chore(deps): bump github.com/cert-manager/cert-manager from 1.12.4 to 1.13.0

[dependabot]

Bumps github.com/cert-manager/cert-manager from 1.12.4 to 1.13.0.

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.13.0-beta.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

Welcome to the first beta of the coming 1.13 release of cert-manager!

🌟 This version is a pre-release version intended for testing. It might not be suitable for production uses.

Changes since v1.13.0-alpha.0

Feature gate promotions

• Promoted the StableCertificateRequestName and SecretsFilteredCaching feature gates to Beta (enabled by default). (#6298, @​inteon)

Feature

• Add view permissions to the well-known (Openshift) user-facing cluster-reader aggregated cluster role (#6241, @​erikgb)
• Certificate Shim: distinguish dns names and ip address in certificate (#6267, @​zhangzhiqiangcs)
• Make enableServiceLinks configurable for all Deployments and startupapicheck Job in Helm chart. (#6292, @​ubergesundheit)
• The cert-manager controller options are now configurable using a configuration file. (#5337, @​AcidLeroy)
• The pki CertificateTemplate functions now perform validation of the CSR blob, making sure we sign a Certificate that matches the IsCA and (Extended)KeyUsages that are defined in the CertificateRequest resource. (#6199, @​inteon)
• [helm] Add prometheus.servicemonitor.endpointAdditionalProperties to define additional properties on a ServiceMonitor endpoint, e.g. relabelings (#6110, @​jkroepke)
• Add support for logging options to webhook config file. (#6243, @​inteon)

Bug or Regression

• Allow overriding default pdb .minAvailable with .maxUnavailable without setting .minAvailable to null (#6087, @​rouke-broersma)
• BUGFIX[cainjector]: 1-character bug was causing invalid log messages and a memory leak (#6232, @​inteon)
• Fix indentation of Webhook NetworkPolicy matchLabels in helm chart. (#6220, @​ubergesundheit)
• Fixed Cloudflare DNS01 challenge provider race condition when validating multiple domains (#6191, @​Richardds)
• Fixes an issue where cert-manager would incorrectly reject two IP addresses as being unequal when they should have compared equal. This would be most noticeable when using an IPv6 address which doesn't match how Go's net.IP.String() function would have printed that address. (#6293, @​SgtCoDFish)
• ⚠️ possibly breaking: Webhook validation of CertificateRequest resources is stricter now: all KeyUsages and ExtendedKeyUsages must be defined directly in the CertificateRequest resource, the encoded CSR can never contain more usages that defined there. (#6182, @​inteon)

Other (Cleanup or Flake)

• A subset of the klogs flags have been deprecated and will be removed in the future. (#5879, @​maelvls)
• Cert-manager will now re-issue a certificate if the public key in the latest CertificateRequest resource linked to a Certificate resource does not match the public key of the key encoded in the Secret linked to that Certificate resource (#6168, @​inteon)
• Chore: When hostNetwork is enabled, dnsPolicy is now set to ClusterFirstWithHostNet. (#6156, @​kahirokunn)
• Cleanup the controller configfile structure by introducing sub-structs. (#6242, @​inteon)
• Helm: Add apache 2.0 license annotation (#6225, @​arukiidou)
• Simplified the flag and configfile parsing. (#6244, @​inteon)
• The SecretPostIssuancePolicyChain now also makes sure that the cert-manager.io/common-name, cert-manager.io/alt-names, ... annotations on Secrets are kept at their correct value. (#6176, @​inteon)
• The cmctl logging has been improved and support for json logging has been added. (#6247, @​inteon)
• Updates Kubernetes libraries to v0.27.4. (#6227, @​lucacome)
• We now only check that the issuer name, kind and group annotations on a Secret match in case those annotations are set. (#6152, @​inteon)

v1.13.0-alpha.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

Welcome to the first alpha of the coming 1.13 release of cert-manager! In this release, you will be able to test the new DNS-over-HTTPS feature.

... (truncated)

Commits

• d34bd7a Merge pull request #6339 from inteon/release-1.13_cmrel
• 37d3b66 update cert-manager version imported by cmctl to the latest 'release-1.13' co...
• a7a7fab Merge pull request #6338 from jetstack-bot/cherry-pick-6332-to-release-1.13
• d540b36 upgrade dependencies
• 84d51a1 Merge pull request #6335 from jetstack-bot/cherry-pick-6333-to-release-1.13
• 2bf89ee fix trivy CVE alert for cyphar/filepath-securejoin
• 156c25d Merge pull request #6320 from inteon/upgrade_docker
• 2d4ee5c upgrade docker dependencies
• e1f6498 Merge pull request #6319 from inteon/upgrade_cert-manager_ctl_dependency
• 079b329 upgrade cert-manager to latest master digest
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)