fix(deps): update module github.com/cert-manager/cert-manager to v1.19.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/cert-manager/cert-manager	v1.18.2 -> v1.19.1

---

Release Notes

cert-manager/cert-manager (github.com/cert-manager/cert-manager)

v1.19.1

Compare Source

v1.19.0

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ Known issues: We are working on a patch to fix the following issues:

• Unexpected certificate renewal after upgrading to 1.19.0

This release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues.

📖 Read the full release notes at cert-manager.io: https://cert-manager.io/docs/releases/release-notes/release-notes-1.19

Changes since v1.18.0:

Feature

• Add IPv6 rules to the default network policy (#​7726, @​jcpunk)
• Add global.nodeSelector to helm chart to allow for a single nodeSelector to be set across all services. (#​7818, @​StingRayZA)
• Add a feature gate to default to Ingress pathType Exact in ACME HTTP01 Ingress challenge solvers. (#​7795, @​sspreitzer)
• Add generated applyconfigurations allowing clients to make type-safe server-side apply requests for cert-manager resources. (#​7866, @​erikgb)
• Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). (#​7414, @​erikgb)
• Added certmanager_certificate_challenge_status Prometheus metric. (#​7736, @​hjoshi123)
• Added protocol field for rfc2136 DNS01 provider (#​7881, @​hjoshi123)
• Added experimental field hostUsers flag to all pods. Not set by default. (#​7973, @​hjoshi123)
• Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global --acme-http01-solver-resource-* settings. (#​7972, @​lunarwhite)
• The CAInjectorMerging feature has been promoted to BETA and is now enabled by default (#​8017, @​ThatsMrTalbot)
• The controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. (#​8072, @​prasad89)
• Updated certificate metrics to the collector approach. (#​7856, @​hjoshi123)

Bug or Regression

• ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization (#​7796, @​hjoshi123)
• BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#​7816, @​kinolaev)
• Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (class, ingressClassName, name) are specified simultaneously (#​8021, @​lunarwhite)
• Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#​7961, @​SgtCoDFish)
• Reverted adding the global.rbac.disableHTTPChallengesRole Helm option. (#​7836, @​inteon)
• This change removes the path label of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. (#​8109, @​mladen-rusev-cyberark)
• Use the latest version of ingress-nginx in E2E tests to ensure compatibility (#​7792, @​wallrj)

Other (Cleanup or Flake)

• Helm: Fix naming template of tokenrequest RoleBinding resource to improve consistency (#​7761, @​lunarwhite)
• Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (#​7928, @​SgtCoDFish)
• Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (#​8003, @​hjoshi123)
• Update kind images to include the Kubernetes 1.33 node image (#​7786, @​wallrj)
• Use maps.Copy for cleaner map handling (#​8092, @​quantpoet)
• Vault: Migrate Vault E2E add-on tests from deprecated vault-client-go to the new vault/api client. (#​8059, @​armagankaratosun)

v1.18.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: install-tool golang 1.24.9