Skip to content

Bump the security group with 5 updates#435

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/security-6bb3293dbd
Open

Bump the security group with 5 updates#435
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/security-6bb3293dbd

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the security group with 5 updates:

Package From To
helm.sh/helm/v3 3.21.0 3.21.1
k8s.io/api 0.36.1 0.36.2
k8s.io/apimachinery 0.36.1 0.36.2
k8s.io/cli-runtime 0.36.1 0.36.2
k8s.io/client-go 0.36.1 0.36.2

Updates helm.sh/helm/v3 from 3.21.0 to 3.21.1

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.21.1 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

  • Fixed nil pointer panic that could happen with helm template in ClientOnly flows. Now correctly returns a template error helm/helm#31920
  • Bumped golang.org/x/net to v0.55.0 to address GO-2026-5026 #32152
  • Bumped Go from 1.25 to 1.26 #32168
  • Dependency version updates

Installation and Upgrading

Download Helm v3.21.1. The common platform binaries are here:

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @​scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 4.2.2 and 3.21.2 are the next patch releases scheduled for July 8, 2026
  • 4.3.0 and 3.22.0 are the next minor releases scheduled for September 9, 2026

Changelog

  • fix(action): avoid nil REST client getter panic when installing CRDs c56dd0095fd76da5d7b30ecdf506103e7f26745e (sergiochan)
  • fix(registry): keep credentials on plain-HTTP fallback with oras-go v2.6.1 702529f90a0021e4d9df4880d6589198ec0e05f7 (Terry Howe)
  • chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1 178e120e16f5d61f769ee2c56a0d2a45ab7303bd (dependabot[bot])
  • chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0 dcf35f86551322d93c1cb695f08435b3287e5ad0 (dependabot[bot])
  • chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0 44aff8bf51809ec9f8a906d050818776cd47b264 (dependabot[bot])
  • chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0 ae2f31f5a7d0cd789ca9fd83a6a2fe5fc7c3a1a3 (dependabot[bot])

... (truncated)

Commits
  • c56dd00 fix(action): avoid nil REST client getter panic when installing CRDs
  • 702529f fix(registry): keep credentials on plain-HTTP fallback with oras-go v2.6.1
  • 178e120 chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1
  • dcf35f8 chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0
  • 44aff8b chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0
  • ae2f31f chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0
  • 402225f Update .github/env
  • 00eac21 ci: bump golangci-lint to v2.11.3 for go 1.26
  • bec346a chore: bump go to 1.26
  • 58b6ccf chore(deps): bump github.com/lib/pq from 1.11.2 to 1.12.3
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.36.1 to 0.36.2

Commits

Updates k8s.io/apimachinery from 0.36.1 to 0.36.2

Commits

Updates k8s.io/cli-runtime from 0.36.1 to 0.36.2

Commits

Updates k8s.io/client-go from 0.36.1 to 0.36.2

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the security group with 5 updates
864f16c 
Bumps the security group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.21.0` | `3.21.1` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.1` | `0.36.2` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.36.1` | `0.36.2` |
| [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.36.1` | `0.36.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.1` | `0.36.2` |


Updates `helm.sh/helm/v3` from 3.21.0 to 3.21.1
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.21.0...v3.21.1)

Updates `k8s.io/api` from 0.36.1 to 0.36.2
- [Commits](kubernetes/api@v0.36.1...v0.36.2)

Updates `k8s.io/apimachinery` from 0.36.1 to 0.36.2
- [Commits](kubernetes/apimachinery@v0.36.1...v0.36.2)

Updates `k8s.io/cli-runtime` from 0.36.1 to 0.36.2
- [Commits](kubernetes/cli-runtime@v0.36.1...v0.36.2)

Updates `k8s.io/client-go` from 0.36.1 to 0.36.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.36.1...v0.36.2)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.21.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/api
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/cli-runtime
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependabot go type::security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants