Member

Copy Link

This PR contains the following updates:

Package	Update	Change
cert-manager (source)	patch	v1.16.1 -> v1.16.3

---

Release Notes

cert-manager/cert-manager (cert-manager)

v1.16.3

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.16.3 is a patch release mainly focused around bumping dependencies to address reported CVEs: CVE-2024-45337 and CVE-2024-45338.

We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners.

It also includes a bug fix to the new renewBeforePercentage field. If you were using renewBeforePercentage, see PR #​7421 for more information.

Changes

Bug

• Bump golang.org/x/net and golang.org/x/crypto to address CVE-2024-45337 and CVE-2024-45338 (#​7485, @​erikgb)
• Fix the behaviour of renewBeforePercentage to comply with its spec (#​7441, @​cert-manager-bot)

Other

• Bump go to 1.23.4 (#​7489, @​erikgb)
• Bump base images to latest available (#​7508, @​SgtCoDFish)

v1.16.2

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This patch release of cert-manager 1.16 makes several changes to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed.

This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project.

The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods.

Note also that since most PEM data parsed by cert-manager comes from ConfigMap or Secret resources which have a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data.

Further information is available in https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4

In addition, the version of Go used to build cert-manager 1.16 was updated along with the base images.

Changes by Kind

Bug or Regression

• Set a maximum size for PEM inputs which cert-manager will accept to remove possibility of taking a long time to process an input (#​7401, @​SgtCoDFish)

Other (Cleanup or Flake)

• Bump go to 1.23.3 and bump base images to latest available (#​7431, @​SgtCoDFish)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cert-manager](https://cert-manager.io) ([source](https://github.com/cert-manager/cert-manager)) | patch | `v1.16.1` -> `v1.16.3` | --- ### Release Notes <details> <summary>cert-manager/cert-manager (cert-manager)</summary> ### [`v1.16.3`](https://github.com/cert-manager/cert-manager/releases/tag/v1.16.3) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.16.2...v1.16.3) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.16.3 is a patch release mainly focused around bumping dependencies to address reported CVEs: CVE-2024-45337 and CVE-2024-45338. We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners. It also includes a bug fix to the new `renewBeforePercentage` field. If you were using `renewBeforePercentage`, see PR [#&#8203;7421](https://github.com/cert-manager/cert-manager/issues/7421) for more information. #### Changes ##### Bug - Bump `golang.org/x/net` and `golang.org/x/crypto` to address CVE-2024-45337 and CVE-2024-45338 ([#&#8203;7485](https://github.com/cert-manager/cert-manager/issues/7485), [@&#8203;erikgb](https://github.com/erikgb)) - Fix the behaviour of `renewBeforePercentage` to comply with its spec ([#&#8203;7441](https://github.com/cert-manager/cert-manager/issues/7441), [@&#8203;cert-manager-bot](https://github.com/cert-manager-bot)) ##### Other - Bump go to 1.23.4 ([#&#8203;7489](https://github.com/cert-manager/cert-manager/issues/7489), [@&#8203;erikgb](https://github.com/erikgb)) - Bump base images to latest available ([#&#8203;7508](https://github.com/cert-manager/cert-manager/issues/7508), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish)) ### [`v1.16.2`](https://github.com/cert-manager/cert-manager/releases/tag/v1.16.2) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.16.1...v1.16.2) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This patch release of cert-manager 1.16 makes [several changes](https://github.com/cert-manager/cert-manager/pull/7401) to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed. This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project. The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods. Note also that since most PEM data parsed by cert-manager comes from `ConfigMap` or `Secret` resources which have a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data. Further information is available in https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4 In addition, the version of Go used to build cert-manager 1.16 was updated along with the base images. #### Changes by Kind ##### Bug or Regression - Set a maximum size for PEM inputs which cert-manager will accept to remove possibility of taking a long time to process an input ([#&#8203;7401](https://github.com/cert-manager/cert-manager/issues/7401), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump go to 1.23.3 and bump base images to latest available ([#&#8203;7431](https://github.com/cert-manager/cert-manager/issues/7431), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xNDIuNiIsInVwZGF0ZWRJblZlciI6IjM5LjMzLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInJlbm92YXRlIl19-->

renovate added 1 commit 2024-11-21 03:02:53 +00:00

chore(deps): update helm release cert-manager to v1.16.2 a9a1d068de

renovate force-pushed renovate/kubezero-cert-manager-kubezero-cert-manager-dependencies from a9a1d068de to 768e8ac55b 2025-01-17 03:04:14 +00:00 Compare

renovate changed title from chore(deps): update helm release cert-manager to v1.16.2 to chore(deps): update helm release cert-manager to v1.16.3 2025-01-17 03:04:17 +00:00

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/kubezero-cert-manager-kubezero-cert-manager-dependencies:renovate/kubezero-cert-manager-kubezero-cert-manager-dependencies

git checkout renovate/kubezero-cert-manager-kubezero-cert-manager-dependencies

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ZeroDownTime/KubeZero#31

No description provided.