sheldonhull
commented
1 year ago not used in code for app, used only for mage invocation, possible breaking change for app, so ignoring.
Closed mend-for-github-com[bot] closed 1 year ago
sheldonhull
commented
1 year ago not used in code for app, used only for mage invocation, possible breaking change for app, so ignoring.
mend-for-github-com[bot]
commented
1 year ago As this PR has been closed unmerged, Renovate will now ignore this update (v3.11.1). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.
If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.
This PR contains the following updates:
v3.9.1->v3.11.1GitHub Vulnerability Alerts
CVE-2022-36055
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service attack when they use this package and it panics.
Impact
The strvals package contains a parser that turns strings into Go structures. For example, the Helm client has command line flags like
--set,--set-string, and others that enable the user to pass in strings that are merged into the values. The strvals package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic.Applications that use the strvals package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from.
The Helm Client will panic with input to
--set,--set-string, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client.Patches
This issue has been resolved in 3.9.4.
Workarounds
SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the strvals functions.
For more information
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Ada Logics in a fuzzing audit sponsored by CNCF.
CVE-2022-23524
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service attack when they use this package and it panics.
Impact
The strvals package contains a parser that turns strings into Go structures. For example, the Helm client has command line flags like
--set,--set-string, and others that enable the user to pass in strings that are merged into the values. The strvals package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing a stack overflow.Applications that use the strvals package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from.
The Helm Client will panic with input to
--set,--set-string, and other value setting flags that causes a stack overflow. Helm is not a long running service so the panic will not affect future uses of the Helm client.Patches
This issue has been resolved in 3.10.3.
Workarounds
SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the strvals functions.
For more information
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Ada Logics in a fuzzing audit sponsored by CNCF.
CVE-2023-25165
A Helm contributor discovered an information disclosure vulnerability using the
getHostByNametemplate function.Impact
getHostByNameis a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used withhelm install|upgrade|templateor when the Helm SDK is used to render a chart.Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject
getHostByNameinto a chart in order to disclose values to a malicious DNS server.Patches
The issue has been fixed in Helm 3.11.1.
Workarounds
Prior to using a chart with Helm verify the
getHostByNamefunction is not being used in a template to disclose any information you do not want passed to DNS servers.For more information
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Philipp Stehle at SAP.
CVE-2022-23525
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the repo package that can cause a segmentation violation. Applications that use functions from the repo package in the Helm SDK can have a Denial of Service attack when they use this package and it panics.
Impact
The repo package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The repo package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation.
Applications that use the repo package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from.
The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client.
Patches
This issue has been resolved in 3.10.3.
Workarounds
SDK users can validate index files that are correctly formatted before passing them to the repo functions.
For more information
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Ada Logics in a fuzzing audit sponsored by CNCF.
CVE-2022-23526
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it panics.
Impact
The chartutil package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The chartutil package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation.
Applications that use the chartutil package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from.
The Helm Client will panic with a schema file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client.
Patches
This issue has been resolved in 3.10.3.
Workarounds
SDK users can validate schema files that are correctly formatted before passing them to the chartutil functions.
For more information
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Ada Logics in a fuzzing audit sponsored by CNCF.
Release Notes
helm/helm
### [`v3.11.1`](https://togithub.com/helm/helm/releases/tag/v3.11.1): Helm v3.11.1 [Compare Source](https://togithub.com/helm/helm/compare/v3.11.0...v3.11.1) Helm v3.11.1 is a security (patch) release. Users are strongly recommended to update to this release. The template function `getHostByName` can be used to disclose information. More details are available in the [CVE](https://togithub.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8). This release introduces a breaking changes to Helm: - When using the `helm` client for the `template`, `install`, and `upgrade` commands there is a new flag. `--enable-dns` needs to be set for the `getHostByName` template function to attempt to lookup an IP address for a given hostname. If the flag is not set the template function will return an empty string and skip looping up an IP address for the host. - The Helm SDK has added the `EnableDNS` property to the install action, the upgrade action, and the `Engine`. This property must be set to true for the in order for the `getHostByName` template function to attempt to lookup an IP address. The default for both of these cases is false. [Philipp Stehle](https://togithub.com/phil9909) at SAP disclosed the vulnerability to the Helm project. #### Installation and Upgrading Download Helm v3.11.1. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.11.1-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.1-darwin-amd64.tar.gz.sha256sum) / 2548a90e5cc957ccc5016b47060665a9d2cd4d5b4d61dcc32f5de3144d103826) - [MacOS arm64](https://get.helm.sh/helm-v3.11.1-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.1-darwin-arm64.tar.gz.sha256sum) / 43d0198a7a2ea2639caafa81bb0596c97bee2d4e40df50b36202343eb4d5c46b) - [Linux amd64](https://get.helm.sh/helm-v3.11.1-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.1-linux-amd64.tar.gz.sha256sum) / 0b1be96b66fab4770526f136f5f1a385a47c41923d33aab0dcb500e0f6c1bf7c) - [Linux arm](https://get.helm.sh/helm-v3.11.1-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.1-linux-arm.tar.gz.sha256sum) / 77b797134ea9a121f2ede9d159a43a8b3895a9ff92cc24b71b77fb726d9eba6d) - [Linux arm64](https://get.helm.sh/helm-v3.11.1-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.1-linux-arm64.tar.gz.sha256sum) / 919173e8fb7a3b54d76af9feb92e49e86d5a80c5185020bae8c393fa0f0de1e8) - [Linux i386](https://get.helm.sh/helm-v3.11.1-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.1-linux-386.tar.gz.sha256sum) / 1581a4ce9d0014c49a3b2c6421f048d5c600e8cceced636eb4559073c335af0b) - [Linux ppc64le](https://get.helm.sh/helm-v3.11.1-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.1-linux-ppc64le.tar.gz.sha256sum) / 6ab8f2e253c115b17eda1e10e96d1637047efd315e9807bcb1d0d0bcad278ab7) - [Linux s390x](https://get.helm.sh/helm-v3.11.1-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.1-linux-s390x.tar.gz.sha256sum) / ab133e6b709c8107dc4f8f62838947350adb8e23d76b8c2c592ff4c09bc956ef) - [Windows amd64](https://get.helm.sh/helm-v3.11.1-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.11.1-windows-amd64.zip.sha256sum) / bc37d5d283e57c5dfa94f92ff704c8e273599ff8df3f8132cef5ca73f6a23d0a) This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.11.2 is the next patch/bug fix release and will be on March 08, 2023. - 3.12.0 is the next feature release and be on May 10, 2023. ### [`v3.11.0`](https://togithub.com/helm/helm/releases/tag/v3.11.0): Helm v3.11.0 [Compare Source](https://togithub.com/helm/helm/compare/v3.10.3...v3.11.0) Helm v3.11.0 is a feature release. Users are encouraged to upgrade for the best experience. The community keeps growing, and we'd love to see you there! - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com): - for questions and just to hang out - for discussing PRs, code, and bugs - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622) - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0) #### Notable Changes - The Helm status command and the SDK can now show the status of core resources deployed in a chart (e.g., deployments). To use with `helm status` you need to use the `--show-resources` flag. - Add support for comma separated values in template --api-versions - Allow CGO_ENABLED to be overridden when building Helm from source #### Installation and Upgrading Download Helm v3.11.0. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.11.0-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.0-darwin-amd64.tar.gz.sha256sum) / 5a3d13545a302eb2623236353ccd3eaa01150c869f4d7f7a635073847fd7d932) - [MacOS arm64](https://get.helm.sh/helm-v3.11.0-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.0-darwin-arm64.tar.gz.sha256sum) / f4717f8d1dab79bace3ff5d9d48bebef62310421fd479205ef54a56204f97415) - [Linux amd64](https://get.helm.sh/helm-v3.11.0-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.0-linux-amd64.tar.gz.sha256sum) / 6c3440d829a56071a4386dd3ce6254eab113bc9b1fe924a6ee99f7ff869b9e0b) - [Linux arm](https://get.helm.sh/helm-v3.11.0-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.0-linux-arm.tar.gz.sha256sum) / cddbef72886c82a123038883f32b04e739cc4bd7b9e5f869740d51e50a38be01) - [Linux arm64](https://get.helm.sh/helm-v3.11.0-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.0-linux-arm64.tar.gz.sha256sum) / 57d36ff801ce8c0201ce9917c5a2d3b4da33e5d4ea154320962c7d6fb13e1f2c) - [Linux i386](https://get.helm.sh/helm-v3.11.0-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.0-linux-386.tar.gz.sha256sum) / fad897763f3b965bc4d75c8f95748ebc0330a5859d9ea170a4885571facacdb1) - [Linux ppc64le](https://get.helm.sh/helm-v3.11.0-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.0-linux-ppc64le.tar.gz.sha256sum) / 6481a51095f408773212ab53edc2ead8a70e39eba67c2491e11c4229a251f9b5) - [Linux s390x](https://get.helm.sh/helm-v3.11.0-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.11.0-linux-s390x.tar.gz.sha256sum) / 3c420f13d12ca9e7302715d40a00466a145a2dff7f14714e11a5aeadb1d67919) - [Windows amd64](https://get.helm.sh/helm-v3.11.0-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.11.0-windows-amd64.zip.sha256sum) / 55477fa4295fb3043835397a19e99a138bb4859fbe7cd2d099de28df9d8786f1) This release was signed with ` F126 1BDE 9290 12C8 FF2E 501D 6EA5 D759 8529 A53E ` and can be found at [@hickeyma](https://togithub.com/hickeyma) [keybase account](https://keybase.io/hickeyma). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.11.1 is the next patch/bug fix release and will be on February 08, 2023. - 3.12.0 is the next feature release and be on May 10, 2023. #### Changelog - Fix improper use of Table request/response to k8s API [`472c573`](https://togithub.com/helm/helm/commit/472c5736ab01133de504a826bd9ee12cbe4e7904) (Matt Farina) - Check status code before retrying request [`ee1ec6e`](https://togithub.com/helm/helm/commit/ee1ec6e432fe3b1943a291e59990becb5fe046ae) (Cenk Alti) - bump version to v3.11.0 [`9d8fee1`](https://togithub.com/helm/helm/commit/9d8fee155bd7e7d3c1390f4076d9271a1147dce5) (Matt Farina) - Bump containerd to 1.6.15, oras-go to 1.2.2 and image-spec to v1.1.0-rc2 [`017785a`](https://togithub.com/helm/helm/commit/017785a2f1104eb4299f8d31feb550c213350f13) (Luca Comellini) - change linting error messages for null values in arrays [`6a5f240`](https://togithub.com/helm/helm/commit/6a5f240e9a22cf5ef3a889764079873a9cd537a4) (Daniel