Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
cert-manager/cert-manager		patch	v1.16.0 -> v1.16.3
github.com/aws/aws-sdk-go-v2	require	minor	v1.27.0 -> v1.33.0
github.com/aws/aws-sdk-go-v2/config	require	minor	v1.27.15 -> v1.29.1
github.com/aws/aws-sdk-go-v2/credentials	require	patch	v1.17.15 -> v1.17.54
github.com/aws/aws-sdk-go-v2/service/acmpca	require	minor	v1.29.5 -> v1.37.13
github.com/aws/aws-sdk-go-v2/service/iam	require	minor	v1.32.1 -> v1.38.7
github.com/aws/aws-sdk-go-v2/service/ram	require	minor	v1.25.5 -> v1.29.13
github.com/aws/aws-sdk-go-v2/service/sts	require	minor	v1.28.9 -> v1.33.9
github.com/cert-manager/cert-manager	require	minor	v1.15.4 -> v1.16.3
github.com/go-logr/logr	require	patch	v1.4.1 -> v1.4.2
github.com/stretchr/testify	require	minor	v1.9.0 -> v1.10.0
go (source)	toolchain	minor	1.22.3 -> 1.23.5
golang	stage	minor	1.22.3 -> 1.23.5
golang	stage	minor	1.22 -> 1.23
k8s.io/api	require	minor	v0.30.1 -> v0.32.1
k8s.io/apimachinery	require	minor	v0.30.1 -> v0.32.1
k8s.io/client-go	require	minor	v0.30.1 -> v0.32.1
k8s.io/utils	require	digest	fe8a2dd -> 24370be
kubernetes-sigs/controller-tools		minor	0.15.0 -> 0.17.1
sigs.k8s.io/controller-runtime	require	minor	v0.18.2 -> v0.20.1

---

Release Notes

cert-manager/cert-manager (cert-manager/cert-manager)

v1.16.3

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.16.3 is a patch release mainly focused around bumping dependencies to address reported CVEs: CVE-2024-45337 and CVE-2024-45338.

We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners.

It also includes a bug fix to the new renewBeforePercentage field. If you were using renewBeforePercentage, see PR #​7421 for more information.

Changes

Bug

• Bump golang.org/x/net and golang.org/x/crypto to address CVE-2024-45337 and CVE-2024-45338 (#​7485, @​erikgb)
• Fix the behaviour of renewBeforePercentage to comply with its spec (#​7441, @​cert-manager-bot)

Other

• Bump go to 1.23.4 (#​7489, @​erikgb)
• Bump base images to latest available (#​7508, @​SgtCoDFish)

v1.16.2

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This patch release of cert-manager 1.16 makes several changes to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed.

This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project.

The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods.

Note also that since most PEM data parsed by cert-manager comes from ConfigMap or Secret resources which have a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data.

Further information is available in GHSA-r4pg-vg54-wxx4

In addition, the version of Go used to build cert-manager 1.16 was updated along with the base images.

Changes by Kind

Bug or Regression

• Set a maximum size for PEM inputs which cert-manager will accept to remove possibility of taking a long time to process an input (#​7401, @​SgtCoDFish)

Other (Cleanup or Flake)

• Bump go to 1.23.3 and bump base images to latest available (#​7431, @​SgtCoDFish)

v1.16.1

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

The cert-manager 1.16 release includes: new Helm chart features, more Prometheus metrics, memory optimizations, and various improvements and bug fixes for the ACME issuer and Venafi Issuer.

📖 Read the complete 1.16 release notes before upgrading.

📜Changes since v1.16.0

Bug or Regression

• BUGFIX: Helm schema validation: the new schema validation was too strict for the "global" section. Since the global section is shared across all charts and sub-charts, we must also allow unknown fields. (#​7348, @inteon)
• BUGFIX: Helm will now accept percentages for the podDisruptionBudget.minAvailable and podDisruptionBudget.maxAvailable values. (#​7345, @inteon)
• Helm: allow enabled to be set as a value to toggle cert-manager as a dependency. (#​7356, @inteon)
• BUGFIX: A change in v1.16.0 caused cert-manager's ACME ClusterIssuer to look in the wrong namespace for resources required for the issuance (e.g. credential Secrets). This is now fixed in v1.16.1. (#​7342, @inteon)

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)

v1.33.0

Compare Source

v1.32.8

Compare Source

v1.32.7

Compare Source

v1.32.6

Compare Source

v1.32.5

Compare Source

v1.32.4

Compare Source

v1.32.3

Compare Source

v1.32.2

Compare Source

v1.32.1

Compare Source

v1.32.0

Compare Source

v1.31.0

Compare Source

v1.30.5

Compare Source

v1.30.4

Compare Source

v1.30.3

Compare Source

v1.30.2

Compare Source

v1.30.1

v1.30.0

v1.28.0

v1.27.2

v1.27.1

go-logr/logr (github.com/go-logr/logr)

v1.4.2

Compare Source

What's Changed

• Fix lint: named but unused params by @​thockin in https://github.com/go-logr/logr/pull/268
• Add a Go report card, fix lint by @​thockin in https://github.com/go-logr/logr/pull/271
• funcr: Handle nested empty groups properly by @​thockin in https://github.com/go-logr/logr/pull/274

Dependencies:

• build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 by @​dependabot in https://github.com/go-logr/logr/pull/254
• build(deps): bump github/codeql-action from 3.22.12 to 3.23.0 by @​dependabot in https://github.com/go-logr/logr/pull/256
• build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 by @​dependabot in https://github.com/go-logr/logr/pull/257
• build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 by @​dependabot in https://github.com/go-logr/logr/pull/259
• build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 by @​dependabot in https://github.com/go-logr/logr/pull/260
• build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 by @​dependabot in https://github.com/go-logr/logr/pull/263
• build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @​dependabot in https://github.com/go-logr/logr/pull/262
• build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @​dependabot in https://github.com/go-logr/logr/pull/264
• build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @​dependabot in https://github.com/go-logr/logr/pull/266
• build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @​dependabot in https://github.com/go-logr/logr/pull/267
• build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @​dependabot in https://github.com/go-logr/logr/pull/270
• build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @​dependabot in https://github.com/go-logr/logr/pull/272
• build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @​dependabot in https://github.com/go-logr/logr/pull/275
• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @​dependabot in https://github.com/go-logr/logr/pull/276
• build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @​dependabot in https://github.com/go-logr/logr/pull/277
• build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @​dependabot in https://github.com/go-logr/logr/pull/278
• build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @​dependabot in https://github.com/go-logr/logr/pull/279
• build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @​dependabot in https://github.com/go-logr/logr/pull/280
• build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @​dependabot in https://github.com/go-logr/logr/pull/281
• build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @​dependabot in https://github.com/go-logr/logr/pull/282
• build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by @​dependabot in https://github.com/go-logr/logr/pull/283
• build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @​dependabot in https://github.com/go-logr/logr/pull/284
• build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @​dependabot in https://github.com/go-logr/logr/pull/285
• build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @​dependabot in https://github.com/go-logr/logr/pull/286
• build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @​dependabot in https://github.com/go-logr/logr/pull/288
• build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @​dependabot in https://github.com/go-logr/logr/pull/289
• build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @​dependabot in https://github.com/go-logr/logr/pull/293
• build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @​dependabot in https://github.com/go-logr/logr/pull/292
• build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @​dependabot in https://github.com/go-logr/logr/pull/291
• build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @​dependabot in https://github.com/go-logr/logr/pull/290
• build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @​dependabot in https://github.com/go-logr/logr/pull/294
• build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @​dependabot in https://github.com/go-logr/logr/pull/295

