chore(deps): bump helm.sh/helm/v3 from 3.18.4 to 3.18.5 in the go_modules group (#722)

dependabot[bot] · jakobmoellerdev · web-flow · commit a5bb31a06495 · 2025-08-18T09:39:13.000+02:00
Bumps the go_modules group with 1 update: [helm.sh/helm/v3](https://github.com/helm/helm). Updates `helm.sh/helm/v3` from 3.18.4 to 3.18.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/helm/helm/releases">helm.sh/helm/v3's releases</a>.</em></p> <blockquote> <p>Helm v3.18.5 is a security release. Users are encouraged to upgrade for the best experience.</p> <p>The community keeps growing, and we'd love to see you there!</p> <ul> <li>Join the discussion in <a href="https://kubernetes.slack.com">Kubernetes Slack</a>: <ul> <li>for questions and just to hang out</li> <li>for discussing PRs, code, and bugs</li> </ul> </li> <li>Hang out at the Public Developer Call: Thursday, 9:30 Pacific via <a href="https://zoom.us/j/696660622">Zoom</a></li> <li>Test, debug, and contribute charts: <a href="https://artifacthub.io/packages/search?kind=0">ArtifactHub/packages</a></li> </ul> <h2>Security Advisories</h2> <ul> <li><a href="https://github.com/helm/helm/security/advisories/GHSA-9h84-qmv7-982p">Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion</a></li> <li><a href="https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68">Incorrect YAML Content Leads To Panic</a></li> </ul> <h2>Installation and Upgrading</h2> <p>Download Helm v3.18.5. The common platform binaries are here:</p> <ul> <li><a href="https://get.helm.sh/helm-v3.18.5-darwin-amd64.tar.gz">MacOS amd64</a> (<a href="https://get.helm.sh/helm-v3.18.5-darwin-amd64.tar.gz.sha256sum">checksum</a> / 3200c32cf19bf69b446e97c0060af39f018d2e441e418ad174ba39052f63fb15)</li> <li><a href="https://get.helm.sh/helm-v3.18.5-darwin-arm64.tar.gz">MacOS arm64</a> (<a href="https://get.helm.sh/helm-v3.18.5-darwin-arm64.tar.gz.sha256sum">checksum</a> / 32ce3f4910d5a96c1170f3f8f230d4c8b8bc007e5d47b085b8416cfe559d7925)</li> <li><a href="https://get.helm.sh/helm-v3.18.5-linux-amd64.tar.gz">Linux amd64</a> (<a href="https://get.helm.sh/helm-v3.18.5-linux-amd64.tar.gz.sha256sum">checksum</a> / 9879bf9c471cdecbbee5ee17cf1de1849b0ffd12871ea01f17ede6861d7134f5)</li> <li><a href="https://get.helm.sh/helm-v3.18.5-linux-arm.tar.gz">Linux arm</a> (<a href="https://get.helm.sh/helm-v3.18.5-linux-arm.tar.gz.sha256sum">checksum</a> / 4be47fa77476bfd6416a44853e28983e7c8594156259813ecf35d004044fb17d)</li> <li><a href="https://get.helm.sh/helm-v3.18.5-linux-arm64.tar.gz">Linux arm64</a> (<a href="https://get.helm.sh/helm-v3.18.5-linux-arm64.tar.gz.sha256sum">checksum</a> / d25d2c1b1c5a9844755ab5c66e6df4d6b31c25e6d92dd2ce66c137a63ddf9f2c)</li> <li><a href="https://get.helm.sh/helm-v3.18.5-linux-386.tar.gz">Linux i386</a> (<a href="https://get.helm.sh/helm-v3.18.5-linux-386.tar.gz.sha256sum">checksum</a> / 1ee980e47bb37f388abdce3a7e8da64a9b372352c4cb645bda5ddd401973bee3)</li> <li><a href="https://get.helm.sh/helm-v3.18.5-linux-ppc64le.tar.gz">Linux ppc64le</a> (<a href="https://get.helm.sh/helm-v3.18.5-linux-ppc64le.tar.gz.sha256sum">checksum</a> / 9d300e0efced9b244aedcc9d11c49647deb4c5afc8d2298c988498dc530bc932)</li> <li><a href="https://get.helm.sh/helm-v3.18.5-linux-s390x.tar.gz">Linux s390x</a> (<a href="https://get.helm.sh/helm-v3.18.5-linux-s390x.tar.gz.sha256sum">checksum</a> / c779bb4dea8026294378a9ad6447095fb8f56671a8c49437344dd342de2a3156)</li> <li><a href="https://get.helm.sh/helm-v3.18.5-linux-riscv64.tar.gz">Linux riscv64</a> (<a href="https://get.helm.sh/helm-v3.18.5-linux-riscv64.tar.gz.sha256sum">checksum</a> / f79d06dc5e966c341fc8ad1a0d5e032f7d681e62c4a51a4d22badec4b9857144)</li> <li><a href="https://get.helm.sh/helm-v3.18.5-windows-amd64.zip">Windows amd64</a> (<a href="https://get.helm.sh/helm-v3.18.5-windows-amd64.zip.sha256sum">checksum</a> / 464bfd7792d6c682778fc1d5e5bcc9ac5ce83457fe3c4b7a3d0af4dc3ef03eb1)</li> <li><a href="https://get.helm.sh/helm-v3.18.5-windows-arm64.zip">Windows arm64</a> (<a href="https://get.helm.sh/helm-v3.18.5-windows-arm64.zip.sha256sum">checksum</a> / 82411e3ee4e349d30221ddf6c26397bb0a41666939b338ccf39f4cd2ec4e4410)</li> </ul> <p>The <a href="https://helm.sh/docs/intro/quickstart/">Quickstart Guide</a> will get you going from there. For <strong>upgrade instructions</strong> or detailed installation notes, check the <a href="https://helm.sh/docs/intro/install/">install guide</a>. You can also use a <a href="https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3">script to install</a> on any system with <code>bash</code>.