Skip to content

🌱 Use helm.sh/helm/v3 v3.19.4#352

Merged
openshift-merge-bot[bot] merged 1 commit intoopen-cluster-management-io:mainfrom
kluster-manager:helm319
Jan 5, 2026
Merged

🌱 Use helm.sh/helm/v3 v3.19.4#352
openshift-merge-bot[bot] merged 1 commit intoopen-cluster-management-io:mainfrom
kluster-manager:helm319

Conversation

@tamalsaha
Copy link
Contributor

@tamalsaha tamalsaha commented Dec 30, 2025

Summary

Use helm 3.19 which also used k/k 1.34 client libs

Related issue(s)

Fixes #

Summary by CodeRabbit

  • Chores
    • Updated multiple dependencies to latest compatible versions, including core runtime libraries and security-related packages, improving overall stability and platform compatibility.

✏️ Tip: You can customize this high-level summary in your review settings.

Signed-off-by: Tamal Saha <tamal@appscode.com>
@openshift-ci openshift-ci bot requested review from elgnay and zhujian7 December 30, 2025 05:49
@coderabbitai
Copy link

coderabbitai bot commented Dec 30, 2025

Walkthrough

Updates multiple module dependencies in go.mod, including spf13/cobra, spf13/pflag, helm.sh/helm/v3, Kubernetes API modules, controller-runtime, and indirect dependencies like golang.org/x modules. No changes to public exported entities.

Changes

Cohort / File(s) Summary
Dependency Version Updates
go.mod
Direct dependencies: spf13/cobra v1.9.1→v1.10.1, spf13/pflag v1.0.7→v1.0.10, helm.sh/helm/v3 v3.18.6→v3.19.4, k8s.io/\* (api, apiextensions-apiserver, apimachinery, apiserver, client-go, component-base) v0.34.1→v0.34.2, sigs.k8s.io/controller-runtime v0.22.3→v0.22.4. Indirect dependencies: Masterminds/semver/v3 v3.3.0→v3.4.0, filepath-securejoin v0.4.1→v0.6.1, golang.org/x/\* (crypto, net, sync, sys, term, text) minor/patch bumps, k8s.io/kms v0.34.1→v0.34.2.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Possibly related PRs

  • addon-framework#323: Also bumps Helm (helm.sh/helm/v3) and Kubernetes-related module versions in go.mod
  • addon-framework#335: Related go.mod dependency version updates for Helm and Kubernetes modules

Suggested labels

lgtm, approved

Suggested reviewers

  • zhiweiyin318
  • elgnay

Pre-merge checks

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly identifies the main change: upgrading helm.sh/helm/v3 to v3.19.4. It uses the emoji indicator from the template (🌱) for misc/other changes and specifically references the dependency version bump.
Description check ✅ Passed The summary section provides helpful context explaining that helm 3.19 uses k/k 1.34 client libs, addressing the dependency compatibility rationale. However, the 'Related issue(s)' section is incomplete with only 'Fixes #' and no actual issue number.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b5846d7 and 097bbb7.

