Skip to content

fix(container): update quay.io/jetstack/charts/cert-manager ( v1.19.1 → v1.19.2 ) #652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
homebot-0 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(container): update quay.io/jetstack/charts/cert-manager ( v1.19.1 → v1.19.2 ) #652

homebot-0 wants to merge 1 commit into from

Conversation

@homebot-0
Copy link
Contributor

@homebot-0 homebot-0 bot commented Dec 21, 2025

This PR contains the following updates:

Package Update Change
quay.io/jetstack/charts/cert-manager (source) patch v1.19.1v1.19.2

🔐 Security Component: Review for breaking changes in authentication/secrets handling.

Release Notes

cert-manager/cert-manager (quay.io/jetstack/charts/cert-manager)

v1.19.2

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We updated Go to fix some vulnerabilities in the standard library.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since v1.19.1
Bug or Regression
  • Address false positive vulnerabilities CVE-2025-47914 and CVE-2025-58181 which were reported by Trivy. (#​8283, @​SgtCoDFish)
  • Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#​8294, @​wallrj-cyberark)
  • Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#​8233, @​cert-manager-bot)
Other (Cleanup or Flake)

v1.19.2

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We updated Go to fix some vulnerabilities in the standard library.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since v1.19.1
Bug or Regression
  • Address false positive vulnerabilities CVE-2025-47914 and CVE-2025-58181 which were reported by Trivy. (#​8283, @​SgtCoDFish)
  • Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#​8294, @​wallrj-cyberark)
  • Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#​8233, @​cert-manager-bot)
Other (Cleanup or Flake)

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@homebot-0 homebot-0 bot added deps/security Security components (Authentik, cert-manager) renovate Dependency update by Renovate update/patch Patch version update - bug fixes labels Dec 21, 2025
@coderabbitai
Copy link

coderabbitai bot commented Dec 21, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch renovate/patch-security-certificates

Comment @coderabbitai help to get the list of available commands and usage tips.

@homebot-0 homebot-0 bot added the area/kubernetes Changes to Kubernetes manifests and apps label Dec 21, 2025
@homebot-0
Copy link
Contributor Author

homebot-0 bot commented Dec 21, 2025

ℹ️ SOPS Encryption Check

No SOPS files detected in this pull request.

Check Status
SOPS files in PR ✅ None detected

No encryption validation required for this PR.

@homebot-0
Copy link
Contributor Author

homebot-0 bot commented Dec 21, 2025

✅ Gitleaks Secret Scan Passed

No secrets detected in this pull request.

Check Status
Secret patterns ✅ Clean
Sensitive files ✅ None detected

@homebot-0
Copy link
Contributor Author

homebot-0 bot commented Dec 21, 2025 

--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-cainjector
-        image: quay.io/jetstack/cert-manager-cainjector:v1.19.1
+        image: quay.io/jetstack/cert-manager-cainjector:v1.19.2
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --leader-election-namespace=kube-system
         - --metrics-listen-address=0
         env:
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

@@ -31,19 +31,19 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-controller
-        image: quay.io/jetstack/cert-manager-controller:v1.19.1
+        image: quay.io/jetstack/cert-manager-controller:v1.19.2
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --cluster-resource-namespace=$(POD_NAMESPACE)
         - --leader-election-namespace=kube-system
-        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.19.1
+        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.19.2
         - --max-concurrent-challenges=60
         - --dns01-recursive-nameservers-only=true
         - --dns01-recursive-nameservers=https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query
         ports:
         - containerPort: 9402
           name: http-metrics
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-webhook
-        image: quay.io/jetstack/cert-manager-webhook:v1.19.1
+        image: quay.io/jetstack/cert-manager-webhook:v1.19.2
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --secure-port=10250
         - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
         - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
--- HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck

+++ HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-startupapicheck
-        image: quay.io/jetstack/cert-manager-startupapicheck:v1.19.1
+        image: quay.io/jetstack/cert-manager-startupapicheck:v1.19.2
         imagePullPolicy: IfNotPresent
         args:
         - check
         - api
         - --wait=1m
         - -v

@homebot-0
Copy link
Contributor Author

homebot-0 bot commented Dec 21, 2025 

--- kubernetes/apps/cert-manager/cert-manager-operator/app Kustomization: cert-manager/cert-manager-operator OCIRepository: cert-manager/cert-manager

+++ kubernetes/apps/cert-manager/cert-manager-operator/app Kustomization: cert-manager/cert-manager-operator OCIRepository: cert-manager/cert-manager

@@ -10,9 +10,9 @@

 spec:
   interval: 15m
   layerSelector:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: v1.19.1
+    tag: v1.19.2
   url: oci://quay.io/jetstack/charts/cert-manager

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/kubernetes Changes to Kubernetes manifests and apps deps/security Security components (Authentik, cert-manager) renovate Dependency update by Renovate update/patch Patch version update - bug fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants