5c3cb20e76
Merge pull request #32194 from helm/dependabot/go_modules/main/golang.org/x/crypto-0.53.0
...
chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0
7 days ago
f4fa06e2d9
Merge pull request #32201 from helm/dependabot/go_modules/main/oras.land/oras-go/v2-2.6.1
...
chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1
1 week ago
74c1702157
chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1
...
Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go ) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/oras-project/oras-go/releases )
- [Commits](https://github.com/oras-project/oras-go/compare/v2.6.0...v2.6.1 )
---
updated-dependencies:
- dependency-name: oras.land/oras-go/v2
dependency-version: 2.6.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
1 week ago
33b4071886
chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.52.0 to 0.53.0.
- [Commits](https://github.com/golang/crypto/compare/v0.52.0...v0.53.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-version: 0.53.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
1 week ago
22905ca019
Merge pull request #32190 from helm/dependabot/go_modules/main/golang.org/x/term-0.44.0
...
chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0
1 week ago
1019146bb3
chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.43.0 to 0.44.0.
- [Commits](https://github.com/golang/term/compare/v0.43.0...v0.44.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-version: 0.44.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
1 week ago
1df252176d
Merge pull request #32192 from helm/dependabot/go_modules/main/golang.org/x/text-0.38.0
...
chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0
1 week ago
e5efe067ed
Merge pull request #31758 from benoittgt/fix-31757
...
fix: prevent warning when using version range constraints
1 week ago
7f855dfe8a
chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.37.0 to 0.38.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-version: 0.38.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
1 week ago
d77bc716ba
Merge pull request #32181 from helm/dependabot/github_actions/main/github/codeql-action-4.36.2
...
chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2
2 weeks ago
c603c50aa6
chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.36.1 to 4.36.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](87557b9c84...8aad20d150
2 weeks ago
827a960ec1
Merge pull request #32177 from helm/dependabot/github_actions/main/github/codeql-action-4.36.1
...
chore(deps): bump github/codeql-action from 4.36.0 to 4.36.1
2 weeks ago
f8abbfd7d4
chore(deps): bump github/codeql-action from 4.36.0 to 4.36.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.36.0 to 4.36.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7211b7c807...87557b9c84
2 weeks ago
59b57c5c31
Merge pull request #31885 from mmorel-35/whitespace
...
chore: fix whitespace linter
3 weeks ago
fc2e27e448
Merge pull request #32081 from TerryHowe/fix/statuswait-delete-race
...
fix(kube): prevent spurious early exit in WaitForDelete during informer sync
3 weeks ago
52cf204095
Merge pull request #32174 from helm/dependabot/go_modules/main/github.com/tetratelabs/wazero-1.12.0
...
chore(deps): bump github.com/tetratelabs/wazero from 1.11.0 to 1.12.0
3 weeks ago
3aa1b742b9
chore(deps): bump github.com/tetratelabs/wazero from 1.11.0 to 1.12.0
...
Bumps [github.com/tetratelabs/wazero](https://github.com/tetratelabs/wazero ) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/tetratelabs/wazero/releases )
- [Commits](https://github.com/tetratelabs/wazero/compare/v1.11.0...v1.12.0 )
---
updated-dependencies:
- dependency-name: github.com/tetratelabs/wazero
dependency-version: 1.12.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
3 weeks ago
d374e823b2
Merge pull request #32086 from mmorel-35/error-is-as
...
testifylint: enable error-is-as and error-nil rules
3 weeks ago
d8b71d9533
Merge pull request #32158 from arnavnagzirkar/fix-32137
...
ci: enable bidichk linter to prevent invisible Unicode characters
3 weeks ago
e46a816540
Merge pull request #31944 from AustinAbro321/resync-period
...
lower resync period from one hour to 3 minutes
3 weeks ago
6dc1c1ccf8
lower resync period
...
Signed-off-by: Austin Abro <austinabro321@gmail.com>
3 weeks ago
4dec37abd2
Merge pull request #32148 from helm/dependabot/go_modules/main/golang.org/x/crypto-0.52.0
...
chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0
3 weeks ago
7510b83214
chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.51.0 to 0.52.0.
- [Commits](https://github.com/golang/crypto/compare/v0.51.0...v0.52.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-version: 0.52.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
3 weeks ago
63a5d1baa9
Merge pull request #32153 from TerryHowe/fix/bump-x-net-go-2026-5026-main
...
fix(deps): bump golang.org/x/net to v0.55.0 to address GO-2026-5026
3 weeks ago
e679ec9f04
ci: enable bidichk linter to prevent invisible Unicode characters
...
Adds the bidichk linter to .golangci.yml to detect dangerous invisible
Unicode characters (ZWSP, bidi controls) in source files during CI.
Fixes #32137
Signed-off-by: Arnav Nagzirkar <arnav.nagzirkar@mail.utoronto.ca>
3 weeks ago
54ae27fd84
fix(deps): bump golang.org/x/net to v0.55.0 to address GO-2026-5026
...
Upgrades golang.org/x/net from v0.53.0 to v0.55.0 to fix CVE-2026-39821
(GO-2026-5026), where idna.ToASCII/ToUnicode incorrectly accept Punycode-
encoded labels that decode to ASCII-only labels, enabling privilege escalation
via hostname check bypass.
