🌱 Update Builder Image group

[cluster-stack-bot]

This PR contains the following updates:

Package	Type	Update	Change
docker.io/aquasec/trivy (source)	stage	minor	0.51.4 -> 0.53.0
docker.io/library/alpine	stage	patch	3.20.0 -> 3.20.1
golangci/golangci-lint		patch	v1.59.0 -> v1.59.1
helm/helm		minor	v3.14.1 -> v3.15.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.53.0

Compare Source

⚠ BREAKING CHANGES

• k8s: node-collector dynamic commands support (#​6861)
• add clean subcommand (#​6993)
• aws: Remove aws subcommand (#​6995)

Features

• add clean subcommand (#​6993) (8d0ae1f)
• Add local ImageID to SARIF metadata (#​6522) (f144e91)
• add memory cache backend (#​7048) (55ccd06)
• aws: Remove aws subcommand (#​6995) (979e118)
• conda: add licenses support for environment.yml files (#​6953) (654217a)
• dart: use first version of constraint for dependencies using SDK version (#​6239) (042d6b0)
• image: Set User-Agent header for Trivy container registry requests (#​6868) (9b31697)
• java: add support for maven-metadata.xml files for remote snapshot repositories. (#​6950) (1f8fca1)
• java: add support for sbt projects using sbt-dependency-lock (#​6882) (f18d035)
• k8s: node-collector dynamic commands support (#​6861) (8d618e4)
• misconf: add metadata to Cloud schema (#​6831) (02d5404)
• misconf: add support for AWS::EC2::SecurityGroupIngress/Egress (#​6755) (55fa610)
• misconf: API Gateway V1 support for CloudFormation (#​6874) (8491469)
• misconf: support of selectors for all providers for Rego (#​6905) (bc3741a)
• php: add installed.json file support (#​4865) (edc556b)
• plugin: add support for nested archives (#​6845) (622c67b)
• sbom: migrate to CycloneDX v1.6 (#​6903) (09e50ce)

Bug Fixes

• c: don't skip conan files from file-patterns and scan .conan2 cache dir (#​6949) (38b35dd)
• cli: show info message only when --scanners is available (#​7032) (e9fc3e3)
• cyclonedx: trim non-URL info for advisory.url (#​6952) (417212e)
• debian: take installed files from the origin layer (#​6849) (089b953)
• image: parse image.inspect.Created field only for non-empty values (#​6948) (0af5730)
• license: return license separation using separators ,, or, etc. (#​6916) (52f7aa5)
• misconf: fix caching of modules in subdirectories (#​6814) (0bcfedb)
• misconf: fix parsing of engine links and frameworks (#​6937) (ec68c9a)
• misconf: handle source prefix to ignore (#​6945) (c3192f0)
• misconf: parsing numbers without fraction as int (#​6834) (8141a13)
• nodejs: fix infinite loop when package link from package-lock.json file is broken (#​6858) (cf5aa33)
• nodejs: fix infinity loops for pnpm with cyclic imports (#​6857) (7d083bc)
• plugin: respect --insecure (#​7022) (3d02a31)
• purl: add missed os types (#​6955) (2d85a00)
• python: compare pkg names from poetry.lock and pyproject.toml in lowercase (#​6852) (faa9d92)
• sbom: don't overwrite srcEpoch when decoding SBOM files (#​6866) (04af59c)
• sbom: fix panic when scanning SBOM file without root component into SBOM format (#​7051) (3d4ae8b)
• sbom: take pkg name from purl for maven pkgs (#​7008) (a76e328)
• sbom: use purl for bitnami pkg names (#​6982) (7eabb92)
• sbom: use package UIDs for uniqueness (#​7042) (14d71ba)
• secret: Asymmetric Private Key shouldn't start with space (#​6867) (bb26445)
• suse: Add SLES 15.6 and Leap 15.6 (#​6964) (5ee4e9d)
• use embedded when command path not found (#​7037) (137c916)

v0.52.2

Compare Source

Changelog

• 8709d4f release: v0.52.2 [release/v0.52] (#​6896)
• a4b8ad7 ci: use ubuntu-latest-m runner [backport: release/v0.52] (#​6933)
• 2b711bc chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#​6919)
• 191d31e test: bump docker API to 1.45 [backport: release/v0.52] (#​6922)
• 3f5874c ci: bump github.com/goreleaser/goreleaser to v2.0.0 [backport: release/v0.52] (#​6893)
• 8f8c76a fix(debian): take installed files from the origin layer [backport: release/v0.52] (#​6892)

v0.52.1

Compare Source

Changelog

• a3caf06 release: v0.52.1 [release/v0.52] (#​6877)
• 01dbb42 fix(nodejs): fix infinite loop when package link from package-lock.json file is broken [backport: release/v0.52] (#​6888)
• f186d22 fix(sbom): don't overwrite srcEpoch when decoding SBOM files [backport: release/v0.52] (#​6881)
• 093c0ae fix(python): compare pkg names from poetry.lock and pyproject.toml in lowercase [backport: release/v0.52] (#​6878)
• 6bfda76 Merge pull request #​6879 from aquasecurity/backport-pr-6864-to-release/v0.52
• 53850c8 docs: explain how VEX is applied (#​6864)
• 2211962 Merge pull request #​6875 from aquasecurity/backport-pr-6857-to-release/v0.52
• a614b69 fix(nodejs): fix infinity loops for pnpm with cyclic imports (#​6857)

v0.52.0

Compare Source

Features

• Add Julia language analyzer support (#​5635) (fecafb1)
• add support for plugin index (#​6674) (26faf8f)
• misconf: Add support for deprecating a check (#​6664) (88702cf)
• misconf: add Terraform 'removed' block to schema (#​6640) (b7a0a13)
• misconf: register builtin Rego funcs from trivy-checks (#​6616) (7c22ee3)
• misconf: resolve tf module from OpenTofu compatible registry (#​6743) (ac74520)
• misconf: support for VPC resources for inbound/outbound rules (#​6779) (349caf9)
• misconf: support symlinks inside of Helm archives (#​6621) (4eae37c)
• nodejs: add v9 pnpm lock file support (#​6617) (1e08648)
• plugin: specify plugin version (#​6683) (d6dc567)
• python: add license support for requirement.txt files (#​6782) (29615be)
• python: add line number support for requirement.txt files (#​6729) (2bc54ad)
• report: Include licenses and secrets filtered by rego to ModifiedFindings (#​6483) (fa3cf99)
• vex: improve relationship support in CSAF VEX (#​6735) (a447f6b)
• vex: support non-root components for products in OpenVEX (#​6728) (9515695)

Bug Fixes

• clean up golangci lint configuration (#​6797) (62de6f3)
• cli: always output fatal errors to stderr (#​6827) (c2b9132)
• close APKINDEX archive file (#​6672) (5caf437)
• close settings.xml (#​6768) (9c3e895)
• close testfile (#​6830) (aa0c413)
• conda: add support pip deps for environment.yml files (#​6675) (150a773)
• go: add only non-empty root modules for gobinaries (#​6710) (c96f2a5)
• go: include only .version|.ver (no prefixes) ldflags for gobinaries (#​6705) (afb4f9d)
• Golang version parsing from binaries w/GOEXPERIMENT (#​6696) (696f2ae)
• include packages unless it is not needed (#​6765) (56dbe1f)
• misconf: don't shift ignore rule related to code (#​6708) (39a746c)
• misconf: skip Rego errors with a nil location (#​6638) (a2c522d)
• misconf: skip Rego errors with a nil location (#​6666) (a126e10)
• node-collector high and critical cves (#​6707) (ff32deb)
• plugin: initialize logger (#​6836) (728e77a)
• python: add package name and version validation for requirements.txt files. (#​6804) (ea3a124)
• report: hide empty tables if all vulns has been filtered (#​6352) (3d388d8)
• sbom: fix panic for convert mode when scanning json file derived from sbom file (#​6808) (f92ea09)
• use of specified context to obtain cluster name (#​6645) (39ebed4)

