Skip to content

Comments

fix(container): update image quay.io/jetstack/charts/cert-manager ( v1.19.1 ➔ v1.19.2 )#3712

Merged
binaryn3xus merged 1 commit intomainfrom
renovate/quay.io-jetstack-charts-cert-manager-1.x
Dec 12, 2025
Merged

fix(container): update image quay.io/jetstack/charts/cert-manager ( v1.19.1 ➔ v1.19.2 )#3712
binaryn3xus merged 1 commit intomainfrom
renovate/quay.io-jetstack-charts-cert-manager-1.x

Conversation

@unsc-oni-ancilla
Copy link
Contributor

@unsc-oni-ancilla unsc-oni-ancilla bot commented Dec 9, 2025

This PR contains the following updates:

Package Update Change
quay.io/jetstack/charts/cert-manager (source) patch v1.19.1 -> v1.19.2

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

cert-manager/cert-manager (quay.io/jetstack/charts/cert-manager)

v1.19.2

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We updated Go to fix some vulnerabilities in the standard library.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since v1.19.1
Bug or Regression
  • Address false positive vulnerabilities CVE-2025-47914 and CVE-2025-58181 which were reported by Trivy. (#​8283, @​SgtCoDFish)
  • Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#​8294, @​wallrj-cyberark)
  • Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#​8233, @​cert-manager-bot)
Other (Cleanup or Flake)

v1.19.2

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We updated Go to fix some vulnerabilities in the standard library.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since v1.19.1
Bug or Regression
  • Address false positive vulnerabilities CVE-2025-47914 and CVE-2025-58181 which were reported by Trivy. (#​8283, @​SgtCoDFish)
  • Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#​8294, @​wallrj-cyberark)
  • Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#​8233, @​cert-manager-bot)
Other (Cleanup or Flake)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@unsc-oni-ancilla
Copy link
Contributor Author

unsc-oni-ancilla bot commented Dec 9, 2025 

--- kubernetes/apps/cert-manager/cert-manager/app Kustomization: cert-manager/cert-manager OCIRepository: cert-manager/cert-manager

+++ kubernetes/apps/cert-manager/cert-manager/app Kustomization: cert-manager/cert-manager OCIRepository: cert-manager/cert-manager

@@ -11,9 +11,9 @@

 spec:
   interval: 5m
   layerSelector:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: v1.19.1
+    tag: v1.19.2
   url: oci://quay.io/jetstack/charts/cert-manager

@unsc-oni-ancilla
Copy link
Contributor Author

unsc-oni-ancilla bot commented Dec 9, 2025 

--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-cainjector
-        image: quay.io/jetstack/cert-manager-cainjector:v1.19.1
+        image: quay.io/jetstack/cert-manager-cainjector:v1.19.2
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --leader-election-namespace=kube-system
         ports:
         - containerPort: 9402
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

@@ -31,19 +31,19 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-controller
-        image: quay.io/jetstack/cert-manager-controller:v1.19.1
+        image: quay.io/jetstack/cert-manager-controller:v1.19.2
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --cluster-resource-namespace=$(POD_NAMESPACE)
         - --leader-election-namespace=kube-system
-        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.19.1
+        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.19.2
         - --max-concurrent-challenges=60
         - --dns01-recursive-nameservers-only=true
         - --dns01-recursive-nameservers=https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query
         ports:
         - containerPort: 9402
           name: http-metrics
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-webhook
-        image: quay.io/jetstack/cert-manager-webhook:v1.19.1
+        image: quay.io/jetstack/cert-manager-webhook:v1.19.2
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --secure-port=10250
         - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
         - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
--- HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck

+++ HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-startupapicheck
-        image: quay.io/jetstack/cert-manager-startupapicheck:v1.19.1
+        image: quay.io/jetstack/cert-manager-startupapicheck:v1.19.2
         imagePullPolicy: IfNotPresent
         args:
         - check
         - api
         - --wait=1m
         - -v

@unsc-oni-ancilla unsc-oni-ancilla bot force-pushed the renovate/quay.io-jetstack-charts-cert-manager-1.x branch from ed925bb to 7b6fc8b Compare December 11, 2025 17:18
@unsc-oni-ancilla unsc-oni-ancilla bot force-pushed the renovate/quay.io-jetstack-charts-cert-manager-1.x branch from 7b6fc8b to 4f06183 Compare December 12, 2025 02:15
@binaryn3xus binaryn3xus merged commit ee03901 into main Dec 12, 2025
11 checks passed
@binaryn3xus binaryn3xus deleted the renovate/quay.io-jetstack-charts-cert-manager-1.x branch December 12, 2025 02:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/bootstrap area/kubernetes Changes made in the kubernetes directory renovate/container type/patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@binaryn3xus