Evans Mungai
ac4f8a6c22
Merge pull request #31584 from banjoh/em/check-ownership-before-delete
...
feat: add ownership verification before deleting resources during uni…
2026-06-12 12:33:19 +01:00
Terry Howe
a5552edf9f
fix: protect FailingKubeClient.RecordedWaitOptions from data race ( #31925 )
...
* fix: protect FailingKubeClient.RecordedWaitOptions from concurrent access
Add a sync.Mutex to guard the append to RecordedWaitOptions in
GetWaiterWithOptions, fixing a data race detected by -race when
concurrent goroutines (e.g. upgrade + rollback) both call
GetWaiterWithOptions on the same FailingKubeClient instance.
Fixes race failures in TestUpgradeRelease_Interrupted_RollbackOnFailure
and TestInstallRelease_RollbackOnFailure_Interrupted.
Signed-off-by: Terry Howe <thowe@nvidia.com >
* fix: extract appendRecordedWaitOptionsLocked helper with defer unlock
Signed-off-by: Terry Howe <terrylhowe@gmail.com >
---------
Signed-off-by: Terry Howe <thowe@nvidia.com >
Signed-off-by: Terry Howe <terrylhowe@gmail.com >
2026-06-11 17:38:02 -04:00
Terry Howe
c2f1b238a1
fix: route registry client output to stdout instead of stderr ( #32056 )
...
Commands like 'helm registry login', 'helm push', and 'helm pull' were
writing success messages ("Login Succeeded", "Pushed:", "Pulled:",
"Digest:") to stderr instead of stdout. The root cause was that
newDefaultRegistryClient and newRegistryClientWithTLS hard-coded
os.Stderr as the registry client writer, ignoring the out io.Writer
that main() passes as os.Stdout.
Thread out io.Writer through newRegistryClient, newDefaultRegistryClient,
and newRegistryClientWithTLS, and update all call sites in pkg/cmd.
Fixes #13464
Signed-off-by: Terry Howe <terrylhowe@gmail.com >
2026-06-11 17:36:42 -04:00
Ogulcan Aydogan
7058f841af
fix(engine): add debug logging when lookup returns empty ( #32205 )
...
When lookup cannot find the requested resource (apierrors.IsNotFound),
add slog.Debug() calls with structured fields (apiVersion, kind,
namespace, name) so that users running helm template --debug can see
why lookup returned an empty map instead of silently swallowing the
not-found result.
Fixes: https://github.com/helm/helm/issues/32101
Signed-off-by: Ogulcan Aydogan <ogulcanaydogan@hotmail.com >
2026-06-11 17:31:18 -04:00
Robert Sirchia
5c3cb20e76
Merge pull request #32194 from helm/dependabot/go_modules/main/golang.org/x/crypto-0.53.0
...
chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0
2026-06-10 15:14:33 -04:00
Terry Howe
f4fa06e2d9
Merge pull request #32201 from helm/dependabot/go_modules/main/oras.land/oras-go/v2-2.6.1
...
chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1
2026-06-09 16:07:10 -06:00
dependabot[bot]
74c1702157
chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1
...
Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go ) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/oras-project/oras-go/releases )
- [Commits](https://github.com/oras-project/oras-go/compare/v2.6.0...v2.6.1 )
---
updated-dependencies:
- dependency-name: oras.land/oras-go/v2
dependency-version: 2.6.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 21:33:08 +00:00
dependabot[bot]
33b4071886
chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.52.0 to 0.53.0.
- [Commits](https://github.com/golang/crypto/compare/v0.52.0...v0.53.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-version: 0.53.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 10:59:28 +00:00
Terry Howe
22905ca019
Merge pull request #32190 from helm/dependabot/go_modules/main/golang.org/x/term-0.44.0
...
chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0
2026-06-09 04:57:18 -06:00
dependabot[bot]
1019146bb3
chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.43.0 to 0.44.0.
- [Commits](https://github.com/golang/term/compare/v0.43.0...v0.44.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-version: 0.44.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 10:34:10 +00:00
Terry Howe
1df252176d
Merge pull request #32192 from helm/dependabot/go_modules/main/golang.org/x/text-0.38.0
...
chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0
2026-06-09 04:32:00 -06:00
George Jenkins
e5efe067ed
Merge pull request #31758 from benoittgt/fix-31757
...
fix: prevent warning when using version range constraints
2026-06-08 22:01:26 -07:00
dependabot[bot]
7f855dfe8a
chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.37.0 to 0.38.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-version: 0.38.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-08 21:33:52 +00:00
Terry Howe
d77bc716ba
Merge pull request #32181 from helm/dependabot/github_actions/main/github/codeql-action-4.36.2
...
chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2
2026-06-05 05:22:31 -06:00
dependabot[bot]
c603c50aa6
chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.36.1 to 4.36.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](87557b9c84...8aad20d150support@github.com >
2026-06-04 21:32:47 +00:00
Evans Mungai
a6179d0dd1
Merge branch 'main' into em/check-ownership-before-delete
...
