{"id":40716,"name":"jetstack/cert-manager-webhook","ecosystem":"docker","repository_url":null,"issues_count":8,"created_at":"2025-06-11T04:21:01.144Z","updated_at":"2025-06-11T04:21:01.144Z","purl":"pkg:docker/jetstack/cert-manager-webhook","unique_repositories_count":2,"unique_repositories_count_past_30_days":1,"recent_issues":[{"uuid":"4166873769","node_id":"PR_kwDOF3eXvs7OeE2o","number":11364,"state":"closed","title":"Bump jetstack/cert-manager-webhook from v1.19.4 to v1.20.1","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-13T03:38:58.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T03:27:39.000Z","updated_at":"2026-04-13T03:38:59.000Z","time_to_close":1210279,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.19.4","new_version":"v1.20.1","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.19.4 to v1.20.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003ev1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate \u003ccode\u003eparentRef\u003c/code\u003e bug when both issuer config and annotations are present (Gateway API).\u003c/p\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed duplicate \u003ccode\u003eparentRef\u003c/code\u003e bug when both issuer config and annotations are present. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8658\"\u003e#8658\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8655\"\u003e#8655\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8657\"\u003e#8657\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0-alpha.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e⚠️ This is a pre-release. For testing only!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eChanges since \u003ccode\u003ev1.19.0\u003c/code\u003e\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd built-in \u0026quot;Ready\u0026quot; status metrics for ClusterIssuer and Issuer resources. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8188\"\u003e#8188\u003c/a\u003e, \u003ca href=\"https://github.com/mikeluttikhuis\"\u003e\u003ccode\u003e@​mikeluttikhuis\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for specifying \u003ccode\u003eimagePullSecrets\u003c/code\u003e in the \u003ccode\u003estartupapicheck-job\u003c/code\u003e Helm template to enable pulling images from private registries. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8186\"\u003e#8186\u003c/a\u003e, \u003ca href=\"https://github.com/mathieu-clnk\"\u003e\u003ccode\u003e@​mathieu-clnk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds logs for cases when acme server returns us a fatal error in the order controller (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8199\"\u003e#8199\u003c/a\u003e, \u003ca href=\"https://github.com/Peac36\"\u003e\u003ccode\u003e@​Peac36\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8160\"\u003e#8160\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@​inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix unregulated retries with the DigitalOcean DNS-01 solver (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8221\"\u003e#8221\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj-cyberark\"\u003e\u003ccode\u003e@​wallrj-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8221\"\u003e#8221\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj-cyberark\"\u003e\u003ccode\u003e@​wallrj-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert API defaults for issuer reference kind and group introduced in 0.19.0 (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8173\"\u003e#8173\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen Prometheus monitoring is enabled, the metrics label is now set to the intended value of \u003ccode\u003ecert-manager\u003c/code\u003e. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8162\"\u003e#8162\u003c/a\u003e, \u003ca href=\"https://github.com/LiquidPL\"\u003e\u003ccode\u003e@​LiquidPL\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0-alpha.1\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eThis is a pre-release for cert-manager v1.20.0. Please help with testing!\u003c/p\u003e\n\u003ch2\u003eChanged since v1.20.0-alpha.0\u003c/h2\u003e\n\u003cp\u003eThis alpha release adds experimental XListenerSet support, NetworkPolicy and CRD selectable field features, fixes critical bugs including an infinite re-issuance loop and IPv6 HTTP-01 challenge issues, patches security vulnerabilities (CVE-2025-61727, CVE-2025-61729), promotes OtherNames to Beta and DefaultPrivateKeyRotationPolicyAlways to GA, and changes the default container UID/GID from 1000/0 to 65532/65532.\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental \u003ccode\u003eXListenerSet\u003c/code\u003e feature gate (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8394\"\u003e#8394\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a set of flags to permit setting NetworkPolicy across all deployed containers.\nRemove redundant global IP ranges from example policies. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8370\"\u003e#8370\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8256\"\u003e#8256\u003c/a\u003e, \u003ca href=\"https://github.com/tareksha\"\u003e\u003ccode\u003e@​tareksha\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8355\"\u003e#8355\u003c/a\u003e, \u003ca href=\"https://github.com/dancmeyers\"\u003e\u003ccode\u003e@​dancmeyers\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for unhealthyPodEvictionPolicy in PodDisruptionBudget (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7728\"\u003e#7728\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFor Venafi provider, read \u003ccode\u003evenafi.cert-manager.io/custom-fields\u003c/code\u003e annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8301\"\u003e#8301\u003c/a\u003e, \u003ca href=\"https://github.com/k0da\"\u003e\u003ccode\u003e@​k0da\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message when CA issuers are misconfigured to use a clashing secret name (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8374\"\u003e#8374\u003c/a\u003e, \u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce a new Ingress annotation \u003ccode\u003eacme.cert-manager.io/http01-ingress-ingressclassname\u003c/code\u003e to override \u003ccode\u003ehttp01.ingress.ingressClassName\u003c/code\u003e field in HTTP-01 challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8244\"\u003e#8244\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eglobal.nodeSelector\u003c/code\u003e to helm chart to perform a \u003ccode\u003emerge\u003c/code\u003e and allow for a single \u003ccode\u003enodeSelector\u003c/code\u003e to be set across all services. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8195\"\u003e#8195\u003c/a\u003e, \u003ca href=\"https://github.com/StingRayZA\"\u003e\u003ccode\u003e@​StingRayZA\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/dc96863ab671bb6418147a418ae4f33067cb914b\"\u003e\u003ccode\u003edc96863\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8658\"\u003e#8658\u003c/a\u003e from cert-manager-bot/cherry-pick-8619-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/7e660793d4529e128cdc990f046bdc2d1bab5790\"\u003e\u003ccode\u003e7e66079\u003c/code\u003e\u003c/a\u003e removing duplicate parentRefs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/75f90e4716bf2da0e879eb483f95441707f0c3ad\"\u003e\u003ccode\u003e75f90e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8657\"\u003e#8657\u003c/a\u003e from erikgb/fix-grpc-vuln\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/f27364cd8d9f5b38a1e05690669dd9d87db8fb40\"\u003e\u003ccode\u003ef27364c\u003c/code\u003e\u003c/a\u003e Update module google.golang.org/grpc to v1.79.3 [security] (release-1.20)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/5c1ce1493a02281cddd4a4011257bc1cad7f0601\"\u003e\u003ccode\u003e5c1ce14\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8655\"\u003e#8655\u003c/a\u003e from cert-manager-bot/cherry-pick-8654-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/038260fb556b3eeb3dea64e8a963c284c76a770e\"\u003e\u003ccode\u003e038260f\u003c/code\u003e\u003c/a\u003e Fix RBAC to support clusters with OwnerReferencesPermissionEnforcement enabled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0d2f215fe26ca2674758b5dfd780f04ac1dfde92\"\u003e\u003ccode\u003e0d2f215\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8599\"\u003e#8599\u003c/a\u003e from hjoshi123/fix/cherry-pick-1.26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/992544c1a27e2ae5a8f2ba302620b9e55d9b4f16\"\u003e\u003ccode\u003e992544c\u003c/code\u003e\u003c/a\u003e cherry picking go 1.26.1 onto release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0ef9dd0a64879457fb42ff2a6b3a6adace7c4035\"\u003e\u003ccode\u003e0ef9dd0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8598\"\u003e#8598\u003c/a\u003e from cert-manager-bot/cherry-pick-8581-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/700e95a911b78d99a88ba22a3d3c35c30e09f2e3\"\u003e\u003ccode\u003e700e95a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8597\"\u003e#8597\u003c/a\u003e from cert-manager-bot/cherry-pick-8595-to-release-1.20\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.19.4...v1.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.19.4\u0026new-version=v1.20.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/11364","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/11364","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11364/packages"},{"uuid":"4055484302","node_id":"PR_kwDOF3eXvs7JkeSk","number":11258,"state":"closed","title":"Bump jetstack/cert-manager-webhook from v1.19.4 to v1.20.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-30T03:27:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-11T03:27:37.000Z","updated_at":"2026-03-30T03:27:43.000Z","time_to_close":1641605,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.19.4","new_version":"v1.20.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.19.4 to v1.20.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003ev1.20.0 adds alpha support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta.\u003c/p\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8370\"\u003e#8370\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8256\"\u003e#8256\u003c/a\u003e, \u003ca href=\"https://github.com/tareksha\"\u003e\u003ccode\u003e@​tareksha\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for specifying \u003ccode\u003eimagePullSecrets\u003c/code\u003e in the \u003ccode\u003estartupapicheck-job\u003c/code\u003e Helm template to enable pulling images from private registries. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8186\"\u003e#8186\u003c/a\u003e, \u003ca href=\"https://github.com/mathieu-clnk\"\u003e\u003ccode\u003e@​mathieu-clnk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8355\"\u003e#8355\u003c/a\u003e, \u003ca href=\"https://github.com/dancmeyers\"\u003e\u003ccode\u003e@​dancmeyers\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eparentRef\u003c/code\u003e override annotations on the Certificate resource. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8518\"\u003e#8518\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for azure private zones for dns01 issuer. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8494\"\u003e#8494\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7642\"\u003e#7642\u003c/a\u003e, \u003ca href=\"https://github.com/robertlestak\"\u003e\u003ccode\u003e@​robertlestak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for unhealthyPodEvictionPolicy in PodDisruptionBudget (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7728\"\u003e#7728\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFor Venafi provider, read \u003ccode\u003evenafi.cert-manager.io/custom-fields\u003c/code\u003e annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8301\"\u003e#8301\u003c/a\u003e, \u003ca href=\"https://github.com/k0da\"\u003e\u003ccode\u003e@​k0da\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message when CA issuers are misconfigured to use a clashing secret name (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8374\"\u003e#8374\u003c/a\u003e, \u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce a new Ingress annotation \u003ccode\u003eacme.cert-manager.io/http01-ingress-ingressclassname\u003c/code\u003e to override \u003ccode\u003ehttp01.ingress.ingressClassName\u003c/code\u003e field in HTTP-01 challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8244\"\u003e#8244\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eglobal.nodeSelector\u003c/code\u003e to helm chart to perform a \u003ccode\u003emerge\u003c/code\u003e and allow for a single \u003ccode\u003enodeSelector\u003c/code\u003e to be set across all services. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8195\"\u003e#8195\u003c/a\u003e, \u003ca href=\"https://github.com/StingRayZA\"\u003e\u003ccode\u003e@​StingRayZA\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8228\"\u003e#8228\u003c/a\u003e, \u003ca href=\"https://github.com/terinjokes\"\u003e\u003ccode\u003e@​terinjokes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded experimental \u003ccode\u003eXListenerSets\u003c/code\u003e feature gate (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8394\"\u003e#8394\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GWAPI documentation to NOTES.TXT in helm chart (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8353\"\u003e#8353\u003c/a\u003e, \u003ca href=\"https://github.com/jaxels10\"\u003e\u003ccode\u003e@​jaxels10\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds logs for cases when acme server returns us a fatal error in the order controller (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8199\"\u003e#8199\u003c/a\u003e, \u003ca href=\"https://github.com/Peac36\"\u003e\u003ccode\u003e@​Peac36\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an issue where kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8160\"\u003e#8160\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@​inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanges to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8232\"\u003e#8232\u003c/a\u003e, \u003ca href=\"https://github.com/eleanor-merry\"\u003e\u003ccode\u003e@​eleanor-merry\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8456\"\u003e#8456\u003c/a\u003e, \u003ca href=\"https://github.com/tkna\"\u003e\u003ccode\u003e@​tkna\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix unregulated retries with the DigitalOcean DNS-01 solver\nAdd full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8221\"\u003e#8221\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj-cyberark\"\u003e\u003ccode\u003e@​wallrj-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8403\"\u003e#8403\u003c/a\u003e, \u003ca href=\"https://github.com/calm329\"\u003e\u003ccode\u003e@​calm329\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8424\"\u003e#8424\u003c/a\u003e, \u003ca href=\"https://github.com/SlashNephy\"\u003e\u003ccode\u003e@​SlashNephy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8443\"\u003e#8443\u003c/a\u003e, \u003ca href=\"https://github.com/alviss7\"\u003e\u003ccode\u003e@​alviss7\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert API defaults for issuer reference kind and group introduced in 0.19.0 (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8173\"\u003e#8173\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSecurity (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8469\"\u003e#8469\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Go to \u003ccode\u003ev1.25.5\u003c/code\u003e to fix \u003ccode\u003eCVE-2025-61727\u003c/code\u003e and \u003ccode\u003eCVE-2025-61729\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8290\"\u003e#8290\u003c/a\u003e, \u003ca href=\"https://github.com/octo-sts\"\u003e\u003ccode\u003e@​octo-sts\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003eWhen Prometheus monitoring is enabled, the metrics label is now set to the intended value of \u003ccode\u003ecert-manager\u003c/code\u003e. