chore(deps): update all non-major dependencies

[renovate[bot]]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
cert-manager/cert-manager		patch	v1.13.2 -> v1.13.3
github.com/aws/aws-sdk-go-v2	require	minor	v1.23.1 -> v1.24.0
github.com/aws/aws-sdk-go-v2/config	require	minor	v1.25.5 -> v1.26.2
github.com/aws/aws-sdk-go-v2/credentials	require	patch	v1.16.4 -> v1.16.13
github.com/aws/aws-sdk-go-v2/service/acmpca	require	minor	v1.24.3 -> v1.25.5
github.com/aws/aws-sdk-go-v2/service/iam	require	minor	v1.27.3 -> v1.28.6
github.com/aws/aws-sdk-go-v2/service/ram	require	minor	v1.22.3 -> v1.23.7
github.com/aws/aws-sdk-go-v2/service/sts	require	minor	v1.25.4 -> v1.26.6
github.com/cert-manager/cert-manager	require	patch	v1.13.2 -> v1.13.3
github.com/go-logr/logr	require	minor	v1.3.0 -> v1.4.1
golang	stage	patch	1.21.4 -> 1.21.5
k8s.io/api	require	minor	v0.28.4 -> v0.29.0
k8s.io/apimachinery	require	minor	v0.28.4 -> v0.29.0
k8s.io/client-go	require	minor	v0.28.4 -> v0.29.0
k8s.io/utils	require	digest	cf03d44 -> b307cd5

---

Release Notes

cert-manager/cert-manager (cert-manager/cert-manager)

### [`v1.13.3`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.3) [Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.13.2...v1.13.3) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. > ⚠️ Read about the [**breaking changes in cert-manager 1.13**](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.0) before you upgrade from a < v1.13 version! This patch release contains fixes for the following security vulnerabilities in the cert-manager-controller: - [`GO-2023-2334`](https://pkg.go.dev/vuln/GO-2023-2334): Decryption of malicious PBES2 JWE objects can consume unbounded system resources. If you use [ArtifactHub Security report](https://artifacthub.io/packages/helm/cert-manager/cert-manager/1.13.2?modal=security-report) or [trivy](https://trivy.dev/), this patch will also silence the following warning about a vulnerability in code which is imported but **not used** by the cert-manager-controller: - [`CVE-2023-47108`](https://access.redhat.com/security/cve/CVE-2023-47108): DoS vulnerability in `otelgrpc` due to unbound cardinality metrics. An ongoing security audit of cert-manager suggested some changes to the webhook code to mitigate DoS attacks, and these are included in this patch release. ##### Changes ##### Bug or Regression - The webhook server now returns HTTP error 413 (Content Too Large) for requests with body size `>= 3MiB`. This is to mitigate DoS attacks that attempt to crash the webhook process by sending large requests that exceed the available memory. ([#​6507](https://togithub.com/cert-manager/cert-manager/pull/6507), [@​inteon](https://togithub.com/inteon)) - The webhook server now returns HTTP error 400 (Bad Request) if the request contains an empty body. ([#​6507](https://togithub.com/cert-manager/cert-manager/pull/6507), [@​inteon](https://togithub.com/inteon)) - The webhook server now returns HTTP error 500 (Internal Server Error) rather than crashing, if the code panics while handling a request. ([#​6507](https://togithub.com/cert-manager/cert-manager/pull/6507), [@​inteon](https://togithub.com/inteon)) - Mitigate potential "Slowloris" attacks by setting `ReadHeaderTimeout` in all `http.Server` instances. ([#​6538](https://togithub.com/cert-manager/cert-manager/pull/6538), [@​wallrj](https://togithub.com/wallrj)) - Upgrade Go modules: `otel`, `docker`, and `jose` to fix CVE alerts. See https://github.com/advisories/GHSA-8pgv-569h-w5rw, https://github.com/advisories/GHSA-jq35-85cj-fj4p, and https://github.com/advisories/GHSA-2c7c-3mj9-8fqh. ([#​6514](https://togithub.com/cert-manager/cert-manager/pull/6514), [@​inteon](https://togithub.com/inteon)) ##### Dependencies ##### Added *Nothing has changed.* ##### Changed - `cloud.google.com/go/firestore`: `v1.11.0 → v1.12.0` - `cloud.google.com/go`: `v0.110.6 → v0.110.7` - `github.com/felixge/httpsnoop`: [`v1.0.3 → v1.0.4`](https://togithub.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4) - `github.com/go-jose/go-jose/v3`: [`v3.0.0 → v3.0.1`](https://togithub.com/go-jose/go-jose/v3/compare/v3.0.0...v3.0.1) - `github.com/go-logr/logr`: [`v1.2.4 → v1.3.0`](https://togithub.com/go-logr/logr/compare/v1.2.4...v1.3.0) - `github.com/golang/glog`: [`v1.1.0 → v1.1.2`](https://togithub.com/golang/glog/compare/v1.1.0...v1.1.2) - `github.com/google/go-cmp`: [`v0.5.9 → v0.6.0`](https://togithub.com/google/go-cmp/compare/v0.5.9...v0.6.0) - `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc`: `v0.45.0 → v0.46.0` - `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`: `v0.44.0 → v0.46.0` - `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`: `v1.19.0 → v1.20.0` - `go.opentelemetry.io/otel/exporters/otlp/otlptrace`: `v1.19.0 → v1.20.0` - `go.opentelemetry.io/otel/metric`: `v1.19.0 → v1.20.0` - `go.opentelemetry.io/otel/sdk`: `v1.19.0 → v1.20.0` - `go.opentelemetry.io/otel/trace`: `v1.19.0 → v1.20.0` - `go.opentelemetry.io/otel`: `v1.19.0 → v1.20.0` - `go.uber.org/goleak`: `v1.2.1 → v1.3.0` - `golang.org/x/sys`: `v0.13.0 → v0.14.0` - `google.golang.org/genproto/googleapis/api`: `f966b18 → b8732ec` - `google.golang.org/genproto`: `f966b18 → b8732ec` - `google.golang.org/grpc`: `v1.58.3 → v1.59.0` ##### Removed *Nothing has changed.*

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)

### [`v1.24.0`](https://togithub.com/aws/aws-sdk-go-v2/compare/v1.23.5...v1.24.0) [Compare Source](https://togithub.com/aws/aws-sdk-go-v2/compare/v1.23.5...v1.24.0) ### [`v1.23.5`](https://togithub.com/aws/aws-sdk-go-v2/compare/v1.23.4...v1.23.5) [Compare Source](https://togithub.com/aws/aws-sdk-go-v2/compare/v1.23.4...v1.23.5) ### [`v1.23.4`](https://togithub.com/aws/aws-sdk-go-v2/compare/v1.23.3...v1.23.4) [Compare Source](https://togithub.com/aws/aws-sdk-go-v2/compare/v1.23.3...v1.23.4) ### [`v1.23.3`](https://togithub.com/aws/aws-sdk-go-v2/compare/v1.23.2...v1.23.3) [Compare Source](https://togithub.com/aws/aws-sdk-go-v2/compare/v1.23.2...v1.23.3) ### [`v1.23.2`](https://togithub.com/aws/aws-sdk-go-v2/compare/v1.23.1...v1.23.2) [Compare Source](https://togithub.com/aws/aws-sdk-go-v2/compare/v1.23.1...v1.23.2)

go-logr/logr (github.com/go-logr/logr)

### [`v1.4.1`](https://togithub.com/go-logr/logr/releases/tag/v1.4.1) [Compare Source](https://togithub.com/go-logr/logr/compare/v1.4.0...v1.4.1) #### What's Changed - slogr: fix unintended API break in v1.4.0 by [@​pohly](https://togithub.com/pohly) in [https://github.com/go-logr/logr/pull/253](https://togithub.com/go-logr/logr/pull/253) **Full Changelog**: https://github.com/go-logr/logr/compare/v1.4.0...v1.4.1 ### [`v1.4.0`](https://togithub.com/go-logr/logr/releases/tag/v1.4.0) [Compare Source](https://togithub.com/go-logr/logr/compare/v1.3.0...v1.4.0) This release dramatically improves interoperability with Go's `log/slog` package. In particular, `logr.NewContext` and `logr.NewContextWithSlogLogger` use the same context key, which allows `logr.FromContext` and `logr.FromContextAsSlogLogger` to return `logr.Logger` or `*slog.Logger` respectively, including transparently converting each to the other as needed. Functions `logr/slogr.NewLogr` and `logr/slogr.ToSlogHandler` have been superceded by `logr.FromSlogHandler` and `logr.ToSlogHandler` respectively, and type `logr/slogr.SlogSink` has been superceded by `logr.SlogSink`. All of the old names in `logr/slogr` remain, for compatibility. Package `logr/funcr` now supports `logr.SlogSink`, meaning that it's output passes all but one of the Slog conformance tests (that exception being that `funcr` handles the timestamp itself). Users who have a `logr.Logger` and need a `*slog.Logger` can call `slog.New(logr.ToSlogHandler(...))` and all output will go through the same stack. Users who have a `*slog.Logger` or `slog.Handler` can call `logr.FromSlogHandler(...)` and all output will go through the same stack. #### What's Changed - slog context support by [@​pohly](https://togithub.com/pohly) in [https://github.com/go-logr/logr/pull/237](https://togithub.com/go-logr/logr/pull/237) - slog support: fix WithGroup + WithValues combination by [@​pohly](https://togithub.com/pohly) in [https://github.com/go-logr/logr/pull/243](https://togithub.com/go-logr/logr/pull/243) - Add tests for context with slog by [@​thockin](https://togithub.com/thockin) in [https://github.com/go-logr/logr/pull/246](https://togithub.com/go-logr/logr/pull/246) - sloghandler: unnamed groups should be inlined by [@​thockin](https://togithub.com/thockin) in [https://github.com/go-logr/logr/pull/245](https://togithub.com/go-logr/logr/pull/245) - Add SlogSink support to funcr by [@​thockin](https://togithub.com/thockin) in [https://github.com/go-logr/logr/pull/241](https://togithub.com/go-logr/logr/pull/241) - funcr: Add LogInfoLevel Option to skip logging level in the info log by [@​spacewander](https://togithub.com/spacewander) in [https://github.com/go-logr/logr/pull/240](https://togithub.com/go-logr/logr/pull/240) #### New Contributors - [@​spacewander](https://togithub.com/spacewander) made their first contribution in [https://github.com/go-logr/logr/pull/240](https://togithub.com/go-logr/logr/pull/240) **Full Changelog**: https://github.com/go-logr/logr/compare/v1.3.0...v1.4.0

kubernetes/api (k8s.io/api)

### [`v0.29.0`](https://togithub.com/kubernetes/api/compare/v0.28.4...v0.29.0) [Compare Source](https://togithub.com/kubernetes/api/compare/v0.28.5...v0.29.0) ### [`v0.28.5`](https://togithub.com/kubernetes/api/compare/v0.28.4...v0.28.5) [Compare Source](https://togithub.com/kubernetes/api/compare/v0.28.4...v0.28.5)

kubernetes/apimachinery (k8s.io/apimachinery)

### [`v0.29.0`](https://togithub.com/kubernetes/apimachinery/compare/v0.28.4...v0.29.0) [Compare Source](https://togithub.com/kubernetes/apimachinery/compare/v0.28.5...v0.29.0) ### [`v0.28.5`](https://togithub.com/kubernetes/apimachinery/compare/v0.28.4...v0.28.5) [Compare Source](https://togithub.com/kubernetes/apimachinery/compare/v0.28.4...v0.28.5)

kubernetes/client-go (k8s.io/client-go)

### [`v0.29.0`](https://togithub.com/kubernetes/client-go/compare/v0.28.4...v0.29.0) [Compare Source](https://togithub.com/kubernetes/client-go/compare/v0.28.5...v0.29.0) ### [`v0.28.5`](https://togithub.com/kubernetes/client-go/compare/v0.28.4...v0.28.5) [Compare Source](https://togithub.com/kubernetes/client-go/compare/v0.28.4...v0.28.5)

---

Configuration

📅 Schedule: Branch creation - "after 9am on Wednesday,before 12pm on Wednesday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[jetstack-bot]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/cert-manager/aws-privateca-issuer/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment