chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
anchore/sbom-action	action	minor	v0.17.8 -> v0.18.0
github.com/cert-manager/cert-manager	require	minor	v1.16.2 -> v1.17.0
github.com/stackitcloud/stackit-sdk-go/core	require	minor	v0.14.0 -> v0.15.1
github.com/stackitcloud/stackit-sdk-go/services/dns	require	patch	v0.12.0 -> v0.12.1
github/codeql-action	action	minor	v2.27.7 -> v2.28.1
helm/chart-releaser-action	action	minor	v1.6.0 -> v1.7.0
k8s.io/api	require	minor	v0.31.4 -> v0.32.1
k8s.io/apiextensions-apiserver	require	minor	v0.31.4 -> v0.32.1
k8s.io/apimachinery	require	minor	v0.31.4 -> v0.32.1
k8s.io/client-go	require	minor	v0.31.4 -> v0.32.1
sigs.k8s.io/structured-merge-diff/v4	replace	minor	v4.4.3 -> v4.5.0
step-security/harden-runner	action	patch	v2.10.2 -> v2.10.4

---

Release Notes

anchore/sbom-action (anchore/sbom-action)

v0.18.0

Compare Source

Changes in v0.18.0

• chore(deps): update Syft to v1.19.0 (#​513)
  • See Syft changelog for latest changes

v0.17.9

Compare Source

Changes in v0.17.9

• chore(deps): update Syft to v1.18.1 (#​510) [anchore-actions-token-generator]
• chore(deps): update Syft to v1.18.0 (#​509) [anchore-actions-token-generator]

cert-manager/cert-manager (github.com/cert-manager/cert-manager)

v1.17.0

Compare Source

v1.16.3

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.16.3 is a patch release mainly focused around bumping dependencies to address reported CVEs: CVE-2024-45337 and CVE-2024-45338.

We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners.

It also includes a bug fix to the new renewBeforePercentage field. If you were using renewBeforePercentage, see PR #​7421 for more information.

Changes

Bug

• Bump golang.org/x/net and golang.org/x/crypto to address CVE-2024-45337 and CVE-2024-45338 (#​7485, @​erikgb)
• Fix the behaviour of renewBeforePercentage to comply with its spec (#​7441, @​cert-manager-bot)

Other

• Bump go to 1.23.4 (#​7489, @​erikgb)
• Bump base images to latest available (#​7508, @​SgtCoDFish)

github/codeql-action (github/codeql-action)

v2.28.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

This is the last planned release of the v2. To continue getting updates for the CodeQL Action, please switch to v3.

2.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #​2677
• Update default CodeQL bundle version to 2.20.1. #​2678

See the full CHANGELOG.md for more information.

v2.28.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

This is the last planned release of the v2. To continue getting updates for the CodeQL Action, please switch to v3.

2.28.0 - 20 Dec 2024

• Bump the minimum CodeQL bundle version to 2.15.5. #​2655
• Don't fail in the unusual case that a file is on the search path. #​2660.

See the full CHANGELOG.md for more information.

v2.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v2.27.8

Compare Source

helm/chart-releaser-action (helm/chart-releaser-action)

v1.7.0

Compare Source

For cr changes see https://github.com/helm/chart-releaser/releases/tag/v1.7.0

What's Changed

• Add --skip-upload input with latest helm/chart-releaser-action by @​acuD1 in https://github.com/helm/chart-releaser-action/pull/143
• Update checkout action to v4 tag in README.md by @​maarten-blokker in https://github.com/helm/chart-releaser-action/pull/187
• Fix indention by @​3schwartz in https://github.com/helm/chart-releaser-action/pull/203
• update cr to v1.7.0 by @​cpanato in https://github.com/helm/chart-releaser-action/pull/220

New Contributors

• @​acuD1 made their first contribution in https://github.com/helm/chart-releaser-action/pull/143
• @​maarten-blokker made their first contribution in https://github.com/helm/chart-releaser-action/pull/187
• @​3schwartz made their first contribution in https://github.com/helm/chart-releaser-action/pull/203

Full Changelog: helm/chart-releaser-action@v1...v1.7.0

kubernetes/api (k8s.io/api)

v0.32.1

Compare Source

v0.32.0

Compare Source

v0.31.5

Compare Source

kubernetes/apiextensions-apiserver (k8s.io/apiextensions-apiserver)

v0.32.1

Compare Source

v0.32.0

Compare Source

v0.31.5

Compare Source

kubernetes/apimachinery (k8s.io/apimachinery)

v0.32.1

Compare Source

v0.32.0

Compare Source

v0.31.5

Compare Source

kubernetes/client-go (k8s.io/client-go)

v0.32.1

Compare Source

v0.32.0

Compare Source

v0.31.5

Compare Source

kubernetes-sigs/structured-merge-diff (sigs.k8s.io/structured-merge-diff/v4)

v4.5.0

Compare Source

step-security/harden-runner (step-security/harden-runner)

v2.10.4

Compare Source

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

Compare Source

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 37 additional dependencies were updated

Details:

Package	Change
github.com/google/cel-go	v0.21.0 -> v0.22.1
github.com/google/gnostic-models	v0.6.9-0.20230804172637-c7be7c783f49 -> v0.6.9
github.com/grpc-ecosystem/grpc-gateway/v2	v2.23.0 -> v2.25.1
github.com/mailru/easyjson	v0.7.7 -> v0.9.0
github.com/prometheus/common	v0.60.1 -> v0.61.0
go.etcd.io/etcd/api/v3	v3.5.16 -> v3.5.17
go.etcd.io/etcd/client/pkg/v3	v3.5.16 -> v3.5.17
go.etcd.io/etcd/client/v3	v3.5.16 -> v3.5.17
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	v0.56.0 -> v0.58.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.56.0 -> v0.58.0
go.opentelemetry.io/otel	v1.31.0 -> v1.33.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	v1.31.0 -> v1.33.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	v1.31.0 -> v1.33.0
go.opentelemetry.io/otel/metric	v1.31.0 -> v1.33.0
go.opentelemetry.io/otel/sdk	v1.31.0 -> v1.33.0
go.opentelemetry.io/otel/trace	v1.31.0 -> v1.33.0
go.opentelemetry.io/proto/otlp	v1.3.1 -> v1.4.0
golang.org/x/crypto	v0.28.0 -> v0.31.0
golang.org/x/exp	v0.0.0-20241009180824-f66d83c29e7c -> v0.0.0-20241217172543-b2144cdd0a67
golang.org/x/mod	v0.21.0 -> v0.22.0
golang.org/x/net	v0.30.0 -> v0.33.0
golang.org/x/oauth2	v0.23.0 -> v0.24.0
golang.org/x/sync	v0.8.0 -> v0.10.0
golang.org/x/sys	v0.26.0 -> v0.28.0
golang.org/x/term	v0.25.0 -> v0.27.0
golang.org/x/text	v0.19.0 -> v0.21.0
golang.org/x/time	v0.7.0 -> v0.8.0
golang.org/x/tools	v0.26.0 -> v0.28.0
google.golang.org/genproto/googleapis/api	v0.0.0-20241104194629-dd2ea8efbc28 -> v0.0.0-20241219192143-6b3ec007d9bb
google.golang.org/genproto/googleapis/rpc	v0.0.0-20241104194629-dd2ea8efbc28 -> v0.0.0-20241219192143-6b3ec007d9bb
google.golang.org/grpc	v1.67.1 -> v1.69.2
google.golang.org/protobuf	v1.35.1 -> v1.36.0
k8s.io/apiserver	v0.31.4 -> v0.32.1
k8s.io/component-base	v0.31.4 -> v0.32.1
k8s.io/kms	v0.31.4 -> v0.32.1
k8s.io/kube-openapi	v0.0.0-20241105132330-32ad38e42d3f -> v0.0.0-20241212222426-2c72e554b1e7
sigs.k8s.io/apiserver-network-proxy/konnectivity-client	v0.31.0 -> v0.31.1