Skip to content

Bump the security group across 1 directory with 6 updates#429

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/security-eaa275442e
Open

Bump the security group across 1 directory with 6 updates#429
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/security-eaa275442e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 15, 2026
edited
Loading

Bumps the security group with 4 updates in the / directory: helm.sh/helm/v3, k8s.io/api, k8s.io/cli-runtime and sigs.k8s.io/controller-runtime.

Updates helm.sh/helm/v3 from 3.20.2 to 3.21.0

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.21.0 is a feature release. Users are encouraged to upgrade for the best experience.

[!WARNING] Helm v3 is approaching end-of-life. Please update to Helm v4.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

  • Kubernetes client libraries to v1.36
  • notable changes here

Installation and Upgrading

Download Helm v3.21.0. The common platform binaries are here:

This release was signed by @​gjenkins8 with key BF88 8333 D96A 1C18 E268 2AAE D79D 67C9 EC01 6739, which can be found at https://keys.openpgp.org/vks/v1/by-fingerprint/BF888333D96A1C18E2682AAED79D67C9EC016739. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.21.1 will contain only bug fixes.
  • 3.22.0 is the next feature release for Kubernetes v1.37

Changelog

  • [v3] Bump to version v3.21 e0878d41b711792be60777fd65ad23a101e6b85f (George Jenkins)
  • fix: upgrade opentelemetry packages to patch CVEs 13d5fc4ae0e7222e1af8796ff4fa467b52208471 (Terry Howe)
  • fix: Chart dot-name path bug 2552884e3bc1b763c3901c5ea7240b59ef6791f1 (George Jenkins)
  • fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow ec05dd5f0481c2de3a41a554adf3c52a6a2a9bb6 (Terry Howe)
  • add image index test b0dfec5af4d7f642d8dea3b9058856541fe5017c (Pedro Tôrres)

... (truncated)

Commits
  • e0878d4 [v3] Bump to version v3.21
  • 4d4902c Merge pull request #32041 from TerryHowe/fix/upgrade-otel-cves
  • 13d5fc4 fix: upgrade opentelemetry packages to patch CVEs
  • a60cb79 Merge commit from fork
  • d3bc853 Merge pull request #32026 from gjenkins8/gjenkins/code_action_pin_v3
  • 2552884 fix: Chart dot-name path bug
  • ec05dd5 fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow
  • 6d809b2 Merge pull request #31883 from t0rr3sp3dr0/pedrotorres/backport-31776-to-v3
  • b0dfec5 add image index test
  • e629995 fix pulling charts from OCI indices
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.36.0 to 0.36.1

Commits

Updates k8s.io/apimachinery from 0.36.0 to 0.36.1

Commits

Updates k8s.io/cli-runtime from 0.36.0 to 0.36.1

Commits

Updates k8s.io/client-go from 0.36.0 to 0.36.1

Commits

Updates sigs.k8s.io/controller-runtime from 0.24.0 to 0.24.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.24.1

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.24.0...v0.24.1

Commits
  • 3be3f1b Merge pull request #3516 from k8s-infra-cherrypick-robot/cherry-pick-3515-to-...
  • 0f7b33d Fix regression in Apply typed error handling
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the security group across 1 directory with 6 updates
9ce89f6 
Bumps the security group with 4 updates in the / directory: [helm.sh/helm/v3](https://github.com/helm/helm), [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) and [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime).


Updates `helm.sh/helm/v3` from 3.20.2 to 3.21.0
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.20.2...v3.21.0)

Updates `k8s.io/api` from 0.36.0 to 0.36.1
- [Commits](kubernetes/api@v0.36.0...v0.36.1)

Updates `k8s.io/apimachinery` from 0.36.0 to 0.36.1
- [Commits](kubernetes/apimachinery@v0.36.0...v0.36.1)

Updates `k8s.io/cli-runtime` from 0.36.0 to 0.36.1
- [Commits](kubernetes/cli-runtime@v0.36.0...v0.36.1)

Updates `k8s.io/client-go` from 0.36.0 to 0.36.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.36.0...v0.36.1)

Updates `sigs.k8s.io/controller-runtime` from 0.24.0 to 0.24.1
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.24.0...v0.24.1)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/api
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/cli-runtime
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependabot go type::security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants