Skip to content

🌱 Update Builder Image group #320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cluster-stack-bot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🌱 Update Builder Image group #320

cluster-stack-bot wants to merge 1 commit into from
+10 −10

Conversation

@cluster-stack-bot
Copy link
Contributor

@cluster-stack-bot cluster-stack-bot bot commented Oct 1, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
adrienverge/yamllint minor v1.37.1 -> v1.38.0
docker.io/aquasec/trivy (source) stage minor 0.66.0 -> 0.68.2
docker.io/hadolint/hadolint stage minor v2.13.1-alpine -> v2.14.0-alpine
docker.io/library/alpine stage minor 3.22.1 -> 3.23.2
golangci/golangci-lint minor v2.4.0 -> v2.8.0
helm/helm major v3.19.0 -> v4.1.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

adrienverge/yamllint (adrienverge/yamllint)

v1.38.0

Compare Source

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.68.2

Compare Source

Changelog

v0.68.1

Compare Source

Bug Fixes
  • update cosing settings for GoReleaser after bumping cosing to v3 (#​9863) (c7accc8)

v0.67.2

Compare Source

Changelog

  • 60c57ad release: v0.67.2 [release/v0.67] (#​9639)
  • f3ee80c fix: Use fetch-level: 1 to check out trivy-repo in the release workflow [backport: release/v0.67] (#​9638)

v0.67.1

Compare Source

Changelog

  • cbed239 release: v0.67.1 [release/v0.67] (#​9614)
  • 1a84093 fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#​9631)
  • 3bc1490 fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#​9629)
  • 542eee7 fix: add buildInfo for BlobInfo in rpc package [backport: release/v0.67] (#​9615)
  • f65dd05 fix(vex): don't use reused BOM [backport: release/v0.67] (#​9612)

v0.67.0

Compare Source

Features
Bug Fixes
  • aws: use BuildableClient insead of xhttp.Client (#​9436) (fa6f1bf)
  • close file descriptors and pipes on error paths (#​9536) (a4cbd6a)
  • db: Dowload database when missing but metadata still exists (#​9393) (92ebc7e)
  • k8s: disable parallel traversal with fs cache for k8s images (#​9534) (c0c7a6b)
  • misconf: handle tofu files in module detection (#​9486) (bfd2f6b)
  • misconf: strip build metadata suffixes from image history (#​9498) (c938806)
  • misconf: unmark cty values before access (#​9495) (8e40d27)
  • misconf: wrap legacy ENV values in quotes to preserve spaces (#​9497) (267a970)
  • nodejs: parse workspaces as objects for package-lock.json files (#​9518) (404abb3)
  • nodejs: use snapshot string as Package.ID for pnpm packages (#​9330) (4517e8c)
  • vex: don't suppress vulns for packages with infinity loop (#​9465) (78f0d4a)
  • vuln: compare nuget package names in lower case (#​9456) (1ff9ac7)
hadolint/hadolint (docker.io/hadolint/hadolint)

v2.14.0

Compare Source

What's Changed

New Contributors

Full Changelog: hadolint/hadolint@v2.13.1...v2.14.0

golangci/golangci-lint (golangci/golangci-lint)

v2.8.0

Compare Source

Released on 2026-01-07

  1. Linters new features or changes
    • godoc-lint: from 0.10.2 to 0.11.1 (new rule: require-stdlib-doclink)
    • golines: from 442fd00 to 0.14.0
    • gomoddirectives: from 0.7.1 to 0.8.0
    • gosec: from daccba6 to 2.22.11 (new rule: G116)
    • modernize: from 0.39.0 to 0.40.0 (new analyzers: stringscut, unsafefuncs)
    • prealloc: from 1.0.0 to 1.0.1 (message changes)
    • unqueryvet: from 1.3.0 to 1.4.0 (new options: check-aliased-wildcard, check-string-concat, check-format-strings, check-string-builder, check-subqueries, ignored-functions, sql-builders)
  2. Linters bug fixes
    • go-critic: from 0.14.2 to 0.14.3
    • go-errorlint: from 1.8.0 to 1.9.0
    • govet: from 0.39.0 to 0.40.0
    • protogetter: from 0.3.17 to 0.3.18
    • revive: add missing enable-default-rules setting
  3. Documentation
    • docs: split installation page

v2.7.2

Compare Source

Released on 2025-12-07

  1. Linter bug fixes

v2.7.1

Compare Source

Released on 2025-12-04

  1. Linter bug fixes
    • modernize: disable stringscut analyzer

v2.7.0

Compare Source

Released on 2025-12-03

  1. Bug fixes
    • fix: clone args used by custom command
  2. Linters new features or changes
    • no-sprintf-host-port: from 0.2.0 to 0.3.1 (ignore string literals without a colon)
    • unqueryvet: from 1.2.1 to 1.3.0 (handles const and var declarations)
    • revive: from 1.12.0 to 1.13.0 (new option: enable-default-rules, new rules: forbidden-call-in-wg-go, unnecessary-if, inefficient-map-lookup)
    • modernize: from 0.38.0 to 0.39.0 (new analyzers: plusbuild, stringscut)
  3. Linters bug fixes
    • perfsprint: from 0.10.0 to 0.10.1
    • wrapcheck: from 2.11.0 to 2.12.0
    • godoc-lint: from 0.10.1 to 0.10.2
  4. Misc.
    • Add some flags to the custom command
  5. Documentation
    • docs: split changelog v1 and v2

v2.6.2

Compare Source

Released on 2025-11-14

  1. Bug fixes
    • fmt command with symlinks
    • use file depending on build configuration to invalidate cache
  2. Linters bug fixes
    • testableexamples: from 1.0.0 to 1.0.1
    • testpackage: from 1.1.1 to 1.1.2

v2.6.1

Compare Source

Released on 2025-11-04

  1. Linters bug fixes
    • copyloopvar: from 1.2.1 to 1.2.2
    • go-critic: from 0.14.0 to 0.14.2

v2.6.0

Compare Source

Released on 2025-10-29

  1. New linters
    • Add modernize analyzer suite
  2. Linters new features or changes
    • arangolint: from 0.2.0 to 0.3.1
    • dupword: from 0.1.6 to 0.1.7 (new option comments-only)
    • go-critic: from 0.13.0 to 0.14.0 (new rules/checkers: zeroByteRepeat, dupOption)
    • gofumpt: from 0.9.1 to 0.9.2 ("clothe" naked returns is now controlled by the extra-rules option)
    • perfsprint: from 0.9.1 to 0.10.0 (new options: concat-loop, loop-other-ops)
    • wsl: from 5.2.0 to 5.3.0
  3. Linters bug fixes
    • dupword: from 0.1.6 to 0.1.7
    • durationcheck: from 0.0.10 to 0.0.11
    • exptostd: from 0.4.4 to 0.4.5
    • fatcontext: from 0.8.1 to 0.9.0
    • forbidigo: from 2.1.0 to 2.3.0
    • ginkgolinter: from 0.21.0 to 0.21.2
    • godoc-lint: from 0.10.0 to 0.10.1
    • gomoddirectives: from 0.7.0 to 0.7.1
    • gosec: from 2.22.8 to 2.22.10
    • makezero: from 2.0.1 to 2.1.0
    • nilerr: from 0.1.1 to 0.1.2
    • paralleltest: from 1.0.14 to 1.0.15
    • protogetter: from 0.3.16 to 0.3.17
    • unparam: from 0df0534 to 5beb8c8
  4. Misc.
    • fix: ignore some files to hash the version for custom build

v2.5.0

Compare Source

Released on 2025-09-21

  1. New linters
  2. Linters new features or changes
    • embeddedstructfieldcheck: from 0.3.0 to 0.4.0 (new option: empty-line)
    • err113: from aea10b5 to 0.1.1 (skip internals of Is methods for error type)
    • ginkgolinter: from 0.20.0 to 0.21.0 (new option: force-tonot)
    • gofumpt: from 0.8.0 to 0.9.1 (new rule is to "clothe" naked returns for the sake of clarity)
    • ineffassign: from 0.1.0 to 0.2.0 (new option: check-escaping-errors)
    • musttag: from 0.13.1 to 0.14.0 (support interface methods)
    • revive: from 1.11.0 to 1.12.0 (new options: identical-ifelseif-branches, identical-ifelseif-conditions, identical-switch-branches, identical-switch-conditions, package-directory-mismatch, unsecure-url-scheme, use-waitgroup-go, useless-fallthrough)
    • thelper: from 0.6.3 to 0.7.1 (skip t.Helper in functions passed to synctest.Test)
    • wsl: from 5.1.1 to 5.2.0 (improvements related to subexpressions)
  3. Linters bug fixes
    • asciicheck: from 0.4.1 to 0.5.0
    • errname: from 1.1.0 to 1.1.1
    • fatcontext: from 0.8.0 to 0.8.1
    • go-printf-func-name: from 0.1.0 to 0.1.1
    • godot: from 1.5.1 to 1.5.4
    • gosec: from 2.22.7 to 2.22.8
    • nilerr: from 0.1.1 to a temporary fork
    • nilnil: from 1.1.0 to 1.1.1
    • protogetter: from 0.3.15 to 0.3.16
    • tagliatelle: from 0.7.1 to 0.7.2
    • testifylint: from 1.6.1 to 1.6.4
  4. Misc.
    • fix: "no export data" errors are now handled as a standard typecheck error
  5. Documentation
    • Improve nolint section about syntax
helm/helm (helm/helm)

v4.1.0: Helm v4.1.0

Compare Source

Helm v4.1.0 is a feature release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

  • Feature: added chart name to dependency logs, namespace to resource waiting logs, and confirmation message when all resources are ready #​31530
  • Feature: improved plugin name validation error messages and field name detection #​31491
  • Feature: improved the --wait flag by allowing explicit strategy selection (including explicit --wait=hookOnly) and preventing SDK timeout errors when timeout is not specified #​31421
  • Feature: allow concurrent dependency build with atomic file write #​30984
  • Feature: added a --no-headers flag to the 'helm repo list' command, allowing users to suppress table headers in the output. Useful for scripting and automation #​31448
  • SDK feature: added a LoadArchive to common loader #​31462
  • SDK feature: introduced support for custom kstatus readers #​31706
  • Fixed bug where a plugin name could already be used by another command #​31427
  • Fixed bug where --server-side flag was not passed to install when using upgrade --install #​31635
  • Fixed bug where HELM_ environment variables were not passed to plugins. this fixes a regression which was blocking some getter plugins #​31613
  • Fixed bug where Helm test --logs failed with hook-delete-policy "hook-failed" or "hook-succeed" #​31579
  • Fixed kube client logging issue #​31560
  • Fixed regression where vendor-specific suffixes were stripped from .Capabilities.KubeVersion.GitVersion, breaking charts that detect managed Kubernetes platforms #​31528
  • Fixed a bug where helm uninstall with --keep-history did not suspend previous deployed releases #​12564
  • SDK: bump k8s API versions to v0.35.0
  • docs: updated helm template help text to document --api-versions #​31683
  • docs: fixed documentation about default wait strategy

Installation and Upgrading

Download Helm v4.1.0. The common platform binaries are here:

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @​scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 4.1.1 and 3.20.1 are the next patch releases, scheduled for March 11, 2026
  • 4.2.0 and 3.21.0 are the next minor releases, scheduled for May 13, 2026

Changelog

  • Update pkg/kube/statuswait.go f46f1ce (Evans Mungai)
  • pkg/kube: introduce support for custom kstatus readers 59ece92 (Matheus Pimenta)
  • chore(deps): bump golang.org/x/term from 0.38.0 to 0.39.0 de0becd (dependabot[bot])
  • chore(deps): bump golang.org/x/text from 0.32.0 to 0.33.0 46e5264 (dependabot[bot])
  • fix(release): fix test compilation error e751a70 (Evans Mungai)
  • Suppress SC2154 without changing behavior 9125b84 (Sarfraj Khan)
  • chore(deps): bump github.com/foxcpp/go-mockdns from 1.1.0 to 1.2.0 0e0c02e (dependabot[bot])
  • Lint sync-repo.sh with ShellCheck d4a2787 (sarfraj89)
  • chore: move Evans Mungai from triage to maintainers fd090cc (Evans Mungai)
  • Replace reflect.Ptr with reflect.Pointer 2d6d9c0 (Mads Jensen)
  • fix: typo in the function names 138f730 (Gergely Brautigam)
  • Add documentation for --api-versions flag in template command c7cc77b (majiayu000)
  • Fixing failing tests for cli-tools update fe1c749 (Matt Farina)
  • chore(deps): bump github.com/fluxcd/cli-utils 5e82698 (dependabot[bot])
  • Replace deprecated NewSimpleClientset a15db7f (George Jenkins)
  • docs(README): add mise alternate installation documentation 04198dc (jylenhof)
  • enable exhaustive linter 9a898af (Brenden Ehlers)
  • fix: add default casess to switch statements 1c119bc (Brenden Ehlers)
  • build: set kube version via debug.BuildInfo c6d9a5b (Branch Vincent)
  • chore(deps): bump github.com/tetratelabs/wazero from 1.10.1 to 1.11.0 97cde79 (dependabot[bot])
  • chore(deps): bump github.com/BurntSushi/toml from 1.5.0 to 1.6.0 9123143 (dependabot[bot])
  • doc: update based on review suggestion 55a4aed (Deepak Chethan)
  • test(statuswait): fix Copilot code review suggestion for goroutine in tests d6b35ce (Mohsen Mottaghi)
  • test(statuswait): add more tests suggested by Copilot code review a1543d5 (Mohsen Mottaghi)
  • test(statuswait): add some tests for statuswait dd44f4e (Mohsen Mottaghi)
  • fix: use namespace-scoped watching to avoid cluster-wide LIST permissions 3dd54ed (Mohsen Mottaghi)
  • fix(doc): Update default wait strategy f92ae18 (Deepak)
  • Update to use slog 9772037 (tison)
  • Fix TestCliPluginExitCode 3c6557d (tison)
  • Check plugin name is not used 5196b84 (tison)
  • chore(deps): bump github.com/fluxcd/cli-utils 364a7aa (dependabot[bot])
  • Fix TestConcurrencyDownloadIndex typo 592815e (George Jenkins)
  • Use errors.Is to check for io.EOF and gzip.ErrHeader a490bb3 (Mads Jensen)
  • chore(deps): bump actions/upload-artifact from 4.6.2 to 6.0.0 09ae0d4 (dependabot[bot])
  • chore(deps): bump the k8s-io group with 7 updates 1f8e84d (dependabot[bot])
  • chore(deps): bump golang.org/x/crypto from 0.45.0 to 0.46.0 e9a0510 (dependabot[bot])
  • chore: fix some comments to improve readability 858cf31 (wangjingcun)
  • chore(deps): bump golang.org/x/text from 0.31.0 to 0.32.0 7fb1728 (dependabot[bot])
  • feat: move TerryHowe triage to maintainers e900a25 (Terry Howe)
  • Use latest patch release of Go in releases 8f636b5 (Matt Farina)
  • chore(deps): bump github.com/rubenv/sql-migrate from 1.8.0 to 1.8.1 ea52f87 (dependabot[bot])
  • fix(upgrade): pass --server-side flag to install when using upgrade --install 2dc581d (Evans Mungai)
  • chore(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 a9bbffb (dependabot[bot])
  • chore(deps): bump golang.org/x/term from 0.37.0 to 0.38.0 d195cfa (dependabot[bot])
  • Run the vulnerability check on PR that change the file 24a8258 (Matt Farina)
  • Fix govulncheck in CI bc9462f (Matt Farina)
  • Update the govulncheck.yml to run on change b825a18 (Matt Farina)
  • Enable the sloglint linter a18e59e (Mads Jensen)
  • fix(cli): handle nil config in EnvSettings.Namespace() 8534663 (Zadkiel AHARONIAN)
  • fix(getter): pass settings environment variables 119341d (Zadkiel AHARONIAN)
  • fixes comment in install.go a109ac2 (Stephanie Hohenberg)
  • chore(deps): bump actions/stale from 10.1.0 to 10.1.1 581ab1a (dependabot[bot])
  • chore(deps): bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 e62bf7f (dependabot[bot])
  • fixes tests after merge 2f598ff (Stephanie Hohenberg)
  • fixes lint issue bb9356e (Stephanie Hohenberg)
  • updates tests after rebase from master 8cf4ad7 (Stephanie Hohenberg)
  • Add tests to action package to improve coverage 31131cf (Stephanie Hohenberg)
  • chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 e6b2068 (dependabot[bot])
  • Inform we use a different golangci-lint version than the CI faa8912 (Benoit Tigeot)
  • Deal with golint warning with private executeShutdownFunc 45c5f3a (Benoit Tigeot)
  • Use length check for MetaDependencies instead of nil comparison b33d4ae (Calvin Bui)
  • Code review 70fc5f9 (Benoit Tigeot)
  • Fix linting issue 9f1c8a2 (Benoit Tigeot)
  • Update pkg/action/hooks.go 6bb5bcc (Michelle Fernandez Bieber)
  • added check for nil shutdown d930144 (Michelle Fernandez Bieber)
  • cleaned up empty line 7a61ebf (Michelle Fernandez Bieber)
  • updated comment and made defer of shutdown function return errors as before and not the possible shutdown error 1071477 (Michelle Fernandez Bieber)
  • added shutdown hook that is executed after the logs have been retrieved 7a55758 (Michelle Fernandez Bieber)
  • chore: fix typo in pkg/downloader/chart_downloader.go e71a29c (megha1906)
  • Bump required go version (go.mod version) b859163 (George Jenkins)
  • Use modernize to use newer Golang features. 6cceead (Mads Jensen)
  • Remove two redundant if-checks. 380abe2 (Mads Jensen)
  • Fix kube client logging 936cd32 (Matt Farina)
  • chore(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 cb35947 (dependabot[bot])
  • chore(deps): bump actions/checkout from 5.0.1 to 6.0.0 4fddc64 (dependabot[bot])
  • chore(deps): bump actions/setup-go from 5.5.0 to 6.1.0 b87f2da (dependabot[bot])
  • fix: prevent segmentation violation on empty yaml in multidoc 81d244c (Benoit Tigeot)
  • fix: prevent reporting fallback on version when none specified 40e22de (Benoit Tigeot)
  • chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 c2405ce (dependabot[bot])
  • chore(deps): bump github.com/cyphar/filepath-securejoin 28baa97 (dependabot[bot])
  • bump version to 4.1 63e060f (Matt Farina)
  • fix: add missing context to debug logs 2dc5864 (shuv0id)
  • fix: preserve vendor suffixes in KubeVersion.GitVersion ce273ee (Benoit Tigeot)
  • chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 f6ceae9 (dependabot[bot])
  • fixup test f8a49f1 (George Jenkins)
  • logs a9cdc78 (George Jenkins)
  • fix b1a9760 (George Jenkins)
  • chore: add warning for registry login with namespace 5f3c617 (Terry Howe)
  • style: linting 71591ee (Benoit Tigeot)
  • test: split tests between valid and invalid b296cbe (Benoit Tigeot)
  • test: convert tests to table drive tests 9b242dd (Benoit Tigeot)
  • test: refactor TestMetadataLegacyValidate to be more generic c81a09b (Benoit Tigeot)
  • update tests 8c87024 (yxxhero)
  • fix: Use server-side apply for object create during update 18616e6 (George Jenkins)
  • Copy adopted resource info 855ebb6 (George Jenkins)
  • Refactor environment variable expansion in PrepareCommands and update tests 2d49f0c (yxxhero)
  • fix: correct LDFLAGS path for default Kubernetes version b6a8c65 (Benoit Tigeot)
  • fix: improve plugin name validation err messages early via unmarshalling acf331a (Benoit Tigeot)
  • fix: Make invalid name error message more similar and move tests 9e1e3d2 (Benoit Tigeot)
  • fix: focus only on plugin name but give more info about what we get cf077ce (Benoit Tigeot)
  • Make validation error similar and explicit for both metadatas f4b139a (Benoit Tigeot)
  • fix: improve plugin name validation error messages c04e18e (Benoit Tigeot)
  • Fix syntax errors in the document faa0adc (Fish-pro)
  • chore(deps): bump the k8s-io group with 7 updates c81e267 (dependabot[bot])
  • docs: Fix LFX Health Score badge URL in README.md 40856bf (Michael Crenshaw)
  • chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.44.0 fb82e0e (dependabot[bot])
  • chore(deps): bump github.com/tetratelabs/wazero from 1.9.0 to 1.10.1 72a84fb (dependabot[bot])
  • Publish Helm v4 -> helm-latest-version e4353dc (George Jenkins)
  • Adding script to download Helm v4 5ae8586 (Matt Farina)
  • chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 6cd0bf8 (dependabot[bot])
  • refactor: use strings.Builder to improve performance d8c4040 (promalert)
  • chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.20.1 to 0.21.0 0089a07 (dependabot[bot])
  • chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 7a85358 (dependabot[bot])
  • Update pkg/cmd/flags.go 02312a1 (Benoit Tigeot)
  • Error strategy list match help 277c140 (Benoit Tigeot)
  • Prevent surprising failure with SDK when timeout is not set 5f6fa43 (Benoit Tigeot)
  • Do not change the default waiting strategy when --wait is not set 52a2828 (Benoit Tigeot)
  • Provide more help for SDK user when setting up WaitStrategy 1112865 (Benoit Tigeot)
  • Avoid confusion between --wait (watcher) and no --wait (hookOnly) 8535e9f (Benoit Tigeot)
  • The default is not HookOnlyStrategy but WaitStrategy 1836f37 (Benoit Tigeot)
  • Make wait strategy selection more obvious a5e110f (Benoit Tigeot)
  • Update pkg/cmd/flags.go e8b0cff (Benoit Tigeot)
  • Increase documentation of --wait flag 95e1ee1 (Benoit Tigeot)
  • While testing SDK features for v4. I was surprised with the error: 5cbd9b3 (Benoit Tigeot)
  • fix: do not run release workflow on forks d93ef03 (Terry Howe)
  • Convert pkg/cmd/load_plugins.go to slog 6de83c5 (saimanojk1)
  • Rename copilot-instructions.md to AGENTS.md caff03f (Yarden Shoham)
  • fix(rollback): errors.Is instead of string comp d158708 (Hidde Beydals)
  • fix(uninstall): supersede deployed releases 2f1ecc7 (Hidde Beydals)
  • for remaining local variable case inconsistency 4576a81 (tison)
  • Properly test error messages on pull command's test ed6cf0e (Benoit Tigeot)
  • Adding a LoadArchive to common loader 0f5eda7 (Matt Farina)
  • for all other similar cases 90d0191 (tison)
  • chore(deps): bump github.com/cyphar/filepath-securejoin 21af58b (dependabot[bot])
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.22.3 to 0.22.4 60aaa8a (dependabot[bot])
  • chore: increase logging package test coverage 558cea7 (Evans Mungai)
  • feat(repo): add --no-headers option to 'helm repo list' 6ef79bb (Paul Van Laer)
  • chore: fix typo of public field 0d6de28 (tison)
  • rename interface{} to any ffb3940 (Terry Howe)
  • test: protect unknown hook delete policies 269a32a (Marcin Owsiany)
  • chore: replace github.com/mitchellh/copystructure bee9c1a (Terry Howe)
  • fix: Fix Helm v4 release distribtion/get-helm-3 script d5d1ea3 (George Jenkins)
  • fix test ae4af69 (Artem Vdovin)
  • Make test scripts run without /bin/bash 6181e0a (Tom Wieczorek)
  • Ignore duplicated URN in logs 8025a39 (Benoit Tigeot)
  • jsonschema: warn and ignore unresolved URN $ref to match v3.18.4 03bb62f (Benoit Tigeot)
  • chore: delete unused var in installer.go 8068578 (zyfy29)
  • fix: assign KUBECONFIG environment variable value to env.Kubeconfig b25fa86 (LinPr)
  • add concurrency test on write & load index file 118d0eb (Artem Vdovin)
  • update writing index files to writeAtomicFile 314bd19 (Artem Vdovin)
  • fix index concurrency 351bb78 (Artem Vdovin)