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8162\"\u003e#8162\u003c/a\u003e, \u003ca href=\"https://github.com/LiquidPL\"\u003e\u003ccode\u003e@​LiquidPL\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther (Cleanup or Flake)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePromoted the OtherNames feature to Beta and enabled it by default (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8288\"\u003e#8288\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj-cyberark\"\u003e\u003ccode\u003e@​wallrj-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePromoting \u003ccode\u003eXListenerSets\u003c/code\u003e feature gate to \u003ccode\u003eListenerSets\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8501\"\u003e#8501\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRebranding of the Venafi Issuer to CyberArk (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8215\"\u003e#8215\u003c/a\u003e, \u003ca href=\"https://github.com/iossifbenbassat123\"\u003e\u003ccode\u003e@​iossifbenbassat123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSwitched to SSA for challenge finalizer updates (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8519\"\u003e#8519\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@​inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0d2f215fe26ca2674758b5dfd780f04ac1dfde92\"\u003e\u003ccode\u003e0d2f215\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8599\"\u003e#8599\u003c/a\u003e from hjoshi123/fix/cherry-pick-1.26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/992544c1a27e2ae5a8f2ba302620b9e55d9b4f16\"\u003e\u003ccode\u003e992544c\u003c/code\u003e\u003c/a\u003e cherry picking go 1.26.1 onto release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0ef9dd0a64879457fb42ff2a6b3a6adace7c4035\"\u003e\u003ccode\u003e0ef9dd0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8598\"\u003e#8598\u003c/a\u003e from cert-manager-bot/cherry-pick-8581-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/700e95a911b78d99a88ba22a3d3c35c30e09f2e3\"\u003e\u003ccode\u003e700e95a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8597\"\u003e#8597\u003c/a\u003e from cert-manager-bot/cherry-pick-8595-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0ee24405b8c2ec888434ad21aab8a65d736e4b2a\"\u003e\u003ccode\u003e0ee2440\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8596\"\u003e#8596\u003c/a\u003e from cert-manager-bot/cherry-pick-8590-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/fbf8b99bfc0923ae0d2d161de4e971489aa0ac27\"\u003e\u003ccode\u003efbf8b99\u003c/code\u003e\u003c/a\u003e fix(deps): update module k8s.io/klog/v2 to v2.140.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/58d6b5afaf60ad8da99e4a547a3a6a42c8be6337\"\u003e\u003ccode\u003e58d6b5a\u003c/code\u003e\u003c/a\u003e disable metrics server for test webhook\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/04762eabdb3b40fcb761d5a3a68aca193f60a2da\"\u003e\u003ccode\u003e04762ea\u003c/code\u003e\u003c/a\u003e configure contextual test logger for controller-runtime webhook only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/fb10af9fa48396c016f3b63f4b7bf15100ca047a\"\u003e\u003ccode\u003efb10af9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8576\"\u003e#8576\u003c/a\u003e from maelvls/release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/f27af7ba4f6ec865bf81d24a565c1d3734752235\"\u003e\u003ccode\u003ef27af7b\u003c/code\u003e\u003c/a\u003e [release-1.20] update trivy to fix scans\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.19.4...v1.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.19.4\u0026new-version=v1.20.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/11258","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/11258","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11258/packages"},{"uuid":"3889431078","node_id":"PR_kwDOF3eXvs7BGNLA","number":10973,"state":"closed","title":"Bump jetstack/cert-manager-webhook from v1.19.2 to v1.19.3","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-06T10:20:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-03T06:27:54.000Z","updated_at":"2026-02-06T10:20:45.000Z","time_to_close":273169,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.19.2","new_version":"v1.19.3","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.19.2 to v1.19.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eThis release is contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release.\u003c/p\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8415\"\u003e#8415\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an issue where HTTP-01 challenges failed when the Host header containing an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8436\"\u003e#8436\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSecurity (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8468\"\u003e#8468\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther (Cleanup or Flake)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump go to 1.25.6 (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8459\"\u003e#8459\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc28980e2\"\u003e\u003ccode\u003ed4faed2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8468\"\u003e#8468\u003c/a\u003e from SgtCoDFish/release-1.19-fqdn-patch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/8b62c22e368794f847b27d739a1b6af0805c7dee\"\u003e\u003ccode\u003e8b62c22\u003c/code\u003e\u003c/a\u003e [release-1.19] security: address GHSA-gx3x-vq4p-mhhv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/866f95501c59afef2d69598406b27328d54fdfd9\"\u003e\u003ccode\u003e866f955\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8459\"\u003e#8459\u003c/a\u003e from SgtCoDFish/release-1.19-bumpgo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0c044336ff61fa1cf7ef0be6c5a70aa853b9c10e\"\u003e\u003ccode\u003e0c04433\u003c/code\u003e\u003c/a\u003e [release-1.19] Bump base images with hack/latest-base-images.sh\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/e4556ab92cf61be12552da1c71e16e903081b618\"\u003e\u003ccode\u003ee4556ab\u003c/code\u003e\u003c/a\u003e [release-1.19] bump go to 1.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/845a6454b7b9e83fdedc8c0007b06007dd504ac7\"\u003e\u003ccode\u003e845a645\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8436\"\u003e#8436\u003c/a\u003e from cert-manager-bot/cherry-pick-8424-to-release-1.19\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/acd3120227a6f9d9274c9539798394580db0249b\"\u003e\u003ccode\u003eacd3120\u003c/code\u003e\u003c/a\u003e fix(HTTP-01): handling of IPv6 address literals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/d6787634f97fb23ef61ced4e398ad7e4ca6027e5\"\u003e\u003ccode\u003ed678763\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8421\"\u003e#8421\u003c/a\u003e from SgtCoDFish/release-1.19-bumpkind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/3caf3087e0e5c3abd0df3dee727fe4d130a5cbcf\"\u003e\u003ccode\u003e3caf308\u003c/code\u003e\u003c/a\u003e [release-1.19] bump kind and bump kind images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/b2ccdb84000aca505b966ac610c58e4c5418afdd\"\u003e\u003ccode\u003eb2ccdb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8415\"\u003e#8415\u003c/a\u003e from cert-manager-bot/cherry-pick-8403-to-release-1.19\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.19.2...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.19.2\u0026new-version=v1.19.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/10973","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/10973","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10973/packages"},{"uuid":"3493681083","node_id":"PR_kwDOF3eXvs6sm_bK","number":10218,"state":"closed","title":"Bump jetstack/cert-manager-webhook from v1.18.2 to v1.19.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-10-08T08:04:26.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-10-08T03:22:19.000Z","updated_at":"2025-10-08T08:04:26.000Z","time_to_close":16927,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.18.2","new_version":"v1.19.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.18.2 to v1.19.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eThis release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e📖  Read the full release notes at cert-manager.io: \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.19\"\u003ehttps://cert-manager.io/docs/releases/release-notes/release-notes-1.19\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch2\u003eFeature\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd IPv6 rules to the default network policy (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7726\"\u003e#7726\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eglobal.nodeSelector\u003c/code\u003e to helm chart to allow for a single \u003ccode\u003enodeSelector\u003c/code\u003e to be set across all services. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7818\"\u003e#7818\u003c/a\u003e, \u003ca href=\"https://github.com/StingRayZA\"\u003e\u003ccode\u003e@​StingRayZA\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a feature gate to default to Ingress \u003ccode\u003epathType\u003c/code\u003e \u003ccode\u003eExact\u003c/code\u003e in ACME HTTP01 Ingress challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7795\"\u003e#7795\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generated \u003ccode\u003eapplyconfigurations\u003c/code\u003e allowing clients to make type-safe server-side apply requests for cert-manager resources. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7866\"\u003e#7866\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded API defaults to issuer references group (cert-manager.io) and kind (Issuer). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7414\"\u003e#7414\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecertmanager_certificate_challenge_status\u003c/code\u003e Prometheus metric. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7736\"\u003e#7736\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprotocol\u003c/code\u003e field for \u003ccode\u003erfc2136\u003c/code\u003e DNS01 provider (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7881\"\u003e#7881\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded experimental field \u003ccode\u003ehostUsers\u003c/code\u003e flag to all pods. Not set by default. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7973\"\u003e#7973\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global \u003ccode\u003e--acme-http01-solver-resource-*\u003c/code\u003e settings. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7972\"\u003e#7972\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eCAInjectorMerging\u003c/code\u003e feature has been promoted to BETA and is now enabled by default (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8017\"\u003e#8017\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@​ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8072\"\u003e#8072\u003c/a\u003e, \u003ca href=\"https://github.com/prasad89\"\u003e\u003ccode\u003e@​prasad89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003ecertificate\u003c/code\u003e metrics to the collector approach. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7856\"\u003e#7856\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug or Regression\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eACME: Increased challenge authorization timeout to 2 minutes to fix \u003ccode\u003eerror waiting for authorization\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7796\"\u003e#7796\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7816\"\u003e#7816\u003c/a\u003e, \u003ca href=\"https://github.com/kinolaev\"\u003e\u003ccode\u003e@​kinolaev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (\u003ccode\u003eclass\u003c/code\u003e, \u003ccode\u003eingressClassName\u003c/code\u003e, \u003ccode\u003ename\u003c/code\u003e) are specified simultaneously (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8021\"\u003e#8021\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIncrease maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7961\"\u003e#7961\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7836\"\u003e#7836\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@​inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThis change removes the \u003ccode\u003epath\u003c/code\u003e label of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8109\"\u003e#8109\u003c/a\u003e, \u003ca href=\"https://github.com/mladen-rusev-cyberark\"\u003e\u003ccode\u003e@​mladen-rusev-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse the latest version of \u003ccode\u003eingress-nginx\u003c/code\u003e in E2E tests to ensure compatibility (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7792\"\u003e#7792\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther (Cleanup or Flake)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHelm: Fix naming template of \u003ccode\u003etokenrequest\u003c/code\u003e RoleBinding resource to improve consistency (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7761\"\u003e#7761\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7928\"\u003e#7928\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMajor upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8003\"\u003e#8003\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate kind images to include the Kubernetes 1.33 node image (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7786\"\u003e#7786\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003emaps.Copy\u003c/code\u003e for cleaner map handling (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8092\"\u003e#8092\u003c/a\u003e, \u003ca href=\"https://github.com/quantpoet\"\u003e\u003ccode\u003e@​quantpoet\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVault: Migrate Vault E2E add-on tests from deprecated \u003ccode\u003evault-client-go\u003c/code\u003e to the new \u003ccode\u003evault/api\u003c/code\u003e client. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8059\"\u003e#8059\u003c/a\u003e, \u003ca href=\"https://github.com/armagankaratosun\"\u003e\u003ccode\u003e@​armagankaratosun\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/12a3ef97916bf5c1bea55740caab49e93e2b6d54\"\u003e\u003ccode\u003e12a3ef9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8142\"\u003e#8142\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/50f41426821e0e40dc4d63722952447d2e3a8342\"\u003e\u003ccode\u003e50f4142\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/55c8b13edef335844126e7fafd231a3a39771953\"\u003e\u003ccode\u003e55c8b13\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8140\"\u003e#8140\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/b532b0d874adf56aad1b9b7c8a7a6f416b8fafc7\"\u003e\u003ccode\u003eb532b0d\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/gateway-api to v1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/2b1e348c2db65c6fab1cb57cdb174749797dfc80\"\u003e\u003ccode\u003e2b1e348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8138\"\u003e#8138\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/24e1c7a7336b0257a3fec3ccf687194757db94ce\"\u003e\u003ccode\u003e24e1c7a\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/290d577b0627dc5388dac7e3c6e152ba8eeb5a1a\"\u003e\u003ccode\u003e290d577\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8137\"\u003e#8137\u003c/a\u003e from cert-manager/renovate/misc-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/8b1650cffbb5251fa9ddef7c2b93c788ebea2d48\"\u003e\u003ccode\u003e8b1650c\u003c/code\u003e\u003c/a\u003e fix(deps): update misc go deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0343fae1f3db779406d4ccff42a724c3886c979a\"\u003e\u003ccode\u003e0343fae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8136\"\u003e#8136\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/dbb59b7ba3706297fc399f764c287c7363f5417e\"\u003e\u003ccode\u003edbb59b7\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.18.2...v1.19.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.18.2\u0026new-version=v1.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/10218","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/10218","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10218/packages"},{"uuid":"2894175968","node_id":"PR_kwDOJ2U4086sgZ7g","number":449,"state":"open","title":"Bump jetstack/cert-manager-webhook from v1.18.2 to v1.19.0 in /charts/cert-manager","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-10-07T14:17:31.000Z","updated_at":"2025-10-07T14:17:32.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.18.2","new_version":"v1.19.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":"/charts/cert-manager","ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.18.2 to v1.19.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.0-alpha.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e⚠️ This is a pre-release. For testing only!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd IPv6 rules to the default network policy (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7726\"\u003e\u003ccode\u003e[#7726](https://github.com/cert-manager/cert-manager/issues/7726)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eglobal.nodeSelector\u003c/code\u003e to helm chart to allow for a single \u003ccode\u003enodeSelector\u003c/code\u003e to be set across all services. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7818\"\u003e\u003ccode\u003e[#7818](https://github.com/cert-manager/cert-manager/issues/7818)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/StingRayZA\"\u003e\u003ccode\u003e@StingRayZA\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generated \u003ccode\u003eapplyconfigurations\u003c/code\u003e allowing clients to make type safe server-side apply requests for cert-manager resources. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7866\"\u003e\u003ccode\u003e[#7866](https://github.com/cert-manager/cert-manager/issues/7866)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded API defaults to issuer references group (cert-manager.io) and kind (Issuer). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7414\"\u003e\u003ccode\u003e[#7414](https://github.com/cert-manager/cert-manager/issues/7414)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecertmanager_certificate_challenge_status\u003c/code\u003e Prometheus metric. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7736\"\u003e\u003ccode\u003e[#7736](https://github.com/cert-manager/cert-manager/issues/7736)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprotocol\u003c/code\u003e field for \u003ccode\u003erfc2136\u003c/code\u003e DNS01 provider (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7881\"\u003e\u003ccode\u003e[#7881](https://github.com/cert-manager/cert-manager/issues/7881)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCAInjectorMerging\u003c/code\u003e has been promoted to BETA and is now enabled by default (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/8017\"\u003e\u003ccode\u003e[#8017](https://github.com/cert-manager/cert-manager/issues/8017)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeature: Add support for \u003ca href=\"https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/\"\u003e\u003ccode\u003eACME profiles extension\u003c/code\u003e\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7777\"\u003e\u003ccode\u003e[#7777](https://github.com/cert-manager/cert-manager/issues/7777)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global \u003ccode\u003e--acme-http01-solver-resource-*\u003c/code\u003e settings. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7972\"\u003e\u003ccode\u003e[#7972](https://github.com/cert-manager/cert-manager/issues/7972)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe controller, webhook and ca-injector now logs its version and git commit on startup for easier debugging and support. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/8072\"\u003e\u003ccode\u003e[#8072](https://github.com/cert-manager/cert-manager/issues/8072)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/prasad89\"\u003e\u003ccode\u003e@prasad89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003ecertificate\u003c/code\u003e metrics to the collector approach. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7856\"\u003e\u003ccode\u003e[#7856](https://github.com/cert-manager/cert-manager/issues/7856)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eACME: Increased challenge authorization timeout to 2 minutes to fix \u003ccode\u003eerror waiting for authorization\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7796\"\u003e\u003ccode\u003e[#7796](https://github.com/cert-manager/cert-manager/issues/7796)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7816\"\u003e\u003ccode\u003e[#7816](https://github.com/cert-manager/cert-manager/issues/7816)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kinolaev\"\u003e\u003ccode\u003e@kinolaev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (\u003ccode\u003eclass\u003c/code\u003e, \u003ccode\u003eingressClassName\u003c/code\u003e, \u003ccode\u003ename\u003c/code\u003e) are specified simultaneously (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/8021\"\u003e\u003ccode\u003e[#8021](https://github.com/cert-manager/cert-manager/issues/8021)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIncrease maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7961\"\u003e\u003ccode\u003e[#7961](https://github.com/cert-manager/cert-manager/issues/7961)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7836\"\u003e\u003ccode\u003e[#7836](https://github.com/cert-manager/cert-manager/issues/7836)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse the latest version of ingress-nginx in E2E tests to ensure compatibility (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7792\"\u003e\u003ccode\u003e[#7792](https://github.com/cert-manager/cert-manager/issues/7792)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther (Cleanup or Flake)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHelm: Fix naming template of \u003ccode\u003etokenrequest\u003c/code\u003e RoleBinding resource to improve consistency (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7761\"\u003e\u003ccode\u003e[#7761](https://github.com/cert-manager/cert-manager/issues/7761)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7928\"\u003e\u003ccode\u003e[#7928](https://github.com/cert-manager/cert-manager/issues/7928)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMajor upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/8003\"\u003e\u003ccode\u003e[#8003](https://github.com/cert-manager/cert-manager/issues/8003)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate kind images to include the Kubernetes 1.33 node image (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7786\"\u003e\u003ccode\u003e[#7786](https://github.com/cert-manager/cert-manager/issues/7786)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003emaps.Copy\u003c/code\u003e for cleaner map handling (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/8092\"\u003e\u003ccode\u003e[#8092](https://github.com/cert-manager/cert-manager/issues/8092)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/quantpoet\"\u003e\u003ccode\u003e@quantpoet\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/12a3ef97916bf5c1bea55740caab49e93e2b6d54\"\u003e\u003ccode\u003e12a3ef9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8142\"\u003e#8142\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/50f41426821e0e40dc4d63722952447d2e3a8342\"\u003e\u003ccode\u003e50f4142\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/55c8b13edef335844126e7fafd231a3a39771953\"\u003e\u003ccode\u003e55c8b13\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8140\"\u003e#8140\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/b532b0d874adf56aad1b9b7c8a7a6f416b8fafc7\"\u003e\u003ccode\u003eb532b0d\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/gateway-api to v1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/2b1e348c2db65c6fab1cb57cdb174749797dfc80\"\u003e\u003ccode\u003e2b1e348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8138\"\u003e#8138\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/24e1c7a7336b0257a3fec3ccf687194757db94ce\"\u003e\u003ccode\u003e24e1c7a\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/290d577b0627dc5388dac7e3c6e152ba8eeb5a1a\"\u003e\u003ccode\u003e290d577\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8137\"\u003e#8137\u003c/a\u003e from cert-manager/renovate/misc-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/8b1650cffbb5251fa9ddef7c2b93c788ebea2d48\"\u003e\u003ccode\u003e8b1650c\u003c/code\u003e\u003c/a\u003e fix(deps): update misc go deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0343fae1f3db779406d4ccff42a724c3886c979a\"\u003e\u003ccode\u003e0343fae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8136\"\u003e#8136\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/dbb59b7ba3706297fc399f764c287c7363f5417e\"\u003e\u003ccode\u003edbb59b7\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.18.2...v1.19.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.18.2\u0026new-version=v1.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/onehinny/homelab/pull/449","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onehinny%2Fhomelab/issues/449","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/449/packages"},{"uuid":"2671021403","node_id":"PR_kwDOJ2U4086fNI1b","number":397,"state":"closed","title":"Bump jetstack/cert-manager-webhook from v1.17.2 to v1.18.2 in /charts/cert-manager","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-08-21T19:32:39.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-16T14:55:11.000Z","updated_at":"2025-08-21T19:32:39.000Z","time_to_close":3127048,"merged_at":"2025-08-21T19:32:39.000Z","merged_by":"dependabot[bot]","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.17.2","new_version":"v1.18.2","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":"/charts/cert-manager","ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.17.2 to v1.18.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.2\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe fixed a bug in the CSR's name constraints construction (only applies if you have enabled the \u003ccode\u003eNameConstraints\u003c/code\u003e feature gate).\nWe dropped the new \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option due to a bug we found, this feature will be released in \u003ccode\u003ev1.19\u003c/code\u003e instead.\u003c/p\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.1\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.1\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe have added a new feature gate \u003ccode\u003eACMEHTTP01IngressPathTypeExact\u003c/code\u003e, to allow \u003ccode\u003eingress-nginx\u003c/code\u003e users to turn off the new default Ingress \u003ccode\u003ePathType: Exact\u003c/code\u003e behavior, in ACME HTTP01 Ingress challenge solvers.\nThis change fixes the following issue: \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7791\"\u003e#7791\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (\u003ccode\u003eerror waiting for authorization\u003c/code\u003e), which has been reported by multiple users, since the release of cert-manager \u003ccode\u003ev1.16.0\u003c/code\u003e.\nThis change should fix the following issues: \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7337\"\u003e#7337\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7444\"\u003e#7444\u003c/a\u003e, and \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7685\"\u003e#7685\u003c/a\u003e.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eℹ️ Be sure to review all new features and changes below, and read the \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.18\"\u003efull release notes\u003c/a\u003e carefully before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new feature gate \u003ccode\u003eACMEHTTP01IngressPathTypeExact\u003c/code\u003e, to allow \u003ccode\u003eingress-nginx\u003c/code\u003e users to turn off the new default Ingress \u003ccode\u003ePathType: Exact\u003c/code\u003e behavior, in ACME HTTP01 Ingress challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7810\"\u003e\u003ccode\u003e[#7810](https://github.com/cert-manager/cert-manager/issues/7810)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eACME: Increased challenge authorization timeout to 2 minutes to fix \u003ccode\u003eerror waiting for authorization\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7801\"\u003e\u003ccode\u003e[#7801](https://github.com/cert-manager/cert-manager/issues/7801)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther (Cleanup or Flake)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse the latest version of ingress-nginx in E2E tests to ensure compatibility (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7807\"\u003e\u003ccode\u003e[#7807](https://github.com/cert-manager/cert-manager/issues/7807)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.0-alpha.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e⚠️ This is a pre-release.  Please help the project by testing this release!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.17.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd config to the Vault issuer to allow the server-name to be specified when validating the certificates the Vault server presents. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7663\"\u003e\u003ccode\u003e[#7663](https://github.com/cert-manager/cert-manager/issues/7663)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eapp.kubernetes.io/managed-by: cert-manager\u003c/code\u003e label to the created Let's Encrypt account keys (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7577\"\u003e\u003ccode\u003e[#7577](https://github.com/cert-manager/cert-manager/issues/7577)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/terinjokes\"\u003e\u003ccode\u003e@terinjokes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded certificate issuance and expiration time metrics (\u003ccode\u003ecertmanager_certificate_not_before_timestamp_seconds\u003c/code\u003e, \u003ccode\u003ecertmanager_certificate_not_after_timestamp_seconds\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7612\"\u003e\u003ccode\u003e[#7612](https://github.com/cert-manager/cert-manager/issues/7612)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/686afa62160249022a0205d3a9bf5f059476c684\"\u003e\u003ccode\u003e686afa6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e from cert-manager-bot/cherry-pick-7836-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c38e37ed27f6b0b7169b0cf5393fd3d9a0225556\"\u003e\u003ccode\u003ec38e37e\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;More fine-grained control over powerful RBAC permission granted via H...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/e77920306540000a9dbe463b5a8d59b6b382ae85\"\u003e\u003ccode\u003ee779203\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e from cert-manager-bot/cherry-pick-7816-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/6d59891c6af64add40183fc8f5fca42e6e872417\"\u003e\u003ccode\u003e6d59891\u003c/code\u003e\u003c/a\u003e fix: permit permitted URI domains in name constraints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/d5382c8e024d418866d317ab1d7537d837b612a2\"\u003e\u003ccode\u003ed5382c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7814\"\u003e#7814\u003c/a\u003e from cert-manager-bot/cherry-pick-7813-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c4e9ecf77d5410bea30539dacc53802d4a0a78a8\"\u003e\u003ccode\u003ec4e9ecf\u003c/code\u003e\u003c/a\u003e Change ACMEHTTP01IngressPathTypeExact feature to beta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/379f43e3de2237b5c15c74307cf39699e5447db0\"\u003e\u003ccode\u003e379f43e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7811\"\u003e#7811\u003c/a\u003e from cert-manager-bot/cherry-pick-7809-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/9542d75b0ca4250ee099176d550424be9a7046f0\"\u003e\u003ccode\u003e9542d75\u003c/code\u003e\u003c/a\u003e make generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/aa0aedf47aa83341778e4133080ca5422ccd65d4\"\u003e\u003ccode\u003eaa0aedf\u003c/code\u003e\u003c/a\u003e Update feature gate documentation in the Helm chart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/f05762bcaf8b20f8e5166b8cef1990a500911fd5\"\u003e\u003ccode\u003ef05762b\u003c/code\u003e\u003c/a\u003e Explain why we disable strict-validate-path in ingress-nginx\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.17.2...v1.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.17.2\u0026new-version=v1.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/onehinny/homelab/pull/397","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onehinny%2Fhomelab/issues/397","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/397/packages"},{"uuid":"2637216132","node_id":"PR_kwDOF3eXvs6dMLmE","number":9652,"state":"open","title":"Bump jetstack/cert-manager-webhook from v1.18.1 to v1.18.2","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-03T03:43:03.000Z","updated_at":"2025-07-03T03:43:04.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.18.1","new_version":"v1.18.2","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.18.1 to v1.18.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.2\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe fixed a bug in the CSR's name constraints construction (only applies if you have enabled the \u003ccode\u003eNameConstraints\u003c/code\u003e feature gate).\nWe dropped the new \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option due to a bug we found, this feature will be released in \u003ccode\u003ev1.19\u003c/code\u003e instead.\u003c/p\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.1\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/686afa62160249022a0205d3a9bf5f059476c684\"\u003e\u003ccode\u003e686afa6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e from cert-manager-bot/cherry-pick-7836-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c38e37ed27f6b0b7169b0cf5393fd3d9a0225556\"\u003e\u003ccode\u003ec38e37e\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;More fine-grained control over powerful RBAC permission granted via H...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/e77920306540000a9dbe463b5a8d59b6b382ae85\"\u003e\u003ccode\u003ee779203\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e from cert-manager-bot/cherry-pick-7816-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/6d59891c6af64add40183fc8f5fca42e6e872417\"\u003e\u003ccode\u003e6d59891\u003c/code\u003e\u003c/a\u003e fix: permit permitted URI domains in name constraints\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.18.1...v1.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.18.1\u0026new-version=v1.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9652","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9652","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9652/packages"},{"uuid":"2582924541","node_id":"PR_kwDOF3eXvs6Z9Ez9","number":9506,"state":"open","title":"Bump jetstack/cert-manager-webhook from v1.17.2 to v1.18.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-11T03:09:33.000Z","updated_at":"2025-06-11T03:09:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.17.2","new_version":"v1.18.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.17.2 to v1.18.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003ecert-manager 1.18 introduces several new features and breaking changes. Highlights include support for ACME certificate profiles, a new default for \u003ccode\u003eCertificate.Spec.PrivateKey.RotationPolicy\u003c/code\u003e now set to \u003ccode\u003eAlways\u003c/code\u003e (breaking change), and the default \u003ccode\u003eCertificate.Spec.RevisionHistoryLimit\u003c/code\u003e now set to \u003ccode\u003e1\u003c/code\u003e (potentially breaking).\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eℹ️ Be sure to review all new features and changes below, and read the \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.18\"\u003efull release notes\u003c/a\u003e carefully before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eKnown Issues\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eACME + HTTP01 + Ingress-Nginx: \u003ccode\u003eError presenting challenge: admission webhook \u0026quot;validate.nginx.ingress.kubernetes.io\u0026quot; denied the request: ingress contains invalid paths: path /.well-known/acme-challenge/\u0026lt;REDACTED\u0026gt; cannot be used with pathType Exact\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7791\"\u003e#7791\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.17.2\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd config to the Vault issuer to allow the server-name to be specified when validating the certificates the Vault server presents. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7663\"\u003e#7663\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@​ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eapp.kubernetes.io/managed-by: cert-manager\u003c/code\u003e label to the created Let's Encrypt account keys (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7577\"\u003e#7577\u003c/a\u003e, \u003ca href=\"https://github.com/terinjokes\"\u003e\u003ccode\u003e@​terinjokes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded certificate issuance and expiration time metrics (\u003ccode\u003ecertmanager_certificate_not_before_timestamp_seconds\u003c/code\u003e, \u003ccode\u003ecertmanager_certificate_not_after_timestamp_seconds\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7612\"\u003e#7612\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@​solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded ingress-shim option: \u003ccode\u003e--extra-certificate-annotations\u003c/code\u003e,  which sets a list of annotation keys to be copied from Ingress-like to resulting Certificate object (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7083\"\u003e#7083\u003c/a\u003e, \u003ca href=\"https://github.com/k0da\"\u003e\u003ccode\u003e@​k0da\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eiss\u003c/code\u003e short name for the cert-manager \u003ccode\u003eIssuer\u003c/code\u003e resource. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7373\"\u003e#7373\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eciss\u003c/code\u003e short name for the cert-manager \u003ccode\u003eClusterIssuer\u003c/code\u003e resource (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7373\"\u003e#7373\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdds the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e helm value to disable HTTP-01 ACME challenges. This allows cert-manager to drop its permission to create pods, improving security when HTTP-01 challenges are not required. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7666\"\u003e#7666\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow customizing signature algorithm (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7591\"\u003e#7591\u003c/a\u003e, \u003ca href=\"https://github.com/tareksha\"\u003e\u003ccode\u003e@​tareksha\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache the full DNS response and handle TTL expiration in \u003ccode\u003eFindZoneByFqdn\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7596\"\u003e#7596\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsIvan\"\u003e\u003ccode\u003e@​ThatsIvan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCert-manager now uses a local fork of the golang.org/x/crypto/acme package (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7752\"\u003e#7752\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ca href=\"https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/\"\u003eACME profiles extension\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7777\"\u003e#7777\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePromote the \u003ccode\u003eUseDomainQualifiedFinalizer\u003c/code\u003e feature to GA. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7735\"\u003e#7735\u003c/a\u003e, \u003ca href=\"https://github.com/jsoref\"\u003e\u003ccode\u003e@​jsoref\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSwitched service/servicemon definitions to use port names instead of numbers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7727\"\u003e#7727\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default value of \u003ccode\u003eCertificate.Spec.PrivateKey.RotationPolicy\u003c/code\u003e changed from \u003ccode\u003eNever\u003c/code\u003e to \u003ccode\u003eAlways\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7723\"\u003e#7723\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePotentially breaking: Set the default revisionHistoryLimit to 1 for the CertificateRequest revisions (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7758\"\u003e#7758\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some comments (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7620\"\u003e#7620\u003c/a\u003e, \u003ca href=\"https://github.com/teslaedison\"\u003e\u003ccode\u003e@​teslaedison\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ego-jose\u003c/code\u003e dependency to address \u003ccode\u003eCVE-2025-27144\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7606\"\u003e#7606\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egolang.org/x/oauth2\u003c/code\u003e to patch \u003ccode\u003eCVE-2025-22868\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egolang.org/x/crypto\u003c/code\u003e to patch \u003ccode\u003eGHSA-hcg3-q754-cr77\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egithub.com/golang-jwt/jwt\u003c/code\u003e to patch \u003ccode\u003eGHSA-mh63-6h87-95cp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChange of the Kubernetes Ingress pathType from \u003ccode\u003eImplementationSpecific\u003c/code\u003e to \u003ccode\u003eExact\u003c/code\u003e for a reliable handling of ingress controllers and enhanced security. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7767\"\u003e#7767\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix AWS Route53 error detection for not-found errors during deletion of DNS records. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7690\"\u003e#7690\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix behavior when running with \u003ccode\u003e--namespace=\u0026lt;namespace\u0026gt;\u003c/code\u003e: limit the scope of cert-manager to a single namespace and disable cluster-scoped controllers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7678\"\u003e#7678\u003c/a\u003e, \u003ca href=\"https://github.com/tsaarni\"\u003e\u003ccode\u003e@​tsaarni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix handling of certificates with IP addresses in the \u003ccode\u003ecommonName\u003c/code\u003e field; IP addresses are no longer added to the DNS \u003ccode\u003esubjectAlternativeName\u003c/code\u003e list and are instead added to the \u003ccode\u003eipAddresses\u003c/code\u003e field as expected. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7081\"\u003e#7081\u003c/a\u003e, \u003ca href=\"https://github.com/johnjcool\"\u003e\u003ccode\u003e@​johnjcool\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7549\"\u003e#7549\u003c/a\u003e, \u003ca href=\"https://github.com/LukeCarrier\"\u003e\u003ccode\u003e@​LukeCarrier\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003ecertmanager_certificate_renewal_timestamp_seconds\u003c/code\u003e metric help text indicating that the metric is relative to expiration time, rather than Unix epoch time. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7609\"\u003e#7609\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@​solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixing the service account template to incorporate boolean values for the annotations. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7698\"\u003e#7698\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eQuote nodeSelector values in Helm Chart (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7579\"\u003e#7579\u003c/a\u003e, \u003ca href=\"https://github.com/tobiasbp\"\u003e\u003ccode\u003e@​tobiasbp\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip Gateway TLS listeners in \u003ccode\u003ePassthrough\u003c/code\u003e mode. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/6986\"\u003e#6986\u003c/a\u003e, \u003ca href=\"https://github.com/vehagn\"\u003e\u003ccode\u003e@​vehagn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003egolang.org/x/net\u003c/code\u003e fixing \u003ccode\u003eCVE-2025-22870\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7619\"\u003e#7619\u003c/a\u003e, \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/83dae3ef37f50973c0f3b3a818fc7d1b35fff341\"\u003e\u003ccode\u003e83dae3e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7790\"\u003e#7790\u003c/a\u003e from cert-manager-bot/cherry-pick-7789-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/64b5da275111004278a6b55ac05d2a85115757ea\"\u003e\u003ccode\u003e64b5da2\u003c/code\u003e\u003c/a\u003e make generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/bdd1320d54c976f5b2980175e8689d1894db24de\"\u003e\u003ccode\u003ebdd1320\u003c/code\u003e\u003c/a\u003e Fix typo in Certificate API documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/3ab737e8deb5d662aa2f7064fde023fd7883d4a6\"\u003e\u003ccode\u003e3ab737e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7787\"\u003e#7787\u003c/a\u003e from cert-manager-bot/cherry-pick-7786-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/4d0193e6557f7df90e1ffb06d819718775ec4d25\"\u003e\u003ccode\u003e4d0193e\u003c/code\u003e\u003c/a\u003e Add 1.33 option to cluster.sh\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/89473974338da4946b208df72a01a22d39222368\"\u003e\u003ccode\u003e8947397\u003c/code\u003e\u003c/a\u003e ./hack/latest-kind-images.sh v0.27.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/4eb6df2ec5e65b8c0b6ee4b16132c5deeb71c341\"\u003e\u003ccode\u003e4eb6df2\u003c/code\u003e\u003c/a\u003e Fix a typo in the make help text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/331f9e6638afa4833db7105b49bf43c3980cf502\"\u003e\u003ccode\u003e331f9e6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7785\"\u003e#7785\u003c/a\u003e from wallrj/go-1.24.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/df9f43b3c6ac1cab5658842094dd682b71ab7f76\"\u003e\u003ccode\u003edf9f43b\u003c/code\u003e\u003c/a\u003e Upgrade Go to v1.24.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/99aded1d141f6c5fd11399f2a1054c50b6f09fcd\"\u003e\u003ccode\u003e99aded1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7777\"\u003e#7777\u003c/a\u003e from wallrj/acme-profiles\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.17.2...v1.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.17.2\u0026new-version=v1.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9506","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9506","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9506/packages"}],"issue_packages":[{"old_version":"v1.19.4","new_version":"v1.20.1","update_type":"minor","path":null,"pr_created_at":"2026-03-30T03:27:39.000Z","version_change":"v1.19.4 → v1.20.1","issue":{"uuid":"4166873769","node_id":"PR_kwDOF3eXvs7OeE2o","number":11364,"state":"closed","title":"Bump jetstack/cert-manager-webhook from v1.19.4 to v1.20.1","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-13T03:38:58.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T03:27:39.000Z","updated_at":"2026-04-13T03:38:59.000Z","time_to_close":1210279,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.19.4","new_version":"v1.20.1","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.19.4 to v1.20.