Performance Improvements

• misconf: parse rego input once (#​6615) (67c6b1d)

golangci/golangci-lint (golangci/golangci-lint)

v1.59.1

Compare Source

1. Updated linters
   • go-errorlint: from 1.5.1 to 1.5.2
   • gomnd: deprecated configuration compatibility
   • intrange: add style preset
   • misspell: from 0.5.1 to 0.6.0
   • sloglint: from 0.7.0 to 0.7.1
   • testifylint: from 1.3.0 to 1.3.1
   • unparam: bump to HEAD
   • usestdlibvars: from 1.25.0 to 1.26.0
2. Fixes
   • SARIF: init empty result slice
   • SARIF: issue column >= 1
3. Documentation
   • update revive configuration

helm/helm (helm/helm)

v3.15.2: Helm v3.15.2

Compare Source

Helm v3.15.2 is a security (patch) release. Users are strongly recommended to update to this release.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.15.2. The common platform binaries are here:

• MacOS amd64 (checksum / e99a9266a5328cb575d81ef10247911f42d9e90c76ef6eef154c5c535565658b)
• MacOS arm64 (checksum / 30143dabc1da9d32c7d6c589fad04b1f1ecc73841393d5823fa21c5d7f5bf8f6)
• Linux amd64 (checksum / 2694b91c3e501cff57caf650e639604a274645f61af2ea4d601677b746b44fe2)
• Linux arm (checksum / 2b28fda1d8c6f087011bc7ec820051a13409dadce8385529f306476632e24e85)
• Linux arm64 (checksum / adcf07b08484b52508e5cbc8b5f4b0b0db50342f7bc487ecd88b8948b680e6a7)
• Linux i386 (checksum / 8e0bb5a08c7c227a8e285026b6283726ddc0e1f406e2af4d4d600fa1dd85c21e)
• Linux ppc64le (checksum / 9d95528fb797f6429f7f9b6dee0cf87bf8c71f6470e1db4a51e844c169c285a3)
• Linux s390x (checksum / 5b42bc3d08fd0ffaf4f9ed810f28464f52ec4ea431b809c7179071d76f3d6f16)
• Linux riscv64 (checksum / 2998bae9971a55f862c21bff337c325cb6a44f28ef76e11bffc93d16989e11e6)
• Windows amd64 (checksum / cbf40b79fa2a7dbd6e24201f8660b56261d10d6e7b5cadc3ff78100fb45b3c69)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.15.3 will contain only bug fixes and be released on July 10, 2024.
• 3.16.0 is the next feature release and will be on September 11, 2024.

Changelog

• fix: wrong cli description 1a500d5 (yyzxw)
• fix typo in load_plugins.go 70b225c (yxxhero)
• fix docs of DeployedAll b3640f1 (Daniel Strobusch)
• Bump github.com/docker/docker 46e2ba0 (dependabot[bot])
• bump oras minor version fb311d3 (Austin Abro)
• feat(load.go): add warning on requirements.lock 23552a7 (Aaron U'Ren)

v3.15.1: Helm v3.15.1

Compare Source

Helm v3.15.1 is a patch release. The Helm application source is the same as 3.15.0. The 3.15.0 builds stated the wrong version when running helm version. Instead of the release number it had the release candidate version which pointed to the same revision of the source.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.15.1. The common platform binaries are here:

• MacOS amd64 (checksum / 5fdc60e090d183113f9fa0ae9dd9d12f0c1462b9ded286370f84e340f84bd676)
• MacOS arm64 (checksum / 4b04ede5ab9bb226c9b198c94ce12818f0b0e302193defd66970b45fc341f6e7)
• Linux amd64 (checksum / 7b20e7791c04ea71e7fe0cbe11f1a8be4a55a692898b57d9db28f3b0c1d52f11)
• Linux arm (checksum / fa7a8b472c8f311ac618a231218511efeafad306781d11ad68976e0461074b0e)
• Linux arm64 (checksum / b4c5519b18f01dd2441f5e09497913dc1da1a1eec209033ae792a8d45b9e0e86)
• Linux i386 (checksum / 4f8cb966bac96a186f0790a7c4528dd0278664f82fba3643aa4b37f98cf9e76b)
• Linux ppc64le (checksum / 0bfe2ff8b29c1f26b0484261c0fe0d041188b2e1aa5da8e461e44083bbf655a3)
• Linux s390x (checksum / 4a5314689787332d010ae782a6c00804fb83a53238f7ff7c9837c3f797ff1473)
• Linux riscv64 (checksum / 1c49f1213c68649842c81e1806c518661aa2e466aa1c6bf1d0ac3710f554a563)
• Windows amd64 (checksum / 8ebe6d353f0fbc7e51861a676ba1c14af9efb3443ae2c78eb91946a756b93a9a)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.15.2 is the next patch release and will be on June 12, 2024.
• 3.16.0 is the next feature release and will be on September 11, 2024.

Changelog

• Fixing build issue where wrong version is used e211f2a (Matt Farina)

v3.15.0: Helm v3.15.0

Compare Source

Helm v3.15.0 is a feature release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

• Opt-in to hiding secrets when running dry-run for install and upgrade
• Added robustness to wait checks

Installation and Upgrading

Download Helm v3.15.0. The common platform binaries are here:

• MacOS amd64 (checksum / ccaee03af72e5dc168ae9b9e3267e2b461b0ebb7a77849048f4567286158777d)
• MacOS arm64 (checksum / 020df10fd29b0791f39aa5719d2926a995f78c1a2a7487923ca26485a0565909)
• Linux amd64 (checksum / a74747ac40777b86d3ff6f1be201504bba65ca46cd68b5fe25d3c394d0dcf745)
• Linux arm (checksum / 614d53ab1192667facce7e8d4e884ff067e5684199a7e5223e8808abc43e927f)
• Linux arm64 (checksum / c3b0281fca4c030548211dd6e9b032ee0a9fc53eab614f6acbaff631682ce808)
• Linux i386 (checksum / 8a267c7527e3c13602feea7432209c8931f6eecd4bff5ded398d70791c74a5b7)
• Linux ppc64le (checksum / bcec19cdad95cae99edce046ccd8090f275e63381ccb6accb4304819fc26e004)
• Linux s390x (checksum / a3030533cceedaca4af8fb7661c7154c578ad770279bb6003e1ecd810c72077a)
• Linux riscv64 (checksum / 468dc90d119b2faa91036747c559285a744ed7beb8b7d74b83878da6c13e0560)
• Windows amd64 (checksum / 23f0ee9fc93d325ddbc4dfdac97c83bc00c7784016541045756cf9abb36f21dc)
  This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.15.1 is the next patch release and will be on June 12, 2024.
• 3.16.0 is the next feature release and will be on September 11, 2024.

Changelog

• Updating to k8s 1.30 c4e37b3 (Matt Farina)
• bump version to v3.15.0 d7afa3b (Matt Farina)
• bump version to 7743467 (Matt Farina)
• Fix namespace on kubeconfig error 214fb6e (Calvin Krist)
• Update testdata PKI with keys that have validity until 3393 (Fixes #​12880) 1b75d48 (Dirk Müller)
• chore(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 dac23c8 (dependabot[bot])
• chore(deps): bump github/codeql-action from 3.24.7 to 3.24.10 167d576 (dependabot[bot])
• chore: remove repetitive words dd37787 (deterclosed)
• Modified how created annotation is populated based on package creation time 0a69a0d (Andrew Block)
• chore(deps): bump github.com/docker/docker aaaf112 (dependabot[bot])
• chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 7f53529 (dependabot[bot])
• Enabling hide secrets on install and upgrade dry run 25c4738 (Matt Farina)
• chore(deps): bump github/codeql-action from 3.24.6 to 3.24.7 ff94e93 (dependabot[bot])
• Fixing all the linting errors d58d7b3 (Robert Sirchia)
• Add a note about --dry-run displaying secrets a23dd9e (Matt Farina)
• chore(deps): bump golang.org/x/term from 0.15.0 to 0.18.0 275f2ab (dependabot[bot])
• Updating .gitignore 8b424ba (Robert Sirchia)
• chore(deps): bump github/codeql-action from 3.24.5 to 3.24.6 e22d881 (dependabot[bot])
• chore(deps): bump github/codeql-action from 3.24.3 to 3.24.5 4f200fa (dependabot[bot])
• Some fixes 764557c (Matt Farina)
• chore(deps): bump github/codeql-action from 3.23.1 to 3.24.3 5bc97b9 (dependabot[bot])
• chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 e6db0ec (dependabot[bot])
• add error messages 8d19bcb (George Jenkins)
• Fix: Ignore alias validation error for index load 68294fd (George Jenkins)
• validation fix 8e6a514 (Matt Farina)
• bug: add proxy support for oci getter 94c1dea (Ricardo Maraschini)
• chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 cbab6d6 (dependabot[bot])
• chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1 de332ae (dependabot[bot])
• chore(deps): bump github.com/containerd/containerd from 1.7.11 to 1.7.12 a2dd34b (dependabot[bot])
• Update architecture detection method 57a1bb8 (weidongkl)
• chore(deps): bump github/codeql-action from 3.22.11 to 3.23.0 8cab7c1 (dependabot[bot])
• chore(deps): bump github.com/DATA-DOG/go-sqlmock from 1.5.0 to 1.5.2 5f9533f (dependabot[bot])
• Improve release action 4790bb9 (George Jenkins)
• chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 f980ad3 (dependabot[bot])
• Fix grammatical error c25736c (Matt Carr)
• Updated for review comments d2cf8c6 (MichaelMorris)
• Add robustness to wait status checks fc74964 (MichaelMorris)
• refactor: create a helper for checking if a release is uninstalled f908379 (Alex Petrov)
• fix: reinstall previously uninstalled chart with --keep-history 9e198fa (Alex Petrov)

v3.14.4: Helm v3.14.4

Compare Source

Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.14.4. The common platform binaries are here:

• MacOS amd64 (checksum / 73434aeac36ad068ce2e5582b8851a286dc628eae16494a26e2ad0b24a7199f9)
• MacOS arm64 (checksum / 61e9c5455f06b2ad0a1280975bf65892e707adc19d766b0cf4e9006e3b7b4b6c)
• Linux amd64 (checksum / a5844ef2c38ef6ddf3b5a8f7d91e7e0e8ebc39a38bb3fc8013d629c1ef29c259)
• Linux arm (checksum / 962297c944c06e1f275111a6e3d80e37c9e9e8fed967d4abec8efcf7fc9fb260)
• Linux arm64 (checksum / 113ccc53b7c57c2aba0cd0aa560b5500841b18b5210d78641acfddc53dac8ab2)
• Linux i386 (checksum / 2cb3ff032be1c39b7199b324d58d0ae05bc4fe49b9be6aa2fcbeb3fc03f1f9e7)
• Linux ppc64le (checksum / d0d625b43f6650ad376428520b2238baa2400bfedb43b2e0f24ad7247f0f59b5)
• Linux s390x (checksum / a5750d0cb1ba34ce84ab3be6382a14617130661d15dd2aa1b36630b293437936)
• Linux riscv64 (checksum / 925782b159392d52df5ebab88e04e695217325894c6a32a9a779e865b7e32411)
• Windows amd64 (checksum / 0b951db3eadd92dfe336b5a9ddb0640e5cd70d39abdbd7d3125e9fb59b22b669)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.15.0 is the next feature release and will be on May 08, 2024.

Changelog

• refactor: create a helper for checking if a release is uninstalled 81c902a (Alex Petrov)
• fix: reinstall previously uninstalled chart with --keep-history 5a11c76 (Alex Petrov)
• chore: remove repetitive words fb3d880 (deterclosed)
• chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 01ac4a2 (dependabot[bot])
• chore(deps): bump github.com/docker/docker 138602d (dependabot[bot])
• bug: add proxy support for oci getter aa7d953 (Ricardo Maraschini)

v3.14.3: Helm v3.14.3

Compare Source

Helm v3.14.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.14.3. The common platform binaries are here:

• MacOS amd64 (checksum / 4d5d01a94c7d6b07e71690dc1988bf3229680284c87f4242d28c6f1cc99653be)
• MacOS arm64 (checksum / dff794152b62b7c1a9ff615d510f8657bcd7a3727c668e0d9d4955f70d5f7573)
• Linux amd64 (checksum / 3c90f24e180f8c207b8a18e5ec82cb0fa49858a7a0a86e4ed52a98398681e00b)
• Linux arm (checksum / d4ff88f02d6731ec5dbde86a67bf391e673d0d9e87901727fbf62372aff106ec)
• Linux arm64 (checksum / 85e1573e76fa60af14ba7e9ec75db2129b6884203be866893fa0b3f7e41ccd5e)
• Linux i386 (checksum / af89e5df5cd21efe4dcaa478b19aaf17d22820716f93c1f098b00f1b7cfe1905)
• Linux ppc64le (checksum / aab121ca470e2a502cda849a9b3e92eeb9a32e213b0f0a79a95a04e375d26ce7)
• Linux s390x (checksum / d64fa8aced3244b549377741dc4e2db8109e5270c0723c11b547a9da5f99ad43)
• Linux riscv64 (checksum / f9f4e68bf43632f5df29e6c9fa760813d7e3537ed91d838cfdc2f103f8442b33)
• Windows amd64 (checksum / 369c6db1c114ef2a00793e9a587db6d7b2c72a23e37fd905c8deb78e9a8f7af6)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.14.4 will contain only bug fixes and be released on April 10, 2024.
• 3.15.0 is the next feature release and will be on May 08, 2024.

Changelog

• Add a note about --dry-run displaying secrets f03cc04 (Matt Farina)
• add error messages 1a7330f (George Jenkins)
• Fix: Ignore alias validation error for index load d6acc00 (George Jenkins)
• chore(deps): bump github.com/containerd/containerd from 1.7.11 to 1.7.12 b2738fb (dependabot[bot])
• chore(deps): bump github.com/DATA-DOG/go-sqlmock from 1.5.0 to 1.5.2 5b0847e (dependabot[bot])
• Update architecture detection method 7e18c39 (weidongkl)

v3.14.2: Helm v3.14.2

Compare Source

Helm v3.14.2 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.

Jakub Ciolek with AlphaSense discovered the vulnerability.

Installation and Upgrading

Download Helm v3.14.2. The common platform binaries are here:

• MacOS amd64 (checksum / 64c633ae194bde77b7e7b7936a2814a7417817dc8b7bb7d270bd24a7a17b8d12)
• MacOS arm64 (checksum / ff502fd39b06497fa3d5a51ec2ced02b9fcfdb0e9a948d315fb1b2f13ddc39fb)
• Linux amd64 (checksum / 0885a501d586c1e949e9b113bf3fb3290b0bbf74db9444a1d8c2723a143006a5)
• Linux arm (checksum / b70fb6fa2cdf0a5c782320c9d7e7b155fcaec260169218c98316bb3cf0d431d9)
• Linux arm64 (checksum / c65d6a9557bb359abc2c0d26670de850b52327dc3976ad6f9e14c298ea3e1b61)
• Linux i386 (checksum / 0e08cd56cc952ab4646c57c5ec7cde2412c39373aec3df659a14597dd9874461)
• Linux ppc64le (checksum / f3bc8582ff151e619cd285d9cdf9fef1c5733ee5522d8bed2ef680ef07f87223)
• Linux s390x (checksum / 7bda34aa26638e5116b31385f3b781172572175bf4c1ae00c87d8b154458ed94)
• Linux riscv64 (checksum / f6278facd3e2e6af52a5f6d038f2149428d115ba2b4523edbe5889d1170e9203)
• Windows amd64 (checksum / aa094e435da74ad574f96924c37ecd0c75f0be707ac604ef97ed6021d6bc0784)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.14.3 will contain only bug fixes and be released on March 13, 2024.
• 3.15.0 is the next feature release and will be on May 08, 2024.

---

Configuration

📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box