securejoin v0.4.0 made a possibly breaking change. Only clean paths
are safe to pass to SecureJoin or they could return an error or
have the wrong path. The details are in the release notes for v0.4.0.
This change ensures the paths are clean prior to passing to SecureJoin.
Signed-off-by: Matt Farina <matt.farina@suse.com>
(cherry picked from commit 35a9ead998)
At this time both Go 1.19 and 1.20 are supported. The version
specified in the go.mod file is the minimum version we expect Helm
to be compiled against. This is the oldest supported version to
support environments where others compile Helm. The Helm project
is using Go 1.20 to build Helm itself.
Updating to Go 1.19 also includes dealing with io/ioutil
deprecation and some additional linting issues around staticcheck.
All the staticcheck issues were in test files so linting was
skipped for those.
Signed-off-by: Matt Farina <matt.farina@suse.com>
This is a port of #5165 and the small refactor in #5610. This is the issue
where carefully crafted paths can reach outside of the intended chart directory
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This also refactors significant portions of the CLI, moving much of the
shared code into a library.
Also in this release, a testing repository server has been added.
Matt Farina
Marc Khouzam
Taylor Thomas
Adam Reese
oilbeater
Matt Butcher
Michelle Noorali