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003ev1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate \u003ccode\u003eparentRef\u003c/code\u003e bug when both issuer config and annotations are present (Gateway API).\u003c/p\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed duplicate \u003ccode\u003eparentRef\u003c/code\u003e bug when both issuer config and annotations are present. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8658\"\u003e#8658\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8655\"\u003e#8655\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8657\"\u003e#8657\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0-alpha.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e⚠️ This is a pre-release. For testing only!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eChanges since \u003ccode\u003ev1.19.0\u003c/code\u003e\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd built-in \u0026quot;Ready\u0026quot; status metrics for ClusterIssuer and Issuer resources. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8188\"\u003e#8188\u003c/a\u003e, \u003ca href=\"https://github.com/mikeluttikhuis\"\u003e\u003ccode\u003e@​mikeluttikhuis\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for specifying \u003ccode\u003eimagePullSecrets\u003c/code\u003e in the \u003ccode\u003estartupapicheck-job\u003c/code\u003e Helm template to enable pulling images from private registries. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8186\"\u003e#8186\u003c/a\u003e, \u003ca href=\"https://github.com/mathieu-clnk\"\u003e\u003ccode\u003e@​mathieu-clnk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds logs for cases when acme server returns us a fatal error in the order controller (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8199\"\u003e#8199\u003c/a\u003e, \u003ca href=\"https://github.com/Peac36\"\u003e\u003ccode\u003e@​Peac36\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8160\"\u003e#8160\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@​inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix unregulated retries with the DigitalOcean DNS-01 solver (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8221\"\u003e#8221\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj-cyberark\"\u003e\u003ccode\u003e@​wallrj-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8221\"\u003e#8221\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj-cyberark\"\u003e\u003ccode\u003e@​wallrj-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert API defaults for issuer reference kind and group introduced in 0.19.0 (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8173\"\u003e#8173\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen Prometheus monitoring is enabled, the metrics label is now set to the intended value of \u003ccode\u003ecert-manager\u003c/code\u003e. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8162\"\u003e#8162\u003c/a\u003e, \u003ca href=\"https://github.com/LiquidPL\"\u003e\u003ccode\u003e@​LiquidPL\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0-alpha.1\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eThis is a pre-release for cert-manager v1.20.0. Please help with testing!\u003c/p\u003e\n\u003ch2\u003eChanged since v1.20.0-alpha.0\u003c/h2\u003e\n\u003cp\u003eThis alpha release adds experimental XListenerSet support, NetworkPolicy and CRD selectable field features, fixes critical bugs including an infinite re-issuance loop and IPv6 HTTP-01 challenge issues, patches security vulnerabilities (CVE-2025-61727, CVE-2025-61729), promotes OtherNames to Beta and DefaultPrivateKeyRotationPolicyAlways to GA, and changes the default container UID/GID from 1000/0 to 65532/65532.\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental \u003ccode\u003eXListenerSet\u003c/code\u003e feature gate (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8394\"\u003e#8394\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a set of flags to permit setting NetworkPolicy across all deployed containers.\nRemove redundant global IP ranges from example policies. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8370\"\u003e#8370\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8256\"\u003e#8256\u003c/a\u003e, \u003ca href=\"https://github.com/tareksha\"\u003e\u003ccode\u003e@​tareksha\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8355\"\u003e#8355\u003c/a\u003e, \u003ca href=\"https://github.com/dancmeyers\"\u003e\u003ccode\u003e@​dancmeyers\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for unhealthyPodEvictionPolicy in PodDisruptionBudget (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7728\"\u003e#7728\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFor Venafi provider, read \u003ccode\u003evenafi.cert-manager.io/custom-fields\u003c/code\u003e annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8301\"\u003e#8301\u003c/a\u003e, \u003ca href=\"https://github.com/k0da\"\u003e\u003ccode\u003e@​k0da\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message when CA issuers are misconfigured to use a clashing secret name (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8374\"\u003e#8374\u003c/a\u003e, \u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce a new Ingress annotation \u003ccode\u003eacme.cert-manager.io/http01-ingress-ingressclassname\u003c/code\u003e to override \u003ccode\u003ehttp01.ingress.ingressClassName\u003c/code\u003e field in HTTP-01 challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8244\"\u003e#8244\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eglobal.nodeSelector\u003c/code\u003e to helm chart to perform a \u003ccode\u003emerge\u003c/code\u003e and allow for a single \u003ccode\u003enodeSelector\u003c/code\u003e to be set across all services. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8195\"\u003e#8195\u003c/a\u003e, \u003ca href=\"https://github.com/StingRayZA\"\u003e\u003ccode\u003e@​StingRayZA\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/dc96863ab671bb6418147a418ae4f33067cb914b\"\u003e\u003ccode\u003edc96863\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8658\"\u003e#8658\u003c/a\u003e from cert-manager-bot/cherry-pick-8619-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/7e660793d4529e128cdc990f046bdc2d1bab5790\"\u003e\u003ccode\u003e7e66079\u003c/code\u003e\u003c/a\u003e removing duplicate parentRefs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/75f90e4716bf2da0e879eb483f95441707f0c3ad\"\u003e\u003ccode\u003e75f90e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8657\"\u003e#8657\u003c/a\u003e from erikgb/fix-grpc-vuln\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/f27364cd8d9f5b38a1e05690669dd9d87db8fb40\"\u003e\u003ccode\u003ef27364c\u003c/code\u003e\u003c/a\u003e Update module google.golang.org/grpc to v1.79.3 [security] (release-1.20)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/5c1ce1493a02281cddd4a4011257bc1cad7f0601\"\u003e\u003ccode\u003e5c1ce14\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8655\"\u003e#8655\u003c/a\u003e from cert-manager-bot/cherry-pick-8654-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/038260fb556b3eeb3dea64e8a963c284c76a770e\"\u003e\u003ccode\u003e038260f\u003c/code\u003e\u003c/a\u003e Fix RBAC to support clusters with OwnerReferencesPermissionEnforcement enabled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0d2f215fe26ca2674758b5dfd780f04ac1dfde92\"\u003e\u003ccode\u003e0d2f215\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8599\"\u003e#8599\u003c/a\u003e from hjoshi123/fix/cherry-pick-1.26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/992544c1a27e2ae5a8f2ba302620b9e55d9b4f16\"\u003e\u003ccode\u003e992544c\u003c/code\u003e\u003c/a\u003e cherry picking go 1.26.1 onto release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0ef9dd0a64879457fb42ff2a6b3a6adace7c4035\"\u003e\u003ccode\u003e0ef9dd0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8598\"\u003e#8598\u003c/a\u003e from cert-manager-bot/cherry-pick-8581-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/700e95a911b78d99a88ba22a3d3c35c30e09f2e3\"\u003e\u003ccode\u003e700e95a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8597\"\u003e#8597\u003c/a\u003e from cert-manager-bot/cherry-pick-8595-to-release-1.20\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.19.4...v1.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.19.4\u0026new-version=v1.20.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/11364","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/11364","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11364/packages"}},{"old_version":"v1.19.4","new_version":"v1.20.0","update_type":"minor","path":null,"pr_created_at":"2026-03-11T03:27:37.000Z","version_change":"v1.19.4 → v1.20.0","issue":{"uuid":"4055484302","node_id":"PR_kwDOF3eXvs7JkeSk","number":11258,"state":"closed","title":"Bump jetstack/cert-manager-webhook from v1.19.4 to v1.20.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-30T03:27:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-11T03:27:37.000Z","updated_at":"2026-03-30T03:27:43.000Z","time_to_close":1641605,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.19.4","new_version":"v1.20.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.19.4 to v1.20.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003ev1.20.0 adds alpha support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta.\u003c/p\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8370\"\u003e#8370\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8256\"\u003e#8256\u003c/a\u003e, \u003ca href=\"https://github.com/tareksha\"\u003e\u003ccode\u003e@​tareksha\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for specifying \u003ccode\u003eimagePullSecrets\u003c/code\u003e in the \u003ccode\u003estartupapicheck-job\u003c/code\u003e Helm template to enable pulling images from private registries. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8186\"\u003e#8186\u003c/a\u003e, \u003ca href=\"https://github.com/mathieu-clnk\"\u003e\u003ccode\u003e@​mathieu-clnk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8355\"\u003e#8355\u003c/a\u003e, \u003ca href=\"https://github.com/dancmeyers\"\u003e\u003ccode\u003e@​dancmeyers\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eparentRef\u003c/code\u003e override annotations on the Certificate resource. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8518\"\u003e#8518\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for azure private zones for dns01 issuer. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8494\"\u003e#8494\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7642\"\u003e#7642\u003c/a\u003e, \u003ca href=\"https://github.com/robertlestak\"\u003e\u003ccode\u003e@​robertlestak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for unhealthyPodEvictionPolicy in PodDisruptionBudget (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7728\"\u003e#7728\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFor Venafi provider, read \u003ccode\u003evenafi.cert-manager.io/custom-fields\u003c/code\u003e annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8301\"\u003e#8301\u003c/a\u003e, \u003ca href=\"https://github.com/k0da\"\u003e\u003ccode\u003e@​k0da\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message when CA issuers are misconfigured to use a clashing secret name (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8374\"\u003e#8374\u003c/a\u003e, \u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce a new Ingress annotation \u003ccode\u003eacme.cert-manager.io/http01-ingress-ingressclassname\u003c/code\u003e to override \u003ccode\u003ehttp01.ingress.ingressClassName\u003c/code\u003e field in HTTP-01 challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8244\"\u003e#8244\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eglobal.nodeSelector\u003c/code\u003e to helm chart to perform a \u003ccode\u003emerge\u003c/code\u003e and allow for a single \u003ccode\u003enodeSelector\u003c/code\u003e to be set across all services. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8195\"\u003e#8195\u003c/a\u003e, \u003ca href=\"https://github.com/StingRayZA\"\u003e\u003ccode\u003e@​StingRayZA\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8228\"\u003e#8228\u003c/a\u003e, \u003ca href=\"https://github.com/terinjokes\"\u003e\u003ccode\u003e@​terinjokes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded experimental \u003ccode\u003eXListenerSets\u003c/code\u003e feature gate (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8394\"\u003e#8394\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GWAPI documentation to NOTES.TXT in helm chart (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8353\"\u003e#8353\u003c/a\u003e, \u003ca href=\"https://github.com/jaxels10\"\u003e\u003ccode\u003e@​jaxels10\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds logs for cases when acme server returns us a fatal error in the order controller (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8199\"\u003e#8199\u003c/a\u003e, \u003ca href=\"https://github.com/Peac36\"\u003e\u003ccode\u003e@​Peac36\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an issue where kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8160\"\u003e#8160\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@​inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanges to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8232\"\u003e#8232\u003c/a\u003e, \u003ca href=\"https://github.com/eleanor-merry\"\u003e\u003ccode\u003e@​eleanor-merry\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8456\"\u003e#8456\u003c/a\u003e, \u003ca href=\"https://github.com/tkna\"\u003e\u003ccode\u003e@​tkna\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix unregulated retries with the DigitalOcean DNS-01 solver\nAdd full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8221\"\u003e#8221\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj-cyberark\"\u003e\u003ccode\u003e@​wallrj-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8403\"\u003e#8403\u003c/a\u003e, \u003ca href=\"https://github.com/calm329\"\u003e\u003ccode\u003e@​calm329\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8424\"\u003e#8424\u003c/a\u003e, \u003ca href=\"https://github.com/SlashNephy\"\u003e\u003ccode\u003e@​SlashNephy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8443\"\u003e#8443\u003c/a\u003e, \u003ca href=\"https://github.com/alviss7\"\u003e\u003ccode\u003e@​alviss7\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert API defaults for issuer reference kind and group introduced in 0.19.0 (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8173\"\u003e#8173\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSecurity (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8469\"\u003e#8469\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Go to \u003ccode\u003ev1.25.5\u003c/code\u003e to fix \u003ccode\u003eCVE-2025-61727\u003c/code\u003e and \u003ccode\u003eCVE-2025-61729\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8290\"\u003e#8290\u003c/a\u003e, \u003ca href=\"https://github.com/octo-sts\"\u003e\u003ccode\u003e@​octo-sts\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003eWhen Prometheus monitoring is enabled, the metrics label is now set to the intended value of \u003ccode\u003ecert-manager\u003c/code\u003e. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8162\"\u003e#8162\u003c/a\u003e, \u003ca href=\"https://github.com/LiquidPL\"\u003e\u003ccode\u003e@​LiquidPL\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther (Cleanup or Flake)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePromoted the OtherNames feature to Beta and enabled it by default (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8288\"\u003e#8288\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj-cyberark\"\u003e\u003ccode\u003e@​wallrj-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePromoting \u003ccode\u003eXListenerSets\u003c/code\u003e feature gate to \u003ccode\u003eListenerSets\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8501\"\u003e#8501\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRebranding of the Venafi Issuer to CyberArk (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8215\"\u003e#8215\u003c/a\u003e, \u003ca href=\"https://github.com/iossifbenbassat123\"\u003e\u003ccode\u003e@​iossifbenbassat123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSwitched to SSA for challenge finalizer updates (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8519\"\u003e#8519\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@​inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0d2f215fe26ca2674758b5dfd780f04ac1dfde92\"\u003e\u003ccode\u003e0d2f215\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8599\"\u003e#8599\u003c/a\u003e from hjoshi123/fix/cherry-pick-1.26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/992544c1a27e2ae5a8f2ba302620b9e55d9b4f16\"\u003e\u003ccode\u003e992544c\u003c/code\u003e\u003c/a\u003e cherry picking go 1.26.1 onto release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0ef9dd0a64879457fb42ff2a6b3a6adace7c4035\"\u003e\u003ccode\u003e0ef9dd0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8598\"\u003e#8598\u003c/a\u003e from cert-manager-bot/cherry-pick-8581-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/700e95a911b78d99a88ba22a3d3c35c30e09f2e3\"\u003e\u003ccode\u003e700e95a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8597\"\u003e#8597\u003c/a\u003e from cert-manager-bot/cherry-pick-8595-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0ee24405b8c2ec888434ad21aab8a65d736e4b2a\"\u003e\u003ccode\u003e0ee2440\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8596\"\u003e#8596\u003c/a\u003e from cert-manager-bot/cherry-pick-8590-to-release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/fbf8b99bfc0923ae0d2d161de4e971489aa0ac27\"\u003e\u003ccode\u003efbf8b99\u003c/code\u003e\u003c/a\u003e fix(deps): update module k8s.io/klog/v2 to v2.140.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/58d6b5afaf60ad8da99e4a547a3a6a42c8be6337\"\u003e\u003ccode\u003e58d6b5a\u003c/code\u003e\u003c/a\u003e disable metrics server for test webhook\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/04762eabdb3b40fcb761d5a3a68aca193f60a2da\"\u003e\u003ccode\u003e04762ea\u003c/code\u003e\u003c/a\u003e configure contextual test logger for controller-runtime webhook only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/fb10af9fa48396c016f3b63f4b7bf15100ca047a\"\u003e\u003ccode\u003efb10af9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8576\"\u003e#8576\u003c/a\u003e from maelvls/release-1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/f27af7ba4f6ec865bf81d24a565c1d3734752235\"\u003e\u003ccode\u003ef27af7b\u003c/code\u003e\u003c/a\u003e [release-1.20] update trivy to fix scans\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.19.4...v1.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.19.4\u0026new-version=v1.20.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/11258","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/11258","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11258/packages"}},{"old_version":"v1.19.2","new_version":"v1.19.3","update_type":"patch","path":null,"pr_created_at":"2026-02-03T06:27:54.000Z","version_change":"v1.19.2 → v1.19.3","issue":{"uuid":"3889431078","node_id":"PR_kwDOF3eXvs7BGNLA","number":10973,"state":"closed","title":"Bump jetstack/cert-manager-webhook from v1.19.2 to v1.19.3","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-06T10:20:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-03T06:27:54.000Z","updated_at":"2026-02-06T10:20:45.000Z","time_to_close":273169,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.19.2","new_version":"v1.19.3","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.19.2 to v1.19.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eThis release is contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release.\u003c/p\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8415\"\u003e#8415\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an issue where HTTP-01 challenges failed when the Host header containing an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8436\"\u003e#8436\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSecurity (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8468\"\u003e#8468\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther (Cleanup or Flake)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump go to 1.25.6 (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8459\"\u003e#8459\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc28980e2\"\u003e\u003ccode\u003ed4faed2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8468\"\u003e#8468\u003c/a\u003e from SgtCoDFish/release-1.19-fqdn-patch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/8b62c22e368794f847b27d739a1b6af0805c7dee\"\u003e\u003ccode\u003e8b62c22\u003c/code\u003e\u003c/a\u003e [release-1.19] security: address GHSA-gx3x-vq4p-mhhv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/866f95501c59afef2d69598406b27328d54fdfd9\"\u003e\u003ccode\u003e866f955\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8459\"\u003e#8459\u003c/a\u003e from SgtCoDFish/release-1.19-bumpgo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0c044336ff61fa1cf7ef0be6c5a70aa853b9c10e\"\u003e\u003ccode\u003e0c04433\u003c/code\u003e\u003c/a\u003e [release-1.19] Bump base images with hack/latest-base-images.sh\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/e4556ab92cf61be12552da1c71e16e903081b618\"\u003e\u003ccode\u003ee4556ab\u003c/code\u003e\u003c/a\u003e [release-1.19] bump go to 1.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/845a6454b7b9e83fdedc8c0007b06007dd504ac7\"\u003e\u003ccode\u003e845a645\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8436\"\u003e#8436\u003c/a\u003e from cert-manager-bot/cherry-pick-8424-to-release-1.19\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/acd3120227a6f9d9274c9539798394580db0249b\"\u003e\u003ccode\u003eacd3120\u003c/code\u003e\u003c/a\u003e fix(HTTP-01): handling of IPv6 address literals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/d6787634f97fb23ef61ced4e398ad7e4ca6027e5\"\u003e\u003ccode\u003ed678763\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8421\"\u003e#8421\u003c/a\u003e from SgtCoDFish/release-1.19-bumpkind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/3caf3087e0e5c3abd0df3dee727fe4d130a5cbcf\"\u003e\u003ccode\u003e3caf308\u003c/code\u003e\u003c/a\u003e [release-1.19] bump kind and bump kind images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/b2ccdb84000aca505b966ac610c58e4c5418afdd\"\u003e\u003ccode\u003eb2ccdb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8415\"\u003e#8415\u003c/a\u003e from cert-manager-bot/cherry-pick-8403-to-release-1.19\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.19.2...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.19.2\u0026new-version=v1.19.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/10973","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/10973","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10973/packages"}},{"old_version":"v1.18.2","new_version":"v1.19.0","update_type":"minor","path":null,"pr_created_at":"2025-10-08T03:22:19.000Z","version_change":"v1.18.2 → v1.19.0","issue":{"uuid":"3493681083","node_id":"PR_kwDOF3eXvs6sm_bK","number":10218,"state":"closed","title":"Bump jetstack/cert-manager-webhook from v1.18.2 to v1.19.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-10-08T08:04:26.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-10-08T03:22:19.000Z","updated_at":"2025-10-08T08:04:26.000Z","time_to_close":16927,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.18.2","new_version":"v1.19.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.18.2 to v1.19.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eThis release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e📖  Read the full release notes at cert-manager.io: \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.19\"\u003ehttps://cert-manager.io/docs/releases/release-notes/release-notes-1.19\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch2\u003eFeature\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd IPv6 rules to the default network policy (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7726\"\u003e#7726\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eglobal.nodeSelector\u003c/code\u003e to helm chart to allow for a single \u003ccode\u003enodeSelector\u003c/code\u003e to be set across all services. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7818\"\u003e#7818\u003c/a\u003e, \u003ca href=\"https://github.com/StingRayZA\"\u003e\u003ccode\u003e@​StingRayZA\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a feature gate to default to Ingress \u003ccode\u003epathType\u003c/code\u003e \u003ccode\u003eExact\u003c/code\u003e in ACME HTTP01 Ingress challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7795\"\u003e#7795\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generated \u003ccode\u003eapplyconfigurations\u003c/code\u003e allowing clients to make type-safe server-side apply requests for cert-manager resources. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7866\"\u003e#7866\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded API defaults to issuer references group (cert-manager.io) and kind (Issuer). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7414\"\u003e#7414\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecertmanager_certificate_challenge_status\u003c/code\u003e Prometheus metric. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7736\"\u003e#7736\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprotocol\u003c/code\u003e field for \u003ccode\u003erfc2136\u003c/code\u003e DNS01 provider (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7881\"\u003e#7881\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded experimental field \u003ccode\u003ehostUsers\u003c/code\u003e flag to all pods. Not set by default. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7973\"\u003e#7973\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global \u003ccode\u003e--acme-http01-solver-resource-*\u003c/code\u003e settings. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7972\"\u003e#7972\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eCAInjectorMerging\u003c/code\u003e feature has been promoted to BETA and is now enabled by default (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8017\"\u003e#8017\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@​ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8072\"\u003e#8072\u003c/a\u003e, \u003ca href=\"https://github.com/prasad89\"\u003e\u003ccode\u003e@​prasad89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003ecertificate\u003c/code\u003e metrics to the collector approach. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7856\"\u003e#7856\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug or Regression\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eACME: Increased challenge authorization timeout to 2 minutes to fix \u003ccode\u003eerror waiting for authorization\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7796\"\u003e#7796\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7816\"\u003e#7816\u003c/a\u003e, \u003ca href=\"https://github.com/kinolaev\"\u003e\u003ccode\u003e@​kinolaev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (\u003ccode\u003eclass\u003c/code\u003e, \u003ccode\u003eingressClassName\u003c/code\u003e, \u003ccode\u003ename\u003c/code\u003e) are specified simultaneously (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8021\"\u003e#8021\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIncrease maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7961\"\u003e#7961\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7836\"\u003e#7836\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@​inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThis change removes the \u003ccode\u003epath\u003c/code\u003e label of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8109\"\u003e#8109\u003c/a\u003e, \u003ca href=\"https://github.com/mladen-rusev-cyberark\"\u003e\u003ccode\u003e@​mladen-rusev-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse the latest version of \u003ccode\u003eingress-nginx\u003c/code\u003e in E2E tests to ensure compatibility (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7792\"\u003e#7792\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther (Cleanup or Flake)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHelm: Fix naming template of \u003ccode\u003etokenrequest\u003c/code\u003e RoleBinding resource to improve consistency (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7761\"\u003e#7761\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7928\"\u003e#7928\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMajor upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8003\"\u003e#8003\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate kind images to include the Kubernetes 1.33 node image (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7786\"\u003e#7786\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003emaps.Copy\u003c/code\u003e for cleaner map handling (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8092\"\u003e#8092\u003c/a\u003e, \u003ca href=\"https://github.com/quantpoet\"\u003e\u003ccode\u003e@​quantpoet\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVault: Migrate Vault E2E add-on tests from deprecated \u003ccode\u003evault-client-go\u003c/code\u003e to the new \u003ccode\u003evault/api\u003c/code\u003e client. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8059\"\u003e#8059\u003c/a\u003e, \u003ca href=\"https://github.com/armagankaratosun\"\u003e\u003ccode\u003e@​armagankaratosun\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/12a3ef97916bf5c1bea55740caab49e93e2b6d54\"\u003e\u003ccode\u003e12a3ef9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8142\"\u003e#8142\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/50f41426821e0e40dc4d63722952447d2e3a8342\"\u003e\u003ccode\u003e50f4142\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/55c8b13edef335844126e7fafd231a3a39771953\"\u003e\u003ccode\u003e55c8b13\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8140\"\u003e#8140\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/b532b0d874adf56aad1b9b7c8a7a6f416b8fafc7\"\u003e\u003ccode\u003eb532b0d\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/gateway-api to v1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/2b1e348c2db65c6fab1cb57cdb174749797dfc80\"\u003e\u003ccode\u003e2b1e348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8138\"\u003e#8138\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/24e1c7a7336b0257a3fec3ccf687194757db94ce\"\u003e\u003ccode\u003e24e1c7a\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/290d577b0627dc5388dac7e3c6e152ba8eeb5a1a\"\u003e\u003ccode\u003e290d577\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8137\"\u003e#8137\u003c/a\u003e from cert-manager/renovate/misc-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/8b1650cffbb5251fa9ddef7c2b93c788ebea2d48\"\u003e\u003ccode\u003e8b1650c\u003c/code\u003e\u003c/a\u003e fix(deps): update misc go deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0343fae1f3db779406d4ccff42a724c3886c979a\"\u003e\u003ccode\u003e0343fae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8136\"\u003e#8136\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/dbb59b7ba3706297fc399f764c287c7363f5417e\"\u003e\u003ccode\u003edbb59b7\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.18.2...v1.19.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.18.2\u0026new-version=v1.