Full Changelog: go-logr/logr@v1.4.1...v1.4.2

stretchr/testify (github.com/stretchr/testify)

v1.10.0

Compare Source

What's Changed

Functional Changes

• Add PanicAssertionFunc by @​fahimbagar in https://github.com/stretchr/testify/pull/1337
• assert: deprecate CompareType by @​dolmen in https://github.com/stretchr/testify/pull/1566
• assert: make YAML dependency pluggable via build tags by @​dolmen in https://github.com/stretchr/testify/pull/1579
• assert: new assertion NotElementsMatch by @​hendrywiranto in https://github.com/stretchr/testify/pull/1600
• mock: in order mock calls by @​ReyOrtiz in https://github.com/stretchr/testify/pull/1637
• Add assertion for NotErrorAs by @​palsivertsen in https://github.com/stretchr/testify/pull/1129
• Record Return Arguments of a Call by @​jayd3e in https://github.com/stretchr/testify/pull/1636
• assert.EqualExportedValues: accepts everything by @​redachl in https://github.com/stretchr/testify/pull/1586

Fixes

• assert: make tHelper a type alias by @​dolmen in https://github.com/stretchr/testify/pull/1562
• Do not get argument again unnecessarily in Arguments.Error() by @​TomWright in https://github.com/stretchr/testify/pull/820
• Fix time.Time compare by @​myxo in https://github.com/stretchr/testify/pull/1582
• assert.Regexp: handle []byte array properly by @​kevinburkesegment in https://github.com/stretchr/testify/pull/1587
• assert: collect.FailNow() should not panic by @​marshall-lee in https://github.com/stretchr/testify/pull/1481
• mock: simplify implementation of FunctionalOptions by @​dolmen in https://github.com/stretchr/testify/pull/1571
• mock: caller information for unexpected method call by @​spirin in https://github.com/stretchr/testify/pull/1644
• suite: fix test failures by @​stevenh in https://github.com/stretchr/testify/pull/1421
• Fix issue #​1662 (comparing infs should fail) by @​ybrustin in https://github.com/stretchr/testify/pull/1663
• NotSame should fail if args are not pointers #​1661 by @​sikehish in https://github.com/stretchr/testify/pull/1664
• Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI by @​sikehish in https://github.com/stretchr/testify/pull/1667
• fix: compare functional option names for indirect calls by @​arjun-1 in https://github.com/stretchr/testify/pull/1626

Documantation, Build & CI

• .gitignore: ignore "go test -c" binaries by @​dolmen in https://github.com/stretchr/testify/pull/1565
• mock: improve doc by @​dolmen in https://github.com/stretchr/testify/pull/1570
• mock: fix FunctionalOptions docs by @​snirye in https://github.com/stretchr/testify/pull/1433
• README: link out to the excellent testifylint by @​brackendawson in https://github.com/stretchr/testify/pull/1568
• assert: fix typo in comment by @​JohnEndson in https://github.com/stretchr/testify/pull/1580
• Correct the EventuallyWithT and EventuallyWithTf example by @​JonCrowther in https://github.com/stretchr/testify/pull/1588
• CI: bump softprops/action-gh-release from 1 to 2 by @​dependabot in https://github.com/stretchr/testify/pull/1575
• mock: document more alternatives to deprecated AnythingOfTypeArgument by @​dolmen in https://github.com/stretchr/testify/pull/1569
• assert: Correctly document EqualValues behavior by @​brackendawson in https://github.com/stretchr/testify/pull/1593
• fix: grammar in godoc by @​miparnisari in https://github.com/stretchr/testify/pull/1607
• .github/workflows: Run tests for Go 1.22 by @​HaraldNordgren in https://github.com/stretchr/testify/pull/1629
• Document suite's lack of support for t.Parallel by @​brackendawson in https://github.com/stretchr/testify/pull/1645
• assert: fix typos in comments by @​alexandear in https://github.com/stretchr/testify/pull/1650
• mock: fix doc comment for NotBefore by @​alexandear in https://github.com/stretchr/testify/pull/1651
• Generate better comments for require package by @​Neokil in https://github.com/stretchr/testify/pull/1610
• README: replace Testify V2 notice with @​dolmen's V2 manifesto by @​hendrywiranto in https://github.com/stretchr/testify/pull/1518

