cert-manager/cert-manager
### [`v1.11.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.11.0)
[Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.2...v1.11.0)
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
`v1.11.0` includes a drastic reduction in cert-manager's runtime memory usage, a slew of improvements to AKS integrations and various other tweaks, fixes and improvements, all towards cert-manager's goal of being the best way to handle certificates in modern Cloud Native applications.
##### Community
Thanks again to all open-source contributors with commits in this release, including:
- [@cmcga1125](https://togithub.com/cmcga1125)
- [@karlschriek](https://togithub.com/karlschriek)
- [@lvyanru8200](https://togithub.com/lvyanru8200)
- [@mmontes11](https://togithub.com/mmontes11)
- [@pinkfloydx33](https://togithub.com/pinkfloydx33)
- [@sathyanarays](https://togithub.com/sathyanarays)
- [@weisdd](https://togithub.com/weisdd)
- [@yann-soubeyrand](https://togithub.com/yann-soubeyrand)
- [@joycebrum](https://togithub.com/joycebrum)
- [@Git-Jiro](https://togithub.com/Git-Jiro)
- [@thib-mary](https://togithub.com/thib-mary)
- [@yk](https://togithub.com/yk)
- [@RomanenkoDenys](https://togithub.com/RomanenkoDenys)
- [@lucacome](https://togithub.com/lucacome)
- [@yanggangtony](https://togithub.com/yanggangtony)
Thanks also to the following cert-manager maintainers for their contributions during this release:
- [@wallrj](https://togithub.com/wallrj)
- [@irbekrm](https://togithub.com/irbekrm)
- [@maelvls](https://togithub.com/maelvls)
- [@SgtCoDFish](https://togithub.com/SgtCoDFish)
- [@inteon](https://togithub.com/inteon)
- [@jakexks](https://togithub.com/jakexks)
- [@JoshVanL](https://togithub.com/JoshVanL)
Thanks also to the [CNCF](https://www.cncf.io/), which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the [PrivateCA Issuer](https://togithub.com/cert-manager/aws-privateca-issuer).
In addition, massive thanks to [Jetstack](https://www.jetstack.io/) (by [Venafi](https://www.venafi.com/)) for contributing developer time and resources towards the continued maintenance of cert-manager projects.
##### Changes since cert-manager `v1.10`
For an overview of new features, see the [v1.11 release notes](https://cert-manager.io/docs/release-notes/release-notes-1.11/)!
##### Feature
- Helm: allow configuring the image used by ACME HTTP-01 solver ([#5554](https://togithub.com/cert-manager/cert-manager/issues/5554), [@yann-soubeyrand](https://togithub.com/yann-soubeyrand))
- Add the `--max-concurrent-challenges` controller flag to the helm chart ([#5638](https://togithub.com/cert-manager/cert-manager/issues/5638), [@lvyanru8200](https://togithub.com/lvyanru8200))
- Adds the ability to specify a custom CA bundle in Issuers when connecting to an ACME server ([#5644](https://togithub.com/cert-manager/cert-manager/issues/5644), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Enable testing against Kubernetes 1.26 and test with Kubernetes 1.26 by default ([#5646](https://togithub.com/cert-manager/cert-manager/issues/5646), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Experimental make targets for pushing images to an OCI registry using `ko` and redeploying cert-manager to the cluster referenced by your current KUBECONFIG context. ([#5655](https://togithub.com/cert-manager/cert-manager/issues/5655), [@wallrj](https://togithub.com/wallrj))
- Add ability to run acmesolver pods as root if desired. The default is still to run as non-root. ([#5546](https://togithub.com/cert-manager/cert-manager/issues/5546), [@cmcga1125](https://togithub.com/cmcga1125))
- Add support for DC and UID in `LiteralSubject` field, all mandatory OIDs are now supported for LDAP certificates (rfc4514). ([#5587](https://togithub.com/cert-manager/cert-manager/issues/5587), [@SpectralHiss](https://togithub.com/SpectralHiss))
- Add support for Workload Identity to AzureDNS resolver ([#5570](https://togithub.com/cert-manager/cert-manager/issues/5570), [@weisdd](https://togithub.com/weisdd))
- Breaking: updates the gateway API integration to use the more stable v1beta1 API version. Any users of the cert-manager `ExperimentalGatewayAPISupport` alpha feature must ensure that `v1beta` of Gateway API is installed in cluster. ([#5583](https://togithub.com/cert-manager/cert-manager/issues/5583), [@lvyanru8200](https://togithub.com/lvyanru8200))
- Certificate secrets get refreshed if the keystore format change ([#5597](https://togithub.com/cert-manager/cert-manager/issues/5597), [@sathyanarays](https://togithub.com/sathyanarays))
- Introducing UseCertificateRequestBasicConstraints feature flag to enable Basic Constraints in the Certificate Signing Request ([#5552](https://togithub.com/cert-manager/cert-manager/issues/5552), [@sathyanarays](https://togithub.com/sathyanarays))
- Return error when Gateway has a cross-namespace secret ref ([#5613](https://togithub.com/cert-manager/cert-manager/issues/5613), [@mmontes11](https://togithub.com/mmontes11))
