eee491a746
fix(deps): bump golang.org/x/net to v0.55.0 to address GO-2026-5026
...
Upgrades golang.org/x/net from v0.53.0 to v0.55.0 to fix CVE-2026-39821
(GO-2026-5026), where idna.ToASCII/ToUnicode incorrectly accept Punycode-
encoded labels that decode to ASCII-only labels, enabling privilege escalation
via hostname check bypass.
Coordinated x/ upgrade pulled in by the module graph:
- golang.org/x/sys v0.44.0 => v0.45.0
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
(cherry picked from commit 54ae27fd84
1 week ago
3e3c5751b1
chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 9.2.0 to 9.2.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](1e7e51e771...82606bf257dbb3e35337
1 week ago
c4ce2bb364
chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.5 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e0d7b8d25...7211b7c80760665e9035
1 week ago
3892dc2a11
chore(deps): bump actions/stale from 10.2.0 to 10.3.0
...
Bumps [actions/stale](https://github.com/actions/stale ) from 10.2.0 to 10.3.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](b5d41d4e1d...eb5cf3af3aace245b827
1 week ago
c4bbb6263f
chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.4 to 4.35.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](68bde559de...9e0d7b8d25f772ffedc6
1 week ago
a0d7f16b58
chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.50.0 to 0.51.0.
- [Commits](https://github.com/golang/crypto/compare/v0.50.0...v0.51.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-version: 0.51.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 2cc69251d8
1 week ago
8a3de054b5
chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.3 to 4.35.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e46ed2cbd0...68bde559ded9b2716be5
1 week ago
57a4803bd4
fix(upstream): upgrade to cli-utils 1.2.1, controller-runtime 0.24.1 and k8s 1.36.1
...
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
(cherry picked from commit 378ceacd9c
1 week ago
b33ae02b9c
chore(deps): bump github.com/fluxcd/cli-utils from 1.2.0 to 1.2.1
...
Bumps [github.com/fluxcd/cli-utils](https://github.com/fluxcd/cli-utils ) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/fluxcd/cli-utils/releases )
- [Commits](https://github.com/fluxcd/cli-utils/compare/v1.2.0...v1.2.1 )
---
updated-dependencies:
- dependency-name: github.com/fluxcd/cli-utils
dependency-version: 1.2.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit b5a9299eec
1 week ago
06468084e8
Bump to version v4.2
...
Signed-off-by: George Jenkins <gvjenkins@gmail.com>
2 months ago
e23bf3af53
build: Clean up Goreleaser change ( #32098 )
...
Makefile:
- restore dist target
- remove unused LDFLAGS added to dist target
- remove unused TARGETS var
gh release action:
- restore build-cross to release and canary-release jobs
Signed-off-by: Scott Rigby <scott@r6by.com>
Co-authored-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
ad18580255
Merge pull request #31343 from TerryHowe/chore-replace-mitchellh-gox-with-goreleaser
...
chore: replace mitchellh/gox with goreleaser
2 months ago
b3a458fde9
Merge pull request #31970 from isumitsolanki/fix/31965-decouple-cli-from-kube
...
refactor(cli): decouple EnvSettings from pkg/kube to avoid import cycles
2 months ago
f60ab7c31c
fix: add -extldflags -static to dist target to match build-cross
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
64aa46f2f1
build: use goreleaser build with manual archive creation
...
goreleaser v2 has a bug with no_unique_dist_dir where it registers
archive tasks for all sub-arch variants even when constraints limit
builds to one per arch, causing archive collision errors. Switch dist
target to use goreleaser build (binaries only) and create tar.gz/zip
archives manually, copying LICENSE and README.md into each platform
directory to match the existing archive structure.
Add sub-arch constraints (goamd64, goarm64, go386, goriscv64) to ensure
only one variant is built per architecture.
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
d199a1a42c
chore: remove build-cross dependency from test-acceptance
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
82899404a6
ci: add fetch-depth 0 to canary checkout for goreleaser
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
c075022ce1
fix: address goreleaser build issues flagged in review
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
04885dd905
fix: pass VERSION as GORELEASER_CURRENT_TAG to preserve v-prefix in archive names
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
93103ce66c
fix: disable goreleaser checksums.txt and restrict zip to windows only
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
e49a1dc16e
fix: use index for optional env var in version_template
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
eaa09100b9
fix: canary build file names
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
5a75279c1a
Fix archive name
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
37284a9211
fix goreleaser archive
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
45336ccd5b
add support for loong64
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
a9659b07e3
fix artifact directory
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
e368f170af
update configuration to v2
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
e7bea8513c
remove GOTOOLCHAIN
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
075c096afe
chore: replace mitchellh/gox with goreleaser
...
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
2 months ago
bdf2747c5f
Merge pull request #32095 from helm/dependabot/github_actions/main/github/codeql-action-4.35.3
...
chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3
2 months ago
547df4a2a0
Merge pull request #32096 from helm/dependabot/go_modules/main/github.com/distribution/distribution/v3-3.1.1
...
chore(deps): bump github.com/distribution/distribution/v3 from 3.1.0 to 3.1.1
2 months ago
12f2c41c0d
chore(deps): bump github.com/distribution/distribution/v3
...
Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/distribution/distribution/releases )
- [Commits](https://github.com/distribution/distribution/compare/v3.1.0...v3.1.1 )
---
updated-dependencies:
- dependency-name: github.com/distribution/distribution/v3
dependency-version: 3.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
58e8ffdc33
chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.2 to 4.35.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](95e58e9a2c...e46ed2cbd0
2 months ago
707afe4b22
Merge pull request #32094 from helm/dependabot/go_modules/main/github.com/Masterminds/semver/v3-3.5.0
...
chore(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0
2 months ago
e61bbfbfff
chore(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0
...
Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/Masterminds/semver/releases )
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/semver/compare/v3.4.0...v3.5.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
dependency-version: 3.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
ea10188070
Merge pull request #32090 from matheuscscp/cli-utils-1.2-c-r-0.24
...
Upgrade kstatus to 1.2 and controller-runtime to 0.24
2 months ago
081c6dff53
Upgrade kstatus to 1.2 and controller-runtime to 0.24
...
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
2 months ago
96c152cb1a
Merge pull request #31923 from gaganhr94/fix/token-permissions
...
fix: adds topLevel permissions to improve openSSF scores
2 months ago
38f3704983
Merge pull request #32034 from cairon-ab/fix/pull-debug-output
...
fix: add debug logging to HTTP getter for helm pull
2 months ago
277d970255
fix: adds topLevel permissions to improve openSSF scores
...
Signed-off-by: Gagan H R <hrgagan4@gmail.com>
2 months ago
fbc2791886
Merge pull request #32078 from matheuscscp/go-1.26-k8s-1.36-cli-utils-1.1
...
Upgrade Go to 1.26, Kubernetes to 1.36, kstatus to 1.1
2 months ago
2fb101a20b
Merge pull request #31755 from scottrigby/template-cmd-deprecate-notes-flags
...
fix(template): deprecate unused --hide-notes and --render-subchart-notes flags
2 months ago
a4a9cc7a31
Upgrade Go to 1.26, Kubernetes to 1.36, kstatus to 1.1
...
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
2 months ago
4bd9e90aa0
Merge pull request #30811 from mmorel-35/testifylint
...
chore: fix bool-compare issues from testifylint
2 months ago
8f56f24d63
fix(templating): hooks conflicting with templates in post-renderers ( #32049 )
...
* fix(templating): hooks conflicting with templates in post-renderers
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
* fix(templating): allow disabling hooks from postrenderers entirely
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
---------
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
2 months ago
29d309e56b
Merge pull request #31981 from abhay1999/fix/ssa-error-context
...
fix(kube): clarify server-side apply patch errors
2 months ago
66e5049405
Merge pull request #32008 from rhysmcneill/bugfix/helm-upgrade-err-variable-defect
...
fix(action): return correct error variable in prepareUpgrade
2 months ago
1d6469cfcb
Merge pull request #32057 from MohitSalvi16/docs/fix-contributing-typos
...
docs: fix grammar and spacing in CONTRIBUTING.md
2 months ago
db40adb1d1
docs: fix grammar and spacing in CONTRIBUTING.md
...
Signed-off-by: Mohit <salvimohit08@gmail.com>
2 months ago
20eae2bb0f
Merge pull request #32052 from helm/dependabot/go_modules/main/k8s-io-dc9379caa6
...
chore(deps): bump the k8s-io group across 1 directory with 7 updates
2 months ago
Terry Howe
dependabot[bot]
Matheus Pimenta
George Jenkins
Scott Rigby
Gagan H R
Mohit