chore(deps): bump the go group across 1 directory with 6 updates

[dependabot]

Bumps the go group with 5 updates in the / directory:

Package	From	To
github.com/cert-manager/cert-manager	1.13.1	1.14.5
github.com/fluxcd/kustomize-controller/api	1.0.0-rc.3	1.2.2
github.com/fluxcd/pkg/runtime	0.35.0	0.47.1
github.com/fluxcd/source-controller/api	1.1.0	1.3.0
github.com/open-component-model/git-controller	0.12.0	0.12.1

Updates github.com/cert-manager/cert-manager from 1.13.1 to 1.14.5

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.14.5

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.14.5 fixes a bug in the DigitalOcean DNS-01 provider which could cause incorrect DNS records to be deleted when using a domain with a CNAME. Special thanks to @​BobyMCbobs for reporting this issue and testing the fix!

It also patches CVE-2023-45288.

Known Issues

• ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see 1.14 release notes for more information.

Changes

Bug or Regression

• DigitalOcean: Ensure that only TXT records are considered for deletion when cleaning up after an ACME challenge (#6893 , @​SgtCoDFish)
• Bump golang.org/x/net to address CVE-2023-45288 (#6931 , @​SgtCoDFish)

v1.14.4

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

cert-manager 1.14 brings a variety of features, security improvements and bug fixes, including: support for creating X.509 certificates with "Other Name" fields, and support for creating CA certificates with "Name Constraints" and "Authority Information Accessors" extensions.

⚠️ Known Issues

• ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see release docs for more info and mitigations

ℹ️ Documentation

Release notes Upgrade notes Installation instructions

🔧 Breaking changes

See Breaking changes in v1.14.0 release notes

📜 Changes since v1.14.3

Bug or Regression

• Allow cert-manager.io/allow-direct-injection in annotations (#6809, @​jetstack-bot)
• BUGFIX: JKS and PKCS12 stores now contain the full set of CAs specified by an issuer (#6812, @​jetstack-bot)
• BUGFIX: cainjector leaderelection flag/ config option defaults are missing (#6819, @​jetstack-bot)

Other (Cleanup or Flake)

• Bump base images. (#6842, @​inteon)
• Upgrade Helm: fix CVE-2024-26147 alert (#6834, @​inteon)
• Upgrade go to 1.21.8: fixes CVE-2024-24783 (#6825, @​jetstack-bot)
• Upgrade google.golang.org/protobuf: fixing GO-2024-2611 (#6829, @​inteon)

... (truncated)

Commits

• 6a09152 Merge pull request #6955 from SgtCoDFish/release-1.14-ignore-CVE-2020-8559
• b774723 [release-1.14] ignore trivy false positive CVE-2020-8559
• c1bc830 Merge pull request #6942 from inteon/release-1.14_acl
• fb5b0ac Merge pull request #6940 from cert-manager-bot/cherry-pick-6938-to-release-1.14
• a298c14 disable rclone gcs bucket ACL
• 53656b4 remove docker custom network hack, since the test environment itself has been...
• 04b2a8c Merge pull request #6931 from SgtCoDFish/release-1.14-CVE-2023-45288
• ca8832b Merge pull request #6936 from cert-manager-bot/cherry-pick-6923-to-release-1.14
• c35059a fix flaky dns test, make sure dns server has started before sending requests
• 8294b60 [release-1.14] fix CVE-2023-45288, bump base images, bump go
• Additional commits viewable in compare view

Updates github.com/fluxcd/kustomize-controller/api from 1.0.0-rc.3 to 1.2.2

Release notes

Sourced from github.com/fluxcd/kustomize-controller/api's releases.

v1.2.2

Changelog

v1.2.2 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.2.2
• ghcr.io/fluxcd/kustomize-controller:v1.2.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.1

Changelog

v1.2.1 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.2.1
• ghcr.io/fluxcd/kustomize-controller:v1.2.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.0

Changelog

v1.2.0 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.2.0
• ghcr.io/fluxcd/kustomize-controller:v1.2.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.1.1

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/kustomize-controller/api's changelog.

1.2.2

Release date: 2024-02-01

This patch release comes with various bug fixes and improvements.

Reconciling empty directories and directories without Kubernetes manifests no longer results in an error. This regressing bug was introduced with the controller upgrade to Kustomize v5.3 and has been fixed in this patch release.

The regression due to which the namespaced objects without a namespace specified resulted in not found error instead of namespace not specified has also been fixed. And the regression due to which Roles and ClusterRoles were reconciled over and over due to the normalization of Roles and ClusterRoles has also been fixed.

In addition, the Kubernetes dependencies have been updated to v1.28.6. Various other dependencies have also been updated to their latest version to patch upstream CVEs.

Lastly, the controller is now built with Go 1.21.

Improvements:

• Update Go to 1.21 #1053
• Various dependency updates #1076 #1074 #1070 #1068 #1065 #1060 #1059 #1051 #1049 #1046 #1044 #1040 #1038

1.2.1

Release date: 2023-12-14

This patch release comes with improvements in logging to provide faster feedback on any HTTP errors encountered while fetching source artifacts.