- Signers fire an event on CertificateRequests which have not been approved yet. Used for informational purposes so users understand why a request is not progressing. ([#5535](https://togithub.com/cert-manager/cert-manager/issues/5535), [@JoshVanL](https://togithub.com/JoshVanL))
##### Bug or Regression
- Don't log errors relating to self-signed issuer checks for external issuers ([#5681](https://togithub.com/cert-manager/cert-manager/issues/5681), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fixed a bug in AzureDNS resolver that led to early reconciliations in misconfigured Workload Identity-enabled setups (when Federated Identity Credential is not linked with a controller's k8s service account) ([#5663](https://togithub.com/cert-manager/cert-manager/issues/5663), [@weisdd](https://togithub.com/weisdd))
- Use manually specified temporary directory template when verifying CRDs ([#5680](https://togithub.com/cert-manager/cert-manager/issues/5680), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- `vcert` was upgraded to `v4.23.0`, fixing two bugs in cert-manager. The first bug was preventing the Venafi issuer from renewing certificates when using TPP has been fixed. You should no longer see your certificates getting stuck with `WebSDK CertRequest Module Requested Certificate` or `This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry.`. The second bug that was fixed prevented the use of `algorithm: Ed25519` in Certificate resources with VaaS. ([#5674](https://togithub.com/cert-manager/cert-manager/issues/5674), [@maelvls](https://togithub.com/maelvls))
- Upgrade `golang/x/net` to fix CVE-2022-41717 ([#5632](https://togithub.com/cert-manager/cert-manager/issues/5632), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Bug fix: When using feature gates with the helm chart, enable feature gate flags on webhook as well as controller ([#5584](https://togithub.com/cert-manager/cert-manager/issues/5584), [@lvyanru8200](https://togithub.com/lvyanru8200))
- Fix `golang.org/x/text` vulnerability ([#5562](https://togithub.com/cert-manager/cert-manager/issues/5562), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fixes a bug that caused the Vault issuer to omit the Vault namespace in requests to the Vault API. ([#5591](https://togithub.com/cert-manager/cert-manager/issues/5591), [@wallrj](https://togithub.com/wallrj))
- The Venafi Issuer now supports TLS 1.2 renegotiation, so that it can connect to TPP servers where the vedauth API endpoints are configured to *accept* client certificates. (Note: This does not mean that the Venafi Issuer supports client certificate authentication). ([#5568](https://togithub.com/cert-manager/cert-manager/issues/5568), [@wallrj](https://togithub.com/wallrj))
- Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5619](https://togithub.com/cert-manager/cert-manager/issues/5619), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Upgrade to latest go minor release ([#5559](https://togithub.com/cert-manager/cert-manager/issues/5559), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Ensure `extraArgs` in Helm takes precedence over the new acmesolver image options ([#5702](https://togithub.com/cert-manager/cert-manager/issues/5702), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fix cainjector's --namespace flag. Users who want to prevent cainjector from reading all Secrets and Certificates in all namespaces (i.e to prevent excessive memory consumption) can now scope it to a single namespace using the --namespace flag. A cainjector that is only used as part of cert-manager installation only needs access to the cert-manager installation namespace. ([#5694](https://togithub.com/cert-manager/cert-manager/issues/5694), [@irbekrm](https://togithub.com/irbekrm))
- Fixes a bug where cert-manager controller was caching all Secrets twice ([#5691](https://togithub.com/cert-manager/cert-manager/issues/5691), [@irbekrm](https://togithub.com/irbekrm))
##### Other
- `certificate.spec.secretName` Secrets will now be labelled with the `controller.cert-manager.io/fao` label ([#5703](https://togithub.com/cert-manager/cert-manager/issues/5703), [@irbekrm](https://togithub.com/irbekrm))
- Upgrade to go 1.19.5 ([#5714](https://togithub.com/cert-manager/cert-manager/issues/5714), [@yanggangtony](https://togithub.com/yanggangtony))
### [`v1.10.2`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.10.2)
[Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.1...v1.10.2)
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.10.2 is primarily a performance enhancement release which might reduce memory consumption by up to 50% in some cases thanks to some brilliant work by [@irbekrm](https://togithub.com/irbekrm)! :tada:
It also patches several vulnerabilities reported by scanners and updates the base images used for cert-manager containers. In addition, it removes a potentially confusing log line which had been introduced in v1.10.0 which implied that an error had occurred when using external issuers even though there'd been no error.