v4.0.5: Helm v4.0.5

Compare Source

Helm v4.0.5 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

  • Fixed bug where helm uninstall with --keep-history did not suspend previous deployed releases #​12556
  • Fixed rollback error when a manifest is removed in a failed upgrade #​13437
  • Fixed check to ensure CLI plugin does not load with the same name as an existing Helm command
  • Fixed helm test --logs failure with hook-delete-policy "hook-failed" or "hook-succeed" #​9098
  • Fixed a bug where empty dependency lists were incorrectly treated as present
  • Fixed a bug where the watch library did not only watch namespaces associated with the objects
  • Fixed regression in downloader plugins environment variables #​31612
  • Fixed bug where --server-side flag is not respected with helm upgrade --install #​31627
  • For SDK users: exposed KUBECONFIG to env

Installation and Upgrading

Download Helm v4.0.5. The common platform binaries are here:

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @​scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 4.1.0 and 3.20.0 is the next minor releases and will be on January 21, 2026
  • 4.1.1 and 3.20.1 are the next patch releases and will be on March 11, 2026

Changelog

  • fix(upgrade): pass --server-side flag to install when using upgrade --install 1b6053d (Evans Mungai)
  • fix(cli): handle nil config in EnvSettings.Namespace() 1e3ee1d (Zadkiel AHARONIAN)
  • fix(getter): pass settings environment variables 31bd995 (Zadkiel AHARONIAN)
  • test(statuswait): fix Copilot code review suggestion for goroutine in tests 41a6b36 (Mohsen Mottaghi)
  • test(statuswait): add more tests suggested by Copilot code review 2a2e6f7 (Mohsen Mottaghi)
  • test(statuswait): add some tests for statuswait [3818c02](https://redirect.github.com/helm/helm/

Configuration

📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from dc76c4e to 68f6214 Compare October 9, 2025 11:22
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 2 times, most recently from ea7f4bf to 480be26 Compare October 11, 2025 11:18
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 2 times, most recently from bd2b24f to 0f3d518 Compare November 4, 2025 11:22
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 2 times, most recently from c711262 to 0c695b1 Compare November 13, 2025 11:24
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from 0c695b1 to d8a3031 Compare November 15, 2025 11:20
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from d8a3031 to 02573ac Compare November 25, 2025 11:23
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 2 times, most recently from 039ad2e to 11ced5d Compare December 4, 2025 11:28
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 3 times, most recently from 1b33442 to 44f7407 Compare December 11, 2025 11:27
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 3 times, most recently from 23d3b02 to d3fff84 Compare December 18, 2025 11:37
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 2 times, most recently from 80b03ac to 3002c43 Compare January 13, 2026 11:29
@cluster-stack-bot
Copy link
Contributor Author

