chore(deps): bump the go group across 1 directory with 7 updates

[dependabot]

Bumps the go group with 6 updates in the / directory:

Package	From	To
github.com/cert-manager/cert-manager	1.13.1	1.15.0
github.com/fluxcd/kustomize-controller/api	1.0.0-rc.3	1.3.0
github.com/fluxcd/pkg/runtime	0.35.0	0.47.1
github.com/fluxcd/source-controller/api	1.1.0	1.3.0
github.com/open-component-model/git-controller	0.12.0	0.12.1
sigs.k8s.io/cli-utils	0.35.0	0.36.0

Updates github.com/cert-manager/cert-manager from 1.13.1 to 1.15.0

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.15.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

cert-manager 1.15 promotes several features to beta, including GatewayAPI support (ExperimentalGatewayAPISupport), the ability to provide a subject in the Certificate that will be used literally in the CertificateSigningRequest (LiteralCertificateSubject) and the outputting of additional certificate formats (AdditionalCertificateOutputFormats).

[!NOTE]

The cmctl binary have been moved to https://github.com/cert-manager/cmctl/releases. For the startupapicheck Job you should update references to point at quay.io/jetstack/cert-manager-startupapicheck

[!NOTE]

From this release, the Helm chart will no longer uninstall the CRDs when the chart is uninstalled. If you want the CRDs to be removed on uninstall use crds.keep=false when installing the Helm chart.

Community

Thanks again to all open-source contributors with commits in this release, including: @​Pionerd, @​SgtCoDFish, @​ThatsMrTalbot, @​andrey-dubnik, @​bwaldrep, @​eplightning, @​erikgb, @​findnature, @​gplessis, @​import-shiburin, @​inteon, @​jkroepke, @​lunarwhite, @​mangeshhambarde, @​pwhitehead-splunk & @​rodrigorfk, @​wallrj.

Thanks also to the following cert-manager maintainers for their contributions during this release: @​SgtCoDFish, @​SpectralHiss, @​ThatsMrTalbot, @​hawksight, @​inteon, @​maelvls & @​wallrj.

Equally thanks to everyone who provided feedback, helped users and raised issues on GitHub and Slack and joined our meetings!

Thanks also to the CNCF, which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the PrivateCA Issuer.

In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects.

Changes by Kind

Feature

• GatewayAPI support has graduated to Beta. Add the --enable-gateway-api flag to enable the integration. (#6961, @​ThatsMrTalbot)
• Add support to specify a custom key alias in a JKS Keystore (#6807, @​bwaldrep)
• Add the ability to communicate with Vault via mTLS when strict client certificates is enabled at Vault server side (#6614, @​rodrigorfk)
• Added option to provide additional audiences in the service account auth section for vault (#6718, @​andrey-dubnik)
• Venafi Issuer now sends a cert-manager HTTP User-Agent header in all Venafi Rest API requests. For example: cert-manager-certificaterequests-issuer-venafi/v1.15.0+(linux/amd64)+cert-manager/ef068a59008f6ed919b98a7177921ddc9e297200. (#6865, @​wallrj)
• Add hint to validation error message to help users of external issuers more easily fix the issue if they specify a Kind but forget the Group (#6913, @​SgtCoDFish)
• Add support for numeric OID types in LiteralSubject. Eg. "1.2.3.4=String Value" (#6775, @​inteon)
• Promote the LiteralCertificateSubject feature to Beta. (#7030, @​inteon)
• Promoted the AdditionalCertificateOutputFormats feature gate to Beta (enabled by default). (#6970, @​erikgb)
• The Helm chart now allows you to supply extraObjects; a list of yaml manifests which will helm will install and uninstall with the cert-manager manifests. (#6424, @​gplessis)
• Update the Route53 provider to support fetching credentials using AssumeRoleWithWebIdentity (#6878, @​pwhitehead-splunk)
• Helm can now add optional hostAliases to cert-manager Pod to allow the DNS self-check to pass in custom scenarios. (#6456, @​Pionerd)
• Added a new Ingress annotation for copying specific Ingress annotations to Certificate's secretTemplate (#6839, @​mangeshhambarde)
• Added option to define additional token audiences for the Vault Kubernetes auth (#6744, @​andrey-dubnik)
• Allow cert-manager.io/allow-direct-injection in annotations (#6801, @​jkroepke)

Design

• Remove repetitive words (#6949, @​findnature)

... (truncated)

