Skip to content

chore(deps): update dependency helm to v4.1.4#340

Merged
bo0tzz merged 1 commit into
mainfrom
renovate/helm
May 14, 2026
Merged

chore(deps): update dependency helm to v4.1.4#340
bo0tzz merged 1 commit into
mainfrom
renovate/helm

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 14, 2026
edited
Loading

This PR contains the following updates:

Package Update Change Pending
helm patch 4.1.34.1.4 4.2.0

Release Notes

helm/helm (helm)

v4.1.4: Helm v4.1.4

Compare Source

Helm v4.1.4 is a security fix patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Security fixes

  • GHSA-hr2v-4r36-88hr Helm Chart extraction output directory collapse via Chart.yaml name dot-segment
  • GHSA-q5jf-9vfq-h4h7 Plugin verification fails open when .prov is missing, allowing unsigned plugin install
  • GHSA-vmx8-mqv2-9gmg Path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory

A big thank you to the reporters of these issues (@​maru1009, @​1seal).

Installation and Upgrading

Download Helm v4.1.4. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 4.1.5 and 3.20.3 are the next patch (bug fix) releases and will be on April 8, 2026
  • 4.2.0 and 3.21.0 are the next minor (feature) releases and will be on May 13, 2026

Changelog

  • fix: Plugin missing provenance bypass 05fa379 (George Jenkins)
  • fix: Chart dot-name path bug 4e7994d (George Jenkins)
  • ignore error plugin loads (cli, getter) 2581943 (George Jenkins)
  • fix: Plugin version path traversal 36c8539 (George Jenkins)
  • fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow c61e086 (Terry Howe)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "before 9am on tuesday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 14, 2026
edited
Loading

Changes in Final Manifest

1 file changed:

  • M manifest.yaml

1 modified M

Diff

manifest.yaml

@@ -288,7 +288,7 @@ spec:
             value: http://immich-machine-learning:3003
           - name: REDIS_HOSTNAME
             value: immich-valkey
-          image: docker.io/valkey/valkey:9.1-alpine@sha256:34f4f659e02a67cfdf3995d11ae432219c936005055b2cd39a042e86280e053e
+          image: docker.io/valkey/valkey:9.1-alpine@sha256:355ae2c6c965769a0d9b9810711e6befd5b79fe676d1faa848247733ad6a4408
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:

GitHub Actions

@renovate renovate Bot force-pushed the renovate/helm branch 2 times, most recently from fb83dba to 73e0e57 Compare May 13, 2026 02:07
@renovate renovate Bot changed the title chore(deps): update helm to v4.1.4 chore(deps): update dependency helm to v4.1.4 May 13, 2026
@renovate renovate Bot force-pushed the renovate/helm branch from 73e0e57 to 77df18e Compare May 14, 2026 18:38
@bo0tzz bo0tzz enabled auto-merge (squash) May 14, 2026 18:38
@bo0tzz bo0tzz merged commit 549706d into main May 14, 2026
7 checks passed
@bo0tzz bo0tzz deleted the renovate/helm branch May 14, 2026 18:41
renovate Bot added a commit to sdwilsh/ansible-playbooks that referenced this pull request May 16, 2026
@renovate
chore(deps): update helm release immich to v0.12.0
e0f866f 
##### [\`0.12.0\`](https://github.com/immich-app/immich-charts/releases/tag/immich-0.12.0)