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/10218","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/10218","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10218/packages"}},{"old_version":"v1.18.2","new_version":"v1.19.0","update_type":"minor","path":"/charts/cert-manager","pr_created_at":"2025-10-07T14:17:31.000Z","version_change":"v1.18.2 → v1.19.0","issue":{"uuid":"2894175968","node_id":"PR_kwDOJ2U4086sgZ7g","number":449,"state":"open","title":"Bump jetstack/cert-manager-webhook from v1.18.2 to v1.19.0 in /charts/cert-manager","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-10-07T14:17:31.000Z","updated_at":"2025-10-07T14:17:32.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.18.2","new_version":"v1.19.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":"/charts/cert-manager","ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.18.2 to v1.19.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.0-alpha.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e⚠️ This is a pre-release. For testing only!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd IPv6 rules to the default network policy (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7726\"\u003e\u003ccode\u003e[#7726](https://github.com/cert-manager/cert-manager/issues/7726)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eglobal.nodeSelector\u003c/code\u003e to helm chart to allow for a single \u003ccode\u003enodeSelector\u003c/code\u003e to be set across all services. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7818\"\u003e\u003ccode\u003e[#7818](https://github.com/cert-manager/cert-manager/issues/7818)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/StingRayZA\"\u003e\u003ccode\u003e@StingRayZA\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generated \u003ccode\u003eapplyconfigurations\u003c/code\u003e allowing clients to make type safe server-side apply requests for cert-manager resources. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7866\"\u003e\u003ccode\u003e[#7866](https://github.com/cert-manager/cert-manager/issues/7866)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded API defaults to issuer references group (cert-manager.io) and kind (Issuer). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7414\"\u003e\u003ccode\u003e[#7414](https://github.com/cert-manager/cert-manager/issues/7414)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecertmanager_certificate_challenge_status\u003c/code\u003e Prometheus metric. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7736\"\u003e\u003ccode\u003e[#7736](https://github.com/cert-manager/cert-manager/issues/7736)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprotocol\u003c/code\u003e field for \u003ccode\u003erfc2136\u003c/code\u003e DNS01 provider (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7881\"\u003e\u003ccode\u003e[#7881](https://github.com/cert-manager/cert-manager/issues/7881)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCAInjectorMerging\u003c/code\u003e has been promoted to BETA and is now enabled by default (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/8017\"\u003e\u003ccode\u003e[#8017](https://github.com/cert-manager/cert-manager/issues/8017)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeature: Add support for \u003ca href=\"https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/\"\u003e\u003ccode\u003eACME profiles extension\u003c/code\u003e\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7777\"\u003e\u003ccode\u003e[#7777](https://github.com/cert-manager/cert-manager/issues/7777)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global \u003ccode\u003e--acme-http01-solver-resource-*\u003c/code\u003e settings. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7972\"\u003e\u003ccode\u003e[#7972](https://github.com/cert-manager/cert-manager/issues/7972)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe controller, webhook and ca-injector now logs its version and git commit on startup for easier debugging and support. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/8072\"\u003e\u003ccode\u003e[#8072](https://github.com/cert-manager/cert-manager/issues/8072)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/prasad89\"\u003e\u003ccode\u003e@prasad89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003ecertificate\u003c/code\u003e metrics to the collector approach. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7856\"\u003e\u003ccode\u003e[#7856](https://github.com/cert-manager/cert-manager/issues/7856)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eACME: Increased challenge authorization timeout to 2 minutes to fix \u003ccode\u003eerror waiting for authorization\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7796\"\u003e\u003ccode\u003e[#7796](https://github.com/cert-manager/cert-manager/issues/7796)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7816\"\u003e\u003ccode\u003e[#7816](https://github.com/cert-manager/cert-manager/issues/7816)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kinolaev\"\u003e\u003ccode\u003e@kinolaev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (\u003ccode\u003eclass\u003c/code\u003e, \u003ccode\u003eingressClassName\u003c/code\u003e, \u003ccode\u003ename\u003c/code\u003e) are specified simultaneously (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/8021\"\u003e\u003ccode\u003e[#8021](https://github.com/cert-manager/cert-manager/issues/8021)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIncrease maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7961\"\u003e\u003ccode\u003e[#7961](https://github.com/cert-manager/cert-manager/issues/7961)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7836\"\u003e\u003ccode\u003e[#7836](https://github.com/cert-manager/cert-manager/issues/7836)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse the latest version of ingress-nginx in E2E tests to ensure compatibility (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7792\"\u003e\u003ccode\u003e[#7792](https://github.com/cert-manager/cert-manager/issues/7792)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther (Cleanup or Flake)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHelm: Fix naming template of \u003ccode\u003etokenrequest\u003c/code\u003e RoleBinding resource to improve consistency (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7761\"\u003e\u003ccode\u003e[#7761](https://github.com/cert-manager/cert-manager/issues/7761)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7928\"\u003e\u003ccode\u003e[#7928](https://github.com/cert-manager/cert-manager/issues/7928)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMajor upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/8003\"\u003e\u003ccode\u003e[#8003](https://github.com/cert-manager/cert-manager/issues/8003)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate kind images to include the Kubernetes 1.33 node image (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7786\"\u003e\u003ccode\u003e[#7786](https://github.com/cert-manager/cert-manager/issues/7786)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003emaps.Copy\u003c/code\u003e for cleaner map handling (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/8092\"\u003e\u003ccode\u003e[#8092](https://github.com/cert-manager/cert-manager/issues/8092)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/quantpoet\"\u003e\u003ccode\u003e@quantpoet\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/12a3ef97916bf5c1bea55740caab49e93e2b6d54\"\u003e\u003ccode\u003e12a3ef9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8142\"\u003e#8142\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/50f41426821e0e40dc4d63722952447d2e3a8342\"\u003e\u003ccode\u003e50f4142\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/55c8b13edef335844126e7fafd231a3a39771953\"\u003e\u003ccode\u003e55c8b13\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8140\"\u003e#8140\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/b532b0d874adf56aad1b9b7c8a7a6f416b8fafc7\"\u003e\u003ccode\u003eb532b0d\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/gateway-api to v1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/2b1e348c2db65c6fab1cb57cdb174749797dfc80\"\u003e\u003ccode\u003e2b1e348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8138\"\u003e#8138\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/24e1c7a7336b0257a3fec3ccf687194757db94ce\"\u003e\u003ccode\u003e24e1c7a\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/290d577b0627dc5388dac7e3c6e152ba8eeb5a1a\"\u003e\u003ccode\u003e290d577\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8137\"\u003e#8137\u003c/a\u003e from cert-manager/renovate/misc-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/8b1650cffbb5251fa9ddef7c2b93c788ebea2d48\"\u003e\u003ccode\u003e8b1650c\u003c/code\u003e\u003c/a\u003e fix(deps): update misc go deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0343fae1f3db779406d4ccff42a724c3886c979a\"\u003e\u003ccode\u003e0343fae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8136\"\u003e#8136\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/dbb59b7ba3706297fc399f764c287c7363f5417e\"\u003e\u003ccode\u003edbb59b7\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.18.2...v1.19.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.18.2\u0026new-version=v1.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/onehinny/homelab/pull/449","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onehinny%2Fhomelab/issues/449","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/449/packages"}},{"old_version":"v1.17.2","new_version":"v1.18.2","update_type":"minor","path":"/charts/cert-manager","pr_created_at":"2025-07-16T14:55:11.000Z","version_change":"v1.17.2 → v1.18.2","issue":{"uuid":"2671021403","node_id":"PR_kwDOJ2U4086fNI1b","number":397,"state":"closed","title":"Bump jetstack/cert-manager-webhook from v1.17.2 to v1.18.2 in /charts/cert-manager","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-08-21T19:32:39.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-16T14:55:11.000Z","updated_at":"2025-08-21T19:32:39.000Z","time_to_close":3127048,"merged_at":"2025-08-21T19:32:39.000Z","merged_by":"dependabot[bot]","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.17.2","new_version":"v1.18.2","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":"/charts/cert-manager","ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.17.2 to v1.18.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.2\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe fixed a bug in the CSR's name constraints construction (only applies if you have enabled the \u003ccode\u003eNameConstraints\u003c/code\u003e feature gate).\nWe dropped the new \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option due to a bug we found, this feature will be released in \u003ccode\u003ev1.19\u003c/code\u003e instead.\u003c/p\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.1\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.1\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe have added a new feature gate \u003ccode\u003eACMEHTTP01IngressPathTypeExact\u003c/code\u003e, to allow \u003ccode\u003eingress-nginx\u003c/code\u003e users to turn off the new default Ingress \u003ccode\u003ePathType: Exact\u003c/code\u003e behavior, in ACME HTTP01 Ingress challenge solvers.\nThis change fixes the following issue: \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7791\"\u003e#7791\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (\u003ccode\u003eerror waiting for authorization\u003c/code\u003e), which has been reported by multiple users, since the release of cert-manager \u003ccode\u003ev1.16.0\u003c/code\u003e.\nThis change should fix the following issues: \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7337\"\u003e#7337\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7444\"\u003e#7444\u003c/a\u003e, and \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7685\"\u003e#7685\u003c/a\u003e.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eℹ️ Be sure to review all new features and changes below, and read the \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.18\"\u003efull release notes\u003c/a\u003e carefully before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new feature gate \u003ccode\u003eACMEHTTP01IngressPathTypeExact\u003c/code\u003e, to allow \u003ccode\u003eingress-nginx\u003c/code\u003e users to turn off the new default Ingress \u003ccode\u003ePathType: Exact\u003c/code\u003e behavior, in ACME HTTP01 Ingress challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7810\"\u003e\u003ccode\u003e[#7810](https://github.com/cert-manager/cert-manager/issues/7810)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eACME: Increased challenge authorization timeout to 2 minutes to fix \u003ccode\u003eerror waiting for authorization\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7801\"\u003e\u003ccode\u003e[#7801](https://github.com/cert-manager/cert-manager/issues/7801)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther (Cleanup or Flake)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse the latest version of ingress-nginx in E2E tests to ensure compatibility (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7807\"\u003e\u003ccode\u003e[#7807](https://github.com/cert-manager/cert-manager/issues/7807)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.0-alpha.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e⚠️ This is a pre-release.  Please help the project by testing this release!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.17.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd config to the Vault issuer to allow the server-name to be specified when validating the certificates the Vault server presents. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7663\"\u003e\u003ccode\u003e[#7663](https://github.com/cert-manager/cert-manager/issues/7663)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eapp.kubernetes.io/managed-by: cert-manager\u003c/code\u003e label to the created Let's Encrypt account keys (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7577\"\u003e\u003ccode\u003e[#7577](https://github.com/cert-manager/cert-manager/issues/7577)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/terinjokes\"\u003e\u003ccode\u003e@terinjokes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded certificate issuance and expiration time metrics (\u003ccode\u003ecertmanager_certificate_not_before_timestamp_seconds\u003c/code\u003e, \u003ccode\u003ecertmanager_certificate_not_after_timestamp_seconds\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7612\"\u003e\u003ccode\u003e[#7612](https://github.com/cert-manager/cert-manager/issues/7612)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/686afa62160249022a0205d3a9bf5f059476c684\"\u003e\u003ccode\u003e686afa6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e from cert-manager-bot/cherry-pick-7836-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c38e37ed27f6b0b7169b0cf5393fd3d9a0225556\"\u003e\u003ccode\u003ec38e37e\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;More fine-grained control over powerful RBAC permission granted via H...