deps: update dependency cert-manager/cert-manager to v1.16.5 #3878
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3878 +/- ##
==========================================
- Coverage 77.36% 77.34% -0.03%
==========================================
Files 220 220
Lines 11708 11708
==========================================
- Hits 9058 9055 -3
- Misses 2282 2284 +2
- Partials 368 369 +1 see 1 file with indirect coverage changes
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
renovate
bot
force-pushed
the
renovate/cert-manager-cert-manager-1.16.x
branch
from
2b1d5e0 to
cc6c2cd
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/cert-manager-cert-manager-1.16.x
branch
from
cc6c2cd to
2472218
Compare
renovate
bot
changed the title
|
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate
bot
force-pushed
the
renovate/cert-manager-cert-manager-1.16.x
branch
from
2472218 to
6c1408a
Compare
renovate
bot
changed the title
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.16.1->v1.16.5Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
cert-manager/cert-manager (cert-manager/cert-manager)
v1.16.5Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release addresses several vulnerabilities reported by the Trivy security scanner. It is built with the latest version of Go 1.23 and includes various dependency updates.
Changes since
v1.16.4:Bug or Regression
v1.23.8to fixCVE-2025-22871(#7706,@wallrj)github.com/golang-jwt/jwt/v5tov5.2.2to fixCVE-2025-30204(#7708,@wallrj)golang.org/x/netto fixCVE-2025-22872(#7707,@wallrj)go-josedependency to addressCVE-2025-27144(#7602,@SgtCoDFish)golang.org/x/netto addressCVE-2025-22870reported by Trivy (#7623,@SgtCoDFish)v1.16.4Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This release is primarily intended to address a breaking change in Cloudflare's API which impacted ACME DNS-01 challenges using Cloudflare.
Many thanks to the community members who reported this issue!
Changes by Kind
Bug or Regression
v1.16.3Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.16.3 is a patch release mainly focused around bumping dependencies to address reported CVEs: CVE-2024-45337 and CVE-2024-45338.
We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners.
It also includes a bug fix to the new
renewBeforePercentagefield. If you were usingrenewBeforePercentage, see PR #7421 for more information.Changes
Bug
golang.org/x/netandgolang.org/x/cryptoto address CVE-2024-45337 and CVE-2024-45338 (#7485, @erikgb)renewBeforePercentageto comply with its spec (#7441, @cert-manager-bot)Other
v1.16.2Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release of cert-manager 1.16 makes several changes to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed.
This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project.
The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods.
Note also that since most PEM data parsed by cert-manager comes from
ConfigMaporSecretresources which have a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data.Further information is available in GHSA-r4pg-vg54-wxx4
In addition, the version of Go used to build cert-manager 1.16 was updated along with the base images.
Changes by Kind
Bug or Regression
Other (Cleanup or Flake)
Configuration
📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) in timezone Europe/Vienna, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.