#### Changes since `v1.10.1`
##### Feature
- Enable support for Kubernetes 1.26 in tests ([#5647](https://togithub.com/cert-manager/cert-manager/issues/5647), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
##### Bug or Regression
- Fixes a bug where the cert-manager controller was caching all Secrets twice ([#5704](https://togithub.com/cert-manager/cert-manager/issues/5704), [@irbekrm](https://togithub.com/irbekrm))
- Bump helm version to fix CVE-2022-23525 ([#5676](https://togithub.com/cert-manager/cert-manager/issues/5676), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Don't log errors relating to selfsigned issuer checks for external issuers ([#5687](https://togithub.com/cert-manager/cert-manager/issues/5687), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fix `golang.org/x/text` vulnerability ([#5592](https://togithub.com/cert-manager/cert-manager/issues/5592), [@SgtCoDfish](https://togithub.com/SgtCoDfish))
- Upgrade golang/x/net to fix CVE-2022-41717 ([#5635](https://togithub.com/cert-manager/cert-manager/issues/5635), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5620](https://togithub.com/cert-manager/cert-manager/issues/5620), [@SgtCoDfish](https://togithub.com/SgtCoDfish))
- Use manually specified tmpdir template when verifying CRDs ([#5682](https://togithub.com/cert-manager/cert-manager/issues/5682), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
##### Other (Cleanup or Flake)
- Bump distroless base images to latest versions ([#5677](https://togithub.com/cert-manager/cert-manager/issues/5677), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
Configuration
π Schedule: Branch creation - "before 2am" in timezone Etc/UTC, Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v1.10.1->v1.11.0Release Notes
cert-manager/cert-manager
### [`v1.11.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.11.0) [Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.2...v1.11.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. `v1.11.0` includes a drastic reduction in cert-manager's runtime memory usage, a slew of improvements to AKS integrations and various other tweaks, fixes and improvements, all towards cert-manager's goal of being the best way to handle certificates in modern Cloud Native applications. ##### Community Thanks again to all open-source contributors with commits in this release, including: - [@cmcga1125](https://togithub.com/cmcga1125) - [@karlschriek](https://togithub.com/karlschriek) - [@lvyanru8200](https://togithub.com/lvyanru8200) - [@mmontes11](https://togithub.com/mmontes11) - [@pinkfloydx33](https://togithub.com/pinkfloydx33) - [@sathyanarays](https://togithub.com/sathyanarays) - [@weisdd](https://togithub.com/weisdd) - [@yann-soubeyrand](https://togithub.com/yann-soubeyrand) - [@joycebrum](https://togithub.com/joycebrum) - [@Git-Jiro](https://togithub.com/Git-Jiro) - [@thib-mary](https://togithub.com/thib-mary) - [@yk](https://togithub.com/yk) - [@RomanenkoDenys](https://togithub.com/RomanenkoDenys) - [@lucacome](https://togithub.com/lucacome) - [@yanggangtony](https://togithub.com/yanggangtony) Thanks also to the following cert-manager maintainers for their contributions during this release: - [@wallrj](https://togithub.com/wallrj) - [@irbekrm](https://togithub.com/irbekrm) - [@maelvls](https://togithub.com/maelvls) - [@SgtCoDFish](https://togithub.com/SgtCoDFish) - [@inteon](https://togithub.com/inteon) - [@jakexks](https://togithub.com/jakexks) - [@JoshVanL](https://togithub.com/JoshVanL) Thanks also to the [CNCF](https://www.cncf.io/), which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the [PrivateCA Issuer](https://togithub.com/cert-manager/aws-privateca-issuer). In addition, massive thanks to [Jetstack](https://www.jetstack.io/) (by [Venafi](https://www.venafi.com/)) for contributing developer time and resources towards the continued maintenance of cert-manager projects. ##### Changes since cert-manager `v1.10` For an overview of new features, see the [v1.11 release notes](https://cert-manager.io/docs/release-notes/release-notes-1.11/)! ##### Feature - Helm: allow configuring the image used by ACME HTTP-01 solver ([#5554](https://togithub.com/cert-manager/cert-manager/issues/5554), [@yann-soubeyrand](https://togithub.com/yann-soubeyrand)) - Add the `--max-concurrent-challenges` controller flag to the helm chart ([#5638](https://togithub.com/cert-manager/cert-manager/issues/5638), [@lvyanru8200](https://togithub.com/lvyanru8200)) - Adds the ability to specify a custom CA bundle in Issuers when connecting to an ACME server ([#5644](https://togithub.com/cert-manager/cert-manager/issues/5644), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Enable testing against Kubernetes 1.26 and test with Kubernetes 1.26 by default ([#5646](https://togithub.com/cert-manager/cert-manager/issues/5646), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Experimental make targets for pushing images to an OCI registry using `ko` and redeploying cert-manager to the cluster referenced by your current KUBECONFIG context. ([#5655](https://togithub.com/cert-manager/cert-manager/issues/5655), [@wallrj](https://togithub.com/wallrj)) - Add ability to run acmesolver pods as root if desired. The default is still to run as non-root. ([#5546](https://togithub.com/cert-manager/cert-manager/issues/5546), [@cmcga1125](https://togithub.com/cmcga1125)) - Add support for DC and UID in `LiteralSubject` field, all mandatory OIDs are now supported for LDAP certificates (rfc4514). ([#5587](https://togithub.com/cert-manager/cert-manager/issues/5587), [@SpectralHiss](https://togithub.com/SpectralHiss)) - Add support for Workload Identity to AzureDNS resolver ([#5570](https://togithub.com/cert-manager/cert-manager/issues/5570), [@weisdd](https://togithub.com/weisdd)) - Breaking: updates the gateway API integration to use the more stable v1beta1 API version. Any users of the cert-manager `ExperimentalGatewayAPISupport` alpha feature must ensure that `v1beta` of Gateway API is installed in cluster. ([#5583](https://togithub.com/cert-manager/cert-manager/issues/5583), [@lvyanru8200](https://togithub.com/lvyanru8200)) - Certificate secrets get refreshed if the keystore format change ([#5597](https://togithub.com/cert-manager/cert-manager/issues/5597), [@sathyanarays](https://togithub.com/sathyanarays)) - Introducing UseCertificateRequestBasicConstraints feature flag to enable Basic Constraints in the Certificate Signing Request ([#5552](https://togithub.com/cert-manager/cert-manager/issues/5552), [@sathyanarays](https://togithub.com/sathyanarays)) - Return error when Gateway has a cross-namespace secret ref ([#5613](https://togithub.com/cert-manager/cert-manager/issues/5613), [@mmontes11](https://togithub.com/mmontes11)) - Signers fire an event on CertificateRequests which have not been approved yet. Used for informational purposes so users understand why a request is not progressing. ([#5535](https://togithub.com/cert-manager/cert-manager/issues/5535), [@JoshVanL](https://togithub.com/JoshVanL)) ##### Bug or Regression - Don't log errors relating to self-signed issuer checks for external issuers ([#5681](https://togithub.com/cert-manager/cert-manager/issues/5681), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fixed a bug in AzureDNS resolver that led to early reconciliations in misconfigured Workload Identity-enabled setups (when Federated Identity Credential is not linked with a controller's k8s service account) ([#5663](https://togithub.com/cert-manager/cert-manager/issues/5663), [@weisdd](https://togithub.com/weisdd)) - Use manually specified temporary directory template when verifying CRDs ([#5680](https://togithub.com/cert-manager/cert-manager/issues/5680), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - `vcert` was upgraded to `v4.23.0`, fixing two bugs in cert-manager. The first bug was preventing the Venafi issuer from renewing certificates when using TPP has been fixed. You should no longer see your certificates getting stuck with `WebSDK CertRequest Module Requested Certificate` or `This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry.`. The second bug that was fixed prevented the use of `algorithm: Ed25519` in Certificate resources with VaaS. ([#5674](https://togithub.com/cert-manager/cert-manager/issues/5674), [@maelvls](https://togithub.com/maelvls)) - Upgrade `golang/x/net` to fix CVE-2022-41717 ([#5632](https://togithub.com/cert-manager/cert-manager/issues/5632), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Bug fix: When using feature gates with the helm chart, enable feature gate flags on webhook as well as controller ([#5584](https://togithub.com/cert-manager/cert-manager/issues/5584), [@lvyanru8200](https://togithub.com/lvyanru8200)) - Fix `golang.org/x/text` vulnerability ([#5562](https://togithub.com/cert-manager/cert-manager/issues/5562), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fixes a bug that caused the Vault issuer to omit the Vault namespace in requests to the Vault API. ([#5591](https://togithub.com/cert-manager/cert-manager/issues/5591), [@wallrj](https://togithub.com/wallrj)) - The Venafi Issuer now supports TLS 1.2 renegotiation, so that it can connect to TPP servers where the vedauth API endpoints are configured to *accept* client certificates. (Note: This does not mean that the Venafi Issuer supports client certificate authentication). ([#5568](https://togithub.com/cert-manager/cert-manager/issues/5568), [@wallrj](https://togithub.com/wallrj)) - Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5619](https://togithub.com/cert-manager/cert-manager/issues/5619), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Upgrade to latest go minor release ([#5559](https://togithub.com/cert-manager/cert-manager/issues/5559), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Ensure `extraArgs` in Helm takes precedence over the new acmesolver image options ([#5702](https://togithub.com/cert-manager/cert-manager/issues/5702), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fix cainjector's --namespace flag. Users who want to prevent cainjector from reading all Secrets and Certificates in all namespaces (i.e to prevent excessive memory consumption) can now scope it to a single namespace using the --namespace flag. A cainjector that is only used as part of cert-manager installation only needs access to the cert-manager installation namespace. ([#5694](https://togithub.com/cert-manager/cert-manager/issues/5694), [@irbekrm](https://togithub.com/irbekrm)) - Fixes a bug where cert-manager controller was caching all Secrets twice ([#5691](https://togithub.com/cert-manager/cert-manager/issues/5691), [@irbekrm](https://togithub.com/irbekrm)) ##### Other - `certificate.spec.secretName` Secrets will now be labelled with the `controller.cert-manager.io/fao` label ([#5703](https://togithub.com/cert-manager/cert-manager/issues/5703), [@irbekrm](https://togithub.com/irbekrm)) - Upgrade to go 1.19.5 ([#5714](https://togithub.com/cert-manager/cert-manager/issues/5714), [@yanggangtony](https://togithub.com/yanggangtony)) ### [`v1.10.2`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.10.2) [Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.1...v1.10.2) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.10.2 is primarily a performance enhancement release which might reduce memory consumption by up to 50% in some cases thanks to some brilliant work by [@irbekrm](https://togithub.com/irbekrm)! :tada: It also patches several vulnerabilities reported by scanners and updates the base images used for cert-manager containers. In addition, it removes a potentially confusing log line which had been introduced in v1.10.0 which implied that an error had occurred when using external issuers even though there'd been no error. #### Changes since `v1.10.1` ##### Feature - Enable support for Kubernetes 1.26 in tests ([#5647](https://togithub.com/cert-manager/cert-manager/issues/5647), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) ##### Bug or Regression - Fixes a bug where the cert-manager controller was caching all Secrets twice ([#5704](https://togithub.com/cert-manager/cert-manager/issues/5704), [@irbekrm](https://togithub.com/irbekrm)) - Bump helm version to fix CVE-2022-23525 ([#5676](https://togithub.com/cert-manager/cert-manager/issues/5676), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Don't log errors relating to selfsigned issuer checks for external issuers ([#5687](https://togithub.com/cert-manager/cert-manager/issues/5687), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fix `golang.org/x/text` vulnerability ([#5592](https://togithub.com/cert-manager/cert-manager/issues/5592), [@SgtCoDfish](https://togithub.com/SgtCoDfish)) - Upgrade golang/x/net to fix CVE-2022-41717 ([#5635](https://togithub.com/cert-manager/cert-manager/issues/5635), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5620](https://togithub.com/cert-manager/cert-manager/issues/5620), [@SgtCoDfish](https://togithub.com/SgtCoDfish)) - Use manually specified tmpdir template when verifying CRDs ([#5682](https://togithub.com/cert-manager/cert-manager/issues/5682), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump distroless base images to latest versions ([#5677](https://togithub.com/cert-manager/cert-manager/issues/5677), [@SgtCoDFish](https://togithub.com/SgtCoDFish))Configuration
π Schedule: Branch creation - "before 2am" in timezone Etc/UTC, Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.