Bump github.com/cert-manager/cert-manager from 1.16.2 to 1.16.3

[dependabot]

Bumps github.com/cert-manager/cert-manager from 1.16.2 to 1.16.3.

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.16.3

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.16.3 is a patch release mainly focused around bumping dependencies to address reported CVEs: CVE-2024-45337 and CVE-2024-45338.

We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners.

It also includes a bug fix to the new renewBeforePercentage field. If you were using renewBeforePercentage, see PR #7421 for more information.

Changes

Bug

• Bump golang.org/x/net and golang.org/x/crypto to address CVE-2024-45337 and CVE-2024-45338 (#7485, @​erikgb)
• Fix the behaviour of renewBeforePercentage to comply with its spec (#7441, @​cert-manager-bot)

Other

• Bump go to 1.23.4 (#7489, @​erikgb)
• Bump base images to latest available (#7508, @​SgtCoDFish)

Commits

• 1694b11 Merge pull request #7508 from SgtCoDFish/release-1.16-bumpbase
• 6951e56 [release-1.16] bump base images
• b22baa1 Merge pull request #7489 from erikgb/bump-go-images
• 160d604 Bump go to 1.23.4 and bump base images to latest available
• e31f418 Merge pull request #7485 from erikgb/fix-CVE-2024-45337
• 9c7ddb7 Bump golang.org/x/net to address CVE-2024-45337 and CVE-2024-45338
• c3ed813 Merge pull request #7441 from cert-manager-bot/cherry-pick-7421-to-release-1.16
• 2b08851 Fix renewBeforePercentage to comply with its spec
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)