Strobusch) - Fix after CR [`3d81ea2`](https://togithub.com/helm/helm/commit/3d81ea22ac74e667b98a26eb80a5d427d75f7009) (Jakub Warczarek) - Trigger CI [`f46ff13`](https://togithub.com/helm/helm/commit/f46ff131c2ca169d25f9b8f8d550f6c320b48048) (Jakub Warczarek) - Add test for User-Agent header setting and refactor [`553f1e3`](https://togithub.com/helm/helm/commit/553f1e34f54ce4c75ee10b53c441063d6303db3c) (Jakub Warczarek) - Fix User-Agent header in requests made by Helm [`2fa7b3d`](https://togithub.com/helm/helm/commit/2fa7b3d1b7a289690ccc2c820b3329c6b07a1458) (Jakub Warczarek) - Bump k8s.io deps to v0.26.0 [`1fc2a6a`](https://togithub.com/helm/helm/commit/1fc2a6a39ccedd9d11c9839853a95d28ca35294f) (Luca Comellini) - fix adopted resource not replaced [`3181c7d`](https://togithub.com/helm/helm/commit/3181c7ddadd2271d67a457522abc13410929b64c) (Vaibhav Sharma) - chore(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 [`8774890`](https://togithub.com/helm/helm/commit/8774890e7edadbab88f35e6536393cf791b183f0) (dependabot\[bot]) - Resolve conflicts for go.mod and go.sum [`6c76abb`](https://togithub.com/helm/helm/commit/6c76abb3df72df415dd54b9a09ce26fcee8fad95) (Soujanya Mangipudi) - Fix backwards compatibility [`b6fef6c`](https://togithub.com/helm/helm/commit/b6fef6c4665130644acf7742040ebd46f9cc957c) (Martin Hickey) - docs: add docs for cli/values.Options [`0fdfe05`](https://togithub.com/helm/helm/commit/0fdfe0584437112e11fdfa6775625451442f6c91) (Zuhair AlSader) - Update chartrepo.go [`c8890e9`](https://togithub.com/helm/helm/commit/c8890e971e50a305dc8a83029fa882ee255007b2) (caixisheng) - chore(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 [`b307d0f`](https://togithub.com/helm/helm/commit/b307d0fbeb42fe890450d8d3de2291817ad9b4cb) (dependabot\[bot]) - bump sprig version 3.2.3 [`fda1a0b`](https://togithub.com/helm/helm/commit/fda1a0b10a87845b3cbe58434089f0def4220f53) (yxxhero) - Update string handling [`a59e584`](https://togithub.com/helm/helm/commit/a59e58468430bf9b454426ff22f5f367185b7d77) (Martin Hickey) - Update repo handling [`256e976`](https://togithub.com/helm/helm/commit/256e976331db4b7335ef721e411e7b59c5317ccb) (Martin Hickey) - improve error message on plugin install [`965f859`](https://togithub.com/helm/helm/commit/965f8591e7eab685186626bf7e64b4c24b384c39) (Philipp Stehle) - harmonize URL reference resolving [`dfb25e1`](https://togithub.com/helm/helm/commit/dfb25e13deba70eafe607748cd83bdda5409d245) (Philipp Stehle) - Update logic of non-git situation just to print warning logs [`0ebd620`](https://togithub.com/helm/helm/commit/0ebd6202d8fb1fb334a7670896d6a97cc736688c) (Wonyeong Choi) - Add a flag var to check git is installed or not [`c027014`](https://togithub.com/helm/helm/commit/c0270140197f459979ff21a618729afb844a854a) (Wonyeong Choi) - Add support for CSVs in template --api-versions arg [`5aa316e`](https://togithub.com/helm/helm/commit/5aa316e1eec883878262a01f36a7fcf6ffd7f641) (Ryan Drew) - update .golangci for go1.18 [`61374f6`](https://togithub.com/helm/helm/commit/61374f655467485673dd87a8c0cbe871d4f28175) (yanggang) - redirect registry client output to stderr [`1535ad5`](https://togithub.com/helm/helm/commit/1535ad56716d21a8b5fc93354a9ac91ba9d696ab) (Cyril Jouve) - chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.1 [`b3afe43`](https://togithub.com/helm/helm/commit/b3afe432784baf5300b876b9d03456d256f93574) (dependabot\[bot]) - Readiness & liveness probes correct port [`9d027ea`](https://togithub.com/helm/helm/commit/9d027eaac894e1793c663448cfd494bcc21c759f) (Peter Leong) - Update schema validation handling [`775af2a`](https://togithub.com/helm/helm/commit/775af2a0ceadef1bc8f627cdb70fadb3c69b8d86) (Martin Hickey) - fix a few function names on comments [`09d3f31`](https://togithub.com/helm/helm/commit/09d3f31358882970d02018bd84bcbcd28b47f986) (cui fliter) - use intstr.GetScaledValueFromIntOrPercent instead of the deprecated [`9d59d92`](https://togithub.com/helm/helm/commit/9d59d92abb462d6f59b77ee1099b18067e561932) (Qifan Shen) - Updating the deb location for azure cli [`70a3df4`](https://togithub.com/helm/helm/commit/70a3df49d702e23ad29367783a5655350be90265) (Matt Farina) - retry http request on temporary errors [`b5378b3`](https://togithub.com/helm/helm/commit/b5378b3a5dd435e5c364ac0cfa717112ad686bd0) (Cenk Alti) - Revert "Tolerate temporary errors from etcdserver" [`d32c623`](https://togithub.com/helm/helm/commit/d32c623699de24ac49653a6ec561485ce122d530) (Cenk Alti) - Updating the repo the azure cli is installed from [`9fbf1b3`](https://togithub.com/helm/helm/commit/9fbf1b34d5aa34c5774b56247ddd9ae96145f767) (Matt Farina) - Updating to kubernetes 1.25.2 packages [`221b0f5`](https://togithub.com/helm/helm/commit/221b0f54c912ce5d9dbb5eb5b10b62f411e2589b) (Matt Farina) - Allow CGO_ENABLED to be overridden for build [`6f6c0d8`](https://togithub.com/helm/helm/commit/6f6c0d831d69a133c4100a79838c57bcb4d551d4) (Joe Julian) - chore(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 [`98077dd`](https://togithub.com/helm/helm/commit/98077dd340ebcbf8c2271b5fd8f8c831dea82a88) (dependabot\[bot]) - chore(deps): bump github.com/lib/pq from 1.10.6 to 1.10.7 [`bfd1890`](https://togithub.com/helm/helm/commit/bfd189000e95ff67e226dc434bdcecc2a5a3351d) (dependabot\[bot]) - chore(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0 [`1478a09`](https://togithub.com/helm/helm/commit/1478a098f1619fd5d3372252f2e1caf3a260a50d) (dependabot\[bot]) - chore(deps): bump github.com/rubenv/sql-migrate from 1.1.2 to 1.2.0 [`4376d2f`](https://togithub.com/helm/helm/commit/4376d2fa85a6be10d12dc2b6e6d5377b6e675b78) (dependabot\[bot]) - Tolerate temporary errors from etcdserver [`ebc79fa`](https://togithub.com/helm/helm/commit/ebc79fa807f29b984e090f0071b640f7347937cf) (Davanum Srinivas) - update: Optimize the error message [`4fcec24`](https://togithub.com/helm/helm/commit/4fcec24d15c616011fb2d7c22c3dd0024bb9e41b) (wujunwei) - add nil judge for dependency , maintainers validate and some testcase. [`a7a1117`](https://togithub.com/helm/helm/commit/a7a11173271e5721078994647caf856489dfd929) (wujunwei) - Fix