In addition, the status condition messages are now trimmed to respect the size limit defined by the API.

... (truncated)

Commits

• 7a5ae11 Merge pull request #1077 from fluxcd/release-v1.2.2
• afb9e73 Release v1.2.2
• e5072d5 Add changelog entry for v1.2.2
• 115614b Merge pull request #1076 from fluxcd/backport-1075-to-release/v1.2.x
• 00821eb Update source-controller dependency
• 151e55b Merge pull request #1074 from fluxcd/backport-1072-to-release/v1.2.x
• c575ac2 build(deps): bump the go-deps group with 1 update
• e75aa5f Merge pull request #1070 from fluxcd/backport-1069-to-release/v1.2.x
• ddeda85 build(deps): bump the ci group with 1 update
• 04b1e54 Merge pull request #1068 from fluxcd/backport-1066-to-release/v1.2.x
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.1.2 to 1.3.0

Commits

• 31388ce Merge pull request #727 from fluxcd/distribution-up
• 328eb42 Update OCI distribution to v3.0.0-alpha.1
• 7fabcd8 Merge pull request #684 from somtochiama/pull-static-file-oci
• a330445 fix options
• 255f8fc test for static archive
• f155227 refactor test
• 8687514 implement pull static artifact
• 4624208 Merge pull request #726 from fluxcd/deps-kube-v0.28.6
• 30da897 Update dependencies
• 63e3e9c Merge pull request #725 from fluxcd/dependabot/github_actions/ci-f38fbd1956
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.35.0 to 0.47.1

Commits

• adcfcbe Merge pull request #769 from fluxcd/controller-runtime-v0.18.1
• 0e74a82 Update runtime pkg docs
• b329d92 Update dependencies to controller-runtime v0.18.1
• d0bf8ed Merge pull request #768 from fluxcd/dependabot/github_actions/ci-b93eff89fb
• 14f05d7 build(deps): bump actions/checkout from 4.1.3 to 4.1.4 in the ci group
• 3790516 Merge pull request #767 from fluxcd/up-internal-deps
• 37ea30c Update internal dependencies
• e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
• 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
• 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
• Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.1.0 to 1.3.0

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.3.0

Changelog

v1.3.0 changelog

Container images

• docker.io/fluxcd/source-controller:v1.3.0
• ghcr.io/fluxcd/source-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.5

Changelog

v1.2.5 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.5
• ghcr.io/fluxcd/source-controller:v1.2.5

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.4

Changelog

v1.2.4 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.4
• ghcr.io/fluxcd/source-controller:v1.2.4

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.3

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.3.0

Release date: 2024-05-03

This minor release promotes the Helm APIs to GA, and comes with new features, improvements and bug fixes.

HelmRepository

The HelmRepository API has been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2.

For HelmRepository of type oci, the .spec.insecure field allows connecting over HTTP to an insecure non-TLS container registry.

To upgrade from v1beta2, after deploying the new CRD and controller, set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain HelmRepository definitions. Bumping the API version in manifests can be done gradually. It is advised not to delay this procedure as the beta versions will be removed after 6 months.

HelmChart

The HelmChart API have been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2, with the exception of the removal of the deprecated field .spec.valuesFile which was replaced with spec.valuesFiles.

The HelmChart API was extended with support for Notation signature verification of Helm OCI charts.

A new optional field .spec.ignoreMissingValuesFiles has been added, which allows the controller to ignore missing values files rather than failing to reconcile the HelmChart.

OCIRepository

The OCIRepository API was extended with support for Notation signature verification of OCI artifacts.

A new optional field .spec.ref.semverFilter has been added, which allows the controller to filter the tags based on regular expressions before applying the semver range. This allows picking the latest release candidate instead of the latest stable release.

In addition, the controller has been updated to Kubernetes v1.30.0, Helm v3.14.4, and various other dependencies to their latest version to patch upstream CVEs.

... (truncated)

Commits

• a80a99b Merge pull request #1472 from fluxcd/release-v1.3.0
• 70901f8 Release v1.3.0
• 05ab8b1 Add changelog entry for v1.3.0
• c9bf167 Merge pull request #1298 from fluxcd/phony-build
• cc3d495 ci: Print controller logs after e2e run
• 0bd5b95 Rename make target build to manager
• edccfe9 Merge pull request #1470 from fluxcd/dependabot/github_actions/ci-b23e0286c6
• 9ce2d61 build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group
• 16eeeef Merge pull request #1469 from fluxcd/dependabot/go_modules/go-deps-4411c5bc33
• 8598b8d build(deps): bump google.golang.org/api
• Additional commits viewable in compare view

Updates github.com/open-component-model/git-controller from 0.12.0 to 0.12.1

Release notes

Sourced from github.com/open-component-model/git-controller's releases.

v0.12.1

Release 0.12.1

• fix: add the right version in the image overlay for the deployment (#145)
• chore: remove personal information (#139)

Commits

• bed5237 fix: add the right version in the image overlay for the deployment (#145)
• 7727ccc chore: remove personal information (#139)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Mend Scan Summary: ✅

Repository: open-component-model/mpas-project-controller

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	0
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	0
LICENSE RISK HIGH	0
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.