Signed-off-by: Evans Mungai <mbuevans@gmail.com >
2026-06-04 17:51:10 +01:00
Terry Howe
827a960ec1
Merge pull request #32177 from helm/dependabot/github_actions/main/github/codeql-action-4.36.1
...
chore(deps): bump github/codeql-action from 4.36.0 to 4.36.1
2026-06-03 05:31:08 -06:00
dependabot[bot]
f8abbfd7d4
chore(deps): bump github/codeql-action from 4.36.0 to 4.36.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.36.0 to 4.36.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7211b7c807...87557b9c84support@github.com >
2026-06-03 09:57:37 +00:00
Terry Howe
59b57c5c31
Merge pull request #31885 from mmorel-35/whitespace
...
chore: fix whitespace linter
2026-05-30 05:19:51 -06:00
George Jenkins
fc2e27e448
Merge pull request #32081 from TerryHowe/fix/statuswait-delete-race
...
fix(kube): prevent spurious early exit in WaitForDelete during informer sync
2026-05-29 18:14:21 -07:00
Terry Howe
52cf204095
Merge pull request #32174 from helm/dependabot/go_modules/main/github.com/tetratelabs/wazero-1.12.0
...
chore(deps): bump github.com/tetratelabs/wazero from 1.11.0 to 1.12.0
2026-05-29 18:07:39 -06:00
dependabot[bot]
3aa1b742b9
chore(deps): bump github.com/tetratelabs/wazero from 1.11.0 to 1.12.0
...
Bumps [github.com/tetratelabs/wazero](https://github.com/tetratelabs/wazero ) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/tetratelabs/wazero/releases )
- [Commits](https://github.com/tetratelabs/wazero/compare/v1.11.0...v1.12.0 )
---
updated-dependencies:
- dependency-name: github.com/tetratelabs/wazero
dependency-version: 1.12.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-29 23:30:01 +00:00
Evans Mungai
d374e823b2
Merge pull request #32086 from mmorel-35/error-is-as
...
testifylint: enable error-is-as and error-nil rules
2026-05-28 17:53:03 +01:00
Evans Mungai
d8b71d9533
Merge pull request #32158 from arnavnagzirkar/fix-32137
...
ci: enable bidichk linter to prevent invisible Unicode characters
2026-05-28 17:49:37 +01:00
Terry Howe
e46a816540
Merge pull request #31944 from AustinAbro321/resync-period
...
lower resync period from one hour to 3 minutes
2026-05-28 09:42:22 -06:00
Austin Abro
6dc1c1ccf8
lower resync period
...
Signed-off-by: Austin Abro <austinabro321@gmail.com >
2026-05-27 14:59:21 -04:00
George Jenkins
4dec37abd2
Merge pull request #32148 from helm/dependabot/go_modules/main/golang.org/x/crypto-0.52.0
...
chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0
2026-05-26 19:16:36 -07:00
dependabot[bot]
7510b83214
chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.51.0 to 0.52.0.
- [Commits](https://github.com/golang/crypto/compare/v0.51.0...v0.52.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-version: 0.52.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-27 02:05:35 +00:00
George Jenkins
63a5d1baa9
Merge pull request #32153 from TerryHowe/fix/bump-x-net-go-2026-5026-main
...
fix(deps): bump golang.org/x/net to v0.55.0 to address GO-2026-5026
2026-05-26 19:03:29 -07:00
Arnav Nagzirkar
e679ec9f04
ci: enable bidichk linter to prevent invisible Unicode characters
...
Adds the bidichk linter to .golangci.yml to detect dangerous invisible
Unicode characters (ZWSP, bidi controls) in source files during CI.
Fixes #32137
Signed-off-by: Arnav Nagzirkar <arnav.nagzirkar@mail.utoronto.ca >
2026-05-25 22:42:31 -07:00
Terry Howe
54ae27fd84
fix(deps): bump golang.org/x/net to v0.55.0 to address GO-2026-5026
...
Upgrades golang.org/x/net from v0.53.0 to v0.55.0 to fix CVE-2026-39821
(GO-2026-5026), where idna.ToASCII/ToUnicode incorrectly accept Punycode-
encoded labels that decode to ASCII-only labels, enabling privilege escalation
via hostname check bypass.
Coordinated x/ upgrade pulled in by the module graph:
- golang.org/x/sys v0.44.0 => v0.45.0
Signed-off-by: Terry Howe <terrylhowe@gmail.com >
2026-05-22 16:09:20 -06:00
Terry Howe
609e1ca72c
Merge pull request #32145 from helm/dependabot/github_actions/main/github/codeql-action-4.36.0
...
chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0
2026-05-22 17:01:22 -05:00
Terry Howe
8807308231
Merge pull request #32146 from helm/dependabot/github_actions/main/golangci/golangci-lint-action-9.2.1
...
chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1
2026-05-22 17:00:56 -05:00
dependabot[bot]
dbb3e35337
chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 9.2.0 to 9.2.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](1e7e51e771...82606bf257support@github.com >
2026-05-22 21:33:35 +00:00
dependabot[bot]
60665e9035
chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.5 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e0d7b8d25...7211b7c807support@github.com >
2026-05-22 21:33:30 +00:00
Terry Howe
ff2b139502
Merge pull request #32141 from benoittgt/update-v4-readme
...
docs: update version status for v4 stable release
2026-05-22 08:39:16 -05:00
Benoit Tigeot
442e1460b9
docs: update version status for v4 stable release
...
Helm v4 shipped on 2025-11-17. Mark it as the current stable release
and v3 as support-mode with its end-of-support dates.
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr >
2026-05-22 09:47:41 +02:00
Terry Howe
e65b8666aa
Merge pull request #32138 from helm/dependabot/github_actions/main/actions/stale-10.3.0
...
chore(deps): bump actions/stale from 10.2.0 to 10.3.0
2026-05-21 15:39:43 -06:00
dependabot[bot]
ace245b827
chore(deps): bump actions/stale from 10.2.0 to 10.3.0
...
Bumps [actions/stale](https://github.com/actions/stale ) from 10.2.0 to 10.3.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](b5d41d4e1d...eb5cf3af3asupport@github.com >
2026-05-21 21:33:33 +00:00
Terry Howe
16a39b73fd
Merge pull request #32134 from lexfrei/fix/zero-width-spaces-plugin-comment
...
internal/plugin: remove zero-width spaces from plugin name comment
2026-05-21 14:53:06 -06:00
Aleksei Sviridkin
979e68fbbd
internal/plugin: remove zero-width spaces from plugin name comment
...
The comment describing allowed plugin name characters contained three
U+200B (zero-width space) characters around the '_' and '-' literals.
The rendered comment is identical without them; the ZWSP were likely
copy-pasted from a rich-text source.
Downstream impact: every project that vendors helm.sh/helm/v4 and runs
Renovate gets a repo-wide warning on its Dependency Dashboard about
hidden Unicode characters. Renovate scans the whole tree (including
vendor/) for ZWSP/bidi-override codepoints and cannot be told to skip
a path for this specific check. Removing the characters here clears
the warning everywhere downstream.
Signed-off-by: Aleksei Sviridkin <f@lex.la >
2026-05-20 13:24:39 +03:00
Terry Howe
fcdf3854b0
Merge pull request #32113 from isumitsolanki/issue_32100
...
fix(downloader): order DiskCache.Get checks for overlayfs empty dirs
2026-05-19 13:45:43 -06:00
Robert Sirchia
6c3f397d2c
Merge pull request #32122 from quyentonndbs/chore/lint-deprecations-comment-typo
...
docs: fix typo in deprecated API godoc
2026-05-19 15:11:17 -04:00
George Jenkins
94d5023846
Merge pull request #32125 from SebTardif/fix-slog-printf-args
...
fix(repo): use structured slog args in index.go
2026-05-18 07:59:59 -07:00
Evans Mungai
62082d986b
Merge pull request #32128 from matheuscscp/upgrade-cli-utils-c-r
...
fix(upstream): upgrade to cli-utils 1.2.1, controller-runtime 0.24.1 and k8s 1.36.1
2026-05-16 16:35:47 +01:00
Terry Howe
a7291a1df4
Merge pull request #32127 from helm/dependabot/go_modules/main/github.com/fluxcd/cli-utils-1.2.1
...
chore(deps): bump github.com/fluxcd/cli-utils from 1.2.0 to 1.2.1
2026-05-16 09:31:34 -06:00
Terry Howe
b7d3b4e704
Merge pull request #32126 from helm/dependabot/github_actions/main/github/codeql-action-4.35.5
...
chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5
2026-05-16 09:30:57 -06:00
Matheus Pimenta
378ceacd9c
fix(upstream): upgrade to cli-utils 1.2.1, controller-runtime 0.24.1 and k8s 1.36.1
...
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
2026-05-16 15:28:27 +01:00
dependabot[bot]
b5a9299eec
chore(deps): bump github.com/fluxcd/cli-utils from 1.2.0 to 1.2.1
...
Bumps [github.com/fluxcd/cli-utils](https://github.com/fluxcd/cli-utils ) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/fluxcd/cli-utils/releases )
- [Commits](https://github.com/fluxcd/cli-utils/compare/v1.2.0...v1.2.1 )
---
updated-dependencies:
- dependency-name: github.com/fluxcd/cli-utils
dependency-version: 1.2.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-15 21:34:27 +00:00
dependabot[bot]
f772ffedc6
chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.4 to 4.35.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](68bde559de...9e0d7b8d25support@github.com >
2026-05-15 21:33:32 +00:00