⛔ Files ignored due to path filters (89)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/Masterminds/semver/v3/CHANGELOG.md is excluded by !vendor/**
  • vendor/github.com/Masterminds/semver/v3/README.md is excluded by !vendor/**
  • vendor/github.com/Masterminds/semver/v3/constraints.go is excluded by !vendor/**
  • vendor/github.com/Masterminds/semver/v3/version.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/.golangci.yml is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/COPYING.md is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/LICENSE.BSD is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/LICENSE.MPL-2.0 is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/README.md is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/VERSION is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/codecov.yml is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/doc.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_go120.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_unsupported.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_go121.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_unsupported.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/internal/consts/consts.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/join.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/open_linux.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/openat_linux.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go is excluded by !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/vfs.go is excluded by !vendor/**
  • vendor/github.com/spf13/cobra/.golangci.yml is excluded by !vendor/**
  • vendor/github.com/spf13/cobra/README.md is excluded by !vendor/**
  • vendor/github.com/spf13/cobra/SECURITY.md is excluded by !vendor/**
  • vendor/github.com/spf13/cobra/command.go is excluded by !vendor/**
  • vendor/github.com/spf13/cobra/completions.go is excluded by !vendor/**
  • vendor/github.com/spf13/pflag/flag.go is excluded by !vendor/**
  • vendor/github.com/spf13/pflag/golangflag.go is excluded by !vendor/**
  • vendor/github.com/spf13/pflag/string_to_string.go is excluded by !vendor/**
  • vendor/github.com/spf13/pflag/time.go is excluded by !vendor/**
  • vendor/golang.org/x/crypto/chacha20/chacha_arm64.s is excluded by !vendor/**
  • vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go is excluded by !vendor/**
  • vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go is excluded by !vendor/**
  • vendor/golang.org/x/net/context/context.go is excluded by !vendor/**
  • vendor/golang.org/x/net/http2/frame.go is excluded by !vendor/**
  • vendor/golang.org/x/net/http2/transport.go is excluded by !vendor/**
  • vendor/golang.org/x/net/http2/writesched.go is excluded by !vendor/**
  • vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !vendor/**
  • vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !vendor/**
  • vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_arm64.s is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/windows/types_windows.go is excluded by !vendor/**
  • vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !vendor/**
  • vendor/golang.org/x/term/terminal.go is excluded by !vendor/**
  • vendor/golang.org/x/text/encoding/japanese/eucjp.go is excluded by !vendor/**
  • vendor/golang.org/x/text/encoding/japanese/iso2022jp.go is excluded by !vendor/**
  • vendor/golang.org/x/text/encoding/japanese/shiftjis.go is excluded by !vendor/**
  • vendor/golang.org/x/text/encoding/korean/euckr.go is excluded by !vendor/**
  • vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go is excluded by !vendor/**
  • vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go is excluded by !vendor/**
  • vendor/golang.org/x/text/encoding/traditionalchinese/big5.go is excluded by !vendor/**
  • vendor/golang.org/x/text/encoding/unicode/unicode.go is excluded by !vendor/**
  • vendor/helm.sh/helm/v3/internal/version/version.go is excluded by !vendor/**
  • vendor/helm.sh/helm/v3/pkg/chartutil/capabilities.go is excluded by !vendor/**
  • vendor/helm.sh/helm/v3/pkg/chartutil/create.go is excluded by !vendor/**
  • vendor/helm.sh/helm/v3/pkg/chartutil/jsonschema.go is excluded by !vendor/**
  • vendor/k8s.io/client-go/tools/leaderelection/resourcelock/leaselock.go is excluded by !vendor/**
  • vendor/k8s.io/client-go/util/cert/cert.go is excluded by !vendor/**
  • vendor/modules.txt is excluded by !vendor/**
  • vendor/sigs.k8s.io/controller-runtime/pkg/client/namespaced_client.go is excluded by !vendor/**
  • vendor/sigs.k8s.io/controller-runtime/pkg/envtest/server.go is excluded by !vendor/**
📒 Files selected for processing (1)
  • go.mod
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)
  • GitHub Check: e2e-hosted
  • GitHub Check: unit
  • GitHub Check: integration
  • GitHub Check: build
  • GitHub Check: e2e-cloudevents
  • GitHub Check: e2e
  • GitHub Check: verify
🔇 Additional comments (3)
go.mod (3)

12-27: Verify Kubernetes module consistency across the ecosystem.

The Kubernetes version has been bumped uniformly across all core modules (v0.34.1 → v0.34.2). Confirm that:

  • v0.34.2 is a stable release from the Kubernetes project (not a pre-release)
  • All transitive dependencies of the Kubernetes modules are compatible with v0.34.2
  • The addon-framework's code does not rely on APIs or behaviors that may have changed between v0.34.1 and v0.34.2

Since v0.34.x appears to be very recent (outside the knowledge cutoff), pay special attention to any deprecations or breaking changes in this version line.


12-13: Verify version compatibility and release status for primary dependency updates.

Multiple direct dependencies have been updated:

  • spf13/cobra: v1.9.1 → v1.10.1
  • spf13/pflag: v1.0.7 → v1.0.10
  • helm.sh/helm/v3: v3.18.6 → v3.19.4 (primary PR objective)
  • Kubernetes modules (k8s.io/api, k8s.io/apiextensions-apiserver, k8s.io/apimachinery, k8s.io/apiserver, k8s.io/client-go, k8s.io/component-base): v0.34.1 → v0.34.2
  • sigs.k8s.io/controller-runtime: v0.22.3 → v0.22.4

All versions exist in their respective repositories and are stable releases. Version bumps are conservative (patch and minor versions), which minimizes breaking change risk.


41-41: Updated indirect dependencies contain no known security vulnerabilities.

Verification of the updated versions confirms:

  • golang.org/x/crypto v0.46.0, golang.org/x/net v0.47.0, golang.org/x/sys v0.39.0, golang.org/x/sync v0.19.0, golang.org/x/term v0.38.0, and golang.org/x/text v0.32.0 are at safe release levels (earlier CVEs have been patched in earlier versions).
  • filepath-securejoin v0.6.1, Masterminds/semver/v3 v3.4.0, and k8s.io/kms v0.34.2 have no published security advisories.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@tamalsaha tamalsaha changed the title Use helm.sh/helm/v3 v3.19.4 🌱 Use helm.sh/helm/v3 v3.19.4 Dec 30, 2025
@qiujian16
Copy link
Member

/approve
/lgtm

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 5, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: qiujian16, tamalsaha

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Jan 5, 2026
@openshift-merge-bot openshift-merge-bot bot merged commit f54bfbc into open-cluster-management-io:main Jan 5, 2026
37 of 41 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants