cluster-api-helm-controller: add pending-upstream-fix advisories for GHSA-5xqw-8hwv-wg92 and GHSA-4hfp-h4cw-hj8p (#21343)

jamie-albert · web-flow · commit bad027f57b6f · 2025-08-04T17:24:31.000Z
diff --git a/cluster-api-helm-controller.advisories.yaml b/cluster-api-helm-controller.advisories.yaml
@@ -88,6 +88,10 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/cluster-api-helm-controller
             scanner: grype
+      - timestamp: 2025-08-04T17:20:24Z
+        type: pending-upstream-fix
+        data:
+          note: "Upstream needs to make code changes in order to upgrade helm.sh/helm/v3 to 3.18.4. Pending PR is inflight awaiting upstream approval: https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/pull/420"
       - timestamp: 2025-08-02T00:37:37Z
         type: pending-upstream-fix
         data:
@@ -132,6 +136,10 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/cluster-api-helm-controller
             scanner: grype
+      - timestamp: 2025-08-04T17:20:24Z
+        type: pending-upstream-fix
+        data:
+          note: "Upstream needs to make code changes in order to upgrade helm.sh/helm/v3 to 3.18.4. Pending PR is inflight awaiting upstream approval: https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/pull/420"
       - timestamp: 2025-08-02T00:37:37Z
         type: pending-upstream-fix
         data:
