Bump github.com/cert-manager/cert-manager from 1.14.5 to 1.15.1

[dependabot[bot]]

Bumps github.com/cert-manager/cert-manager from 1.14.5 to 1.15.1.

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.15.1

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

🔗 See v1.15.0 for more information about cert-manager 1.15 and read-before-upgrade info.

📜 Changes since v1.15.0

Bug or Regression

• BUGFIX: fix issue that caused Vault issuer to not retry signing when an error was encountered. (#7111, @​inteon)

Other (Cleanup or Flake)

• Update github.com/Azure/azure-sdk-for-go/sdk/azidentity to address CVE-2024-35255 (#7092, @​ThatsMrTalbot)
• Bump the go-retryablehttp dependency to fix CVE-2024-6104 (#7130, @​SgtCoDFish)

v1.15.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

cert-manager 1.15 promotes several features to beta, including GatewayAPI support (ExperimentalGatewayAPISupport), the ability to provide a subject in the Certificate that will be used literally in the CertificateSigningRequest (LiteralCertificateSubject) and the outputting of additional certificate formats (AdditionalCertificateOutputFormats).

[!NOTE]

The cmctl binary have been moved to https://github.com/cert-manager/cmctl/releases. For the startupapicheck Job you should update references to point at quay.io/jetstack/cert-manager-startupapicheck

[!NOTE]

From this release, the Helm chart will no longer uninstall the CRDs when the chart is uninstalled. If you want the CRDs to be removed on uninstall use crds.keep=false when installing the Helm chart.

Community

Thanks again to all open-source contributors with commits in this release, including: @​Pionerd, @​SgtCoDFish, @​ThatsMrTalbot, @​andrey-dubnik, @​bwaldrep, @​eplightning, @​erikgb, @​findnature, @​gplessis, @​import-shiburin, @​inteon, @​jkroepke, @​lunarwhite, @​mangeshhambarde, @​pwhitehead-splunk & @​rodrigorfk, @​wallrj.

Thanks also to the following cert-manager maintainers for their contributions during this release: @​SgtCoDFish, @​SpectralHiss, @​ThatsMrTalbot, @​hawksight, @​inteon, @​maelvls & @​wallrj.

Equally thanks to everyone who provided feedback, helped users and raised issues on GitHub and Slack and joined our meetings!

Thanks also to the CNCF, which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the PrivateCA Issuer.

In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects.

Changes by Kind

Feature

• GatewayAPI support has graduated to Beta. Add the --enable-gateway-api flag to enable the integration. (#6961, @​ThatsMrTalbot)
• Add support to specify a custom key alias in a JKS Keystore (#6807, @​bwaldrep)
• Add the ability to communicate with Vault via mTLS when strict client certificates is enabled at Vault server side (#6614, @​rodrigorfk)
• Added option to provide additional audiences in the service account auth section for vault (#6718, @​andrey-dubnik)

... (truncated)

Commits

• 5b04ec6 Merge pull request #7130 from SgtCoDFish/release-1.15-bump-http-lib
• 7936ff0 [release-1.15] Bump go-retryablehttp to address CVE-2024-6104
• 3da4f98 Merge pull request #7111 from inteon/release-1.15_vault_bugfix
• db2a8f5 add testcase
• c680694 only retry when encountering a Vault non-InvalidData error
• c91273a BUGFIX: retry signing when encountering transient error
• d95c635 Merge pull request #7092 from ThatsMrTalbot/chore/update-azidentity-1.6.0
• 48bf30a chore: updating github.com/Azure/azure-sdk-for-go/sdk/azidentity to address C...
• 9b53314 Merge pull request #7091 from cert-manager-bot/cherry-pick-7090-to-release-1.15
• 7ec86d2 feat: normalize azure errors
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[hslatman]

Same issue as https://github.com/smallstep/step-issuer/pull/185

[dependabot[bot]]

Superseded by #206.