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/e77920306540000a9dbe463b5a8d59b6b382ae85\"\u003e\u003ccode\u003ee779203\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e from cert-manager-bot/cherry-pick-7816-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/6d59891c6af64add40183fc8f5fca42e6e872417\"\u003e\u003ccode\u003e6d59891\u003c/code\u003e\u003c/a\u003e fix: permit permitted URI domains in name constraints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/d5382c8e024d418866d317ab1d7537d837b612a2\"\u003e\u003ccode\u003ed5382c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7814\"\u003e#7814\u003c/a\u003e from cert-manager-bot/cherry-pick-7813-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c4e9ecf77d5410bea30539dacc53802d4a0a78a8\"\u003e\u003ccode\u003ec4e9ecf\u003c/code\u003e\u003c/a\u003e Change ACMEHTTP01IngressPathTypeExact feature to beta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/379f43e3de2237b5c15c74307cf39699e5447db0\"\u003e\u003ccode\u003e379f43e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7811\"\u003e#7811\u003c/a\u003e from cert-manager-bot/cherry-pick-7809-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/9542d75b0ca4250ee099176d550424be9a7046f0\"\u003e\u003ccode\u003e9542d75\u003c/code\u003e\u003c/a\u003e make generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/aa0aedf47aa83341778e4133080ca5422ccd65d4\"\u003e\u003ccode\u003eaa0aedf\u003c/code\u003e\u003c/a\u003e Update feature gate documentation in the Helm chart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/f05762bcaf8b20f8e5166b8cef1990a500911fd5\"\u003e\u003ccode\u003ef05762b\u003c/code\u003e\u003c/a\u003e Explain why we disable strict-validate-path in ingress-nginx\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.17.2...v1.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.17.2\u0026new-version=v1.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/onehinny/homelab/pull/397","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onehinny%2Fhomelab/issues/397","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/397/packages"}},{"old_version":"v1.18.1","new_version":"v1.18.2","update_type":"patch","path":null,"pr_created_at":"2025-07-03T03:43:03.000Z","version_change":"v1.18.1 → v1.18.2","issue":{"uuid":"2637216132","node_id":"PR_kwDOF3eXvs6dMLmE","number":9652,"state":"open","title":"Bump jetstack/cert-manager-webhook from v1.18.1 to v1.18.2","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-03T03:43:03.000Z","updated_at":"2025-07-03T03:43:04.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.18.1","new_version":"v1.18.2","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.18.1 to v1.18.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.2\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe fixed a bug in the CSR's name constraints construction (only applies if you have enabled the \u003ccode\u003eNameConstraints\u003c/code\u003e feature gate).\nWe dropped the new \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option due to a bug we found, this feature will be released in \u003ccode\u003ev1.19\u003c/code\u003e instead.\u003c/p\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.1\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/686afa62160249022a0205d3a9bf5f059476c684\"\u003e\u003ccode\u003e686afa6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e from cert-manager-bot/cherry-pick-7836-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c38e37ed27f6b0b7169b0cf5393fd3d9a0225556\"\u003e\u003ccode\u003ec38e37e\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;More fine-grained control over powerful RBAC permission granted via H...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/e77920306540000a9dbe463b5a8d59b6b382ae85\"\u003e\u003ccode\u003ee779203\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e from cert-manager-bot/cherry-pick-7816-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/6d59891c6af64add40183fc8f5fca42e6e872417\"\u003e\u003ccode\u003e6d59891\u003c/code\u003e\u003c/a\u003e fix: permit permitted URI domains in name constraints\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.18.1...v1.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.18.1\u0026new-version=v1.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9652","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9652","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9652/packages"}},{"old_version":"v1.17.2","new_version":"v1.18.0","update_type":"minor","path":null,"pr_created_at":"2025-06-11T03:09:33.000Z","version_change":"v1.17.2 → v1.18.0","issue":{"uuid":"2582924541","node_id":"PR_kwDOF3eXvs6Z9Ez9","number":9506,"state":"open","title":"Bump jetstack/cert-manager-webhook from v1.17.2 to v1.18.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-11T03:09:33.000Z","updated_at":"2025-06-11T03:09:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-webhook","old_version":"v1.17.2","new_version":"v1.18.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-webhook](https://github.com/cert-manager/cert-manager) from v1.17.2 to v1.18.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-webhook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003ecert-manager 1.18 introduces several new features and breaking changes. Highlights include support for ACME certificate profiles, a new default for \u003ccode\u003eCertificate.Spec.PrivateKey.RotationPolicy\u003c/code\u003e now set to \u003ccode\u003eAlways\u003c/code\u003e (breaking change), and the default \u003ccode\u003eCertificate.Spec.RevisionHistoryLimit\u003c/code\u003e now set to \u003ccode\u003e1\u003c/code\u003e (potentially breaking).\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eℹ️ Be sure to review all new features and changes below, and read the \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.18\"\u003efull release notes\u003c/a\u003e carefully before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eKnown Issues\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eACME + HTTP01 + Ingress-Nginx: \u003ccode\u003eError presenting challenge: admission webhook \u0026quot;validate.nginx.ingress.kubernetes.io\u0026quot; denied the request: ingress contains invalid paths: path /.well-known/acme-challenge/\u0026lt;REDACTED\u0026gt; cannot be used with pathType Exact\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7791\"\u003e#7791\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.17.2\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd config to the Vault issuer to allow the server-name to be specified when validating the certificates the Vault server presents. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7663\"\u003e#7663\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@​ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eapp.kubernetes.io/managed-by: cert-manager\u003c/code\u003e label to the created Let's Encrypt account keys (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7577\"\u003e#7577\u003c/a\u003e, \u003ca href=\"https://github.com/terinjokes\"\u003e\u003ccode\u003e@​terinjokes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded certificate issuance and expiration time metrics (\u003ccode\u003ecertmanager_certificate_not_before_timestamp_seconds\u003c/code\u003e, \u003ccode\u003ecertmanager_certificate_not_after_timestamp_seconds\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7612\"\u003e#7612\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@​solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded ingress-shim option: \u003ccode\u003e--extra-certificate-annotations\u003c/code\u003e,  which sets a list of annotation keys to be copied from Ingress-like to resulting Certificate object (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7083\"\u003e#7083\u003c/a\u003e, \u003ca href=\"https://github.com/k0da\"\u003e\u003ccode\u003e@​k0da\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eiss\u003c/code\u003e short name for the cert-manager \u003ccode\u003eIssuer\u003c/code\u003e resource. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7373\"\u003e#7373\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eciss\u003c/code\u003e short name for the cert-manager \u003ccode\u003eClusterIssuer\u003c/code\u003e resource (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7373\"\u003e#7373\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdds the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e helm value to disable HTTP-01 ACME challenges. This allows cert-manager to drop its permission to create pods, improving security when HTTP-01 challenges are not required. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7666\"\u003e#7666\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow customizing signature algorithm (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7591\"\u003e#7591\u003c/a\u003e, \u003ca href=\"https://github.com/tareksha\"\u003e\u003ccode\u003e@​tareksha\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache the full DNS response and handle TTL expiration in \u003ccode\u003eFindZoneByFqdn\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7596\"\u003e#7596\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsIvan\"\u003e\u003ccode\u003e@​ThatsIvan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCert-manager now uses a local fork of the golang.org/x/crypto/acme package (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7752\"\u003e#7752\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ca href=\"https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/\"\u003eACME profiles extension\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7777\"\u003e#7777\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePromote the \u003ccode\u003eUseDomainQualifiedFinalizer\u003c/code\u003e feature to GA. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7735\"\u003e#7735\u003c/a\u003e, \u003ca href=\"https://github.com/jsoref\"\u003e\u003ccode\u003e@​jsoref\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSwitched service/servicemon definitions to use port names instead of numbers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7727\"\u003e#7727\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default value of \u003ccode\u003eCertificate.Spec.PrivateKey.RotationPolicy\u003c/code\u003e changed from \u003ccode\u003eNever\u003c/code\u003e to \u003ccode\u003eAlways\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7723\"\u003e#7723\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePotentially breaking: Set the default revisionHistoryLimit to 1 for the CertificateRequest revisions (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7758\"\u003e#7758\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some comments (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7620\"\u003e#7620\u003c/a\u003e, \u003ca href=\"https://github.com/teslaedison\"\u003e\u003ccode\u003e@​teslaedison\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ego-jose\u003c/code\u003e dependency to address \u003ccode\u003eCVE-2025-27144\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7606\"\u003e#7606\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egolang.org/x/oauth2\u003c/code\u003e to patch \u003ccode\u003eCVE-2025-22868\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egolang.org/x/crypto\u003c/code\u003e to patch \u003ccode\u003eGHSA-hcg3-q754-cr77\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egithub.com/golang-jwt/jwt\u003c/code\u003e to patch \u003ccode\u003eGHSA-mh63-6h87-95cp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChange of the Kubernetes Ingress pathType from \u003ccode\u003eImplementationSpecific\u003c/code\u003e to \u003ccode\u003eExact\u003c/code\u003e for a reliable handling of ingress controllers and enhanced security. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7767\"\u003e#7767\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix AWS Route53 error detection for not-found errors during deletion of DNS records. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7690\"\u003e#7690\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix behavior when running with \u003ccode\u003e--namespace=\u0026lt;namespace\u0026gt;\u003c/code\u003e: limit the scope of cert-manager to a single namespace and disable cluster-scoped controllers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7678\"\u003e#7678\u003c/a\u003e, \u003ca href=\"https://github.com/tsaarni\"\u003e\u003ccode\u003e@​tsaarni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix handling of certificates with IP addresses in the \u003ccode\u003ecommonName\u003c/code\u003e field; IP addresses are no longer added to the DNS \u003ccode\u003esubjectAlternativeName\u003c/code\u003e list and are instead added to the \u003ccode\u003eipAddresses\u003c/code\u003e field as expected. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7081\"\u003e#7081\u003c/a\u003e, \u003ca href=\"https://github.com/johnjcool\"\u003e\u003ccode\u003e@​johnjcool\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7549\"\u003e#7549\u003c/a\u003e, \u003ca href=\"https://github.com/LukeCarrier\"\u003e\u003ccode\u003e@​LukeCarrier\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003ecertmanager_certificate_renewal_timestamp_seconds\u003c/code\u003e metric help text indicating that the metric is relative to expiration time, rather than Unix epoch time. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7609\"\u003e#7609\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@​solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixing the service account template to incorporate boolean values for the annotations. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7698\"\u003e#7698\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eQuote nodeSelector values in Helm Chart (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7579\"\u003e#7579\u003c/a\u003e, \u003ca href=\"https://github.com/tobiasbp\"\u003e\u003ccode\u003e@​tobiasbp\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip Gateway TLS listeners in \u003ccode\u003ePassthrough\u003c/code\u003e mode. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/6986\"\u003e#6986\u003c/a\u003e, \u003ca href=\"https://github.com/vehagn\"\u003e\u003ccode\u003e@​vehagn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003egolang.org/x/net\u003c/code\u003e fixing \u003ccode\u003eCVE-2025-22870\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7619\"\u003e#7619\u003c/a\u003e, \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/83dae3ef37f50973c0f3b3a818fc7d1b35fff341\"\u003e\u003ccode\u003e83dae3e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7790\"\u003e#7790\u003c/a\u003e from cert-manager-bot/cherry-pick-7789-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/64b5da275111004278a6b55ac05d2a85115757ea\"\u003e\u003ccode\u003e64b5da2\u003c/code\u003e\u003c/a\u003e make generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/bdd1320d54c976f5b2980175e8689d1894db24de\"\u003e\u003ccode\u003ebdd1320\u003c/code\u003e\u003c/a\u003e Fix typo in Certificate API documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/3ab737e8deb5d662aa2f7064fde023fd7883d4a6\"\u003e\u003ccode\u003e3ab737e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7787\"\u003e#7787\u003c/a\u003e from cert-manager-bot/cherry-pick-7786-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/4d0193e6557f7df90e1ffb06d819718775ec4d25\"\u003e\u003ccode\u003e4d0193e\u003c/code\u003e\u003c/a\u003e Add 1.33 option to cluster.sh\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/89473974338da4946b208df72a01a22d39222368\"\u003e\u003ccode\u003e8947397\u003c/code\u003e\u003c/a\u003e ./hack/latest-kind-images.sh v0.27.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/4eb6df2ec5e65b8c0b6ee4b16132c5deeb71c341\"\u003e\u003ccode\u003e4eb6df2\u003c/code\u003e\u003c/a\u003e Fix a typo in the make help text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/331f9e6638afa4833db7105b49bf43c3980cf502\"\u003e\u003ccode\u003e331f9e6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7785\"\u003e#7785\u003c/a\u003e from wallrj/go-1.24.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/df9f43b3c6ac1cab5658842094dd682b71ab7f76\"\u003e\u003ccode\u003edf9f43b\u003c/code\u003e\u003c/a\u003e Upgrade Go to v1.24.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/99aded1d141f6c5fd11399f2a1054c50b6f09fcd\"\u003e\u003ccode\u003e99aded1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7777\"\u003e#7777\u003c/a\u003e from wallrj/acme-profiles\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.17.2...v1.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-webhook\u0026package-manager=docker\u0026previous-version=v1.17.2\u0026new-version=v1.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9506","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9506","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9506/packages"}}]}