Skip to content

feat(helm): upgrading helm to 3.18.4 #23724

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 10, 2025
Merged

feat(helm): upgrading helm to 3.18.4 #23724

merged 3 commits into from
Jul 10, 2025

Conversation

mubarak-j
Copy link
Contributor

Updating helm version to v3.18.4 to resolve this CVE GHSA-557j-xg8c-q2mm. Also, I added a small automation for the helm checksum script to avoid manual steps.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Toolchain Guide
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.
  • Optional. My organization is added to USERS.md.
  • Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

mubarak-j and others added 3 commits June 23, 2025 21:17
@mubarak-j
fix(docs): include upgrading 3.1 docs
bf02e91 
Signed-off-by: Mubarak Jama <mubarak.jama@gmail.com>
@mubarak-j
Merge branch 'argoproj:master' into master
6e874ae
@mubarak-j
feat(helm): upgrading helm to 3.18.4
93ab257 
Signed-off-by: Mubarak Jama <mubarak.jama@gmail.com>
@mubarak-j mubarak-j requested review from a team as code owners July 9, 2025 22:33
@bunnyshell Bunnyshell
Copy link

bunnyshell bot commented Jul 9, 2025
edited
Loading

❌ Preview Environment deleted from Bunnyshell

Available commands (reply to this comment):

  • 🚀 /bns:deploy to deploy the environment

@codecov Codecov
Copy link

codecov bot commented Jul 9, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.15%. Comparing base (6ead52c) to head (93ab257).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #23724      +/-   ##
==========================================
- Coverage   60.21%   60.15%   -0.06%     
==========================================
  Files         346      346              
  Lines       59230    59230              
==========================================
- Hits        35663    35631      -32     
- Misses      20708    20732      +24     
- Partials     2859     2867       +8

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@blakepettersson blakepettersson merged commit e8e39a9 into argoproj:master Jul 10, 2025
28 checks passed
@blakepettersson
Copy link
Member

Thanks!

@blakepettersson
Copy link
Member

/cherry-pick release-3.1

gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Jul 10, 2025
@mubarak-j
feat(helm): upgrading helm to 3.18.4 (#23724)
de227e9 
Signed-off-by: Mubarak Jama <mubarak.jama@gmail.com>
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Jul 10, 2025
Merged
blakepettersson pushed a commit that referenced this pull request Jul 10, 2025
@gcp-cherry-pick-bot @mubarak-j
feat(helm): upgrading helm to 3.18.4 (cherry-pick #23724) (#23731)
8eaccb7 
Signed-off-by: Mubarak Jama <mubarak.jama@gmail.com>
Co-authored-by: Mubarak Jama <83465122+mubarak-j@users.noreply.github.com>
@svghadi
Copy link
Contributor

svghadi commented Jul 15, 2025

@blakepettersson - Do we plan to cherry-pick this to 3.0.x?

@blakepettersson
Copy link
Member

@svghadi no plans, but could be done if this is something that is needed

@mubarak-j
Copy link
Contributor Author

According to this comment, Argo CD has a very low risk of being impacted by this CVE.

@svghadi
Copy link
Contributor

svghadi commented Jul 16, 2025

Okay. Make sense to ignore it for lower versions if we are not really affected. Thanks @mubarak-j for the information.

enneitex pushed a commit to enneitex/argo-cd that referenced this pull request Aug 24, 2025
@mubarak-j @enneitex
feat(helm): upgrading helm to 3.18.4 (argoproj#23724)
af1f44e 
Signed-off-by: Mubarak Jama <mubarak.jama@gmail.com>
Signed-off-by: enneitex <etienne.divet@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakepettersson blakepettersson blakepettersson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mubarak-j @blakepettersson @svghadi