Report charts with the following bad dependency specifications as bad charts:
dependencies:
- name: foo
alias: baz # ← baz used twice
version: 1.0.0
- name: bar
alias: baz # ← baz used twice
version: 1.0.0
dependencies:
- name: foo
alias: bar # ← shadows chart below
version: 1.0.0
- name: bar
version: 1.0.0
dependencies:
- name: foo
version: 1.0.0
- name: foo # ← chart with same name as above (although version or repo will be different, this will not work currently)
version: 1.2.3
Closes#9169
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
ref: https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx
* Skip invalid chart versions when reading the repository index file or
when programmatically adding a chart version.
* Adds semver validation and strips non-printable characters and
normalizes spaces for string fields in Metadata.Validate()
* Fixes a unit test that was pulling a remote repo. Now uses a local
repo.
* Fixes ignored error in repo update command
Signed-off-by: Adam Reese <adam@reese.io>
The chart type is added to differentiaite between an application chart
and a library chart. Library charts can be used as dependencies but are
not installable.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Remove helmVersion constraint from charts
* Guard compile time set variables behind `internal/`
* Allow configuration of UserAgent for HTTPGetter
Signed-off-by: Adam Reese <adam@reese.io>
Matt Farina
Daniel Strobusch
wujunwei
Adam Reese
Matt Butcher
Matthew Fisher
Martin Hickey