Bump the all group with 8 updates

[dependabot]

Bumps the all group with 8 updates:

Package	From	To
github.com/cert-manager/cert-manager	1.13.2	1.13.3
github.com/cert-manager/csi-lib	0.5.0	0.6.0
github.com/go-logr/logr	1.3.0	1.4.1
github.com/onsi/ginkgo/v2	2.13.0	2.14.0
k8s.io/api	0.28.4	0.29.0
k8s.io/cli-runtime	0.28.4	0.29.0
k8s.io/component-base	0.28.4	0.29.0
k8s.io/klog/v2	2.110.1	2.120.0

Updates github.com/cert-manager/cert-manager from 1.13.2 to 1.13.3

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.13.3

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ Read about the breaking changes in cert-manager 1.13 before you upgrade from a < v1.13 version!

This patch release contains fixes for the following security vulnerabilities in the cert-manager-controller:

• GO-2023-2334: Decryption of malicious PBES2 JWE objects can consume unbounded system resources.

If you use ArtifactHub Security report or trivy, this patch will also silence the following warning about a vulnerability in code which is imported but not used by the cert-manager-controller:

• CVE-2023-47108: DoS vulnerability in otelgrpc due to unbound cardinality metrics.

An ongoing security audit of cert-manager suggested some changes to the webhook code to mitigate DoS attacks, and these are included in this patch release.

Changes

Bug or Regression

• The webhook server now returns HTTP error 413 (Content Too Large) for requests with body size >= 3MiB. This is to mitigate DoS attacks that attempt to crash the webhook process by sending large requests that exceed the available memory. (#6507, @​inteon)
• The webhook server now returns HTTP error 400 (Bad Request) if the request contains an empty body. (#6507, @​inteon)
• The webhook server now returns HTTP error 500 (Internal Server Error) rather than crashing, if the code panics while handling a request. (#6507, @​inteon)
• Mitigate potential "Slowloris" attacks by setting ReadHeaderTimeout in all http.Server instances. (#6538, @​wallrj)
• Upgrade Go modules: otel, docker, and jose to fix CVE alerts. See GHSA-8pgv-569h-w5rw, GHSA-jq35-85cj-fj4p, and GHSA-2c7c-3mj9-8fqh. (#6514, @​inteon)

Dependencies

Added

Nothing has changed.

Changed

• cloud.google.com/go/firestore: v1.11.0 → v1.12.0
• cloud.google.com/go: v0.110.6 → v0.110.7
• github.com/felixge/httpsnoop: v1.0.3 → v1.0.4
• github.com/go-jose/go-jose/v3: v3.0.0 → v3.0.1
• github.com/go-logr/logr: v1.2.4 → v1.3.0
• github.com/golang/glog: v1.1.0 → v1.1.2
• github.com/google/go-cmp: v0.5.9 → v0.6.0
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.45.0 → v0.46.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.44.0 → v0.46.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/metric: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/sdk: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/trace: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel: v1.19.0 → v1.20.0
• go.uber.org/goleak: v1.2.1 → v1.3.0
• golang.org/x/sys: v0.13.0 → v0.14.0
• google.golang.org/genproto/googleapis/api: f966b18 → b8732ec
• google.golang.org/genproto: f966b18 → b8732ec
• google.golang.org/grpc: v1.58.3 → v1.59.0

... (truncated)

Commits

• 876e386 Merge pull request #6538 from wallrj/backport-6534-to-release-1.13
• d080cec Add ReadHeaderTimeout to all http.Server where that setting is missing
• d1e2d25 Merge pull request #6514 from inteon/release-1.13_bump
• 9f704ed upgrade otel, docker and jose to fix CVE alerts
• 751e082 Merge pull request #6507 from jetstack-bot/cherry-pick-6498-to-release-1.13
• 0ad1184 limit webhook admission input
• 895a19e Merge pull request #6484 from jetstack-bot/cherry-pick-6479-to-release-1.13
• d8e97d4 Use explicit debian version for base images
• e997b73 Merge pull request #6480 from jetstack-bot/cherry-pick-6477-to-release-1.13
• 53520d1 regenerate hardcoded certs
• See full diff in compare view

Updates github.com/cert-manager/csi-lib from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/cert-manager/csi-lib's releases.