code style [`ae828ce`](https://togithub.com/helm/helm/commit/ae828ce0ee0f0ad48482cc9fd773c28b137dd23d) (Martin Hickey) - bump version to v3.10.0 [`cd809f9`](https://togithub.com/helm/helm/commit/cd809f9b1953a180de6f532c0ad19c625afa7ced) (Matt Farina) - Addressing review comments - move printing code out of client.go [`ffa19a4`](https://togithub.com/helm/helm/commit/ffa19a4b5d836283a91a4c16f8b81e734a973afc) (Soujanya Mangipudi) - Addressing review comments: Extend Interface with new InterfaceResources to avoid breaking changes Move change to staus command behind --show-resources flag [`20e3577`](https://togithub.com/helm/helm/commit/20e35775439c699bdd5c8fdc228ebe57a4b9c002) (Soujanya Mangipudi) - feat(helm): Supporting helm3 to show up resource names that were deployed as part of release in helm status command [`9d5be80`](https://togithub.com/helm/helm/commit/9d5be803bc0d408944f6b30c98a05c4026abc6e2) (Soujanya Mangipudi) - During deletion, explicitly log already deleted resource name. [`b7c35d2`](https://togithub.com/helm/helm/commit/b7c35d2a0f2ba8920cbae41dab5b054ac6e61c53) (Marcin Owsiany) - fix: add cases.NoLower option for we can get same effect to strings.Title [`f0037e5`](https://togithub.com/helm/helm/commit/f0037e5ef6bb118dbcd6e26497014b97436888d6) (wujunwei) - one defer [`3b19dde`](https://togithub.com/helm/helm/commit/3b19ddeb56fae17a1d176130702ae5b779b20460) (CI) - don't change r.CachePath [`781ddba`](https://togithub.com/helm/helm/commit/781ddba690afa20c80f443a121c3134f668dc43a) (CI) - avoid adding new public function [`cd76fcd`](https://togithub.com/helm/helm/commit/cd76fcd80557490d2f2ee1204b1bdbf78c738ec9) (CI) - fix tests [`32a41fc`](https://togithub.com/helm/helm/commit/32a41fcfac9ca1b4f4997a6660bacba9a01a9d45) (CI) - fix: clean up temp files in FindChartInAuthAndTLSAndPassRepoURL ([#11171](https://togithub.com/helm/helm/issues/11171)) [`24fa3d9`](https://togithub.com/helm/helm/commit/24fa3d910d774b9d7f40f1fc8002bc1fb55565ca) (CI) - Fix URL with encoded path support for ChartDownloader [`d9e5bbc`](https://togithub.com/helm/helm/commit/d9e5bbc09d4d44660fe20df41ce3b567f0336f85) (Mathieu Parent) ### [`v3.10.3`](https://togithub.com/helm/helm/releases/tag/v3.10.3): Helm v3.10.3 [Compare Source](https://togithub.com/helm/helm/compare/v3.10.2...v3.10.3) #### v3.10.3 Helm v3.10.3 is a security (patch) release. Users are strongly recommended to update to this release. While fuzz testing Helm, provided by the CNCF: - a possible stack overflow was discovered with the *strvals* package. Stack overflow cannot be recovered from in Go. This can potentially be used to produce a denial of service (DOS) for SDK users. More details are available in [the advisory](https://togithub.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r). - a possible segmentation violation was discovered with the *repo* package. Some segmentation violations cannot be recovered from in Go. This can potentially be used to produce a denial of service (DOS) for SDK users. More details are available in [the advisory](https://togithub.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q). - a possible segmentation violation was discovered with the *chartutil* package. This can potentially be used to produce a denial of service (DOS) for SDK users. More details are available in [the advisory](https://togithub.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33) The community keeps growing, and we'd love to see you there! - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com): - for questions and just to hang out - for discussing PRs, code, and bugs - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622) - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0) #### Installation and Upgrading Download Helm v3.10.3. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.10.3-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.3-darwin-amd64.tar.gz.sha256sum) / 77a94ebd37eab4d14aceaf30a372348917830358430fcd7e09761eed69f08be5) - [MacOS arm64](https://get.helm.sh/helm-v3.10.3-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.3-darwin-arm64.tar.gz.sha256sum) / 4f3490654349d6fee8d4055862efdaaf9422eca1ffd2a15393394fd948ae3377) - [Linux amd64](https://get.helm.sh/helm-v3.10.3-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.3-linux-amd64.tar.gz.sha256sum) / 950439759ece902157cf915b209b8d694e6f675eaab5099fb7894f30eeaee9a2) - [Linux arm](https://get.helm.sh/helm-v3.10.3-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.3-linux-arm.tar.gz.sha256sum) / dca718eb68c72c51fc7157c4c2ebc8ce7ac79b95fc9355c5427ded99e913ec4c) - [Linux arm64](https://get.helm.sh/helm-v3.10.3-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.3-linux-arm64.tar.gz.sha256sum) / 260cda5ff2ed5d01dd0fd6e7e09bc80126e00d8bdc55f3269d05129e32f6f99d) - [Linux i386](https://get.helm.sh/helm-v3.10.3-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.3-linux-386.tar.gz.sha256sum) / 592e98a492cb782aa7cd67e9afad76e51cd68f5160367600fe542c2d96aa0ad4) - [Linux ppc64le](https://get.helm.sh/helm-v3.10.3-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.3-linux-ppc64le.tar.gz.sha256sum) / 93cdf398abc68e388d1b46d49d8e1197544930ecd3e81cc58d0a87a4579d60ed) - [Linux s390x](https://get.helm.sh/helm-v3.10.3-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.3-linux-s390x.tar.gz.sha256sum) / 6cfa0b9078221f980ef400dc40c95eb71be81d14fdf247ca55efedb068e1d4fa) - [Windows amd64](https://get.helm.sh/helm-v3.10.3-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.10.3-windows-amd64.zip.sha256sum) / 5d97aa26830c1cd6c520815255882f148040587fd7cdddb61ef66e4c081566e0) This release was signed with ` F126 1BDE 9290 12C8 FF2E 501D 6EA5 D759 8529 A53E ` and can be found at [@hickeyma](https://togithub.com/hickeyma) [keybase account](https://keybase.io/hickeyma). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.11.0 is the next feature release and will be on January 18, 2023. #### Changelog - Fix backwards compatibility [`835b733`](https://togithub.com/helm/helm/commit/835b7334cfe2e5e27870ab3ed4135f136eecc704) (Martin Hickey) - Update string handling [`3caf8b5`](https://togithub.com/helm/helm/commit/3caf8b586b47e838e492f9ec05396bf8c5851b92) (Martin Hickey) - Update repo handling [`7c0e203`](https://togithub.com/helm/helm/commit/7c0e203529d4b9d51c5fe57c9e0bd9df1bd95ab4) (Martin Hickey) - Update schema validation handling [`f4b9322`](https://togithub.com/helm/helm/commit/f4b93226c6066e009a5162d0b08debbf3d82a67f) (Martin Hickey) ### [`v3.10.2`](https://togithub.com/helm/helm/releases/tag/v3.10.2): Helm v3.10.2 [Compare Source](https://togithub.com/helm/helm/compare/v3.10.1...v3.10.2) Helm v3.10.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience. The community keeps growing, and we'd love to see you there! - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com): - for questions and just to hang out - for discussing PRs, code, and bugs - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622) - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0) #### Installation and Upgrading Download Helm v3.10.2. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.10.2-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-darwin-amd64.tar.gz.sha256sum) / e889960e4c1d7e2dfdb91b102becfaf22700cb86dc3e3553d9bebd7bab5a3803) - [MacOS arm64](https://get.helm.sh/helm-v3.10.2-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-darwin-arm64.tar.gz.sha256sum) / 460441eea1764ca438e29fa0e38aa0d2607402f753cb656a4ab0da9223eda494) - [Linux amd64](https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz.sha256sum) / 2315941a13291c277dac9f65e75ead56386440d3907e0540bf157ae70f188347) - [Linux arm](https://get.helm.sh/helm-v3.10.2-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-arm.tar.gz.sha256sum) / 25af344f46348958baa1c758cdf3b204ede3ddc483be1171ed3738d47efd0aae) - [Linux arm64](https://get.helm.sh/helm-v3.10.2-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-arm64.tar.gz.sha256sum) / 57fa17b6bb040a3788116557a72579f2180ea9620b4ee8a9b7244e5901df02e4) - [Linux i386](https://get.helm.sh/helm-v3.10.2-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-386.tar.gz.sha256sum) / ac9cbef2ec1237e2723ee8d3a92d1c4525a2da7cecc11336ba67de9bb6b473f0) - [Linux ppc64le](https://get.helm.sh/helm-v3.10.2-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-ppc64le.tar.gz.sha256sum) / 53a578b84155d31c3e62dd93a88586b75e876dae82c7912c895ee5a574fa6209) - [Linux s390x](https://get.helm.sh/helm-v3.10.2-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-s390x.tar.gz.sha256sum) / 33cb4a3382bea6bcd7eb7f385dd08941bdc84d0020345951eb467fbc8f5ccb60) - [Windows amd64](https://get.helm.sh/helm-v3.10.2-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.10.2-windows-amd64.zip.sha256sum) / f1a3190adecc26270bbef4f3ab2d1a56509f9d8df95413cdd6e3151f6f367862) This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.10.3 will contain only bug fixes and be released on December 14, 2022 - 3.11.0 is the next feature releaseand be released on January 18, 2023 #### Changelog - fix a few function names on comments [`50f003e`](https://togithub.com/helm/helm/commit/50f003e5ee8704ec937a756c646870227d7c8b58) (cui fliter) - redirect registry client output to stderr [`c3a62f7`](https://togithub.com/helm/helm/commit/c3a62f7880be8bdc904f2d54c4b0c16a86ec204c) (Cyril Jouve) - Readiness & liveness probes correct port [`727bdf1`](https://togithub.com/helm/helm/commit/727bdf1813df73073d5a8eba4581201ef6518f93) (Peter Leong) ### [`v3.10.1`](https://togithub.com/helm/helm/releases/tag/v3.10.1): Helm 3.10.1 [Compare Source](https://togithub.com/helm/helm/compare/v3.10.0...v3.10.1) Helm v3.10.1 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience. The community keeps growing, and we'd love to see you there! - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com): - for questions and just to hang out - for discussing PRs, code, and bugs - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622) - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0) #### Installation and Upgrading Download Helm v3.10.1. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.10.1-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.1-darwin-amd64.tar.gz.sha256sum) / e7f2db0df45a5011c1df8c82efde1e306a93a31eba4696d27cd751917e549ac6) - [MacOS arm64](https://get.helm.sh/helm-v3.10.1-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.1-darwin-arm64.tar.gz.sha256sum) / 28a079a61c393d125c5d5e1a8e20a04b72c709ccfa8e7822f3f17bb1ad2bbc22) - [Linux amd64](https://get.helm.sh/helm-v3.10.1-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.1-linux-amd64.tar.gz.sha256sum) / c12d2cd638f2d066fec123d0bd7f010f32c643afdf288d39a4610b1f9cb32af3) - [Linux arm](https://get.helm.sh/helm-v3.10.1-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.1-linux-arm.tar.gz.sha256sum) / 309f56a35185023262b4f20f7315d4e60854b517243444b34f5a458c81b33009) - [Linux arm64](https://get.helm.sh/helm-v3.10.1-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.1-linux-arm64.tar.gz.sha256sum) / d04b38d439ab8655abb4cb9ccc1efa8a3fe95f3f68af46d9137c6b7985491833) - [Linux i386](https://get.helm.sh/helm-v3.10.1-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.1-linux-386.tar.gz.sha256sum) / fb75a02d8a6e9ba6dd458f47dc0771a0f15c1842b6f6e2928c9136e676657993) - [Linux ppc64le](https://get.helm.sh/helm-v3.10.1-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.1-linux-ppc64le.tar.gz.sha256sum) / 855ab37613b393c68d50b4355273df2322f27db08b1deca8807bac80343a8a64) - [Linux s390x](https://get.helm.sh/helm-v3.10.1-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.1-linux-s390x.tar.gz.sha256sum) / e51220b4582a3cad4b45330c96e1b0408d33e25f90a9e66b06649903acf1bed1) - [Windows amd64](https://get.helm.sh/helm-v3.10.1-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.10.1-windows-amd64.zip.sha256sum) / 4c6f89f005a86665e3e90c28d36446434945594aac960a8d5a2d1c4fb1e53522) This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.10.2 will contain only bug fixes and be released on November 9, 2022 - 3.11.1 is the next feature releaseand be released on January 18, 2023 #### Changelog - Updating the deb location for azure cli [`9f88ccb`](https://togithub.com/helm/helm/commit/9f88ccb6aee40b9a0535fcc7efea6055e1ef72c9) (Matt Farina) - Updating the repo the azure cli is installed from [`a59afc4`](https://togithub.com/helm/helm/commit/a59afc47d6c6b7946f5734bb51a7d1cf2599a0c1) (Matt Farina) - Updating to kubernetes 1.25.2 packages [`35af809`](https://togithub.com/helm/helm/commit/35af809b4db460a8834b05d78a58eddcfc236558) (Matt Farina) - one defer [`97780c7`](https://togithub.com/helm/helm/commit/97780c7ecc85dcb8e7ba302d50403152b2502ce6) (CI) - don't change r.CachePath [`9f61b0a`](https://togithub.com/helm/helm/commit/9f61b0a6bd8686a0c509ec0bd4ec4e449d930c19) (CI) - avoid adding new public function [`75a1369`](https://togithub.com/helm/helm/commit/75a1369794499daa7223271996781cadaf2c1adf) (CI) - fix tests [`959acd8`](https://togithub.com/helm/helm/commit/959acd8a1da38d33b5069f083a040fa237c04bfd) (CI) - fix: clean up temp files in FindChartInAuthAndTLSAndPassRepoURL ([#11171](https://togithub.com/helm/helm/issues/11171)) [`f6830f7`](https://togithub.com/helm/helm/commit/f6830f7b0ab91909454fbdc476b4e760d6525abc) (CI) - Allow CGO_ENABLED to be overridden for build [`9140924`](https://togithub.com/helm/helm/commit/91409241993efe6032e078d73f95163f0dc550bc) (Joe Julian) - update: Optimize the error message [`23ff142`](https://togithub.com/helm/helm/commit/23ff142d8b078287c3191260a10972699bf741a8) (wujunwei) - add nil judge for dependency , maintainers validate and some testcase. [`f22e260`](https://togithub.com/helm/helm/commit/f22e26085ca44eef41f9c080374fcc056dd73cbb) (wujunwei) - Fix URL with encoded path support for ChartDownloader [`4e07531`](https://togithub.com/helm/helm/commit/4e075315f81311372568d73f2c929577d10c0de2) (Mathieu Parent) - fix: add cases.NoLower option for we can get same effect to strings.Title [`4844431`](https://togithub.com/helm/helm/commit/48444319694a4b6110541ef7bfea9a8627c1aa39) (wujunwei) - Tolerate temporary errors from etcdserver [`802a229`](https://togithub.com/helm/helm/commit/802a22903b9666aaba73a6e58602f4ff0dc9cf01) (Davanum Srinivas) ### [`v3.10.0`](https://togithub.com/helm/helm/releases/tag/v3.10.0): Helm 3.10.0 [Compare Source](https://togithub.com/helm/helm/compare/v3.9.4...v3.10.0) Helm v3.10.0 is a feature release. Users are encouraged to upgrade for the best experience. The community keeps growing, and we'd love to see you there! - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com): - for questions and just to hang out - for discussing PRs, code, and bugs - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622) - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0) #### Notable Changes - Added --set-json flag to set json values. - Added support `helm list --no-headers` - Added --burst-limit option for client-side throttling limit configuration #### Installation and Upgrading Download Helm v3.10.0. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.10.0-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.0-darwin-amd64.tar.gz.sha256sum) / 1e7fd528482ac2ef2d79fe300724b3e07ff6f846a2a9b0b0fe6f5fa05691786b) - [MacOS arm64](https://get.helm.sh/helm-v3.10.0-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.0-darwin-arm64.tar.gz.sha256sum) / f7f6558ebc8211824032a7fdcf0d55ad064cb33ec1eeec3d18057b9fe2e04dbe) - [Linux amd64](https://get.helm.sh/helm-v3.10.0-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.0-linux-amd64.tar.gz.sha256sum) / bf56beb418bb529b5e0d6d43d56654c5a03f89c98400b409d1013a33d9586474) - [Linux arm](https://get.helm.sh/helm-v3.10.0-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.0-linux-arm.tar.gz.sha256sum) / 1f756a2ea800dafb92fb77acc016220fdedee2be07630befd5ffd1410062b39c) - [Linux arm64](https://get.helm.sh/helm-v3.10.0-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.0-linux-arm64.tar.gz.sha256sum) / 3b72f5f8a60772fb156d0a4ab93272e8da7ef4d18e6421a7020d7c019f521fc1) - [Linux i386](https://get.helm.sh/helm-v3.10.0-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.0-linux-386.tar.gz.sha256sum) / 423159a7f49f1719dab78f78113ac5d8deae21f99491e79984c6363ae668428d) - [Linux ppc64le](https://get.helm.sh/helm-v3.10.0-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.0-linux-ppc64le.tar.gz.sha256sum) / 90f49ef742bf36480b46073a11ca4244670e74f530bf507b488180fbf7334ef3) - [Linux s390x](https://get.helm.sh/helm-v3.10.0-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.0-linux-s390x.tar.gz.sha256sum) / f80733880529148c80f864cdb2d83ef26401b83176b8f4744ecddf4589cb4991) - [Windows amd64](https://get.helm.sh/helm-v3.10.0-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.10.0-windows-amd64.zip.sha256sum) / 9d841d55eb7cd6e07be0364bbfa85bceca7e184d50b43b13d20f044403937309) This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.10.1 will contain only bug fixes and be released on October 12, 2022. - 3.11.0 is the next feature release and will be released on January 18, 2023 #### Changelog - bump version to v3.10.0 [`ce66412`](https://togithub.com/helm/helm/commit/ce66412a723e4d89555dc67217607c6579ffcb21) (Matt Farina) - Updating to Kubernetes 1.25 client libs [`2108a23`](https://togithub.com/helm/helm/commit/2108a23d347f238ce451c0014b9907963f2153ae) (Matt Farina) - Updating the certificates used for testing [`7cbec35`](https://togithub.com/helm/helm/commit/7cbec356b4221239ecd4754d9f2c224fc3020e0d) (Matt Farina) - Updating index handling [`225f8d7`](https://togithub.com/helm/helm/commit/225f8d7732aba378378e7507655157b1d26cd514) (Matt Farina) - Drop direct github.com/docker/docker dependency [`ea5365a`](https://togithub.com/helm/helm/commit/ea5365a3d10a5377f1515f3377fdf20e538168c2) (Mikhail Mazurskiy) - fix special string in the filename [`ece46c1`](https://togithub.com/helm/helm/commit/ece46c1d3a44e5f90cca0cbb96ae302dc47885cb) (d-d-up) - chore: add oci install description [`d1c0b7e`](https://togithub.com/helm/helm/commit/d1c0b7e0d099a75512f57ee83ee582d2d1da69c0) (longkai) - Fixing x509 test on darwin [`b3aa0b4`](https://togithub.com/helm/helm/commit/b3aa0b4118c20cc63d3da011199a346b9c92b386) (Matt Farina) - Bump k8s.io/kube-openapi to fix CVE-2022-1996 in github.com/emicklei/go-restful [`1e0f8a4`](https://togithub.com/helm/helm/commit/1e0f8a4ee9991d1244b8576021011ef45982e955) (Guilherme Macedo) - fixes [#11142](https://togithub.com/helm/helm/issues/11142) missing array length check on release [`b9f347a`](https://togithub.com/helm/helm/commit/b9f347a574851d01f058663d7b65a108b9f980bc) (Arvid E. Picciani) - chore(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 [`0c9de28`](https://togithub.com/helm/helm/commit/0c9de28b581f71ff1edbc336550860b05e594c63) (dependabot\[bot]) - Upgrading to Kubernetes 1.24.2 [`211bd2b`](https://togithub.com/helm/helm/commit/211bd2b60a79dd6a8b4b79623c3df7bfa7b0f7e4) (Martin Hickey) - Bump Oras to 1.2.0 [`51e6c8e`](https://togithub.com/helm/helm/commit/51e6c8e4e024486b6de1fb248119b46f020db9af) (Martin Hickey) - fix: use `go install` instead of `go get` [`aa6e82b`](https://togithub.com/helm/helm/commit/aa6e82bac8db0b50766c03276dd0fed1bba6208c) (Matthew Fisher) - bump Go 1.18 [`39b0a82`](https://togithub.com/helm/helm/commit/39b0a82365a70d0a100783e1735a480e1aefcbc0) (yxxhero) - fix: improve logging & safety of statefulSetReady [`7c74f1d`](https://togithub.com/helm/helm/commit/7c74f1dd027709156c3345e1965693f04b8dd9ac) (Dominic Evans) - make token caching an opt in feature [`42a04c7`](https://togithub.com/helm/helm/commit/42a04c76a48e6cdbd19debf042b2c9df34cf9ac6) (Soule BA) - chore(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 [`0acd81b`](https://togithub.com/helm/helm/commit/0acd81b43e95cc239e20f5bd6dcfaeb33dae8dc1) (dependabot\[bot]) - chore(deps): bump github.com/rubenv/sql-migrate from 1.1.1 to 1.1.2 [`ccc104a`](https://togithub.com/helm/helm/commit/ccc104a208bfd612cee57b891dc71435d1c6434d) (dependabot\[bot]) - chore(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0 ([#11075](https://togithub.com/helm/helm/issues/11075)) [`3ff331f`](https://togithub.com/helm/helm/commit/3ff331fb14a998fd6c953bfb684337d8720f96ba) (dependabot\[bot]) - chore(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.4 [`994d786`](https://togithub.com/helm/helm/commit/994d78651176832c1d146291cabbd2ea8caf494f) (dependabot\[bot]) - Upgrading to Kubernetes 1.24.1 packages [`5ef01c2`](https://togithub.com/helm/helm/commit/5ef01c2714586dce761be5004f6752122044b1e1) (Matt Farina) - chore(deps): bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3 [`fe2a66c`](https://togithub.com/helm/helm/commit/fe2a66c63c92f260c521b364800edab4e193a388) (dependabot\[bot]) - feat(\*): add flags/env for kube api tls overrides [`687852e`](https://togithub.com/helm/helm/commit/687852e4feb50749eb64616e47446f1623e6d736) (Justen Walker) - Add --burst-limit option for client-side throttling limit configuration ([#10842](https://togithub.com/helm/helm/issues/10842)) [`823d929`](https://togithub.com/helm/helm/commit/823d92942119dfa07fd763bf6306bd67686811a8) (Igor Sutton) - chore(deps): bump github.com/lib/pq from 1.10.5 to 1.10.6 [`f3cfd4f`](https://togithub.com/helm/helm/commit/f3cfd4f6cc7ac0712f19c1767b1962c98e2bb3d7) (dependabot\[bot]) - chore(deps): bump oras.land/oras-go from 1.1.0 to 1.1.1 [`a3bb2f7`](https://togithub.com/helm/helm/commit/a3bb2f71e09e64ecd3a7814e5043b730fc42966a) (dependabot\[bot]) - chore(deps): bump github.com/evanphx/json-patch [`606633c`](https://togithub.com/helm/helm/commit/606633cc5e831532a093ec893a09fff325f1b3a9) (dependabot\[bot]) - Bump github.com/lib/pq from 1.10.4 to 1.10.5 [`ede591f`](https://togithub.com/helm/helm/commit/ede591f65d389e285ce6a61de894346c21f3418e) (dependabot\[bot]) - build(deps): bump github.com/containerd/containerd from 1.6.3 to 1.6.4 [`8b69048`](https://togithub.com/helm/helm/commit/8b6904869a48118291a406b90bd98a01e12237ba) (dependabot\[bot]) - build(deps): bump github.com/docker/docker [`67ed6e2`](https://togithub.com/helm/helm/commit/67ed6e29991ef390e6e822491b52d4cbb3071e11) (dependabot\[bot]) - bump version to v3.9.0 [`1db28a2`](https://togithub.com/helm/helm/commit/1db28a2311bd4893d39679de708e5a77a751c4d2) (Matt Farina) - build(deps): bump github.com/jmoiron/sqlx from 1.3.4 to 1.3.5 [`43aa313`](https://togithub.com/helm/helm/commit/43aa3132ff97ff4905397846715079ad68e0e2b6) (dependabot\[bot]) - Bump github.com/BurntSushi/toml from 1.0.0 to 1.1.0 [`aafc920`](https://togithub.com/helm/helm/commit/aafc920185be5024e66ddef17e69e385ba4122fb) (dependabot\[bot]) - Fixed helm uninstall not deleting the resource. [`fe00c92`](https://togithub.com/helm/helm/commit/fe00c9296d50acc490dd08cd95eb014d37409716) (Mayank Thakur) - Fix UT [`d8c0e01`](https://togithub.com/helm/helm/commit/d8c0e01132705b427d27835f9d3e2e8bb3e4da22) (stan-sz) - Fix linter [`6c55d9e`](https://togithub.com/helm/helm/commit/6c55d9e3e9f45afd576a9480fcad88d7d9d12ef5) (stan-sz) - Update install.go [`a7e4ae7`](https://togithub.com/helm/helm/commit/a7e4ae752af018b357f551c653c2b39bc5720313) (stan-sz) - Log error message on failed download [`660e4ff`](https://togithub.com/helm/helm/commit/660e4ffe7aae8d33dfe869d01ae75156662365ac) (stan-sz) - Add support `helm list --no-headers` [`d76f86b`](https://togithub.com/helm/helm/commit/d76f86b01ccf734a134c99a6823bd435eb4401d8) (suzaku) - update go.mod [`d20c954`](https://togithub.com/helm/helm/commit/d20c954819e77243e36528f268873d09097925d5) (yxxhero) - fix --registry-config issue [`9f199b6`](https://togithub.com/helm/helm/commit/9f199b6517c21394bca555983c70fc232d65014c) (yxxhero) - feat: add --set-json flag to set json values. [`11e7d0c`](https://togithub.com/helm/helm/commit/11e7d0cd73fb924d3347228c68d10ccdb123b6c6) (Luca Di Rocco) - fix(helm): ignore file-not-found error for `helm repo list -o json` [`94779dc`](https://togithub.com/helm/helm/commit/94779dc99f266adde81882412ee944072da3b136) (Teo Klestrup Röijezon) ### [`v3.9.4`](https://togithub.com/helm/helm/releases/tag/v3.9.4): Helm 3.9.4 [Compare Source](https://togithub.com/helm/helm/compare/v3.9.3...v3.9.4) Helm v3.9.4 is a security (patch) release. Users are strongly recommended to update to this release. While fuzz testing Helm, provided by the CNCF, a possible out of memory panic was discovered with the *strvals* package. Out of memory panics cannot be recovered from in Go. This can potentially be used to produce a denial of service (DOS). More details are available in [the advisory](https://togithub.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh). The community keeps growing, and we'd love to see you there! - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com): - for questions and just to hang out - for discussing PRs, code, and bugs - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622) - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0) #### Installation and Upgrading Download Helm v3.9.4. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.9.4-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.4-darwin-amd64.tar.gz.sha256sum) / fe5930feca6fd1bd2c57df01c1f381c6444d1c3d2b857526bf6cbfbd6bf906b4) - [MacOS arm64](https://get.helm.sh/helm-v3.9.4-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.4-darwin-arm64.tar.gz.sha256sum) / a73d91751153169781b3ab5b4702ba1a2631fc8242eba33828b5905870059312) - [Linux amd64](https://get.helm.sh/helm-v3.9.4-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.4-linux-amd64.tar.gz.sha256sum) / 31960ff2f76a7379d9bac526ddf889fb79241191f1dbe2a24f7864ddcb3f6560) - [Linux arm](https://get.helm.sh/helm-v3.9.4-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.4-linux-arm.tar.gz.sha256sum) / 18ce0f79dcd927fea5b714ca03299929dad05266192d4cde3de6b4c4d4544249) - [Linux arm64](https://get.helm.sh/helm-v3.9.4-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.4-linux-arm64.tar.gz.sha256sum) / d24163e466f7884c55079d1050968e80a05b633830047116cdfd8ae28d35b0c0) - [Linux i386](https://get.helm.sh/helm-v3.9.4-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.4-linux-386.tar.gz.sha256sum) / a37b0070e2f072050fdf4bd7430ffbe55390fee410eb0781cd01a0fe206eb963) - [Linux ppc64le](https://get.helm.sh/helm-v3.9.4-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.4-linux-ppc64le.tar.gz.sha256sum) / c63a951415c192397fda07c2f52aa60639b280920381c48d58be6803eb0c22f9) - [Linux s390x](https://get.helm.sh/helm-v3.9.4-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.4-linux-s390x.tar.gz.sha256sum) / 7fec97fa800d9bd981e2f42fb0908175db1f35da2d373a971ec7376fe4cb5451) - [Windows amd64](https://get.helm.sh/helm-v3.9.4-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.9.4-windows-amd64.zip.sha256sum) / 7cdc1342bc1863b6d5ce695fbef4d3b0d65c7c5bcef6ec6adf8fc9aa53821262) This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.10.0 is the next feature release and will be on September 14, 2022 ### [`v3.9.3`](https://togithub.com/helm/helm/releases/tag/v3.9.3): Helm 3.9.3 [Compare Source](https://togithub.com/helm/helm/compare/v3.9.2...v3.9.3) Helm v3.9.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience. The community keeps growing, and we'd love to see you there! - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com): - for questions and just to hang out - for discussing PRs, code, and bugs - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622) - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0) #### Installation and Upgrading Download Helm v3.9.3. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.9.3-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.3-darwin-amd64.tar.gz.sha256sum) / ca3d57bb68135fa45a7acc2612d472e8ad01b78f49eaca57490aefef74a61c95) - [MacOS arm64](https://get.helm.sh/helm-v3.9.3-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.3-darwin-arm64.tar.gz.sha256sum) / db20ee8758616e1d69e90aedc5eb940751888bdd2b031badf2080a05df4c9eb7) - [Linux amd64](https://get.helm.sh/helm-v3.9.3-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.3-linux-amd64.tar.gz.sha256sum) / 2d07360a9d93b18488f1ddb9de818b92ba738acbec6e1c66885a88703fa7b21c) - [Linux arm](https://get.helm.sh/helm-v3.9.3-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.3-linux-arm.tar.gz.sha256sum) / 2b8cdb8064914ed1f1cd17f8366e68eab2f14e9fb0b2a0bac0f47fac7fbddf36) - [Linux arm64](https://get.helm.sh/helm-v3.9.3-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.3-linux-arm64.tar.gz.sha256sum) / 59168c08c32293759005d0c509ce4be9038d7663827e05564c779e59658d8299) - [Linux i386](https://get.helm.sh/helm-v3.9.3-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.3-linux-386.tar.gz.sha256sum) / 634a5dca59674cb77fb7a69d08cee00c9051505e81af1c1d3ea96e5f3de84dbc) - [Linux ppc64le](https://get.helm.sh/helm-v3.9.3-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.3-linux-ppc64le.tar.gz.sha256sum) / bf06f00a01e01a3ad011c0b70fbbb07db3e65f2134ed5e640a2a2832a4101f48) - [Linux s390x](https://get.helm.sh/helm-v3.9.3-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.9.3-linux-s390x.tar.gz.sha256sum) / 257a7373b380dc1fdb811030867c1483c511a5521bb1348fe59e97883582f9f3) - [Windows amd64](https://get.helm.sh/helm-v3.9.3-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.9.3-windows-amd64.zip.sha256sum) / cdd24727d233e620ce6e8ec21646a6218bde94cf3d5f24e9c4ae6a114939975d) This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.10.0 is the next feature release and will be on September 14, 2022 #### Changelog - Bump k8s.io/kube-openapi to fix CVE-2022-1996 in github.com/emicklei/go-restful [`414ff28`](https://togithub.com/helm/helm/commit/414ff28d4029ae8c8b05d62aa06c7fe3dee2bc58) (Guilherme Macedo) - fixes [#11142](https://togithub.com/helm/helm/issues/11142) missing array length check on release [`c801d88`](https://togithub.com/helm/helm/commit/c801d8876a6fc9c9a5bfa15f31892e16cd30c7bd) (Arvid E. Picciani) ### [`v3.9.2`](https://togithub.com/helm/helm/releases/tag/v3.9.2): Helm v3.9.2 [Compare Source](https://togithub.com/helm/helm/compare/v3.9.1...v3.9.2) Helm v3.9.2 is a patch release. This release is the same Helm source as v3.9.1. It is rebuilt on Go 1.17.12 which has numerous CVE fixes compared to the version of Go used to build Helm v3.9.1. The community keeps growing, and we'd love to see you there! - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com): - for questions and just to hang out - for discussing PRs, code, and bugs - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622) - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0) #### Installation and Upgrading Download Helm v3.9.2. The common platform binaries are here: - [MacOS amd64](https://get.hConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.