bump helm client to v0.12.10

NVIDIA / gpu-operator

NVIDIA GPU Operator creates/configures/manages GPUs atop Kubernetes

Apache License 2.0

1.77k stars 287 forks source link

bump helm client to v0.12.10 #788

Closed tariq1890 closed 3 months ago

tariq1890 commented 3 months ago

This fixes some CVEs that were found in the helm.sh/helm dependency

P.S: I am not sure why dependabot isn't raising PRs for most of the gpu-operator deps

cdesiniotis commented 3 months ago

P.S: I am not sure why dependabot isn't raising PRs for most of the gpu-operator deps

I believe dependabot is currently configured to only update our k8s.io dependencies:

    groups:
      k8sio:
        patterns:
          - k8s.io/*
        exclude-patterns:
          - k8s.io/klog/*

tariq1890 commented 3 months ago

@cdesiniotis I think that's only the group settings. The stanza however enables all of the go dep bumps. The same config works fine in the other repos