Commits

• 3403251 Merge pull request #7055 from cert-manager-bot/cherry-pick-7052-to-release-1.15
• b1ac915 Merge pull request #7054 from cert-manager-bot/cherry-pick-7049-to-release-1.15
• c392ea8 BUGFIX: correctly mount config files for components
• dfce6b9 if list of controllers only contains disabled controllers, implicitly enable ...
• dadd37d run 'make generate-helm-docs'
• c92fb1c add Helm options to extend auto-approval or disable it
• d3e8db7 Merge pull request #7050 from cert-manager/self-upgrade-release-1.15
• 8f475f6 BOT: run 'make upgrade-klone' and 'make generate'
• ebb5281 Merge pull request #7044 from inteon/fix_release_bug
• 64676af Merge pull request #7034 from cert-manager/self-upgrade-master
• Additional commits viewable in compare view

Updates github.com/fluxcd/kustomize-controller/api from 1.0.0-rc.3 to 1.3.0

Release notes

Sourced from github.com/fluxcd/kustomize-controller/api's releases.

v1.3.0

Changelog

v1.3.0 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.3.0
• ghcr.io/fluxcd/kustomize-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.2

Changelog

v1.2.2 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.2.2
• ghcr.io/fluxcd/kustomize-controller:v1.2.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.1

Changelog

v1.2.1 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.2.1
• ghcr.io/fluxcd/kustomize-controller:v1.2.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.0

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/kustomize-controller/api's changelog.

1.3.0

Release date: 2024-05-06

This minor release comes with new features, improvements and bug fixes.

The controller has been updated to Kustomize v5.4, please see the kubernetes-sigs/kustomize changelog for more details.

The Flux Kustomization API gains two optional fields .spec.namePrefix and .spec.nameSuffix that can be used to specify a prefix and suffix to be added to the names of all managed resources.

The controller now supports the --feature-gates=StrictPostBuildSubstitutions=true flag, when enabled the post-build substitutions will fail if a variable without a default value is declared in files but is missing from the input vars.

When using variable substitution with values that are numbers or booleans, it is now possible to covert the values to strings, for more details see the post-build documentation.

In addition, the controller dependencies have been updated to Kubernetes v1.30 and controller-runtime v0.18. Various other dependencies have also been updated to their latest version to patch upstream CVEs.

Lastly, the controller is now built with Go 1.22.

Improvements:

• Implement name prefix/suffix transformers #1134
• Add StrictPostBuildSubstitutions feature flag #1130
• Document how to use numbers and booleans in post build substitutions #1129
• Remove deprecated aad pod identity from API docs #1152
• api: Refer condition type constants from fluxcd/pkg/apis #1144
• Update dependencies to Kustomize v5.4.0 #1128
• Various dependency updates #1155 #1121 #1139 #1122

Fixes:

• Fix requeue warning introduced by controller-runtime

... (truncated)

Commits

• 83fbfee Merge pull request #1157 from fluxcd/release-v1.3.0
• 458d7e2 Release v1.3.0
• 4a02b3f Add changelog entry for v1.3.0
• 882f6a7 Merge pull request #1154 from fluxcd/dependabot/github_actions/ci-b23e0286c6
• dfcd4ed Merge pull request #1155 from fluxcd/source-controller-1.3.0
• e81120a build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group
• 780954f Update source-controller API to v1.3.0
• 99792de Merge pull request #1152 from dipti-pai/remove-deprecated-aad-podidentity-ref
• fc663de Remove references aad pod identity
• f0f9b03 Merge pull request #1149 from fluxcd/dependabot/github_actions/ci-cfa2b75493
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.1.2 to 1.5.0

Commits

• e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
• 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
• 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
• c906252 Update dependencies to Kubernetes 1.30
• 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
• ccb916a build(deps): bump the ci group with 3 updates
• 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
• abf5675 kustomize: Add support for namePrefix and nameSuffix
• 98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
• efcd824 build(deps): bump docker/setup-buildx-action in the ci group
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.35.0 to 0.47.1

Commits

• adcfcbe Merge pull request #769 from fluxcd/controller-runtime-v0.18.1
• 0e74a82 Update runtime pkg docs
• b329d92 Update dependencies to controller-runtime v0.18.1
• d0bf8ed Merge pull request #768 from fluxcd/dependabot/github_actions/ci-b93eff89fb
• 14f05d7 build(deps): bump actions/checkout from 4.1.3 to 4.1.4 in the ci group
• 3790516 Merge pull request #767 from fluxcd/up-internal-deps
• 37ea30c Update internal dependencies
• e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
• 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
• 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
• Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.1.0 to 1.3.0

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.3.0

Changelog

v1.3.0 changelog

Container images

• docker.io/fluxcd/source-controller:v1.3.0
• ghcr.io/fluxcd/source-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.5

Changelog

v1.2.5 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.5
• ghcr.io/fluxcd/source-controller:v1.2.5

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.4

Changelog

v1.2.4 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.4
• ghcr.io/fluxcd/source-controller:v1.2.4

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.3

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.3.0

Release date: 2024-05-03

This minor release promotes the Helm APIs to GA, and comes with new features, improvements and bug fixes.

