Skip to content

deps: bump helm.sh/helm/v3 from 3.17.4 to 3.20.2#2174

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/helm.sh/helm/v3-3.20.2
Open

deps: bump helm.sh/helm/v3 from 3.17.4 to 3.20.2#2174
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/helm.sh/helm/v3-3.20.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 10, 2026
edited
Loading

Bumps helm.sh/helm/v3 from 3.17.4 to 3.20.2.

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.20.2

v3.20.2

Helm v3.20.2 is a security patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Security fixes

  • GHSA-hr2v-4r36-88hr Helm Chart extraction output directory collapse via Chart.yaml name dot-segment

Installation and Upgrading

Download Helm v3.20.2. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 4.1.5 and 3.20.3 are the next patch (bug fix) releases and will be on April 8, 2026
  • 4.2.0 and 3.21.0 are the next minor (feature) releases and will be on May 13, 2026

Changelog

  • fix: Chart dot-name path bug 8fb76d6ab555577e98e23b7500009537a471feee (George Jenkins)
  • fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow 3a8927e275c50cecde273872dad2a5576bd46375 (Terry Howe)

Helm v3.20.1 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

... (truncated)

Commits
  • 8fb76d6 fix: Chart dot-name path bug
  • 3a8927e fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow
  • a2369ca chore(deps): bump the k8s-io group with 7 updates
  • 90e1056 add image index test
  • 911f2e9 fix pulling charts from OCI indices
  • 76dad33 Remove refactorring changes from coalesce_test.go
  • 45c12f7 Fix import
  • 26c6f19 Update pkg/chart/common/util/coalesce_test.go
  • 09f5129 Fix lint warning
  • 417deb2 Preserve nil values in chart already
  • Additional commits viewable in compare view

@dependabot dependabot bot added area/dependencies Pull requests that update a dependency file lang/go The Go Programming Language labels Apr 10, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 10, 2026 13:57
@dependabot dependabot bot added area/dependencies Pull requests that update a dependency file lang/go The Go Programming Language labels Apr 10, 2026
@dependabot dependabot bot mentioned this pull request Apr 10, 2026
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/helm.sh/helm/v3-3.20.2 branch from 06ad84e to 75be364 Compare April 10, 2026 20:47
@dependabot
deps: bump helm.sh/helm/v3 from 3.17.4 to 3.20.2
56ae147 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.17.4 to 3.20.2.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.17.4...v3.20.2)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.20.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/helm.sh/helm/v3-3.20.2 branch from 75be364 to 56ae147 Compare April 13, 2026 16:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MikeZappa87 MikeZappa87 Awaiting requested review from MikeZappa87 MikeZappa87 is a code owner automatically assigned from microsoft/retina

@carlotaarvela carlotaarvela Awaiting requested review from carlotaarvela carlotaarvela is a code owner automatically assigned from microsoft/retina

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/dependencies Pull requests that update a dependency file lang/go The Go Programming Language

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants