Mirror the v2 `TestLoadDirExceedsBudget` test for the v3 loader
to prevent budget enforcement regressions in either path.
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Use `os.Open` + `io.LimitReader` instead of `os.ReadFile` in
`ReadFileWithBudget` so a file that grows between stat and read
cannot allocate unbounded memory.
Also fix `MaxDecompressedFileSize` doc comment to reflect it is
unused/deprecated, add nil guard on remaining, and check
`os.Stat` errors in tests.
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Directory-based chart loading (`LoadDir`) used unbounded `os.ReadFile`
calls with no total size check. Archive loading already enforces
`MaxDecompressedChartSize` via a remaining-byte budget but directory
loading did not, leaving local charts and `file://` dependencies as
an unbounded memory path.
Add `ReadFileWithBudget` in the archive package and use it in both
v2 and v3 directory loaders so they track the same aggregate budget.
Ref: https://github.com/helm/helm/pull/31748#issuecomment-4138927643
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Remove MaxDecompressedFileSize as it's no longer necessary after
migrating to a maintained JSON schema library (santhosh-tekuri/jsonschema/v6).
The original limit was added to protect against vulnerabilities in an
unmaintained library.
The total decompressed chart size limit (MaxDecompressedChartSize) remains
to protect against other attack vectors.
Partially resolves#30738
Related:
- https://github.com/helm/helm/pull/30743
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
The toTOML doc comment said "returns empty string on marshal error"
but the implementation actually returns err.Error(). Fix the comment
to match the real behavior. Also mention mustToToml as the strict
alternative.
Signed-off-by: Ilya Kiselev <kis-ilya-a@yandex.ru>
Add `mustToToml` that panics on marshal error, consistent with
`mustToYaml` and `mustToJson`. This makes it possible for chart authors
to get a hard failure when TOML serialization fails, rather than having
to inspect the output manually.
`toToml` behavior is unchanged in this commit.
Closes#31430
Signed-off-by: Ilya Kiselev <kis-ilya-a@yandex.ru>
Remove pre-Go modules import path comments from pkg/kube test files
(ready_test.go, resource_test.go, statuswait_test.go) for consistency
with the rest of the package.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
Import path comments (e.g. `// import "helm.sh/helm/v4/pkg/kube"`) are
a pre-Go modules convention no longer needed in module-aware builds.
Some files in pkg/kube had these comments while others did not, causing
inconsistency that triggered downstream Kythe indexing errors.
Remove the import comments from all affected files to make the package
declaration consistent across the directory.
Fixes#31846
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: abhay1999 <abhaychaurasiya19@gmail.com>
Bump the OpenTelemetry Go SDK and related packages to fix
GO-2026-4394 (arbitrary code execution via PATH hijacking).
The vulnerable sdk@v1.36.0 is replaced with sdk@v1.40.0.
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
Bumps fluxcd/cli-utils from v0.37.1-flux.1 to v0.37.2-flux.1, which
includes a fix to exclude transient pod failures from controller
status (fluxcd/cli-utils#22).
This resolves intermittent failures with `helm upgrade --install` when
using the watcher wait strategy, where StatefulSets were prematurely
reported as Failed when pods were unschedulable (e.g., waiting for
cluster autoscaler/Karpenter to provision nodes). The upstream fix
treats unschedulable pods and pods being deleted during rolling updates
as transient states rather than terminal failures.
Fixes#31896
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
Benoit Tigeot
George Jenkins
Terry Howe
dependabot[bot]
Ilya Kiselev
Matthieu MOREL
abhay1999
tsinglua
Matheus Pimenta
Travis Leeden