cert-manager/cert-manager
### [`v1.11.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.11.0)
[Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.2...v1.11.0)
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
`v1.11.0` includes a drastic reduction in cert-manager's runtime memory usage, a slew of improvements to AKS integrations and various other tweaks, fixes and improvements, all towards cert-manager's goal of being the best way to handle certificates in modern Cloud Native applications.
#### Community
Thanks again to all open-source contributors with commits in this release, including:
- [@cmcga1125](https://togithub.com/cmcga1125)
- [@karlschriek](https://togithub.com/karlschriek)
- [@lvyanru8200](https://togithub.com/lvyanru8200)
- [@mmontes11](https://togithub.com/mmontes11)
- [@pinkfloydx33](https://togithub.com/pinkfloydx33)
- [@sathyanarays](https://togithub.com/sathyanarays)
- [@weisdd](https://togithub.com/weisdd)
- [@yann-soubeyrand](https://togithub.com/yann-soubeyrand)
- [@joycebrum](https://togithub.com/joycebrum)
- [@Git-Jiro](https://togithub.com/Git-Jiro)
- [@thib-mary](https://togithub.com/thib-mary)
- [@yk](https://togithub.com/yk)
- [@RomanenkoDenys](https://togithub.com/RomanenkoDenys)
- [@lucacome](https://togithub.com/lucacome)
- [@yanggangtony](https://togithub.com/yanggangtony)
Thanks also to the following cert-manager maintainers for their contributions during this release:
- [@wallrj](https://togithub.com/wallrj)
- [@irbekrm](https://togithub.com/irbekrm)
- [@maelvls](https://togithub.com/maelvls)
- [@SgtCoDFish](https://togithub.com/SgtCoDFish)
- [@inteon](https://togithub.com/inteon)
- [@jakexks](https://togithub.com/jakexks)
- [@JoshVanL](https://togithub.com/JoshVanL)
Thanks also to the [CNCF](https://www.cncf.io/), which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the [PrivateCA Issuer](https://togithub.com/cert-manager/aws-privateca-issuer).
In addition, massive thanks to [Jetstack](https://www.jetstack.io/) (by [Venafi](https://www.venafi.com/)) for contributing developer time and resources towards the continued maintenance of cert-manager projects.
#### Changes since cert-manager `v1.10`
For an overview of new features, see the [v1.11 release notes](https://cert-manager.io/docs/release-notes/release-notes-1.11/)!
##### Feature
- Helm: allow configuring the image used by ACME HTTP-01 solver ([#5554](https://togithub.com/cert-manager/cert-manager/issues/5554), [@yann-soubeyrand](https://togithub.com/yann-soubeyrand))
- Add the `--max-concurrent-challenges` controller flag to the helm chart ([#5638](https://togithub.com/cert-manager/cert-manager/issues/5638), [@lvyanru8200](https://togithub.com/lvyanru8200))
- Adds the ability to specify a custom CA bundle in Issuers when connecting to an ACME server ([#5644](https://togithub.com/cert-manager/cert-manager/issues/5644), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Enable testing against Kubernetes 1.26 and test with Kubernetes 1.26 by default ([#5646](https://togithub.com/cert-manager/cert-manager/issues/5646), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Experimental make targets for pushing images to an OCI registry using `ko` and redeploying cert-manager to the cluster referenced by your current KUBECONFIG context. ([#5655](https://togithub.com/cert-manager/cert-manager/issues/5655), [@wallrj](https://togithub.com/wallrj))
- Add ability to run acmesolver pods as root if desired. The default is still to run as non-root. ([#5546](https://togithub.com/cert-manager/cert-manager/issues/5546), [@cmcga1125](https://togithub.com/cmcga1125))
- Add support for DC and UID in `LiteralSubject` field, all mandatory OIDs are now supported for LDAP certificates (rfc4514). ([#5587](https://togithub.com/cert-manager/cert-manager/issues/5587), [@SpectralHiss](https://togithub.com/SpectralHiss))
- Add support for Workload Identity to AzureDNS resolver ([#5570](https://togithub.com/cert-manager/cert-manager/issues/5570), [@weisdd](https://togithub.com/weisdd))
- Breaking: updates the gateway API integration to use the more stable v1beta1 API version. Any users of the cert-manager `ExperimentalGatewayAPISupport` alpha feature must ensure that `v1beta` of Gateway API is installed in cluster. ([#5583](https://togithub.com/cert-manager/cert-manager/issues/5583), [@lvyanru8200](https://togithub.com/lvyanru8200))
- Certificate secrets get refreshed if the keystore format change ([#5597](https://togithub.com/cert-manager/cert-manager/issues/5597), [@sathyanarays](https://togithub.com/sathyanarays))
- Introducing UseCertificateRequestBasicConstraints feature flag to enable Basic Constraints in the Certificate Signing Request ([#5552](https://togithub.com/cert-manager/cert-manager/issues/5552), [@sathyanarays](https://togithub.com/sathyanarays))
- Return error when Gateway has a cross-namespace secret ref ([#5613](https://togithub.com/cert-manager/cert-manager/issues/5613), [@mmontes11](https://togithub.com/mmontes11))
- Signers fire an event on CertificateRequests which have not been approved yet. Used for informational purposes so users understand why a request is not progressing. ([#5535](https://togithub.com/cert-manager/cert-manager/issues/5535), [@JoshVanL](https://togithub.com/JoshVanL))
##### Bug or Regression
- Don't log errors relating to self-signed issuer checks for external issuers ([#5681](https://togithub.com/cert-manager/cert-manager/issues/5681), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fixed a bug in AzureDNS resolver that led to early reconciliations in misconfigured Workload Identity-enabled setups (when Federated Identity Credential is not linked with a controller's k8s service account) ([#5663](https://togithub.com/cert-manager/cert-manager/issues/5663), [@weisdd](https://togithub.com/weisdd))
- Use manually specified temporary directory template when verifying CRDs ([#5680](https://togithub.com/cert-manager/cert-manager/issues/5680), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- `vcert` was upgraded to `v4.23.0`, fixing two bugs in cert-manager. The first bug was preventing the Venafi issuer from renewing certificates when using TPP has been fixed. You should no longer see your certificates getting stuck with `WebSDK CertRequest Module Requested Certificate` or `This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry.`. The second bug that was fixed prevented the use of `algorithm: Ed25519` in Certificate resources with VaaS. ([#5674](https://togithub.com/cert-manager/cert-manager/issues/5674), [@maelvls](https://togithub.com/maelvls))
- Upgrade `golang/x/net` to fix CVE-2022-41717 ([#5632](https://togithub.com/cert-manager/cert-manager/issues/5632), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Bug fix: When using feature gates with the helm chart, enable feature gate flags on webhook as well as controller ([#5584](https://togithub.com/cert-manager/cert-manager/issues/5584), [@lvyanru8200](https://togithub.com/lvyanru8200))
- Fix `golang.org/x/text` vulnerability ([#5562](https://togithub.com/cert-manager/cert-manager/issues/5562), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fixes a bug that caused the Vault issuer to omit the Vault namespace in requests to the Vault API. ([#5591](https://togithub.com/cert-manager/cert-manager/issues/5591), [@wallrj](https://togithub.com/wallrj))
- The Venafi Issuer now supports TLS 1.2 renegotiation, so that it can connect to TPP servers where the vedauth API endpoints are configured to *accept* client certificates. (Note: This does not mean that the Venafi Issuer supports client certificate authentication). ([#5568](https://togithub.com/cert-manager/cert-manager/issues/5568), [@wallrj](https://togithub.com/wallrj))
- Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5619](https://togithub.com/cert-manager/cert-manager/issues/5619), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Upgrade to latest go minor release ([#5559](https://togithub.com/cert-manager/cert-manager/issues/5559), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Ensure `extraArgs` in Helm takes precedence over the new acmesolver image options ([#5702](https://togithub.com/cert-manager/cert-manager/issues/5702), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fix cainjector's --namespace flag. Users who want to prevent cainjector from reading all Secrets and Certificates in all namespaces (i.e to prevent excessive memory consumption) can now scope it to a single namespace using the --namespace flag. A cainjector that is only used as part of cert-manager installation only needs access to the cert-manager installation namespace. ([#5694](https://togithub.com/cert-manager/cert-manager/issues/5694), [@irbekrm](https://togithub.com/irbekrm))