</p> <h2>What's Next</h2> <ul> <li>3.18.6 will contain only bug fixes.</li> <li>3.19.5 is the next feature release. This release will focus on ...</li> </ul> <h2>Changelog</h2> <ul> <li>fix Chart.yaml handling 7799b483f52ceb665264a4056da3d2569d60f910 (Matt Farina)</li> <li>Handle messy index files dd8502f7b4fd5824a696c99909babd0fbed77e9e (Matt Farina)</li> <li>json schema fix cb8595bc650e2ec7459427d2b0430599431a3dbe (Robert Sirchia)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/helm/helm/commit/b78692c18f0fb38fe5ba4571a674de067a4c53a5"><code>b78692c</code></a> Merge commit from fork</li> <li><a href="https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6"><code>ec5f59e</code></a> Merge commit from fork</li> <li><a href="https://github.com/helm/helm/commit/7799b483f52ceb665264a4056da3d2569d60f910"><code>7799b48</code></a> fix Chart.yaml handling</li> <li><a href="https://github.com/helm/helm/commit/dd8502f7b4fd5824a696c99909babd0fbed77e9e"><code>dd8502f</code></a> Handle messy index files</li> <li><a href="https://github.com/helm/helm/commit/cb8595bc650e2ec7459427d2b0430599431a3dbe"><code>cb8595b</code></a> json schema fix</li> <li>See full diff in <a href="https://github.com/helm/helm/compare/v3.18.4...v3.18.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=helm.sh/helm/v3&package-manager=go_modules&previous-version=3.18.4&new-version=3.18.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/open-component-model/ocm-controller/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jakob Möller <contact@jakob-moeller.com>
diff --git a/go.mod b/go.mod
@@ -45,7 +45,7 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0
 	gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.18.4
+	helm.sh/helm/v3 v3.18.5
 	k8s.io/api v0.33.3
 	k8s.io/apiextensions-apiserver v0.33.3
 	k8s.io/apimachinery v0.33.3
@@ -310,6 +310,7 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sagikazarmark/locafero v0.7.0 // indirect
+	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
@@ -409,7 +410,7 @@ require (
 	k8s.io/component-base v0.33.3 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911 // indirect
-	k8s.io/kubectl v0.33.2 // indirect
+	k8s.io/kubectl v0.33.3 // indirect
 	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
 	oras.land/oras-go/v2 v2.6.0 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
diff --git a/go.sum b/go.sum
@@ -308,6 +308,8 @@ github.com/distribution/distribution/v3 v3.0.0 h1:q4R8wemdRQDClzoNNStftB2ZAfqOiN
 github.com/distribution/distribution/v3 v3.0.0/go.mod h1:tRNuFoZsUdyRVegq8xGNeds4KLjwLCRin/tTo6i1DhU=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ=
+github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/docker/cli v28.3.2+incompatible h1:mOt9fcLE7zaACbxW1GeS65RI67wIJrTnqS3hP2huFsY=
 github.com/docker/cli v28.3.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
@@ -838,6 +840,8 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
 github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
+github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ=
+github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU=
 github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A=
 github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk=
 github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4=
@@ -1269,8 +1273,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
-helm.sh/helm/v3 v3.18.4 h1:pNhnHM3nAmDrxz6/UC+hfjDY4yeDATQCka2/87hkZXQ=
-helm.sh/helm/v3 v3.18.4/go.mod h1:WVnwKARAw01iEdjpEkP7Ii1tT1pTPYfM1HsakFKM3LI=
+helm.sh/helm/v3 v3.18.5 h1:Cc3Z5vd6kDrZq9wO9KxKLNEickiTho6/H/dBNRVSos4=
+helm.sh/helm/v3 v3.18.5/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.33.3 h1:SRd5t//hhkI1buzxb288fy2xvjubstenEKL9K51KBI8=
@@ -1289,8 +1293,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911 h1:gAXU86Fmbr/ktY17lkHwSjw5aoThQvhnstGGIYKlKYc=
 k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911/go.mod h1:GLOk5B+hDbRROvt0X2+hqX64v/zO3vXN7J78OUmBSKw=
-k8s.io/kubectl v0.33.2 h1:7XKZ6DYCklu5MZQzJe+CkCjoGZwD1wWl7t/FxzhMz7Y=
-k8s.io/kubectl v0.33.2/go.mod h1:8rC67FB8tVTYraovAGNi/idWIK90z2CHFNMmGJZJ3KI=
+k8s.io/kubectl v0.33.3 h1:r/phHvH1iU7gO/l7tTjQk2K01ER7/OAJi8uFHHyWSac=
+k8s.io/kubectl v0.33.3/go.mod h1:euj2bG56L6kUGOE/ckZbCoudPwuj4Kud7BR0GzyNiT0=
 k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y=
 k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 ocm.software/ocm v0.27.0 h1:5QcikwUuOEeiiJVutXcjqoY5+inXqxOL2DU6SScB0WM=
