cb604a80cd
Merge 76c81526ad into 59b57c5c31
2 weeks ago
76c81526ad
Merge branch 'helm:main' into main
2 weeks ago
59b57c5c31
Merge pull request #31885 from mmorel-35/whitespace
...
chore: fix whitespace linter
2 weeks ago
fc2e27e448
Merge pull request #32081 from TerryHowe/fix/statuswait-delete-race
...
fix(kube): prevent spurious early exit in WaitForDelete during informer sync
2 weeks ago
52cf204095
Merge pull request #32174 from helm/dependabot/go_modules/main/github.com/tetratelabs/wazero-1.12.0
...
chore(deps): bump github.com/tetratelabs/wazero from 1.11.0 to 1.12.0
2 weeks ago
3aa1b742b9
chore(deps): bump github.com/tetratelabs/wazero from 1.11.0 to 1.12.0
...
Bumps [github.com/tetratelabs/wazero](https://github.com/tetratelabs/wazero ) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/tetratelabs/wazero/releases )
- [Commits](https://github.com/tetratelabs/wazero/compare/v1.11.0...v1.12.0 )
---
updated-dependencies:
- dependency-name: github.com/tetratelabs/wazero
dependency-version: 1.12.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2 weeks ago
d374e823b2
Merge pull request #32086 from mmorel-35/error-is-as
...
testifylint: enable error-is-as and error-nil rules
2 weeks ago
d8b71d9533
Merge pull request #32158 from arnavnagzirkar/fix-32137
...
ci: enable bidichk linter to prevent invisible Unicode characters
2 weeks ago
e46a816540
Merge pull request #31944 from AustinAbro321/resync-period
...
lower resync period from one hour to 3 minutes
2 weeks ago
6dc1c1ccf8
lower resync period
...
Signed-off-by: Austin Abro <austinabro321@gmail.com>
2 weeks ago
4dec37abd2
Merge pull request #32148 from helm/dependabot/go_modules/main/golang.org/x/crypto-0.52.0
...
chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0
3 weeks ago
7510b83214
chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.51.0 to 0.52.0.
- [Commits](https://github.com/golang/crypto/compare/v0.51.0...v0.52.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-version: 0.52.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
3 weeks ago
63a5d1baa9
Merge pull request #32153 from TerryHowe/fix/bump-x-net-go-2026-5026-main
...
fix(deps): bump golang.org/x/net to v0.55.0 to address GO-2026-5026
3 weeks ago
549ca858e7
Merge branch 'helm:main' into main
3 weeks ago
e679ec9f04
ci: enable bidichk linter to prevent invisible Unicode characters
...
Adds the bidichk linter to .golangci.yml to detect dangerous invisible
Unicode characters (ZWSP, bidi controls) in source files during CI.
Fixes #32137
Signed-off-by: Arnav Nagzirkar <arnav.nagzirkar@mail.utoronto.ca>
3 weeks ago
54ae27fd84
fix(deps): bump golang.org/x/net to v0.55.0 to address GO-2026-5026
...
Upgrades golang.org/x/net from v0.53.0 to v0.55.0 to fix CVE-2026-39821
(GO-2026-5026), where idna.ToASCII/ToUnicode incorrectly accept Punycode-
encoded labels that decode to ASCII-only labels, enabling privilege escalation
via hostname check bypass.
Coordinated x/ upgrade pulled in by the module graph:
- golang.org/x/sys v0.44.0 => v0.45.0
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
3 weeks ago
609e1ca72c
Merge pull request #32145 from helm/dependabot/github_actions/main/github/codeql-action-4.36.0
...
chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0
3 weeks ago
8807308231
Merge pull request #32146 from helm/dependabot/github_actions/main/golangci/golangci-lint-action-9.2.1
...
chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1
3 weeks ago
dbb3e35337
chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 9.2.0 to 9.2.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](1e7e51e771...82606bf257
3 weeks ago
60665e9035
chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.5 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e0d7b8d25...7211b7c807
3 weeks ago
ff2b139502
Merge pull request #32141 from benoittgt/update-v4-readme
...
docs: update version status for v4 stable release
3 weeks ago
442e1460b9
docs: update version status for v4 stable release
...
Helm v4 shipped on 2025-11-17. Mark it as the current stable release
and v3 as support-mode with its end-of-support dates.
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
3 weeks ago
e65b8666aa
Merge pull request #32138 from helm/dependabot/github_actions/main/actions/stale-10.3.0
...
chore(deps): bump actions/stale from 10.2.0 to 10.3.0
3 weeks ago
ace245b827
chore(deps): bump actions/stale from 10.2.0 to 10.3.0
...
Bumps [actions/stale](https://github.com/actions/stale ) from 10.2.0 to 10.3.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](b5d41d4e1d...eb5cf3af3a
3 weeks ago
16a39b73fd
Merge pull request #32134 from lexfrei/fix/zero-width-spaces-plugin-comment
...
internal/plugin: remove zero-width spaces from plugin name comment
3 weeks ago
979e68fbbd
internal/plugin: remove zero-width spaces from plugin name comment
...
The comment describing allowed plugin name characters contained three
U+200B (zero-width space) characters around the '_' and '-' literals.
The rendered comment is identical without them; the ZWSP were likely
copy-pasted from a rich-text source.
Downstream impact: every project that vendors helm.sh/helm/v4 and runs
Renovate gets a repo-wide warning on its Dependency Dashboard about
hidden Unicode characters. Renovate scans the whole tree (including
vendor/) for ZWSP/bidi-override codepoints and cannot be told to skip
a path for this specific check. Removing the characters here clears
the warning everywhere downstream.
Signed-off-by: Aleksei Sviridkin <f@lex.la>
4 weeks ago
fcdf3854b0
Merge pull request #32113 from isumitsolanki/issue_32100
...
fix(downloader): order DiskCache.Get checks for overlayfs empty dirs
4 weeks ago
6c3f397d2c
Merge pull request #32122 from quyentonndbs/chore/lint-deprecations-comment-typo
...
docs: fix typo in deprecated API godoc
4 weeks ago
86e544842f
fix(plugin): simplify version validation error and align test expectations
...
Remove verbose 'semver range constraints' suffix from the error message.
The 'v' prefix hint is still appended only when the version starts with
'v'. Update test expectations to match the simplified messages.
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
9b2e583223
fix(plugin): align test error expectations with context-sensitive validation messages
...
Update plugin_update_test.go so expected errors match the implementation:
non-v-prefixed versions no longer incorrectly expect the 'v' prefix
warning, and v-prefixed versions now include the full message with both
the range constraint notice and the 'v' prefix warning.
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
3ed4d4ff01
Update pkg/cmd/plugin_update.go
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
d097385cf3
Let's make copilot happy again
...
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
ffec80f505
Update pkg/cmd/plugin_update.go
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
b13f5de34d
Fixed descriptions and tests
...
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
757980296e
Updated message
...
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
8441036b07
Reject v-versions
...
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
ccf02f366e
Updated FindSource signature
...
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
cdb4c8fac8
Updated pluginUpdateDesc
...
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
7ccf12925d
Drop --version flag and support the <plugin>@<version> pattern
...
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
38751930fd
Applied feedback from review pt. 2
...
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
915013e5b1
Applied feedback from copilot pt. 1
...
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
cb4c2ce25f
feat(plugin): add --version flag to plugin update command
...
Add support for specifying a version constraint when updating plugins,
matching the existing behavior of helm plugin install.
Changes:
- Add --version flag to plugin update command
- Update VCSInstaller.Update() to resolve and checkout specified version
- Update FindSource() to accept version parameter
- Add TestVCSInstallerUpdateWithVersion test for version support
Signed-off-by: MrJack <36191829+biagiopietro@users.noreply.github.com>
4 weeks ago
94d5023846
Merge pull request #32125 from SebTardif/fix-slog-printf-args
...
fix(repo): use structured slog args in index.go
4 weeks ago
62082d986b
Merge pull request #32128 from matheuscscp/upgrade-cli-utils-c-r
...
fix(upstream): upgrade to cli-utils 1.2.1, controller-runtime 0.24.1 and k8s 1.36.1
4 weeks ago
a7291a1df4
Merge pull request #32127 from helm/dependabot/go_modules/main/github.com/fluxcd/cli-utils-1.2.1
...
chore(deps): bump github.com/fluxcd/cli-utils from 1.2.0 to 1.2.1
4 weeks ago
b7d3b4e704
Merge pull request #32126 from helm/dependabot/github_actions/main/github/codeql-action-4.35.5
...
chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5
4 weeks ago
378ceacd9c
fix(upstream): upgrade to cli-utils 1.2.1, controller-runtime 0.24.1 and k8s 1.36.1
...
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
4 weeks ago
b5a9299eec
chore(deps): bump github.com/fluxcd/cli-utils from 1.2.0 to 1.2.1
...
Bumps [github.com/fluxcd/cli-utils](https://github.com/fluxcd/cli-utils ) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/fluxcd/cli-utils/releases )
- [Commits](https://github.com/fluxcd/cli-utils/compare/v1.2.0...v1.2.1 )
---
updated-dependencies:
- dependency-name: github.com/fluxcd/cli-utils
dependency-version: 1.2.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
4 weeks ago
f772ffedc6
chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.4 to 4.35.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](68bde559de...9e0d7b8d25
4 weeks ago
ea2343ebea
fix(repo): use structured slog args in index.go
...
slog.Error on line 157 passes printf-style positional args (%q, %s)
instead of key-value pairs. The slog API treats these as unkeyed
attributes, producing garbled log output.
Two nearby slog.Warn calls wrap fmt.Sprintf unnecessarily. Convert
all three calls to use proper structured key-value arguments.
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
Assisted-by: Grok/grok-4
4 weeks ago
MrJack
Terry Howe
George Jenkins
dependabot[bot]
Evans Mungai
Austin Abro
Arnav Nagzirkar
Benoit Tigeot
Aleksei Sviridkin
Robert Sirchia
Matheus Pimenta
Sebastien Tardif