HelmRepository

The HelmRepository API has been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2.

For HelmRepository of type oci, the .spec.insecure field allows connecting over HTTP to an insecure non-TLS container registry.

To upgrade from v1beta2, after deploying the new CRD and controller, set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain HelmRepository definitions. Bumping the API version in manifests can be done gradually. It is advised not to delay this procedure as the beta versions will be removed after 6 months.

HelmChart

The HelmChart API have been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2, with the exception of the removal of the deprecated field .spec.valuesFile which was replaced with spec.valuesFiles.

The HelmChart API was extended with support for Notation signature verification of Helm OCI charts.

A new optional field .spec.ignoreMissingValuesFiles has been added, which allows the controller to ignore missing values files rather than failing to reconcile the HelmChart.

OCIRepository

The OCIRepository API was extended with support for Notation signature verification of OCI artifacts.

A new optional field .spec.ref.semverFilter has been added, which allows the controller to filter the tags based on regular expressions before applying the semver range. This allows picking the latest release candidate instead of the latest stable release.

In addition, the controller has been updated to Kubernetes v1.30.0, Helm v3.14.4, and various other dependencies to their latest version to patch upstream CVEs.

... (truncated)

Commits

• a80a99b Merge pull request #1472 from fluxcd/release-v1.3.0
• 70901f8 Release v1.3.0
• 05ab8b1 Add changelog entry for v1.3.0
• c9bf167 Merge pull request #1298 from fluxcd/phony-build
• cc3d495 ci: Print controller logs after e2e run
• 0bd5b95 Rename make target build to manager
• edccfe9 Merge pull request #1470 from fluxcd/dependabot/github_actions/ci-b23e0286c6
• 9ce2d61 build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group
• 16eeeef Merge pull request #1469 from fluxcd/dependabot/go_modules/go-deps-4411c5bc33
• 8598b8d build(deps): bump google.golang.org/api
• Additional commits viewable in compare view

Updates github.com/open-component-model/git-controller from 0.12.0 to 0.12.1

Release notes

Sourced from github.com/open-component-model/git-controller's releases.

v0.12.1

Release 0.12.1

• fix: add the right version in the image overlay for the deployment (#145)
• chore: remove personal information (#139)

Commits

• bed5237 fix: add the right version in the image overlay for the deployment (#145)
• 7727ccc chore: remove personal information (#139)
• See full diff in compare view

Updates sigs.k8s.io/cli-utils from 0.35.0 to 0.36.0

Release notes

Sourced from sigs.k8s.io/cli-utils's releases.

v0.36.0

Changelog

• cbc090d Add conversion func for status-policy
• 8964a66 Update dependencies
• ac3bd31 Update linter and fix warnings
• 6bdf5b5 Update to Kubernetes v1.28.4 And update go version to 1.20
• 542546c Use HTTPClientFor instead of defaultHTTPClient
• e708f5a disable linter for NewExponentialBackoffManager
• b2051cf update dependencies to k8s.io v0.27.2

Commits

• 227a03f Merge pull request #637 from fsommar/status-policy-conversion
• cbc090d Add conversion func for status-policy
• 7928dbf Merge pull request #625 from liangyuanpeng/gnostic-dependency
• 6bdf5b5 Update to Kubernetes v1.28.4 And update go version to 1.20
• 0b156cb Merge pull request #629 from ash2k/update-dependencies
• 8964a66 Update dependencies
• ac3bd31 Update linter and fix warnings
• 542546c Use HTTPClientFor instead of defaultHTTPClient
• e708f5a disable linter for NewExponentialBackoffManager
• b2051cf update dependencies to k8s.io v0.27.2
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Mend Scan Summary: ✅

Repository: open-component-model/mpas-project-controller

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	0
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	0
LICENSE RISK HIGH	0
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

[dependabot]

Superseded by #99.