v0.6.0

What's Changed

• Add timeout to renewal issuance logic by @​7ing in cert-manager/csi-lib#46
• Add dependabot GH job by @​inteon in cert-manager/csi-lib#52
• Update OWNERS file based on cert-manager owners file by @​inteon in cert-manager/csi-lib#54
• Revert "add dependabot" by @​inteon in cert-manager/csi-lib#55
• Bump golang.org/x/net by @​inteon in cert-manager/csi-lib#56
• add pending request cache to allow for resuming in-flight requests that take longer than a single issuance cycle by @​munnerz in cert-manager/csi-lib#51
• Upgrade golang to 1.21 by @​7ing in cert-manager/csi-lib#57

New Contributors

• @​inteon made their first contribution in cert-manager/csi-lib#52

Full Changelog: cert-manager/csi-lib@v0.5.0...v0.6.0

Commits

• 9811918 Merge pull request #57 from 7ing/upgrade-go-1.21
• 4e980eb fix flaky test for cleanupStaleRequests
• e0fc06e Upgrade golang to 1.21
• b58fb32 Merge pull request #51 from munnerz/resume-pending-requests
• 0ce8db0 fix exponential backoff test handling
• 60a2d87 acquire requestToPrivateKey lock at the start of the event handler
• 1885342 address review feedback
• 6b92c3b return early if we fail to list requests from lister in janitor job
• a71341e testing: set logger verbosity to 999999
• 4c00ad3 fixup cleanupStaleRequests
• Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.3.0 to 1.4.1

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.1

What's Changed

• slogr: fix unintended API break in v1.4.0 by @​pohly in go-logr/logr#253

Full Changelog: go-logr/logr@v1.4.0...v1.4.1

v1.4.0

This release dramatically improves interoperability with Go's log/slog package. In particular, logr.NewContext and logr.NewContextWithSlogLogger use the same context key, which allows logr.FromContext and logr.FromContextAsSlogLogger to return logr.Logger or *slog.Logger respectively, including transparently converting each to the other as needed.

Functions logr/slogr.NewLogr and logr/slogr.ToSlogHandler have been superceded by logr.FromSlogHandler and logr.ToSlogHandler respectively, and type logr/slogr.SlogSink has been superceded by logr.SlogSink. All of the old names in logr/slogr remain, for compatibility.

Package logr/funcr now supports logr.SlogSink, meaning that it's output passes all but one of the Slog conformance tests (that exception being that funcr handles the timestamp itself).

Users who have a logr.Logger and need a *slog.Logger can call slog.New(logr.ToSlogHandler(...)) and all output will go through the same stack.

Users who have a *slog.Logger or slog.Handler can call logr.FromSlogHandler(...) and all output will go through the same stack.

What's Changed

• slog context support by @​pohly in go-logr/logr#237
• slog support: fix WithGroup + WithValues combination by @​pohly in go-logr/logr#243
• Add tests for context with slog by @​thockin in go-logr/logr#246
• sloghandler: unnamed groups should be inlined by @​thockin in go-logr/logr#245
• Add SlogSink support to funcr by @​thockin in go-logr/logr#241
• funcr: Add LogInfoLevel Option to skip logging level in the info log by @​spacewander in go-logr/logr#240

New Contributors

• @​spacewander made their first contribution in go-logr/logr#240

Full Changelog: go-logr/logr@v1.3.0...v1.4.0

Commits

• dcdc3f2 slogr: fix unintended API break in v0.8.0 (#253)
• 5d88f52 funcr: Add LogInfoLevel Option to skip logging level in the info log (#240)
• 177005d build(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0
• e7f489a build(deps): bump github/codeql-action from 2.22.9 to 3.22.11
• cf56c3b build(deps): bump actions/setup-go from 4 to 5
• 2ad296e build(deps): bump github/codeql-action from 2.22.8 to 2.22.9
• d55b4e2 Merge pull request #241 from thockin/master
• 98ee9d9 Clean up slog testing and restore coverage
• b228ba8 Break examples to new file
• 6432877 Add benchmarks for slogSink
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.13.0 to 2.14.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.14.0

2.14.0

Features

You can now use GinkgoTB() when you need an instance of testing.TB to pass to a library.

Prior to this release table testing only supported generating individual Its for each test entry. DescribeTableSubtree extends table testing support to entire testing subtrees - under the hood DescrieTableSubtree generates a new container for each entry and invokes your function to fill our the container. See the docs to learn more.

• Introduce DescribeTableSubtree [65ec56d]
• add GinkgoTB() to docs [4a2c832]
• Add GinkgoTB() function (#1333) [92b6744]

Fixes

• Fix typo in internal/suite.go (#1332) [beb9507]
• Fix typo in docs/index.md (#1319) [4ac3a13]
• allow wasm to compile with ginkgo present (#1311) [b2e5bc5]

Maintenance

• Bump golang.org/x/tools from 0.16.0 to 0.16.1 (#1316) [465a8ec]
• Bump actions/setup-go from 4 to 5 (#1313) [eab0e40]
• Bump github/codeql-action from 2 to 3 (#1317) [fbf9724]
• Bump golang.org/x/crypto (#1318) [3ee80ee]
• Bump golang.org/x/tools from 0.14.0 to 0.16.0 (#1306) [123e1d5]
• Bump github.com/onsi/gomega from 1.29.0 to 1.30.0 (#1297) [558f6e0]
• Bump golang.org/x/net from 0.17.0 to 0.19.0 (#1307) [84ff7f3]

v2.13.2

2.13.2

Fixes

• Fix file handler leak (#1309) [e2e81c8]
• Avoid allocations with (*regexp.Regexp).MatchString (#1302) [3b2a2a7]

v2.13.1

2.13.1

Fixes

• 1296 fix(precompiled test guite): exec bit check omitted on Windows (#1301) [26eea01]

Maintenance

• Bump github.com/go-logr/logr from 1.2.4 to 1.3.0 (#1291) [7161a9d]
• Bump golang.org/x/sys from 0.13.0 to 0.14.0 (#1295) [7fc7b10]
• Bump golang.org/x/tools from 0.12.0 to 0.14.0 (#1282) [74bbd65]
• Bump github.com/onsi/gomega from 1.27.10 to 1.29.0 (#1290) [9373633]
• Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#1286) [6e3cf65]

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.14.0

Features

You can now use GinkgoTB() when you need an instance of testing.TB to pass to a library.

Prior to this release table testing only supported generating individual Its for each test entry. DescribeTableSubtree extends table testing support to entire testing subtrees - under the hood DescrieTableSubtree generates a new container for each entry and invokes your function to fill our the container. See the docs to learn more.

• Introduce DescribeTableSubtree [65ec56d]
• add GinkgoTB() to docs [4a2c832]
• Add GinkgoTB() function (#1333) [92b6744]

Fixes

• Fix typo in internal/suite.go (#1332) [beb9507]
• Fix typo in docs/index.md (#1319) [4ac3a13]
• allow wasm to compile with ginkgo present (#1311) [b2e5bc5]

Maintenance

• Bump golang.org/x/tools from 0.16.0 to 0.16.1 (#1316) [465a8ec]
• Bump actions/setup-go from 4 to 5 (#1313) [eab0e40]
• Bump github/codeql-action from 2 to 3 (#1317) [fbf9724]
• Bump golang.org/x/crypto (#1318) [3ee80ee]
• Bump golang.org/x/tools from 0.14.0 to 0.16.0 (#1306) [123e1d5]
• Bump github.com/onsi/gomega from 1.29.0 to 1.30.0 (#1297) [558f6e0]
• Bump golang.org/x/net from 0.17.0 to 0.19.0 (#1307) [84ff7f3]

2.13.2

Fixes

• Fix file handler leak (#1309) [e2e81c8]
• Avoid allocations with (*regexp.Regexp).MatchString (#1302) [3b2a2a7]

2.13.1

Fixes

• 1296 fix(precompiled test guite): exec bit check omitted on Windows (#1301) [26eea01]

Maintenance

• Bump github.com/go-logr/logr from 1.2.4 to 1.3.0 (#1291) [7161a9d]
• Bump golang.org/x/sys from 0.13.0 to 0.14.0 (#1295) [7fc7b10]
• Bump golang.org/x/tools from 0.12.0 to 0.14.0 (#1282) [74bbd65]
• Bump github.com/onsi/gomega from 1.27.10 to 1.29.0 (#1290) [9373633]
• Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#1286) [6e3cf65]

Commits

• beaf16d v2.14.0
• 4a2c832 add GinkgoTB() to docs
• 92b6744 Add GinkgoTB() function (#1333)
• beb9507 Fix typo in internal/suite.go (#1332)
• 65ec56d Introduce DescribeTableSubtree
• 4ac3a13 Fix typo in docs/index.md (#1319)
• 465a8ec Bump golang.org/x/tools from 0.16.0 to 0.16.1 (#1316)
• eab0e40 Bump actions/setup-go from 4 to 5 (#1313)
• fbf9724 Bump github/codeql-action from 2 to 3 (#1317)
• 3ee80ee Bump golang.org/x/crypto (#1318)
• Additional commits viewable in compare view

Updates k8s.io/api from 0.28.4 to 0.29.0

Commits

• 12b5cfd Update dependencies to v0.29.0 tag
• 0d77c34 Merge remote-tracking branch 'origin/master' into release-1.29
• bb0a75c add beta comment for pod replacement policy
• 0099855 update go.mod
• d4b94f4 Merge pull request #121765 from mimowo/ready-pods-stable-api
• 8391a3f Merge pull request #121764 from mimowo/backoff-limit-per-index-beta-api
• 7e58e00 Fix API comment for the Job ready field
• 5a2bc70 Fix API comment for the FailIndex Job pod failure policy action
• cca653e Merge pull request #113374 from ahmedtd/kep-3257-projected-types
• d23b507 Regenerate for ClusterTrustBundlePEM projected volume API
• Additional commits viewable in compare view

Updates k8s.io/cli-runtime from 0.28.4 to 0.29.0

Commits

• 1598c61 Update dependencies to v0.29.0 tag
• 907531b update go.mod
• c19cbcf Merge pull request #121552 from pohly/klog-update
• 0c0de4e dependencies: klog v2.110.1
• a832cfb Merge pull request #121575 from apelisse/update-smd
• 5ae4381 Update sigs.k8s.io/structured-merge-diff to v4.4.1
• 7a70979 Merge pull request #121524 from carlory/gomega
• ed5a8bd bump gomega to 1.29.0
• b52809d Merge pull request #121338 from dims/working-otel-bump
• 9fa1f3b working-config-otel
• Additional commits viewable in compare view

Updates k8s.io/component-base from 0.28.4 to 0.29.0

Commits

• 5ad21f8 Update dependencies to v0.29.0 tag
• d0ec94f update go.mod
• 4b80811 Merge pull request #121573 from tukwila/bump_etcd_v3.5.10
• 03390ea Merge pull request #121552 from pohly/klog-update
• e2d9103 bump to newest etcd: v3.5.10
• 82fd1cf dependencies: klog v2.110.1
• 36eaf6a Merge pull request #121575 from apelisse/update-smd
• 4692b3e Update sigs.k8s.io/structured-merge-diff to v4.4.1
• 7eefecf Merge pull request #121524 from carlory/gomega
• 72191fa bump gomega to 1.29.0
• Additional commits viewable in compare view

Updates k8s.io/klog/v2 from 2.110.1 to 2.120.0

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.30 (Take 1)

What's Changed

• OWNERS: remove serathius, add mengjiao-liu, promote pohly by @​pohly in kubernetes/klog#394
• docs: clarify relationship between different features by @​pohly in kubernetes/klog#395
• Add SafePtr wrapper by @​kaisoz in kubernetes/klog#393
• logr v1.4.1 + SetSlogLogger by @​pohly in kubernetes/klog#396

New Contributors

• @​kaisoz made their first contribution in kubernetes/klog#393

Full Changelog: kubernetes/klog@v2.110.1...v2.120.0

Commits

• 2d08296 Merge pull request #396 from pohly/slog-helper
• e4deee8 slog: use main logr package instead of logr/slogr
• 5d1d2d5 add SetSlogLogger
• 39afdba dependencies: logr v1.4.1
• 2086216 Merge pull request #393 from kaisoz/add-safeptr
• 881fa0b Add SafePtr wrapper
• 8dd3f2e Merge pull request #395 from pohly/readme-update
• d3dd725 docs: clarify relationship between different features
• 761b630 Merge pull request #394 from pohly/owners-update
• f33bd6c OWNERS: remove serathius, add mengjiao-liu, promote pohly
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[jetstack-bot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[inteon]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[inteon]

/approve
/lgtm

[jetstack-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: inteon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [inteon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[inteon]

/retest