Closed tyriis-automation[bot] closed 1 week ago
sonarcloud[bot]
commented
1 week ago 
Quality Gate passedIssues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
tyriis-automation[bot]
commented
1 week ago
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector
@@ -35,13 +35,13 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-cainjector
- image: quay.io/jetstack/cert-manager-cainjector:v1.16.1
+ image: quay.io/jetstack/cert-manager-cainjector:v1.16.2
imagePullPolicy: IfNotPresent
args:
- --v=2
- --leader-election-namespace=kube-system
ports:
- containerPort: 9402
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager
@@ -35,19 +35,19 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-controller
- image: quay.io/jetstack/cert-manager-controller:v1.16.1
+ image: quay.io/jetstack/cert-manager-controller:v1.16.2
imagePullPolicy: IfNotPresent
args:
- --v=2
- --cluster-resource-namespace=$(POD_NAMESPACE)
- --leader-election-namespace=kube-system
- - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.1
+ - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.2
- --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
- --dns01-recursive-nameservers-only
- --enable-certificate-owner-ref
- --max-concurrent-challenges=60
ports:
- containerPort: 9402
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook
@@ -35,13 +35,13 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-webhook
- image: quay.io/jetstack/cert-manager-webhook:v1.16.1
+ image: quay.io/jetstack/cert-manager-webhook:v1.16.2
imagePullPolicy: IfNotPresent
args:
- --v=2
- --secure-port=10250
- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
--- HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck
+++ HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck
@@ -31,13 +31,13 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-startupapicheck
- image: quay.io/jetstack/cert-manager-startupapicheck:v1.16.1
+ image: quay.io/jetstack/cert-manager-startupapicheck:v1.16.2
imagePullPolicy: IfNotPresent
args:
- check
- api
- --wait=1m
- -v
--- kubernetes/talos-flux/apps/cert-manager/cert-manager/app Kustomization: flux-system/apps-cert-manager HelmRelease: cert-manager/cert-manager
+++ kubernetes/talos-flux/apps/cert-manager/cert-manager/app Kustomization: flux-system/apps-cert-manager HelmRelease: cert-manager/cert-manager
@@ -13,13 +13,13 @@
chart: cert-manager
interval: 30m
sourceRef:
kind: HelmRepository
name: jetstack-charts
namespace: flux-system
- version: v1.16.1
+ version: v1.16.2
install:
crds: CreateReplace
remediation:
retries: 5
interval: 30m
upgrade:
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector
@@ -35,13 +35,13 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-cainjector
- image: quay.io/jetstack/cert-manager-cainjector:v1.16.1
+ image: quay.io/jetstack/cert-manager-cainjector:v1.16.2
imagePullPolicy: IfNotPresent
args:
- --v=2
- --leader-election-namespace=kube-system
ports:
- containerPort: 9402
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager
@@ -35,19 +35,19 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-controller
- image: quay.io/jetstack/cert-manager-controller:v1.16.1
+ image: quay.io/jetstack/cert-manager-controller:v1.16.2
imagePullPolicy: IfNotPresent
args:
- --v=2
- --cluster-resource-namespace=$(POD_NAMESPACE)
- --leader-election-namespace=kube-system
- - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.1
+ - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.2
- --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
- --dns01-recursive-nameservers-only
- --enable-certificate-owner-ref
- --max-concurrent-challenges=60
ports:
- containerPort: 9402
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook
@@ -35,13 +35,13 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-webhook
- image: quay.io/jetstack/cert-manager-webhook:v1.16.1
+ image: quay.io/jetstack/cert-manager-webhook:v1.16.2
imagePullPolicy: IfNotPresent
args:
- --v=2
- --secure-port=10250
- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
--- HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck
+++ HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck
@@ -31,13 +31,13 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-startupapicheck
- image: quay.io/jetstack/cert-manager-startupapicheck:v1.16.1
+ image: quay.io/jetstack/cert-manager-startupapicheck:v1.16.2
imagePullPolicy: IfNotPresent
args:
- check
- api
- --wait=1m
- -v
--- kubernetes/kube-nas/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager
+++ kubernetes/kube-nas/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager
@@ -13,13 +13,13 @@
chart: cert-manager
interval: 30m
sourceRef:
kind: HelmRepository
name: jetstack-charts
namespace: flux-system
- version: v1.16.1
+ version: v1.16.2
install:
crds: CreateReplace
remediation:
retries: 5
interval: 30m
upgrade:| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| ✅ EDITORCONFIG | editorconfig-checker | 2 | 0 | 0.01s | |
| ✅ REPOSITORY | gitleaks | yes | no | 4.02s | |
| ✅ YAML | prettier | 2 | 0 | 0.53s | |
| ✅ YAML | yamllint | 2 | 0 | 0.39s |
See detailed report in MegaLinter reports
_Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff_
MegaLinter is graciously provided by OX Security
This PR contains the following updates:
v1.16.1->v1.16.2Release Notes
cert-manager/cert-manager (cert-manager)
### [`v1.16.2`](https://redirect.github.com/cert-manager/cert-manager/releases/tag/v1.16.2) [Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.16.1...v1.16.2) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This patch release of cert-manager 1.16 makes [several changes](https://redirect.github.com/cert-manager/cert-manager/pull/7401) to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed. This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project. The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods. Note also that since most PEM data parsed by cert-manager comes from `ConfigMap` or `Secret` resources which have a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data. Further information is available in https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4 In addition, the version of Go used to build cert-manager 1.16 was updated along with the base images. ##### Changes by Kind ##### Bug or Regression - Set a maximum size for PEM inputs which cert-manager will accept to remove possibility of taking a long time to process an input ([#7401](https://redirect.github.com/cert-manager/cert-manager/issues/7401), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump go to 1.23.3 and bump base images to latest available ([#7431](https://redirect.github.com/cert-manager/cert-manager/issues/7431), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish))Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.