Update Helm release cert-manager to v1.16.3 (main)

This MR contains the following updates:

Package	Update	Change
cert-manager (source)	patch	v1.16.2 -> v1.16.3

---

Release Notes

cert-manager/cert-manager (cert-manager)

v1.16.3

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.16.3 is a patch release mainly focused around bumping dependencies to address reported CVEs: CVE-2024-45337 and CVE-2024-45338.

We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners.

It also includes a bug fix to the new renewBeforePercentage field. If you were using renewBeforePercentage, see MR #​7421 for more information.

Changes

Bug

• Bump golang.org/x/net and golang.org/x/crypto to address CVE-2024-45337 and CVE-2024-45338 (#​7485, @​erikgb)
• Fix the behaviour of renewBeforePercentage to comply with its spec (#​7441, @​cert-manager-bot)

Other

• Bump go to 1.23.4 (#​7489, @​erikgb)
• Bump base images to latest available (#​7508, @​SgtCoDFish)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot Sylva instance.

CI configuration

Below you can choose test deployment variants to run in this MR's CI.

Click to open to CI configuration

Legend:

Icon	Meaning	Available values
☁️	Infra Provider	capd, capo, capm3
🚀	Bootstrap Provider	kubeadm (alias kadm), rke2
🐧	Node OS	ubuntu, suse
🛠️	Deployment Options	light-deploy, oci, ha, misc
🎬	Pipeline Scenarios	rolling-update, mgmt-rolling-update, k8s-upgrade, sylva-upgrade-from-x.x.x, simple-update, preview, nightly

• 🎬 preview ☁️ capd 🚀 kadm 🐧 ubuntu 🛠️ oci

• 🎬 preview ☁️ capo 🚀 rke2 🐧 suse

• 🎬 preview ☁️ capm3 🚀 rke2 🐧 ubuntu

• ☁️ capd 🚀 kadm 🛠️ light-deploy 🐧 ubuntu

• ☁️ capd 🚀 rke2 🛠️ oci,light-deploy 🐧 suse

• ☁️ capo 🚀 rke2 🛠️ oci 🐧 suse

• ☁️ capo 🚀 kadm 🛠️ oci 🐧 ubuntu

• ☁️ capo 🚀 rke2 🎬 rolling-update 🛠️ ha 🐧 ubuntu

• ☁️ capo 🚀 kadm 🎬 k8s-upgrade 🐧 ubuntu

• ☁️ capo 🚀 rke2 🎬 mgmt-rolling-update 🛠️ ha,misc 🐧 suse

• ☁️ capo 🚀 rke2 🎬 sylva-upgrade-from-1.3.x 🛠️ ha,misc 🐧 ubuntu

• ☁️ capm3 🚀 rke2 🐧 suse

• ☁️ capm3 🚀 kadm 🛠️ oci 🐧 ubuntu

• ☁️ capm3 🚀 kadm 🎬 mgmt-rolling-update 🛠️ ha,misc 🐧 ubuntu

• ☁️ capm3 🚀 rke2 🎬 k8s-upgrade 🛠️ ha 🐧 suse

• ☁️ capm3 🚀 kadm 🎬 rolling-update 🛠️ ha 🐧 ubuntu

• ☁️ capm3 🚀 rke2 🎬 sylva-upgrade-from-1.3.x 🛠️ misc,ha 🐧 suse

• ☁️ capm3 🚀 kadm 🎬 rolling-update 🛠️ ha 🐧 suse

Global config for deployment pipelines

• autorun pipelines
• allow failure on pipelines

Notes:

• Enabling autorun will make deployment pipelines to be run automatically without human interaction
• Disabling allow failure will make deployment pipelines mandatory for pipeline success.
• if both autorun and allow failure are disabled, deployment pipelines will need manual triggering but will be blocking the pipeline

Be aware: after configuration change, pipeline is not triggered automatically. Please run it manually (by clicking the run pipeline button in Pipelines tab) or push new code.

⚙️ If no checkbox is checked, a default pipeline will be enabled (capm3, or capo if capo label is set)