- Fixes a bug where cert-manager controller was caching all Secrets twice ([#5691](https://togithub.com/cert-manager/cert-manager/issues/5691), [@irbekrm](https://togithub.com/irbekrm))
##### Other
- `certificate.spec.secretName` Secrets will now be labelled with the `controller.cert-manager.io/fao` label ([#5703](https://togithub.com/cert-manager/cert-manager/issues/5703), [@irbekrm](https://togithub.com/irbekrm))
- Upgrade to go 1.19.5 ([#5714](https://togithub.com/cert-manager/cert-manager/issues/5714), [@yanggangtony](https://togithub.com/yanggangtony))
##### Known issues
- There is a bug in conformance tests for external DNS webhook implementations that was introduced in this release, see [https://github.com/cert-manager/cert-manager/issues/5725](https://togithub.com/cert-manager/cert-manager/issues/5725)
If you are importing cert-manager as a library to run conformance tests against your DNS webhook solver implementation, please make sure that you import a version with a fix, [https://github.com/cert-manager/cert-manager/issues/5725#issuecomment-1397245757](https://togithub.com/cert-manager/cert-manager/issues/5725#issuecomment-1397245757)5757
### [`v1.10.2`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.10.2)
[Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.1...v1.10.2)
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.10.2 is primarily a performance enhancement release which might reduce memory consumption by up to 50% in some cases thanks to some brilliant work by [@irbekrm](https://togithub.com/irbekrm)! :tada:
It also patches several vulnerabilities reported by scanners and updates the base images used for cert-manager containers. In addition, it removes a potentially confusing log line which had been introduced in v1.10.0 which implied that an error had occurred when using external issuers even though there'd been no error.
#### Changes since `v1.10.1`
##### Feature
- Enable support for Kubernetes 1.26 in tests ([#5647](https://togithub.com/cert-manager/cert-manager/issues/5647), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
##### Bug or Regression
- Fixes a bug where the cert-manager controller was caching all Secrets twice ([#5704](https://togithub.com/cert-manager/cert-manager/issues/5704), [@irbekrm](https://togithub.com/irbekrm))
- Bump helm version to fix CVE-2022-23525 ([#5676](https://togithub.com/cert-manager/cert-manager/issues/5676), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Don't log errors relating to selfsigned issuer checks for external issuers ([#5687](https://togithub.com/cert-manager/cert-manager/issues/5687), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fix `golang.org/x/text` vulnerability ([#5592](https://togithub.com/cert-manager/cert-manager/issues/5592), [@SgtCoDfish](https://togithub.com/SgtCoDfish))
- Upgrade golang/x/net to fix CVE-2022-41717 ([#5635](https://togithub.com/cert-manager/cert-manager/issues/5635), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5620](https://togithub.com/cert-manager/cert-manager/issues/5620), [@SgtCoDfish](https://togithub.com/SgtCoDfish))
- Use manually specified tmpdir template when verifying CRDs ([#5682](https://togithub.com/cert-manager/cert-manager/issues/5682), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
##### Other (Cleanup or Flake)
- Bump distroless base images to latest versions ([#5677](https://togithub.com/cert-manager/cert-manager/issues/5677), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
Configuration
📅 Schedule: Branch creation - "every 2 months on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, click this checkbox.
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in two weeks if no further activity occurs. Thank you for your contributions.
This PR contains the following updates:
v1.10.1
->v1.11.0
11.4.2
->11.5.3
12.1.6
->12.2.3
17.4.1
->17.8.5
Release Notes
cert-manager/cert-manager
### [`v1.11.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.11.0) [Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.2...v1.11.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. `v1.11.0` includes a drastic reduction in cert-manager's runtime memory usage, a slew of improvements to AKS integrations and various other tweaks, fixes and improvements, all towards cert-manager's goal of being the best way to handle certificates in modern Cloud Native applications. #### Community Thanks again to all open-source contributors with commits in this release, including: - [@cmcga1125](https://togithub.com/cmcga1125) - [@karlschriek](https://togithub.com/karlschriek) - [@lvyanru8200](https://togithub.com/lvyanru8200) - [@mmontes11](https://togithub.com/mmontes11) - [@pinkfloydx33](https://togithub.com/pinkfloydx33) - [@sathyanarays](https://togithub.com/sathyanarays) - [@weisdd](https://togithub.com/weisdd) - [@yann-soubeyrand](https://togithub.com/yann-soubeyrand) - [@joycebrum](https://togithub.com/joycebrum) - [@Git-Jiro](https://togithub.com/Git-Jiro) - [@thib-mary](https://togithub.com/thib-mary) - [@yk](https://togithub.com/yk) - [@RomanenkoDenys](https://togithub.com/RomanenkoDenys) - [@lucacome](https://togithub.com/lucacome) - [@yanggangtony](https://togithub.com/yanggangtony) Thanks also to the following cert-manager maintainers for their contributions during this release: - [@wallrj](https://togithub.com/wallrj) - [@irbekrm](https://togithub.com/irbekrm) - [@maelvls](https://togithub.com/maelvls) - [@SgtCoDFish](https://togithub.com/SgtCoDFish) - [@inteon](https://togithub.com/inteon) - [@jakexks](https://togithub.com/jakexks) - [@JoshVanL](https://togithub.com/JoshVanL) Thanks also to the [CNCF](https://www.cncf.io/), which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the [PrivateCA Issuer](https://togithub.com/cert-manager/aws-privateca-issuer). In addition, massive thanks to [Jetstack](https://www.jetstack.io/) (by [Venafi](https://www.venafi.com/)) for contributing developer time and resources towards the continued maintenance of cert-manager projects. #### Changes since cert-manager `v1.10` For an overview of new features, see the [v1.11 release notes](https://cert-manager.io/docs/release-notes/release-notes-1.11/)! ##### Feature - Helm: allow configuring the image used by ACME HTTP-01 solver ([#5554](https://togithub.com/cert-manager/cert-manager/issues/5554), [@yann-soubeyrand](https://togithub.com/yann-soubeyrand)) - Add the `--max-concurrent-challenges` controller flag to the helm chart ([#5638](https://togithub.com/cert-manager/cert-manager/issues/5638), [@lvyanru8200](https://togithub.com/lvyanru8200)) - Adds the ability to specify a custom CA bundle in Issuers when connecting to an ACME server ([#5644](https://togithub.com/cert-manager/cert-manager/issues/5644), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Enable testing against Kubernetes 1.26 and test with Kubernetes 1.26 by default ([#5646](https://togithub.com/cert-manager/cert-manager/issues/5646), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Experimental make targets for pushing images to an OCI registry using `ko` and redeploying cert-manager to the cluster referenced by your current KUBECONFIG context. ([#5655](https://togithub.com/cert-manager/cert-manager/issues/5655), [@wallrj](https://togithub.com/wallrj)) - Add ability to run acmesolver pods as root if desired. The default is still to run as non-root. ([#5546](https://togithub.com/cert-manager/cert-manager/issues/5546), [@cmcga1125](https://togithub.com/cmcga1125)) - Add support for DC and UID in `LiteralSubject` field, all mandatory OIDs are now supported for LDAP certificates (rfc4514). ([#5587](https://togithub.com/cert-manager/cert-manager/issues/5587), [@SpectralHiss](https://togithub.com/SpectralHiss)) - Add support for Workload Identity to AzureDNS resolver ([#5570](https://togithub.com/cert-manager/cert-manager/issues/5570), [@weisdd](https://togithub.com/weisdd)) - Breaking: updates the gateway API integration to use the more stable v1beta1 API version. Any users of the cert-manager `ExperimentalGatewayAPISupport` alpha feature must ensure that `v1beta` of Gateway API is installed in cluster. ([#5583](https://togithub.com/cert-manager/cert-manager/issues/5583), [@lvyanru8200](https://togithub.com/lvyanru8200)) - Certificate secrets get refreshed if the keystore format change ([#5597](https://togithub.com/cert-manager/cert-manager/issues/5597), [@sathyanarays](https://togithub.com/sathyanarays)) - Introducing UseCertificateRequestBasicConstraints feature flag to enable Basic Constraints in the Certificate Signing Request ([#5552](https://togithub.com/cert-manager/cert-manager/issues/5552), [@sathyanarays](https://togithub.com/sathyanarays)) - Return error when Gateway has a cross-namespace secret ref ([#5613](https://togithub.com/cert-manager/cert-manager/issues/5613), [@mmontes11](https://togithub.com/mmontes11)) - Signers fire an event on CertificateRequests which have not been approved yet. Used for informational purposes so users understand why a request is not progressing. ([#5535](https://togithub.com/cert-manager/cert-manager/issues/5535), [@JoshVanL](https://togithub.com/JoshVanL)) ##### Bug or Regression - Don't log errors relating to self-signed issuer checks for external issuers ([#5681](https://togithub.com/cert-manager/cert-manager/issues/5681), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fixed a bug in AzureDNS resolver that led to early reconciliations in misconfigured Workload Identity-enabled setups (when Federated Identity Credential is not linked with a controller's k8s service account) ([#5663](https://togithub.com/cert-manager/cert-manager/issues/5663), [@weisdd](https://togithub.com/weisdd)) - Use manually specified temporary directory template when verifying CRDs ([#5680](https://togithub.com/cert-manager/cert-manager/issues/5680), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - `vcert` was upgraded to `v4.23.0`, fixing two bugs in cert-manager. The first bug was preventing the Venafi issuer from renewing certificates when using TPP has been fixed. You should no longer see your certificates getting stuck with `WebSDK CertRequest Module Requested Certificate` or `This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry.`. The second bug that was fixed prevented the use of `algorithm: Ed25519` in Certificate resources with VaaS. ([#5674](https://togithub.com/cert-manager/cert-manager/issues/5674), [@maelvls](https://togithub.com/maelvls)) - Upgrade `golang/x/net` to fix CVE-2022-41717 ([#5632](https://togithub.com/cert-manager/cert-manager/issues/5632), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Bug fix: When using feature gates with the helm chart, enable feature gate flags on webhook as well as controller ([#5584](https://togithub.com/cert-manager/cert-manager/issues/5584), [@lvyanru8200](https://togithub.com/lvyanru8200)) - Fix `golang.org/x/text` vulnerability ([#5562](https://togithub.com/cert-manager/cert-manager/issues/5562), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fixes a bug that caused the Vault issuer to omit the Vault namespace in requests to the Vault API. ([#5591](https://togithub.com/cert-manager/cert-manager/issues/5591), [@wallrj](https://togithub.com/wallrj)) - The Venafi Issuer now supports TLS 1.2 renegotiation, so that it can connect to TPP servers where the vedauth API endpoints are configured to *accept* client certificates. (Note: This does not mean that the Venafi Issuer supports client certificate authentication). ([#5568](https://togithub.com/cert-manager/cert-manager/issues/5568), [@wallrj](https://togithub.com/wallrj)) - Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5619](https://togithub.com/cert-manager/cert-manager/issues/5619), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Upgrade to latest go minor release ([#5559](https://togithub.com/cert-manager/cert-manager/issues/5559), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Ensure `extraArgs` in Helm takes precedence over the new acmesolver image options ([#5702](https://togithub.com/cert-manager/cert-manager/issues/5702), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fix cainjector's --namespace flag. Users who want to prevent cainjector from reading all Secrets and Certificates in all namespaces (i.e to prevent excessive memory consumption) can now scope it to a single namespace using the --namespace flag. A cainjector that is only used as part of cert-manager installation only needs access to the cert-manager installation namespace. ([#5694](https://togithub.com/cert-manager/cert-manager/issues/5694), [@irbekrm](https://togithub.com/irbekrm)) - Fixes a bug where cert-manager controller was caching all Secrets twice ([#5691](https://togithub.com/cert-manager/cert-manager/issues/5691), [@irbekrm](https://togithub.com/irbekrm)) ##### Other - `certificate.spec.secretName` Secrets will now be labelled with the `controller.cert-manager.io/fao` label ([#5703](https://togithub.com/cert-manager/cert-manager/issues/5703), [@irbekrm](https://togithub.com/irbekrm)) - Upgrade to go 1.19.5 ([#5714](https://togithub.com/cert-manager/cert-manager/issues/5714), [@yanggangtony](https://togithub.com/yanggangtony)) ##### Known issues - There is a bug in conformance tests for external DNS webhook implementations that was introduced in this release, see [https://github.com/cert-manager/cert-manager/issues/5725](https://togithub.com/cert-manager/cert-manager/issues/5725) If you are importing cert-manager as a library to run conformance tests against your DNS webhook solver implementation, please make sure that you import a version with a fix, [https://github.com/cert-manager/cert-manager/issues/5725#issuecomment-1397245757](https://togithub.com/cert-manager/cert-manager/issues/5725#issuecomment-1397245757)5757 ### [`v1.10.2`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.10.2) [Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.1...v1.10.2) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.10.2 is primarily a performance enhancement release which might reduce memory consumption by up to 50% in some cases thanks to some brilliant work by [@irbekrm](https://togithub.com/irbekrm)! :tada: It also patches several vulnerabilities reported by scanners and updates the base images used for cert-manager containers. In addition, it removes a potentially confusing log line which had been introduced in v1.10.0 which implied that an error had occurred when using external issuers even though there'd been no error. #### Changes since `v1.10.1` ##### Feature - Enable support for Kubernetes 1.26 in tests ([#5647](https://togithub.com/cert-manager/cert-manager/issues/5647), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) ##### Bug or Regression - Fixes a bug where the cert-manager controller was caching all Secrets twice ([#5704](https://togithub.com/cert-manager/cert-manager/issues/5704), [@irbekrm](https://togithub.com/irbekrm)) - Bump helm version to fix CVE-2022-23525 ([#5676](https://togithub.com/cert-manager/cert-manager/issues/5676), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Don't log errors relating to selfsigned issuer checks for external issuers ([#5687](https://togithub.com/cert-manager/cert-manager/issues/5687), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fix `golang.org/x/text` vulnerability ([#5592](https://togithub.com/cert-manager/cert-manager/issues/5592), [@SgtCoDfish](https://togithub.com/SgtCoDfish)) - Upgrade golang/x/net to fix CVE-2022-41717 ([#5635](https://togithub.com/cert-manager/cert-manager/issues/5635), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5620](https://togithub.com/cert-manager/cert-manager/issues/5620), [@SgtCoDfish](https://togithub.com/SgtCoDfish)) - Use manually specified tmpdir template when verifying CRDs ([#5682](https://togithub.com/cert-manager/cert-manager/issues/5682), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump distroless base images to latest versions ([#5677](https://togithub.com/cert-manager/cert-manager/issues/5677), [@SgtCoDFish](https://togithub.com/SgtCoDFish))Configuration
📅 Schedule: Branch creation - "every 2 months on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.