A chart to power Immich (immich.app) running on kubernetes

#### What's Changed

- chore: group testing dependencies by [@bo0tzz](https://github.com/bo0tzz) in [#330](immich-app/immich-charts#330)
- chore: switch push-o-matic auth from app-id to client-id by [@bo0tzz](https://github.com/bo0tzz) in [#345](immich-app/immich-charts#345)
- chore: use app token for mise in workflows by [@bo0tzz](https://github.com/bo0tzz) in [#346](immich-app/immich-charts#346)
- chore(deps): update dependency tilt to v0.37.3 by [@renovate](https://github.com/renovate)\[bot] in [#342](immich-app/immich-charts#342)
- chore(deps): update dependency ctlptl to v0.9.3 by [@renovate](https://github.com/renovate)\[bot] in [#344](immich-app/immich-charts#344)
- chore(deps): update docker.io/valkey/valkey:9.1-alpine docker digest to [`34f4f65`](immich-app/immich-charts@34f4f65) by [@renovate](https://github.com/renovate)\[bot] in [#343](immich-app/immich-charts#343)
- chore(deps): update github-actions by [@renovate](https://github.com/renovate)\[bot] in [#339](immich-app/immich-charts#339)
- chore(deps): update dependency kubectl to v1.36.0 by [@renovate](https://github.com/renovate)\[bot] in [#341](immich-app/immich-charts#341)
- chore(deps): update helm release common to v5 - autoclosed by [@renovate](https://github.com/renovate)\[bot] in [#348](immich-app/immich-charts#348)
- chore(deps): update dependency helm to v4.1.4 by [@renovate](https://github.com/renovate)\[bot] in [#340](immich-app/immich-charts#340)
- fix: use matchDepNames for test deps group by [@bo0tzz](https://github.com/bo0tzz) in [#347](immich-app/immich-charts#347)
- fix: update versioned common chart links by [@bo0tzz](https://github.com/bo0tzz) in [#350](immich-app/immich-charts#350)
- chore: release 0.12.0 by [@bo0tzz](https://github.com/bo0tzz) in [#349](immich-app/immich-charts#349)

**Full Changelog**: <immich-app/immich-charts@immich-0.11.1...immich-0.12.0>
sdwilsh pushed a commit to sdwilsh/ansible-playbooks that referenced this pull request May 16, 2026
@renovate @sdwilsh
chore(deps): update helm release immich to v0.12.0
2c44a90 
##### [\`0.12.0\`](https://github.com/immich-app/immich-charts/releases/tag/immich-0.12.0)

A chart to power Immich (immich.app) running on kubernetes

#### What's Changed

- chore: group testing dependencies by [@bo0tzz](https://github.com/bo0tzz) in [#330](immich-app/immich-charts#330)
- chore: switch push-o-matic auth from app-id to client-id by [@bo0tzz](https://github.com/bo0tzz) in [#345](immich-app/immich-charts#345)
- chore: use app token for mise in workflows by [@bo0tzz](https://github.com/bo0tzz) in [#346](immich-app/immich-charts#346)
- chore(deps): update dependency tilt to v0.37.3 by [@renovate](https://github.com/renovate)\[bot] in [#342](immich-app/immich-charts#342)
- chore(deps): update dependency ctlptl to v0.9.3 by [@renovate](https://github.com/renovate)\[bot] in [#344](immich-app/immich-charts#344)
- chore(deps): update docker.io/valkey/valkey:9.1-alpine docker digest to [`34f4f65`](immich-app/immich-charts@34f4f65) by [@renovate](https://github.com/renovate)\[bot] in [#343](immich-app/immich-charts#343)
- chore(deps): update github-actions by [@renovate](https://github.com/renovate)\[bot] in [#339](immich-app/immich-charts#339)
- chore(deps): update dependency kubectl to v1.36.0 by [@renovate](https://github.com/renovate)\[bot] in [#341](immich-app/immich-charts#341)
- chore(deps): update helm release common to v5 - autoclosed by [@renovate](https://github.com/renovate)\[bot] in [#348](immich-app/immich-charts#348)
- chore(deps): update dependency helm to v4.1.4 by [@renovate](https://github.com/renovate)\[bot] in [#340](immich-app/immich-charts#340)
- fix: use matchDepNames for test deps group by [@bo0tzz](https://github.com/bo0tzz) in [#347](immich-app/immich-charts#347)
- fix: update versioned common chart links by [@bo0tzz](https://github.com/bo0tzz) in [#350](immich-app/immich-charts#350)
- chore: release 0.12.0 by [@bo0tzz](https://github.com/bo0tzz) in [#349](immich-app/immich-charts#349)

**Full Changelog**: <immich-app/immich-charts@immich-0.11.1...immich-0.12.0>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bo0tzz bo0tzz bo0tzz approved these changes

Assignees

No one assigned

Labels

changelog:skip dependencies renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bo0tzz