cluster-stack-bot bot commented Jan 13, 2026
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined
Command failed: BUILD_IMAGE_TOKEN=**redacted** BUILD_IMAGE_USER=kranurag7 CI=true ./hack/upgrade-builder-image.sh
+ set -o errexit
+ set -o nounset
+ set -o pipefail
+++ dirname ./hack/upgrade-builder-image.sh
++ realpath ./hack/..
+ REPO_ROOT=/tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator
+ cd /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator
+ source /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/hack/semver-upgrade.sh
++ set -o errexit
++ set -o nounset
++ set -o pipefail
++ set -x
+ '[' true = true ']'
+ echo **redacted**
+ docker login ghcr.io -u kranurag7 --password-stdin

WARNING! Your credentials are stored unencrypted in '/home/ubuntu/.docker/config.json'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/go/credential-store/

++ git fetch --quiet origin main
++ git show origin/main:.builder-image-version.txt
+ export VERSION=1.1.34
+ VERSION=1.1.34
++ semver_upgrade patch 1.1.34
++ IFS=.
++ read -r version minor patch
++ case "$1" in
++ tag=1.1.35
++ echo 1.1.35
+ export NEW_VERSION=1.1.35
+ NEW_VERSION=1.1.35
+ echo 1.1.35
+ echo 'Wrote new version 1.1.35 to .builder-image-version.txt'
+ docker manifest inspect ghcr.io/sovereigncloudstack/cso-builder:1.1.34
+ echo 0
+ sed -i -e '/^BUILDER_IMAGE_VERSION /s/:=.*$/:= 1.1.35/' Makefile
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/build.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/kubebuilder-markers-checker.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/pr-lint.yml
+ sed -i -e '/image: ghcr\.io\/sovereigncloudstack\/cso-builder:/s/:.*$/: ghcr\.io\/sovereigncloudstack\/cso-builder:1.1.35/' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/pr-lint.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/pr-verify.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/release.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-cache-cleaner-cso-image.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-scan-image.yml
+ sed -i -e '/image: ghcr\.io\/sovereigncloudstack\/cso-builder:/s/:.*$/: ghcr\.io\/sovereigncloudstack\/cso-builder:1.1.35/' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-scan-image.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-update-bot.yaml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/test.yml
+ docker build -t ghcr.io/sovereigncloudstack/cso-builder:1.1.35 ./images/builder
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            Install the buildx component to build images with BuildKit:
            https://docs.docker.com/go/buildx/

The command '/bin/sh -c apt-get update &&     apt-get install -qy --no-install-recommends     gnupg python3 python3-pip     file zip unzip jq gettext     libsystemd-dev jq &&     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* &&     pip install --no-cache-dir     yamllint==${YAMLLINT_VERSION}     yamlfixer-opt-nc==${YAMLFIXER_VERSION}' returned a non-zero code: 1

@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from 3002c43 to a54455e Compare January 15, 2026 11:27
@cluster-stack-bot
🌱 Update Builder Image group
d09635c 
| datasource  | package                     | from    | to      |
| ----------- | --------------------------- | ------- | ------- |
| github-tags | adrienverge/yamllint        | v1.37.1 | v1.38.0 |
| docker      | docker.io/aquasec/trivy     | 0.66.0  | 0.68.2  |
| docker      | docker.io/hadolint/hadolint | v2.13.1 | v2.14.0 |
| docker      | docker.io/library/alpine    | 3.22.1  | 3.23.2  |
| github-tags | golangci/golangci-lint      | v2.4.0  | v2.8.0  |
| github-tags | helm/helm                   | v3.19.0 | v4.1.0  |
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from a54455e to d09635c Compare January 22, 2026 11:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type/major type/minor update/container

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant