openSUSE-SU-2026:20327-1

Описание

This update for helm fixes the following issues:

• Update to version 3.19.1:

  • CVE-2025-47911: golang.org/x/net/html: Fixed various algorithms with quadratic complexity when parsing HTML documents (bsc#1251442)
  • CVE-2025-58190: golang.org/x/net/html: Fixed xcessive memory consumption by html.ParseFragment when processing specially crafted input (bsc#1251649)
  • jsonschema: warn and ignore unresolved URN $ref to match v3.18.4
  • Avoid "panic: interface conversion: interface {} is nil"
  • Fix helm pull untar dir check with repo urls
  • Fix deprecation warning
  • Add timeout flag to repo add and update flags

• Update to version 3.19.0:

  • bump version to v3.19.0
  • fix: use username and password if provided
  • fix(helm-lint): fmt
  • fix(helm-lint): Add TLSClientConfig
  • fix(helm-lint): Add HTTP/HTTPS URL support for json schema references
  • chore(deps): bump the k8s-io group with 7 updates
  • fix: go mod tidy for v3
  • fix Chart.yaml handling
  • Handle messy index files
  • json schema fix
  • fix: k8s version parsing to match original
  • Do not explicitly set SNI in HTTPGetter
  • Disabling linter due to unknown issue
  • Updating link handling
  • fix: user username password for login
  • Update pkg/registry/transport.go
  • fix: add debug logging to oci transport
  • fix: legacy docker support broken for login
  • fix: plugin installer test with no Internet
  • Handle an empty registry config file.
  • Prevent fetching newReference again as we have in calling method
  • Prevent failure when resolving version tags in oras memory store
  • fix(client): skipnode utilization for PreCopy
  • test: Skip instead of returning early. looks more intentional
  • test: tests repo stripping functionality
  • test: include tests for Login based on different protocol prefixes
  • fix(client): layers now returns manifest - remove duplicate from descriptors
  • fix(client): return nil on non-allowed media types
  • Fix 3.18.0 regression: registry login with scheme
  • Update pkg/plugin/plugin.go
  • Wait for Helm v4 before raising when platformCommand and Command are set
  • Revert "fix (helm) : toToml` renders int as float [ backport to v3 ]"
  • build(deps): bump the k8s-io group with 7 updates
  • chore: update generalization warning message
  • fix: move warning to top of block
  • fix: govulncheck workflow
  • fix: replace fmt warning with slog
  • fix: add warning when ignore repo flag
  • feat: add httproute from gateway-api to create chart template

• Update to version 3.18.6:

  • fix(helm-lint): fmt
  • fix(helm-lint): Add TLSClientConfig
  • fix(helm-lint): Add HTTP/HTTPS URL support for json schema references

• Update to version 3.18.5:

  • fix Chart.yaml handling 7799b48 (Matt Farina)
  • Handle messy index files dd8502f (Matt Farina)
  • json schema fix cb8595b (Robert Sirchia)

• Fix shell completion dependencies

  • Add BuildRequires to prevent inclusion of folders owned by shells.
  • Add Requires because installing completions without appropriate shell is questionable.

• Fix zsh completion location