chore(deps): upgrade helm to 3.14.4

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes

https://argo-cd.readthedocs.io

Apache License 2.0

16.45k stars 4.97k forks source link

chore(deps): upgrade helm to 3.14.4 #18255

Closed 34fathombelow closed 2 weeks ago

34fathombelow commented 2 weeks ago

Resolves the following CVE's in the Helm binary:

Library	Vulnerability	Severity
github.com/docker/docker	CVE-2024-24557	MEDIUM/HIGH
google.golang.org/protobuf	CVE-2024-24786	MEDIUM
stdlib	CVE-2023-45288	HIGH
stdlib	CVE-2023-45289	Medium
stdlib	CVE-2023-45290	Medium
stdlib	CVE-2024-24783	Medium
stdlib	CVE-2024-24784	Medium
stdlib	CVE-2024-24785	Medium

Cherry-Pick needed for v2.11 & v2.10

34fathombelow commented 2 weeks ago

Any reason not to go straight to 3.15?

Yes, this is so we can cherry-pick the update without jumping minor versions. We don't necessarily want to backport minor version unless we are forced to.

34fathombelow commented 1 week ago

@pasha-codefresh @crenshaw-dev can we cherry-pick this back to v2.11 & v2.10 ?

pasha-codefresh commented 1 week ago

Lets do it on Wednesday, we have planned release on Tuesday

pasha-codefresh commented 1 week ago

@34fathombelow actually, we can, it should not cause conflicts for planned release

pasha-codefresh commented 1 week ago

/cherry-pick release-2.11

pasha-codefresh commented 1 week ago

/cherry-pick release-2.10