fix(helm): update chart cert-manager to v1.11.4

This MR contains the following updates:

Package	Update	Change
cert-manager	patch	v1.11.0 -> v1.11.4

---

Release Notes

cert-manager/cert-manager (cert-manager)

v1.11.4

Compare Source

Changes by Kind

Other (Cleanup or Flake)

• Resolved docker/docker trivy CVE alert (#​6164, @​inteon)
• Upgraded base images (#​6128, @​SgtCoDFish)

Dependencies

Changed

• github.com/docker/distribution: v2.8.1+incompatible → v2.8.2+incompatible

v1.11.3

Compare Source

v1.11.3 mostly contains ACME library changes. API Priority and Fairness feature is now disabled in the external webhook's extension apiserver.

Changes by Kind

Other (Cleanup or Flake)

• API Priority and Fairness controller is now disabled in extension apiserver for DNS webhook implementation. (#​6092, @​irbekrm)
• Adds a warning for folks to not use controller feature gates helm value to configure webhook feature gates (#​6101, @​irbekrm)

v1.11.2

Compare Source

Changelog since v1.11.1

Changes by Kind

Bug or Regression

• Build with go 1.19.9 (#​6014, @​SgtCoDFish)

Other (Cleanup or Flake)

• Bump the distroless base images (#​5930, @​maelvls)

• Bumps Docker libraries to fix vulnerability scan alert for CVE-2023-28840, CVE-2023-28841, CVE-2023-28842 (#​6037, @​irbekrm) Cert-manager was not actually affected by these CVEs which are all to do with Docker daemon's overlay network.

• Bumps Kube libraries v0.26.0 -> v0.26.4 (#​6038, @​irbekrm) This might help with running cert-manager v1.11 on Kubernetes v1.27, see #​6038

v1.11.1

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

In v1.11.1, we updated the base images used for cert-manager containers. In addition, the users of the Venafi issuer will see less certificates repeatedly failing.

If you are a user of Venafi TPP and have been having issues with the error message This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry, please use this version.

Changes since v1.11.0

Bug or Regression

• Bump helm and other dependencies to fix CVEs, along with upgrading go and base images (#​5815, @​SgtCoDFish)
• Bump the distroless base images (#​5930, @​maelvls)
• The auto-retry mechanism added in VCert 4.23.0 and part of cert-manager 1.11.0 (#​5674) has been found to be faulty. Until this issue is fixed upstream, we now use a patched version of VCert. This patch will slowdown the issuance of certificates by 9% in case of heavy load on TPP. We aim to release at an ulterior date a patch release of cert-manager to fix this slowdown. (#​5819, @​maelvls)
• Use a fake-kube apiserver version when generating helm template in cmctl x install, to work around a hardcoded Kubernetes version in Helm. (#​5726, @​SgtCoDFish)

Other (Cleanup or Flake)

• Bump keystore-go to v4.4.1 to work around an upstream rewrite of history (#​5730, @​SgtCoDFish)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.