New Contributors

• @​fahimbagar made their first contribution in https://github.com/stretchr/testify/pull/1337
• @​TomWright made their first contribution in https://github.com/stretchr/testify/pull/820
• @​snirye made their first contribution in https://github.com/stretchr/testify/pull/1433
• @​myxo made their first contribution in https://github.com/stretchr/testify/pull/1582
• @​JohnEndson made their first contribution in https://github.com/stretchr/testify/pull/1580
• @​JonCrowther made their first contribution in https://github.com/stretchr/testify/pull/1588
• @​miparnisari made their first contribution in https://github.com/stretchr/testify/pull/1607
• @​marshall-lee made their first contribution in https://github.com/stretchr/testify/pull/1481
• @​spirin made their first contribution in https://github.com/stretchr/testify/pull/1644
• @​ReyOrtiz made their first contribution in https://github.com/stretchr/testify/pull/1637
• @​stevenh made their first contribution in https://github.com/stretchr/testify/pull/1421
• @​jayd3e made their first contribution in https://github.com/stretchr/testify/pull/1636
• @​Neokil made their first contribution in https://github.com/stretchr/testify/pull/1610
• @​redachl made their first contribution in https://github.com/stretchr/testify/pull/1586
• @​ybrustin made their first contribution in https://github.com/stretchr/testify/pull/1663
• @​sikehish made their first contribution in https://github.com/stretchr/testify/pull/1664
• @​arjun-1 made their first contribution in https://github.com/stretchr/testify/pull/1626

Full Changelog: stretchr/testify@v1.9.0...v1.10.0

golang/go (go)

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.22.11

v1.22.10

v1.22.9

v1.22.8

v1.22.7

v1.22.6

v1.22.5

v1.22.4

kubernetes/api (k8s.io/api)

v0.32.1

Compare Source

v0.32.0

Compare Source

v0.31.5

Compare Source

v0.31.4

Compare Source

v0.31.3

Compare Source

v0.31.2

Compare Source

v0.31.1

Compare Source

v0.31.0

Compare Source

v0.30.9

Compare Source

v0.30.8

Compare Source

v0.30.7

Compare Source

v0.30.6

Compare Source

v0.30.5

Compare Source

v0.30.4

Compare Source

v0.30.3

Compare Source

v0.30.2

Compare Source

kubernetes/apimachinery (k8s.io/apimachinery)

v0.32.1

Compare Source

v0.32.0

Compare Source

v0.31.5

Compare Source

v0.31.4

Compare Source

v0.31.3

Compare Source

v0.31.2

Compare Source

v0.31.1

Compare Source

v0.31.0

Compare Source

v0.30.9

Compare Source

v0.30.8

Compare Source

v0.30.7

Compare Source

v0.30.6

Compare Source

v0.30.5

Compare Source

v0.30.4

Compare Source

v0.30.3

Compare Source

v0.30.2

Compare Source

kubernetes/client-go (k8s.io/client-go)

v0.32.1

Compare Source

v0.32.0

Compare Source

v0.31.5

Compare Source

v0.31.4

Compare Source

v0.31.3

Compare Source

v0.31.2

Compare Source

v0.31.1

Compare Source

v0.31.0

Compare Source

v0.30.9

Compare Source

v0.30.8

Compare Source

v0.30.7

Compare Source

v0.30.6

Compare Source

v0.30.5

Compare Source

v0.30.4

Compare Source

v0.30.3

Compare Source

v0.30.2

Compare Source

kubernetes-sigs/controller-tools (kubernetes-sigs/controller-tools)

v0.17.1

Compare Source

What's Changed

• 🐛 pkg/crd: fix alias type parsing for struct type alias by @​mtardy in https://github.com/kubernetes-sigs/controller-tools/pull/1122

Dependencies

• 🌱 Bump the all-github-actions group across 1 directory with 3 updates by @​dependabot in https://github.com/kubernetes-sigs/controller-tools/pull/1125
• 🌱 Bump golang.org/x/tools from 0.28.0 to 0.29.0 in the all-go-mod-patch-and-minor group by @​dependabot in https://github.com/kubernetes-sigs/controller-tools/pull/1124

Full Changelog: kubernetes-sigs/controller-tools@v0.17.0...v0.17.1

v0.17.0

Compare Source

What's Changed

• 🐛 Fix duplicate default value when generating CRDs with corev1.Protocol by @​sbueringer in https://github.com/kubernetes-sigs/controller-tools/pull/1035
• 🐛 rbac: fix adding nonResourceURLs including normalisation by @​chrischdi in https://github.com/kubernetes-sigs/controller-tools/pull/1044
• 🐛 rbac: fix deduplication of core group and add test coverage by @​chrischdi in https://github.com/kubernetes-sigs/controller-tools/pull/1045
• 🐛 Allow CLI binaries to set a version by @​josvazg in https://github.com/kubernetes-sigs/controller-tools/pull/1049
• ✨ Allow customizing generated webhook configuration's name by @​davidxia in https://github.com/kubernetes-sigs/controller-tools/pull/1002
• 🐛 pkg/crd: fix type casting panic with new default *types.Alias with Go 1.23 by @​mtardy in https://github.com/kubernetes-sigs/controller-tools/pull/1061
• ✨ Add selectablefield marker by @​everesio in https://github.com/kubernetes-sigs/controller-tools/pull/1050
• 🐛 pkg/crd: fix a missed type casting panic with new *types.Alias by @​mtardy in https://github.com/kubernetes-sigs/controller-tools/pull/1079
• 🐛 pkg/crd: support validation on type alias to basic types by [@​

---

Configuration

📅 Schedule: Branch creation - "after 9am on Wednesday,before 12pm on Wednesday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 29 additional dependencies were updated

Details:

Package	Change
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.3 -> v1.16.24
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.7 -> v1.3.28
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.7 -> v2.6.28
github.com/aws/aws-sdk-go-v2/internal/ini	v1.8.0 -> v1.8.1
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.11.2 -> v1.12.1
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.11.9 -> v1.12.9
github.com/aws/aws-sdk-go-v2/service/sso	v1.20.8 -> v1.24.11
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.24.2 -> v1.28.10
github.com/aws/smithy-go	v1.20.2 -> v1.22.1
github.com/emicklei/go-restful/v3	v3.12.0 -> v3.12.1
github.com/prometheus/client_golang	v1.18.0 -> v1.20.4
github.com/prometheus/common	v0.46.0 -> v0.55.0
github.com/prometheus/procfs	v0.15.0 -> v0.15.1
github.com/spf13/cobra	v1.8.0 -> v1.8.1
golang.org/x/crypto	v0.24.0 -> v0.31.0
golang.org/x/exp	v0.0.0-20240506185415-9bf2ced13842 -> v0.0.0-20240719175910-8a7402abbf56
golang.org/x/net	v0.26.0 -> v0.33.0
golang.org/x/oauth2	v0.20.0 -> v0.23.0
golang.org/x/sys	v0.21.0 -> v0.28.0
golang.org/x/term	v0.21.0 -> v0.27.0
golang.org/x/text	v0.16.0 -> v0.21.0
golang.org/x/time	v0.5.0 -> v0.7.0
google.golang.org/protobuf	v1.34.1 -> v1.35.1
k8s.io/apiextensions-apiserver	v0.30.1 -> v0.32.0
k8s.io/component-base	v0.30.1 -> v0.32.0
k8s.io/klog/v2	v2.120.1 -> v2.130.1
k8s.io/kube-openapi	v0.0.0-20240430033511-f0e62f92d13f -> v0.0.0-20241105132330-32ad38e42d3f
sigs.k8s.io/json	v0.0.0-20221116044647-bc3834ca7abd -> v0.0.0-20241010143419-9aa6b5e7a4b3
sigs.k8s.io/structured-merge-diff/v4	v4.4.1 -> v4.4.2

[EnriqueLop]

Hello, is this going to be merged?

Some High vulnerabilities are fixed.

Thank you

[EnriqueLop]

This are the vulnerabilities that are patched with these upgrades:

• GHSA-r4pg-vg54-wxx4 (MEDIUM)
• CVE-2024-45338 (HIGH)

[bmsiegel]

Looks like the testing failed, looking in to why

[bmsiegel]

This testing worked locally, going to retry and see if it was a one off

[cert-manager-prow]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment