Comparing changes

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/anchore/clio](https://togithub.com/anchore/clio) | require | digest | `3ef5b3b` -> `378d8c0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/anchore/clio](https://togithub.com/anchore/clio) | require | digest | `378d8c0` -> `06cf78f` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/anchore/clio](https://togithub.com/anchore/clio) | require | digest | `06cf78f` -> `cb94e40` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

…s with no retries ## Description Add check to see whether action failure was actually due to timeout or not. Currently Zarf reports an error of "timed out after 0 seconds" when a `cmd` within an action fails (with no retries) even if no timeout was set. ## Related Issue Fixes #2299 ## Type of change - [X] Bug fix (non-breaking change which fixes an issue) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [helm.sh/helm/v3](https://togithub.com/helm/helm) | `v3.14.0` -> `v3.14.1` | [![age](https://developer.mend.io/api/mc/badges/age/go/helm.sh%2fhelm%2fv3/v3.14.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/helm.sh%2fhelm%2fv3/v3.14.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/helm.sh%2fhelm%2fv3/v3.14.0/v3.14.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/helm.sh%2fhelm%2fv3/v3.14.0/v3.14.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2024-25620](https://togithub.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r) A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. ### Impact When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. ### Patches This issue has been resolved in Helm v3.14.1. ### Workarounds Check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies. ### Credits Disclosed by Dominykas Blyžė at Nearform Ltd. --- ### Release Notes <details> <summary>helm/helm (helm.sh/helm/v3)</summary> ### [`v3.14.1`](https://togithub.com/helm/helm/releases/tag/v3.14.1): Helm v3.14.1 [Compare Source](https://togithub.com/helm/helm/compare/v3.14.0...v3.14.1) Helm v3.14.1 is a security (patch) release. Users are strongly recommended to update to this release. A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. [Dominykas Blyžė](https://togithub.com/dominykas) with [Nearform Ltd.](https://www.nearform.com/) discovered the vulnerability. #### Installation and Upgrading Download Helm v3.14.1. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.14.1-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-darwin-amd64.tar.gz.sha256sum) / 67928236b37c4e780b9fb5e614fb3b9aece90d60f0b1b4cb7406ee292c2dae3b) - [MacOS arm64](https://get.helm.sh/helm-v3.14.1-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-darwin-arm64.tar.gz.sha256sum) / 96468f927cc6efb4a2b92fd9419f40ed21d634af2f3e84fb8efa59526c7a003b) - [Linux amd64](https://get.helm.sh/helm-v3.14.1-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-amd64.tar.gz.sha256sum) / 75496ea824f92305ff7d28af37f4af57536bf5138399c824dff997b9d239dd42) - [Linux arm](https://get.helm.sh/helm-v3.14.1-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-arm.tar.gz.sha256sum) / f50c00c262b74435530e677bcec07637aaeda1ed92ef809b49581a4e6182cbbe) - [Linux arm64](https://get.helm.sh/helm-v3.14.1-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-arm64.tar.gz.sha256sum) / f865b8ad4228fd0990bbc5b50615eb6cb9eb31c9a9ca7238401ed897bbbe9033) - [Linux i386](https://get.helm.sh/helm-v3.14.1-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-386.tar.gz.sha256sum) / 3c94ed0601e0e62c195a7e9b75262b18128c8284662aa0e080bb548dc6d47bcd) - [Linux ppc64le](https://get.helm.sh/helm-v3.14.1-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-ppc64le.tar.gz.sha256sum) / 4d853ab8fe3462287c7272fbadd5f73531ecdd6fa0db37d31630e41ae1ae21de) - [Linux s390x](https://get.helm.sh/helm-v3.14.1-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-s390x.tar.gz.sha256sum) / 19bf07999c7244bfeb0fd27152919b9faa1148cf43910edbb98efa9150058a98) - [Linux riscv64](https://get.helm.sh/helm-v3.14.1-linux-riscv64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-riscv64.tar.gz.sha256sum) / 2660bd8eb37aafc071599b788a24bfe244e5d3ffa42da1599da5a5041dafa214) - [Windows amd64](https://get.helm.sh/helm-v3.14.1-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.14.1-windows-amd64.zip.sha256sum) / 8a6c78a23a4e497ad8bd288138588adb3e5b49be8dbe82a3200fe7b297dac184) This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.14.2 will contain only bug fixes and be released on March 13, 2024. - 3.15.0 is the next feature release and will be on May 08, 2024. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

## Description #2180 introduced a bug and this PR removes the cause of the bug. Actions conditionals are being added to Zarf in #2276 to allow these sort of checks to account for various use cases in a more clean way. Also reopened #1824 ## Related Issue Relates to #2273 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed

## Description - Included dependency review action https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Co-authored-by: razzle <harry@razzle.cloud>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | major | `v3.6.0` -> `v4.1.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.1`](https://togithub.com/actions/checkout/releases/tag/v4.1.1) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.0...v4.1.1) ##### What's Changed - Update CODEOWNERS to Launch team by [@joshmgross](https://togithub.com/joshmgross) in [https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510) - Correct link to GitHub Docs by [@peterbe](https://togithub.com/peterbe) in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) - Link to release page from what's new section by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1514](https://togithub.com/actions/checkout/pull/1514) ##### New Contributors - [@joshmgross](https://togithub.com/joshmgross) made their first contribution in [https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510) - [@peterbe](https://togithub.com/peterbe) made their first contribution in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) **Full Changelog**: actions/checkout@v4.1.0...v4.1.1 ### [`v4.1.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v410) [Compare Source](https://togithub.com/actions/checkout/compare/v4.0.0...v4.1.0) - [Add support for partial checkout filters](https://togithub.com/actions/checkout/pull/1396) ### [`v4.0.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v400) [Compare Source](https://togithub.com/actions/checkout/compare/v3.6.0...v4.0.0) - [Support fetching without the --progress option](https://togithub.com/actions/checkout/pull/1067) - [Update to node20](https://togithub.com/actions/checkout/pull/1436) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

## Description This fixes multipart tarballs being different sizes with `--max-package-size` ## Related Issue Fixes #2313 ## Type of change - [X] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Co-authored-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com> Co-authored-by: Lucas Rodriguez <lucas.rodriguez@defenseunicorns.com>

## Description Alters text detection logic to read the first and last 512 bytes. Tested with 5 files: - [NVIDIA installer](https://us.download.nvidia.com/XFree86/Linux-x86_64/535.154.05/NVIDIA-Linux-x86_64-535.154.05.run) Detected as application type when reading last 512. - 3 4k size files of junk text with a ZARF_CONST replacement, in straight text, yaml, and json All 3 detected as text/plain, ZARF_CONST was replaced. - 1 small 100 byte file with a ZARF_CONST replacement. Was still detected as text and ZARF_CONST was replaced. Existing unit tests succeeded. ## Related Issue Fixes #2308  Relates to # ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>

## Description This fixes the codeql issues that are currently in the Zarf codebase ## Related Issue Fixes #N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed

## Description This PR fixes the `zarf tools registry prune` messaging to be more verbose. ## Related Issue Fixes #N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [helm.sh/helm/v3](https://togithub.com/helm/helm) | `v3.14.1` -> `v3.14.2` | [![age](https://developer.mend.io/api/mc/badges/age/go/helm.sh%2fhelm%2fv3/v3.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/helm.sh%2fhelm%2fv3/v3.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/helm.sh%2fhelm%2fv3/v3.14.1/v3.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/helm.sh%2fhelm%2fv3/v3.14.1/v3.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2024-26147](https://togithub.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6) A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. ### Impact When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. ### Patches This issue has been resolved in Helm v3.14.2. ### Workarounds If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic. ### For more information Helm's security policy is spelled out in detail in our [SECURITY](https://togithub.com/helm/community/blob/master/SECURITY.md) document. ### Credits Disclosed by Jakub Ciolek at AlphaSense. --- ### Release Notes <details> <summary>helm/helm (helm.sh/helm/v3)</summary> ### [`v3.14.2`](https://togithub.com/helm/helm/releases/tag/v3.14.2): Helm v3.14.2 [Compare Source](https://togithub.com/helm/helm/compare/v3.14.1...v3.14.2) Helm v3.14.2 is a security (patch) release. Users are strongly recommended to update to this release. A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. Jakub Ciolek with AlphaSense discovered the vulnerability. #### Installation and Upgrading Download Helm v3.14.2. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.14.2-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.2-darwin-amd64.tar.gz.sha256sum) / 64c633ae194bde77b7e7b7936a2814a7417817dc8b7bb7d270bd24a7a17b8d12) - [MacOS arm64](https://get.helm.sh/helm-v3.14.2-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.2-darwin-arm64.tar.gz.sha256sum) / ff502fd39b06497fa3d5a51ec2ced02b9fcfdb0e9a948d315fb1b2f13ddc39fb) - [Linux amd64](https://get.helm.sh/helm-v3.14.2-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.2-linux-amd64.tar.gz.sha256sum) / 0885a501d586c1e949e9b113bf3fb3290b0bbf74db9444a1d8c2723a143006a5) - [Linux arm](https://get.helm.sh/helm-v3.14.2-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.2-linux-arm.tar.gz.sha256sum) / b70fb6fa2cdf0a5c782320c9d7e7b155fcaec260169218c98316bb3cf0d431d9) - [Linux arm64](https://get.helm.sh/helm-v3.14.2-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.2-linux-arm64.tar.gz.sha256sum) / c65d6a9557bb359abc2c0d26670de850b52327dc3976ad6f9e14c298ea3e1b61) - [Linux i386](https://get.helm.sh/helm-v3.14.2-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.2-linux-386.tar.gz.sha256sum) / 0e08cd56cc952ab4646c57c5ec7cde2412c39373aec3df659a14597dd9874461) - [Linux ppc64le](https://get.helm.sh/helm-v3.14.2-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.2-linux-ppc64le.tar.gz.sha256sum) / f3bc8582ff151e619cd285d9cdf9fef1c5733ee5522d8bed2ef680ef07f87223) - [Linux s390x](https://get.helm.sh/helm-v3.14.2-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.2-linux-s390x.tar.gz.sha256sum) / 7bda34aa26638e5116b31385f3b781172572175bf4c1ae00c87d8b154458ed94) - [Linux riscv64](https://get.helm.sh/helm-v3.14.2-linux-riscv64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.2-linux-riscv64.tar.gz.sha256sum) / f6278facd3e2e6af52a5f6d038f2149428d115ba2b4523edbe5889d1170e9203) - [Windows amd64](https://get.helm.sh/helm-v3.14.2-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.14.2-windows-amd64.zip.sha256sum) / aa094e435da74ad574f96924c37ecd0c75f0be707ac604ef97ed6021d6bc0784) This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.14.3 will contain only bug fixes and be released on March 13, 2024. - 3.15.0 is the next feature release and will be on May 08, 2024. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

## Description This PR updates the Zarf roadmap per our 2024 project goals (delaying GA and focusing on OpenSSF donation). ## Related Issue Fixes #N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Lucas Rodriguez <lucas.rodriguez@defenseunicorns.com> Co-authored-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com>

## Description This is a test for fixes to intermittent hanging. ## Related Issue Relates to #1444 ## Type of change - [X] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed

…2306) ## Description Instead of looking for refInfo.Host in the override map loop through the keys and values in i.RegistryOverrides, check if the refInfo.Reference begins with an override key and, if it does, replace that override text with the override value and set it back to actualSrc. Do not use ImageTransformHostWithoutChecksum since we already have the parsed ref and all the info we need to do the replacement. ## Related Issue Fixes #2135 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Signed-off-by: Vibhav Bobade <vibhav.bobde@gmail.com> Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Co-authored-by: Austin Abro <37223396+AustinAbro321@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comparing changes

Open a pull request

Commits on Feb 8, 2024

Commits on Feb 9, 2024

Commits on Feb 10, 2024

Commits on Feb 12, 2024

Commits on Feb 16, 2024

Commits on Feb 19, 2024

Commits on Feb 20, 2024

Commits on Feb 21, 2024

Commits on Feb 23, 2024

Commits on Feb 26, 2024

This comparison is taking too long to generate.

Uh oh!