Coordinated x/ upgrade pulled in by the module graph:
- golang.org/x/sys v0.44.0 => v0.45.0
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
4 weeks ago
609e1ca72c
Merge pull request #32145 from helm/dependabot/github_actions/main/github/codeql-action-4.36.0
...
chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0
4 weeks ago
8807308231
Merge pull request #32146 from helm/dependabot/github_actions/main/golangci/golangci-lint-action-9.2.1
...
chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1
4 weeks ago
dbb3e35337
chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 9.2.0 to 9.2.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](1e7e51e771...82606bf257
4 weeks ago
60665e9035
chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.5 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e0d7b8d25...7211b7c807
4 weeks ago
ff2b139502
Merge pull request #32141 from benoittgt/update-v4-readme
...
docs: update version status for v4 stable release
4 weeks ago
442e1460b9
docs: update version status for v4 stable release
...
Helm v4 shipped on 2025-11-17. Mark it as the current stable release
and v3 as support-mode with its end-of-support dates.
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
4 weeks ago
e65b8666aa
Merge pull request #32138 from helm/dependabot/github_actions/main/actions/stale-10.3.0
...
chore(deps): bump actions/stale from 10.2.0 to 10.3.0
4 weeks ago
ace245b827
chore(deps): bump actions/stale from 10.2.0 to 10.3.0
...
Bumps [actions/stale](https://github.com/actions/stale ) from 10.2.0 to 10.3.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](b5d41d4e1d...eb5cf3af3a
4 weeks ago
16a39b73fd
Merge pull request #32134 from lexfrei/fix/zero-width-spaces-plugin-comment
...
internal/plugin: remove zero-width spaces from plugin name comment
4 weeks ago
979e68fbbd
internal/plugin: remove zero-width spaces from plugin name comment
...
The comment describing allowed plugin name characters contained three
U+200B (zero-width space) characters around the '_' and '-' literals.
The rendered comment is identical without them; the ZWSP were likely
copy-pasted from a rich-text source.
Downstream impact: every project that vendors helm.sh/helm/v4 and runs
Renovate gets a repo-wide warning on its Dependency Dashboard about
hidden Unicode characters. Renovate scans the whole tree (including
vendor/) for ZWSP/bidi-override codepoints and cannot be told to skip
a path for this specific check. Removing the characters here clears
the warning everywhere downstream.
Signed-off-by: Aleksei Sviridkin <f@lex.la>
4 weeks ago
fcdf3854b0
Merge pull request #32113 from isumitsolanki/issue_32100
...
fix(downloader): order DiskCache.Get checks for overlayfs empty dirs
4 weeks ago
6c3f397d2c
Merge pull request #32122 from quyentonndbs/chore/lint-deprecations-comment-typo
...
docs: fix typo in deprecated API godoc
4 weeks ago
94d5023846
Merge pull request #32125 from SebTardif/fix-slog-printf-args
...
fix(repo): use structured slog args in index.go
4 weeks ago
62082d986b
Merge pull request #32128 from matheuscscp/upgrade-cli-utils-c-r
...
fix(upstream): upgrade to cli-utils 1.2.1, controller-runtime 0.24.1 and k8s 1.36.1
1 month ago
a7291a1df4
Merge pull request #32127 from helm/dependabot/go_modules/main/github.com/fluxcd/cli-utils-1.2.1
...
chore(deps): bump github.com/fluxcd/cli-utils from 1.2.0 to 1.2.1
1 month ago
b7d3b4e704
Merge pull request #32126 from helm/dependabot/github_actions/main/github/codeql-action-4.35.5
...
chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5
1 month ago
378ceacd9c
fix(upstream): upgrade to cli-utils 1.2.1, controller-runtime 0.24.1 and k8s 1.36.1
...
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
1 month ago
b5a9299eec
chore(deps): bump github.com/fluxcd/cli-utils from 1.2.0 to 1.2.1
...
Bumps [github.com/fluxcd/cli-utils](https://github.com/fluxcd/cli-utils ) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/fluxcd/cli-utils/releases )
- [Commits](https://github.com/fluxcd/cli-utils/compare/v1.2.0...v1.2.1 )
---
updated-dependencies:
- dependency-name: github.com/fluxcd/cli-utils
dependency-version: 1.2.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
1 month ago
f772ffedc6
chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.4 to 4.35.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](68bde559de...9e0d7b8d25
1 month ago
ea2343ebea
fix(repo): use structured slog args in index.go
...
slog.Error on line 157 passes printf-style positional args (%q, %s)
instead of key-value pairs. The slog API treats these as unkeyed
attributes, producing garbled log output.
Two nearby slog.Warn calls wrap fmt.Sprintf unnecessarily. Convert
all three calls to use proper structured key-value arguments.
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
Assisted-by: Grok/grok-4
1 month ago
b2786f15f2
Merge pull request #32118 from box4wangjing/main
...
refactor: use slices.Backward to simplify the code
1 month ago
39b2edca71
Merge pull request #32091 from ogulcanaydogan/chore/remove-pre-go120-transport-cloner
...
fix(registry): remove pre-Go-1.20 transport cloner fallback
1 month ago
2032ec5cba
docs: fix 'than'->'that' typo in deprecatedAPIError godoc
...
Signed-off-by: Kai Tanaka <275430420+quyentonndbs@users.noreply.github.com>
1 month ago
432fc8a217
refactor: use slices.Backward to simplify the code
...
Signed-off-by: box4wangjing <box4wangjing@outlook.com>
1 month ago
Robert Sirchia
Terry Howe
dependabot[bot]
George Jenkins
Evans Mungai
Austin Abro
Arnav Nagzirkar
Benoit Tigeot
Aleksei Sviridkin
Matheus Pimenta
Sebastien Tardif
Kai Tanaka
box4wangjing