Update module helm.sh/helm/v3 to v4#812
Conversation
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
Reviewer's GuideUpdates the project to Go 1.26 and aligns Kubernetes, Helm, and related ecosystem dependencies with versions compatible with Helm v4, pulling in the newer Docker/distribution, OpenTelemetry, and JSON schema tooling stacks while cleaning up some older indirect dependencies. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Hey - I've found 1 issue, and left some high level feedback:
- The PR title and description suggest upgrading to
helm.sh/helm/v4, butgo.modstill referenceshelm.sh/helm/v3and even downgrades it fromv3.21.0tov3.16.4; double‑check whether you actually intend to move to the v4 module path and version, and align the dependency and imports accordingly. - You are bumping the Kubernetes client stack to v0.36.0 while changing Helm and ORAS-related dependencies (e.g.,
helm.sh/helm/v3tov3.16.4,oras.land/oras-go/v2tooras.land/oras-go v1.2.5); verify that these specific versions are known-compatible with each other and withcontroller-runtime v0.24.0to avoid subtle runtime issues. - The addition of several Docker and distribution-related dependencies (
docker/docker,docker/cli,distribution/distribution,gojsonschemastack, OpenTelemetry, etc.) appears to be driven by the new library versions; it’s worth confirming you don’t have any now-redundant or conflicting indirect dependencies (like the removedsanthosh-tekuri/jsonschema/v6) and that your code paths don’t rely on the old implementations.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The PR title and description suggest upgrading to `helm.sh/helm/v4`, but `go.mod` still references `helm.sh/helm/v3` and even downgrades it from `v3.21.0` to `v3.16.4`; double‑check whether you actually intend to move to the v4 module path and version, and align the dependency and imports accordingly.
- You are bumping the Kubernetes client stack to v0.36.0 while changing Helm and ORAS-related dependencies (e.g., `helm.sh/helm/v3` to `v3.16.4`, `oras.land/oras-go/v2` to `oras.land/oras-go v1.2.5`); verify that these specific versions are known-compatible with each other and with `controller-runtime v0.24.0` to avoid subtle runtime issues.
- The addition of several Docker and distribution-related dependencies (`docker/docker`, `docker/cli`, `distribution/distribution`, `gojsonschema` stack, OpenTelemetry, etc.) appears to be driven by the new library versions; it’s worth confirming you don’t have any now-redundant or conflicting indirect dependencies (like the removed `santhosh-tekuri/jsonschema/v6`) and that your code paths don’t rely on the old implementations.
## Individual Comments
### Comment 1
<location path="go.mod" line_range="150" />
<code_context>
- k8s.io/apiserver v0.35.1 // indirect
- k8s.io/cli-runtime v0.35.1 // indirect
- k8s.io/component-base v0.35.1 // indirect
+ helm.sh/helm/v3 v3.16.4 // indirect
+ k8s.io/apiserver v0.36.0 // indirect
+ k8s.io/cli-runtime v0.36.0 // indirect
</code_context>
<issue_to_address>
**issue (bug_risk):** Downgrading Helm from v3.21.0 to v3.16.4 may introduce subtle incompatibilities with newer Kubernetes libraries.
You’re upgrading k8s-related deps (k8s.io/*, controller-runtime) to 0.36.0/0.24.0 while downgrading Helm to v3.16.4. This mix may introduce runtime behavior differences (client, discovery, resource handling). Please confirm v3.16.4 is explicitly required (e.g., by the operator framework) and that its supported Kubernetes versions are compatible with the newer k8s client stack.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
1b1fac6 to
6c0c37b
Compare
6c0c37b to
04201ea
Compare
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
04201ea to
26727a5
Compare
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
This PR contains the following updates:
v3.21.1→v4.2.2Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
helm/helm (helm.sh/helm/v3)
v4.2.2: Helm v4.2.2Compare Source
Helm v4.2.2 is a patch release. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
Notable Changes
Installation and Upgrading
Download Helm v4.2.2. The common platform binaries are here:
This release was signed by @gjenkins8 with key BF88 8333 D96A 1C18 E268 2AAE D79D 67C9 EC01 6739, which can be found at https://keys.openpgp.org/vks/v1/by-fingerprint/BF888333D96A1C18E2682AAED79D67C9EC016739. Please use the attached signatures for verifying this release using gpg.
The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with
bash.What's Next
Changelog
b05881c(George Jenkins)Full Changelog: helm/helm@v4.2.1...v4.2.2
v4.2.1: Helm v4.2.1Compare Source
Helm v4.2.1 is a patch release. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
Notable Changes
Installation and Upgrading
Download Helm v4.2.1. The common platform binaries are here:
This release was signed with
208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155and can be found at @scottrigby keybase account. Please use the attached signatures for verifying this release usinggpg.The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with
bash.What's Next
Changelog
d591a19(Terry Howe)2a9fcae(Terry Howe)ffa5bd6(dependabot[bot])9f9dbaf(dependabot[bot])64a2891(dependabot[bot])e54a4a2(dependabot[bot])acb762b(dependabot[bot])768586d(dependabot[bot])eabfae5(Benoit Tigeot)e3fd51f(Benoit Tigeot)1e47395(Benoit Tigeot)a33e239(Benoit Tigeot)fa06d44(Terry Howe)360d483(Terry Howe)7651edf(dependabot[bot])b132e7e(dependabot[bot])eee491a(Terry Howe)3e3c575(dependabot[bot])c4ce2bb(dependabot[bot])3892dc2(dependabot[bot])c4bbb62(dependabot[bot])a0d7f16(dependabot[bot])8a3de05(dependabot[bot])57a4803(Matheus Pimenta)b33ae02(dependabot[bot])Full Changelog: helm/helm@v4.2.0...v4.2.1
v4.2.0: Helm v4.2.0Compare Source
Helm v4.2.0 is a feature release. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
Notable Changes
goreleaserfor release buildsmustToTomltemplate function--hide-notesand--render-subchart-notesflags--dry-run=servernow respectsgenerateName:Installation and Upgrading
Download Helm v4.2.0. The common platform binaries are here:
This release was signed by @gjenkins8 with key BF88 8333 D96A 1C18 E268 2AAE D79D 67C9 EC01 6739, which can be found at https://keys.openpgp.org/vks/v1/by-fingerprint/BF888333D96A1C18E2682AAED79D67C9EC016739. Please use the attached signatures for verifying this release using gpg.
The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with
bash.What's Next
Changelog
0646808(George Jenkins)e23bf3a(Scott Rigby)f60ab7c(Terry Howe)64aa46f(Terry Howe)d199a1a(Terry Howe)8289940(Terry Howe)c075022(Terry Howe)04885dd(Terry Howe)93103ce(Terry Howe)e49a1dc(Terry Howe)eaa0910(Terry Howe)5a75279(Terry Howe)37284a9(Terry Howe)45336cc(Terry Howe)a9659b0(Terry Howe)e368f17(Terry Howe)e7bea85(Terry Howe)075c096(Terry Howe)12f2c41(dependabot[bot])58e8ffd(dependabot[bot])e61bbfb(dependabot[bot])081c6df(Matheus Pimenta)277d970(Gagan H R)a4a9cc7(Matheus Pimenta)8f56f24(Matheus Pimenta)db40adb(Mohit)775e794(dependabot[bot])934ace3(dependabot[bot])265c5eb(Matheus Pimenta)48e2b7d(dependabot[bot])a8e2497(Evans Mungai)52fc971(Johannes Lohmer)0063877(Johannes Lohmer)6eb4ebf(Johannes Lohmer)5cb4e7d(Johannes Lohmer)b5c7c80(dependabot[bot])a27f1ad(Matheus Pimenta)c26be60(Cairon)953f5f0(dependabot[bot])10fc5f3(dependabot[bot])d89e7c6(dependabot[bot])8a95461(George Jenkins)213c869(Sumit Solanki)bd5027a(dependabot[bot])087736b(George Jenkins)586eb57(George Jenkins)c8c5dfa(dependabot[bot])998466c(dependabot[bot])b0cec58(dependabot[bot])6ebfb29(dependabot[bot])a7f8443(Terry Howe)4c0d21f(Terry Howe)08dea9c(dependabot[bot])de58531(Anmol Virdi)9b1ad4c(dependabot[bot])8ef2d45(Rhys McNeill)cd7cf76(dependabot[bot])45ee55b(dependabot[bot])9a06741(dependabot[bot])d1e31ca(dependabot[bot])f257c95(abhay1999)7025480(Terry Howe)64f1d0a(Sumit Solanki)85bf56e(Debasish Mohanty)1549937(Sumit Solanki)c7a75b1(dependabot[bot])3a7573a(dependabot[bot])0229da1(dependabot[bot])c1a5a6e(Ilya Kiselev)b075f7a(Ilya Kiselev)7edfff3(Matthieu MOREL)37185d2(dependabot[bot])071558d(Matthieu MOREL)6249489(Matthieu MOREL)47a0840(George Jenkins)3d06fd1(dependabot[bot])e64d628(Terry Howe)d7cdc9e(abhay1999)36dcc27(George Jenkins)c4be7af(dependabot[bot])259f181(tsinglua)6018499(George Jenkins)74e7cf8(dependabot[bot])af94abf(Matheus Pimenta)16073b1(dependabot[bot])e31a078(Matthieu MOREL)16573f8(Travis Leeden)b550ce9(Terry Howe)1dfa77e(Terry Howe)5d40f17(Matthieu MOREL)d4f6193(Matthieu MOREL)82d9bed(dependabot[bot])dc0e3f1(Matthieu MOREL)e3c74fd(Matthieu MOREL)1d2d63c(Matthieu MOREL)63f03c0(Matthieu MOREL)c25c988(Matthieu MOREL)0fecfd0(Matthieu MOREL)6524162(Matthieu MOREL)6c2cb2f(Matthieu MOREL)9409226(Matthieu MOREL)36cb3a2(Mads Jensen)5b6c6bb(Matthieu MOREL)strings.Cutvariablesb667317(George Jenkins)AGENTS.md956c724(George Jenkins)92b64e8(George Jenkins)c59c140(rohansood10)ee01860(Evans Mungai)304d25f(dependabot[bot])0b13436(dependabot[bot])4a91f3a(Evans Mungai)7823853(dependabot[bot])aec7ace(dependabot[bot])a23b638(dependabot[bot])5cddc95(dependabot[bot])2e266c3(dependabot[bot])259f76a(Matthieu MOREL)0254182(Matthieu MOREL)6d1490e(Matthieu MOREL)4d0ae7f(Matthieu MOREL)abecafa(Matthieu MOREL)4330bde(Matthieu MOREL)c8989d9(Matthieu MOREL)edbd705(Matthieu MOREL)5638c35(George Jenkins)76eb37c(Orgad Shaneh)9817a68(Manuel Alonso)5aac320(Evans Mungai)0d75d86(Matthieu MOREL)859292e(Matthieu MOREL)5cc2e55(Matthieu MOREL)ba38159(Matthieu MOREL)e2d184c(Matthieu MOREL)111d4e6(Matthieu MOREL)e8f386b(Pedro Tôrres)d983696(Pedro Tôrres)9c9c3a6(dependabot[bot])787b61c(Matheus Pimenta)becf9bf(dependabot[bot])6d5f56f(Scott Rigby)b53198e(dependabot[bot])b59e533(dependabot[bot])ec07265(Austin Abro)e3829eb(Philipp Born)63b40a7(Austin Abro)b0b35f1(Matheus Pimenta)26e28e8(George Jenkins)97fd007(Jeevan Yewale)5262007(dependabot[bot])e70d59d(Evans Mungai)bbec77c(Matheus Pimenta)443a2a6(George Jenkins)c1cc625(Matheus Pimenta)828038a(Evans Mungai)e223771(dependabot[bot])6501ef4(Manuel Alonso)a8eb527(Matheus Pimenta)da1d68a(dependabot[bot])0f949a9(Manuel Alonso)561410a(Manuel Alonso Gonzalez)0298b2f(Evans Mungai)b8937ad(Evans Mungai)a333bba(Evans Mungai)374aeb4(Feruzjon Muyassarov)00f0a48(Manuel Alonso)0357e8d(Manuel Alonso)52235cc(Manuel Alonso)268593b(Manuel Alonso)1709114(Mujib Ahasan)9486062(Mujib Ahasan)12e8b71(Mujib Ahasan)3416dd5(Evans Mungai)679f051(Evans Mungai)292fe70(Evans Mungai)1154099(Mujib Ahasan)522d2fe(Mujib Ahasan)6769fb6(Mujib Ahasan)64bae71(Terry Howe)b357bca(Mujib Ahasan)2820ebe(Mujib Ahasan)1836c59(Andreas Sommer)New Contributors
Full Changelog: helm/helm@v4.1.0...v4.2.0
v4.1.4: Helm v4.1.4Compare Source
Helm v4.1.4 is a security fix patch release. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
Security fixes
Chart.yamlname dot-segment.provis missing, allowing unsigned plugin installA big thank you to the reporters of these issues (@maru1009, @1seal).
Installation and Upgrading
Download Helm v4.1.4. The common platform binaries are here:
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.