{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for helmfile","title":"Title of the patch"},{"category":"description","text":"This update for helmfile fixes the following issues:\n\nChanges in helmfile:\n\nUpdate to version 1.1.9:\n\n  * feat: update strategy for reinstall by @simbou2000 in #2019\n  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3\n    from 1.88.7 to 1.89.0 by @dependabot[bot] in #2239\n  * Fix: Handle empty helmBinary in base files with environment\n    values by @Copilot in #2237\n\nUpdate to version 1.1.8:\n\n  * build(deps): bump github.com/hashicorp/go-getter from 1.8.0 to\n    1.8.1 by @dependabot[bot] in #2194\n  * fix typos in both comment and error message by @d-fal in #2199\n  * cleanup disk in release ci by @yxxhero in #2203\n  * Migrate AWS SDK from v1 to v2 to resolve deprecation warnings\n    by @Copilot in #2202\n  * build(deps): bump github.com/helmfile/vals from 0.42.1 to 0.42.2\n    by @dependabot[bot] in #2200\n  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from\n    1.88.2 to 1.88.3 by @dependabot[bot] in #2206\n  * Bump Alpine to 3.22 in Dockerfile by @orishamir in #2205\n  * build(deps): bump github.com/aws/aws-sdk-go-v2/config from\n    1.31.10 to 1.31.12 by @dependabot[bot] in #2207\n  * Add yq to Dockerfile by @orishamir in #2208\n  * fix: skip chartify for build command jsonPatches by @sstarcher\n    in #2212\n  * build(deps): bump github.com/hashicorp/go-getter from 1.8.1 to\n    1.8.2 by @dependabot[bot] in #2210\n  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from\n    1.88.3 to 1.88.4 by @dependabot[bot] in #2213\n  * build(deps): bump golang.org/x/term from 0.35.0 to 0.36.0 by\n    @dependabot[bot] in #2214\n  * Avoid fetching same chart/version multiple times by @Copilot\n    in #2197\n  * build(deps): bump github.com/helmfile/vals from 0.42.2 to\n    0.42.4 by @dependabot[bot] in #2217\n  * docs: add zread badge to README by @yxxhero in #2219\n  * Bump helm-diff to v3.13.1 by @Copilot in #2223\n  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from\n    1.88.4 to 1.88.5 by @dependabot[bot] in #2226\n  * build(deps): bump github.com/aws/aws-sdk-go-v2/config from\n    1.31.12 to 1.31.13 by @dependabot[bot] in #2225\n  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from\n    1.88.5 to 1.88.6 by @dependabot[bot] in #2230\n  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from\n    1.88.6 to 1.88.7 by @dependabot[bot] in #2232\n  * build(deps): bump github.com/aws/aws-sdk-go-v2/config from\n    1.31.13 to 1.31.15 by @dependabot[bot] in #2233\n  * Fix helmBinary and kustomizeBinary being ignored when using\n    bases by @Copilot in #2228\n\nUpdate to version 1.1.7:\n\n  What's Changed\n\n  * fix pflag error by @zhaque44 in #2164\n  * build(deps): bump actions/setup-go from 5 to 6 by\n    @dependabot[bot] in #2166\n  * build(deps): bump github.com/hashicorp/go-getter from 1.7.9 to\n    1.7.10 by @dependabot[bot] in #2165\n  * build(deps): bump github.com/spf13/pflag from 1.0.9 to 1.0.10\n    by @dependabot[bot] in #2163\n  * Add helm diff installation to README by @nwneisen in #2170\n  * build(deps): bump github.com/hashicorp/go-getter from 1.7.10\n    to 1.8.0 by @dependabot[bot] in #2175\n  * build(deps): bump golang.org/x/term from 0.34.0 to 0.35.0 by\n    @dependabot[bot] in #2174\n  * build(deps): bump github.com/zclconf/go-cty from 1.16.4 to\n    1.17.0 by @dependabot[bot] in #2173\n  * Fix panic when helm isn't installed by @nwneisen in #2169\n  * build(deps): bump golang.org/x/sync from 0.16.0 to 0.17.0 by\n    @dependabot[bot] in #2172\n  * ci: update minikube and kubernetes versions by @yxxhero in #2181\n  * build(deps): bump k8s.io/apimachinery from 0.34.0 to 0.34.1 by\n    @dependabot[bot] in #2180\n  * Remove deprecated --wait-retries flag support to fix Helm\n    compatibility error by @Copilot in #2179\n  * build(deps): bump go.yaml.in/yaml/v2 from 2.4.2 to 2.4.3 by\n    @dependabot[bot] in #2183\n  * build: update Helm to v3.19.0 across all components by @yxxhero\n    in #2187\n  * build: update helm-diff plugin to v3.13.0 by @yxxhero in #2189\n  * feat: Implement caching for pulling OCI charts by @mustdiechik\n    in #2171\n  * build(deps): bump github.com/helmfile/chartify from 0.24.7 to\n    0.25.0 by @dependabot[bot] in #2190\n\n- Update to version 1.1.6:\n  What's Changed\n  * build(deps): bump github.com/hashicorp/go-getter from 1.7.8 to\n    1.7.9 by @dependabot[bot] in #2139\n  * build(deps): bump github.com/zclconf/go-cty from 1.16.3 to\n    1.16.4 by @dependabot[bot] in #2145\n  * build: update helm to v3.18.6 by @yxxhero in #2144\n  * build(deps): bump github.com/stretchr/testify from 1.10.0 to\n    1.11.0 by @dependabot[bot] in #2150\n  * Add missing --timeout flag to helmfile sync command with\n    documentation by @Copilot in #2148\n  * Fix enableDNS flag missing in diff command and refactor\n    duplicate logic by @Copilot in #2147\n  * build(deps): bump github.com/stretchr/testify from 1.11.0 to\n    1.11.1 by @dependabot[bot] in #2151\n  * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.14\n    by @dependabot[bot] in #2154\n  * Bump github.com/ulikunitz/xz from v0.5.14 to v0.5.15 by @Copilot\n    in #2159\n  * build(deps): bump github.com/helmfile/vals from 0.42.0 to\n    0.42.1 by @dependabot[bot] in #2161\n  * build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.9\n    by @dependabot[bot] in #2160\n  * build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1\n    by @dependabot[bot] in #2162\n  * Fix error propagation in helmfile diff when Kubernetes is\n    unreachable by @Copilot in #2149\n\n- Update to version 1.1.5:\n  What's Changed\n  * build(deps): bump actions/checkout from 4 to 5 by\n    @dependabot[bot] in #2128\n  * Update recommended Helm versions in init.go and run.sh by\n    @yxxhero in #2129\n  * Add comprehensive .github/copilot-instructions.md for coding\n    agents by @Copilot in #2131\n  * refactor(state): extract getMissingFileHandler method for\n    clarity by @yxxhero in #2133\n  * Fix parseHelmVersion to handle helm versions without 'v'\n    prefix by @Copilot in #2132\n  * build(deps): bump k8s.io/apimachinery from 0.33.3 to 0.33.4\n    by @dependabot[bot] in #2136\n  * build(deps): bump github.com/helmfile/chartify from 0.24.6 to\n    0.24.7 by @dependabot[bot] in #2135\n\n- Update to version 1.1.4:\n  What's Changed\n  * build(deps): bump github.com/helmfile/vals from 0.41.2 to\n    0.41.3 by @dependabot[bot] in #2100\n  * build(deps): bump k8s.io/apimachinery from 0.33.2 to 0.33.3\n    by @dependabot[bot] in #2101\n  * fix: update Helm version to v3.17.4 in CI and init.go by\n    @yxxhero in #2102\n  * build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7\n    by @dependabot[bot] in #2104\n  * feat(state): add missingFileHandlerConfig and related logic\n    by @yxxhero in #2105\n  * refactor(filesystem): add CopyDir method and optimize Fetch\n    function by @yxxhero in #2111\n  * Allow caching of remote files to be disabled by @jess-sol in\n    #2112\n  * refactor(yaml): switch yaml library import paths from gopkg.in\n    to go.yaml.in by @yxxhero in #2114\n  * build(deps): bump actions/download-artifact from 4 to 5 by\n    @dependabot[bot] in #2121\n  * build(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 by\n    @dependabot[bot] in #2123\n\n- Update to version 1.1.3:\n  What's Changed\n  * build: update Helm to v3.18.3 and related dependencies by\n    @yxxhero in #2082\n  * Expose release version as .Release.ChartVersion for templating\n    by @Simske in #2080\n  * build(deps): bump github.com/helmfile/chartify from 0.24.3 to\n    0.24.4 by @dependabot[bot] in #2083\n  * build(deps): bump k8s.io/apimachinery from 0.33.1 to 0.33.2\n    by @dependabot[bot] in #2086\n  * build(deps): bump github.com/helmfile/chartify from 0.24.4 to\n    0.24.5 by @dependabot[bot] in #2087\n  * build(deps): bump github.com/Masterminds/semver/v3 from 3.3.1\n    to 3.4.0 by @dependabot[bot] in #2089\n  * build(deps): bump github.com/hashicorp/hcl/v2 from 2.23.0 to\n    2.24.0 by @dependabot[bot] in #2092\n  * build: update Helm and plugin versions to v3.18.4 and v3.12.3\n    by @yxxhero in #2093\n  * docs: update status section with May 2025 release information\n    by @yxxhero in #2096\n  * build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 by\n    @dependabot[bot] in #2099\n  * build(deps): bump golang.org/x/term from 0.32.0 to 0.33.0 by\n    @dependabot[bot] in #2098\n\n- Update to version 1.1.2:\n  What's Changed\n  * build(deps): bump github.com/helmfile/chartify from 0.24.2 to\n    0.24.3 by @dependabot in #2065\n  * build: update Helm to v3.18.2 and adjust related configurations\n    by @yxxhero in #2064\n  * build(deps): bump github.com/helmfile/vals from 0.41.1 to\n    0.41.2 by @dependabot in #2067\n  * build(deps): bump golang.org/x/sync from 0.14.0 to 0.15.0\n    by @dependabot in #2068\n  * fix-insecure-flag by @anontrex in #2072\n  * build(deps): bump github.com/cloudflare/circl from 1.4.0 to\n    1.6.1 by @dependabot in #2074\n  * fix: update helm-diff to version 3.12.2 in CI and Dockerfiles\n    by @yxxhero in #2073\n  * fix: TestToYaml not working with 32-bit architectures by\n    @ProbstDJakob in #2075\n\n- Update to version 1.1.1:\n  What's Changed\n  * Update README.md by @mumoshu in #2046\n  * build(deps): bump github.com/helmfile/vals from 0.41.0 to\n    0.41.1 by @dependabot in #2048\n  * build(helm) update to v3.18.0 by @yxxhero in #2044\n  * build(deps): bump github.com/helmfile/chartify from 0.23.0 to\n    0.24.1 by @dependabot in #2049\n  * build: update Helm and plugin versions in CI and Dockerfiles\n    by @yxxhero in #2059\n\n- Update to version 1.1.0:\n  What's Changed\n  * chore: fix typo in create_test.go by @sadikkuzu in #2025\n  * build(deps): bump golangci/golangci-lint-action from 7 to 8 by\n    @dependabot in #2029\n  * build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 by\n    @dependabot in #2028\n  * build(deps): bump github.com/helmfile/chartify from 0.22.0 to\n    0.23.0 by @dependabot in #2027\n  * chore: remove test data files by @yxxhero in #2026\n  * build(deps): bump golang.org/x/term from 0.31.0 to 0.32.0 by\n    @dependabot in #2033\n  * build(deps): bump github.com/helmfile/vals from 0.40.1 to\n    0.41.0 by @dependabot in #2032\n  * build(deps): bump dario.cat/mergo from 1.0.1 to 1.0.2 by\n    @dependabot in #2035\n  * feat(tmpl): enhance ToYaml test with multiple scenarios by\n    @yxxhero in #2031\n  * [sops, age] update to have SSH key support with sops by\n    @itscaro in #2036\n  * feat(yaml): add JSON style encoding option to NewEncoder by\n    @yxxhero in #2038\n  * refactor(yaml): upgrade from gopkg.in/yaml.v2 to v3 by @yxxhero\n    in #2039\n  * Update readme & documentation with 2025 status of helmfile\n    project by @zhaque44 in #2040\n  * build(deps): bump k8s.io/apimachinery from 0.33.0 to 0.33.1 by\n    @dependabot in #2041\n  * build(deps): bump github.com/zclconf/go-cty from 1.16.2 to\n    1.16.3 by @dependabot in #2043\n\n- Update to version 1.0.0:\n  PLEASE READ\n  https://github.com/helmfile/helmfile/blob/main/docs/proposals/towards-1.0.md\n\n  What's Changed:\n  * build(deps): bump github.com/helmfile/vals from 0.39.0 to 0.39.1\n    by @dependabot in #1926\n  * Bump kubectl to current version (1.32.1) by @DerDaku in #1924\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.21 to 1.15.22\n    by @dependabot in #1925\n  * build: update Helm to v3.17.1 and related dependencies by\n    @yxxhero in #1928\n  * build(deps): bump k8s.io/apimachinery from 0.32.1 to 0.32.2 by\n    @dependabot in #1931\n  * feat: inject cli state values (--state-values-set) into environment\n    templating context by @Vince-Chenal in #1917\n  * docs: add skipSchemaValidation to index.md and update related\n    structs by @yxxhero in #1935\n  * refactor(state): optimize HelmState flags handling by @yxxhero\n    in #1937\n  * Update vals package to v0.39.2 by @aditmeno in #1938\n  * build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by\n    @dependabot in #1940\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.22 to 1.15.23\n    by @dependabot in #1941\n  * build(deps): bump github.com/helmfile/chartify from 0.20.8 to\n    0.20.9 by @dependabot in #1942\n  * feat: colorized DELETED by @yurrriq in #1944\n  * feat(docs): add proposal to remove charts and delete subcommands\n    by @yxxhero in #1936\n  * build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0\n    by @dependabot in #1945\n  * build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to\n    4.0.5 by @dependabot in #1946\n  * build: update golang version to 1.24 and golangci-lint to\n    v1.64.5 by @yxxhero in #1949\n  * build(deps): bump github.com/helmfile/vals from 0.39.2 to 0.39.3\n    by @dependabot in #1951\n  * build(deps): bump github.com/helmfile/chartify from 0.20.9 to\n    0.21.0 by @dependabot in #1950\n  * build(deps): bump golang.org/x/sync from 0.11.0 to 0.12.0 by\n    @dependabot in #1955\n  * build(deps): bump jinja2 from 3.1.5 to 3.1.6 in /docs by\n    @dependabot in #1956\n  * Don't warn if this and the needed release set installed: false\n    by @jayme-github in #1958\n  * build(deps): bump golang.org/x/term from 0.29.0 to 0.30.0 by\n    @dependabot in #1959\n  * Remove all v0.x references by @yxxhero in #1919\n  * build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.3\n    by @dependabot in #1960\n  * build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 by\n    @dependabot in #1961\n  * build(deps): bump github.com/helmfile/vals from 0.39.3 to 0.39.4\n    by @dependabot in #1962\n  * build: update Helm to v3.17.2 and related dependencies by\n    @yxxhero in #1965\n  * build: update yaml.v3 dependency and remove colega/go-yaml-yaml\n    by @yxxhero in #1929\n  * build(deps): bump github.com/containerd/containerd from 1.7.24\n    to 1.7.27 by @dependabot in #1966\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.23 to\n    1.16.0 by @dependabot in #1967\n  * build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to\n    5.2.2 by @dependabot in #1969\n  * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to\n    4.5.2 by @dependabot in #1970\n  * build(deps): bump golangci/golangci-lint-action from 6 to 7\n    by @dependabot in #1975\n  * build(deps): bump github.com/helmfile/vals from 0.39.4 to\n    0.40.0 by @dependabot in #1978\n  * build(deps): bump github.com/helmfile/chartify from 0.21.0 to\n    0.21.1 by @dependabot in #1979\n  * docs(fix): correct typo in 'tier=fronted' to 'tier=frontend'\n    by @yxxhero in #1980\n  * feat: add labels for helm release by @yxxhero in #1046\n  * build(deps): bump github.com/helmfile/vals from 0.40.0 to\n    0.40.1 by @dependabot in #1981\n  * build(deps): bump github.com/goccy/go-yaml from 1.16.0 to 1.17.1\n    by @dependabot in #1982\n  * fix: Check needs with context and namespace by @aarnq in #1986\n  * build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 by\n    @dependabot in #1991\n  * build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0 by\n    @dependabot in #1990\n  * fix(state): enhance error message for missing .gotmpl extension\n    in helmfile v1 by @yxxhero in #1989\n  * build(deps): bump github.com/helmfile/chartify from 0.21.1 to\n    0.22.0 by @dependabot in #1996\n  * build: update Helm plugin versions in CI and Dockerfiles by\n    @yxxhero in #1995\n  * build: update Helm to v3.17.3 and update related Dockerfiles\n    by @yxxhero in #1993\n  * build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by\n    @dependabot in #2010\n  * feat: add helmfile archive configuration in goreleaser by\n    @yxxhero in #2000\n  * docs: add more complex examples section in README by @yxxhero\n    in #2013\n  * Feat: setting reuseValues flag in release by @blaskoa in #2004\n  * build(deps): bump k8s.io/apimachinery from 0.32.3 to 0.32.4 by\n    @dependabot in #2016\n  * build(deps): bump github.com/aws/aws-sdk-go from 1.55.6 to\n    1.55.7 by @dependabot in #2015\n  * chore: support parsing any type with fromYaml by @ProbstDJakob\n    in #2017\n  * build(deps): bump k8s.io/apimachinery from 0.32.4 to 0.33.0 by\n    @dependabot in #2018\n  * feat: add --take-ownership flag to helm diff and related config\n    by @yxxhero in #1992\n\n- Update to version 0.171.0:\n  * feat: execute templates against postRendererHooks by @allanger\n    in #1839\n  * build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6\n    by @dependabot in #1897\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.15 to\n    1.15.16 by @dependabot in #1901\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.16 to\n    1.15.17 by @dependabot in #1905\n  * Use a regex to match --state-values-set-string arguments\n    by @gllb in #1902\n  * build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0\n    by @dependabot in #1911\n  * Chartify v0.20.8 update by @scodeman in #1908\n  * cleanup: remove all about v0.x by @yxxhero in #1903\n  * build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0\n    by @dependabot in #1913\n  * chore: update babel to resolve CVEs by @zhaque44 in #1916\n  * remove deprecated charts.yaml by @yxxhero in #1437\n  * Revert \"cleanup: remove all about v0.x\" by @yxxhero in #1918\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.17 to\n    1.15.19 by @dependabot in #1920\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.19 to\n    1.15.20 by @dependabot in #1921\n  * feat: Add support for --wait-retries flag. by @connyay in #1922\n  * build: update go-yaml to v1.15.21 by @yxxhero in #1923\n\n- Update to version 0.170.1:\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.14 to\n    1.15.15 by @dependabot in #1882\n  * build(deps): bump github.com/hashicorp/go-slug from 0.15.0 to\n    0.16.3 by @dependabot in #1886 (CVE-2025-0377)\n  * Ensure 'helm repo add' is also not pollute on helmfile template\n    by @baurmatt in #1887\n  * build(deps): bump github.com/zclconf/go-cty from 1.16.1 to\n    1.16.2 by @dependabot in #1888\n  * fix: using correct option for takeOwnership flag by @blaskoa\n    in #1892\n  * fix typo in docs by @adamab48 in #1889\n\n- Update to version 0.170.0:\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.6 to 1.15.7\n    by @dependabot in #1818\n  * build(deps): bump golang.org/x/term from 0.26.0 to 0.27.0 by\n    @dependabot in #1817\n  * chore(doc): fix the indent of the selector usage sample yaml by\n    @Ladicle in #1819\n  * feat(state): add support for setString in ReleaseSpec and\n    HelmState by @yxxhero in #1821\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.7 to 1.15.8\n    by @dependabot in #1822\n  * test(state): add TestHelmState_setStringFlags for setStringFlags\n    method by @yxxhero in #1823\n  * build(deps): bump k8s.io/apimachinery from 0.31.3 to 0.31.4 by\n    @dependabot in #1826\n  * build(deps): bump golang.org/x/crypto from 0.29.0 to 0.31.0 by\n    @dependabot in #1828\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.8 to\n    1.15.9 by @dependabot in #1831\n  * build(deps): bump k8s.io/apimachinery from 0.31.4 to 0.32.0 by\n    @dependabot in #1830\n  * feat: updating sops version to 3.9.2 by @zhaque44 in #1834\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.9 to\n    1.15.10 by @dependabot in #1835\n  * build(deps): bump helm.sh/helm/v3 from 3.16.3 to 3.16.4 by\n    @dependabot in #1836\n  * build: update Helm version to v3.16.4 in CI and Dockerfiles by\n    @yxxhero in #1837\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.10 to\n    1.15.11 by @dependabot in #1838\n  * build(deps): bump filippo.io/age from 1.2.0 to 1.2.1 by\n    @dependabot in #1840\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.11 to\n    1.15.12 by @dependabot in #1843\n  * build: update helm-diff to v3.9.13 in Dockerfiles and init.go\n    by @yxxhero in #1841\n  * build(deps): bump github.com/helmfile/chartify from 0.20.4 to\n    0.20.5 by @dependabot in #1845\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.12 to\n    1.15.13 by @dependabot in #1844\n  * build(deps): bump jinja2 from 3.1.4 to 3.1.5 in /docs by\n    @dependabot in #1846\n  * CVE-2024-45338: updating golang.org/x/net: to version: v0.33.0\n    by @zhaque44 in #1849\n  * build(deps): bump github.com/zclconf/go-cty from 1.15.1 to\n    1.16.0 by @dependabot in #1851\n  * build(deps): bump golang.org/x/term from 0.27.0 to 0.28.0\n    by @dependabot in #1852\n  * update sops versions to 3.9.3 by @zhaque44 in #1861\n  * build(deps): bump github.com/hashicorp/go-getter from 1.7.6\n    to 1.7.7 by @dependabot in #1862\n  * feat: add --take-ownership flag to apply and sync commands by\n    @yxxhero in #1863\n  * fix: ensure plain http is supported across all helmfile\n    commands by @purpleclay in #1858\n  * fix: ensure development versions of charts can be used across\n    helmfile commands by @purpleclay in #1865\n  * build(deps): bump github.com/helmfile/chartify from 0.20.5 to\n    0.20.6 by @dependabot in #1866\n  * update kubectl version (1.30) to stay up to date with new\n    releases by @zhaque44 in #1867\n  * build(deps): bump github.com/zclconf/go-cty from 1.16.0 to\n    1.16.1 by @dependabot in #1870\n  * build(deps): bump github.com/hashicorp/go-getter from 1.7.7 to\n    1.7.8 by @dependabot in #1869\n  * feat: Add \"--no-hooks\" to helmfile template by @jwlai in #1813\n  * update helm and k8s versions in ci, dockerfiles, and go.mod by\n    @yxxhero in #1872\n  * build(deps): bump github.com/helmfile/vals from 0.38.0 to 0.39.0\n    by @dependabot in #1876\n  * build(deps): bump k8s.io/apimachinery from 0.32.0 to 0.32.1 by\n    @dependabot in #1873\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.13 to\n    1.15.14 by @dependabot in #1874\n  * build: update helm-diff to v3.9.14 in Dockerfiles and init.go\n    by @yxxhero in #1877\n\n- Update to version 0.169.2:\n  * build(deps): bump github.com/helmfile/vals from 0.37.6 to 0.37.7\n    by @dependabot in #1747\n  * build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2 by\n    @dependabot in #1754\n  * Reset extra args before running 'dependency build' by @baurmatt\n    in #1751\n  * Introducing Helmfile Guru on Gurubase.io by @kursataktas in #1748\n  * feat: add skip json schema validation during the install /upgrade\n    of a Chart by @zhaque44 in #1737\n  * fix(maputil): prevent nil value overwrite by @ban11111 in #1755\n  * build(deps): bump github.com/goccy/go-yaml from 1.12.0 to\n    1.13.0 by @dependabot in #1759\n  * fix: this url doesn't work anymore by @zekena2 in #1760\n  * build(deps): bump github.com/goccy/go-yaml from 1.13.0 to\n    1.13.1 by @dependabot in #1762\n  * build(deps): bump github.com/goccy/go-yaml from 1.13.1 to\n    1.13.2 by @dependabot in #1763\n  * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to\n    4.5.1 by @dependabot in #1767\n  * build(deps): bump github.com/helmfile/vals from 0.37.7 to\n    0.37.8 by @dependabot in #1764\n  * build(deps): bump github.com/goccy/go-yaml from 1.13.2 to\n    1.13.4 by @dependabot in #1765\n  * fix(integration-tests): read correct minikube status (#1768)\n    by @ceriath in #1769\n  * build(deps): bump github.com/goccy/go-yaml from 1.13.4 to\n    1.13.5 by @dependabot in #1770\n  * Add integration tests for #1749 by @baurmatt in #1766\n  * fix: update acme chart URL in input.yaml by @yxxhero in #1773\n  * build(deps): bump github.com/goccy/go-yaml from 1.13.5 to\n    1.13.6 by @dependabot in #1771\n  * build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 by\n    @dependabot in #1775\n  * build(deps): bump golang.org/x/term from 0.25.0 to 0.26.0\n    by @dependabot in #1774\n  * Revive dead badge links by @eggplants in #1776\n  * feat: refactor label creation in state.go by @yxxhero in #1758\n  * docs: Add Gurubase badge to README-zh_CN by @yxxhero in #1777\n  * build(deps): bump github.com/goccy/go-yaml from 1.13.6 to\n    1.13.9 by @dependabot in #1781\n  * build(deps): bump github.com/goccy/go-yaml from 1.13.9 to\n    1.14.0 by @dependabot in #1782\n  * build(deps): bump github.com/goccy/go-yaml from 1.14.0 to\n    1.14.3 by @dependabot in #1788\n  * build(deps): bump helm.sh/helm/v3 from 3.16.2 to 3.16.3 by\n    @dependabot in #1786\n  * fix: update helm-diff to version 3.9.12 in CI and Dockerfiles\n    by @yxxhero in #1792\n  * build: update Helm version to v3.16.3 in CI and Dockerfiles\n    by @yxxhero in #1791\n  * feat: add HELMFILE_INTERACTIVE env var to enable interactive\n    mode by @thevops in #1787\n  * build(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to\n    2.23.0 by @dependabot in #1793\n  * build(deps): bump github.com/Masterminds/semver/v3 from 3.3.0\n    to 3.3.1 by @dependabot in #1795\n  * chore: update with testify/assert assertion and table driven\n    tests for fs.go by @zhaque44 in #1794\n  * build(deps): bump k8s.io/apimachinery from 0.31.2 to 0.31.3\n    by @dependabot in #1798\n  * build(deps): bump github.com/stretchr/testify from 1.9.0 to\n    1.10.0 by @dependabot in #1800\n  * build(deps): bump github.com/goccy/go-yaml from 1.14.3 to\n    1.15.0 by @dependabot in #1804\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.0 to\n    1.15.1 by @dependabot in #1807\n  * build(deps): bump github.com/zclconf/go-cty from 1.15.0 to\n    1.15.1 by @dependabot in #1806\n  * update example chart URL in remote-secrets doc by @daveneeley\n    in #1809\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.1 to\n    1.15.3 by @dependabot in #1811\n  * build(deps): bump github.com/goccy/go-yaml from 1.15.3 to\n    1.15.6 by @dependabot in #1812\n  * fix: inject global values in Chartify by @xabufr in #1805\n  * build(deps): bump github.com/helmfile/vals from 0.37.8 to\n    0.38.0 by @dependabot in #1814\n  * build(deps): bump github.com/helmfile/chartify from 0.20.3 to\n    0.20.4 by @dependabot in #1815\n  * build(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0 by\n    @dependabot in #1816\n\n- Update to version 0.169.1:\n  * feat: update sops version to 3.9.1 by @zhaque44 in #1742\n  * chore: improve test assertions and descriptions for file\n    download test by @zhaque44 in #1745\n  * feat: add 'hide-notes' flag to helm in sync and apply commands\n    by @yxxhero in #1746\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-Leap-16.0-packagehub-30","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025-20097-1.json"},{"category":"self","summary":"SUSE CVE CVE-2024-45338 page","url":"https://www.suse.com/security/cve/CVE-2024-45338/"},{"category":"self","summary":"SUSE CVE CVE-2025-0377 page","url":"https://www.suse.com/security/cve/CVE-2025-0377/"}],"title":"Security update for helmfile","tracking":{"current_release_date":"2025-11-26T14:11:10Z","generator":{"date":"2025-11-26T14:11:10Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2025-20097-1","initial_release_date":"2025-11-26T14:11:10Z","revision_history":[{"date":"2025-11-26T14:11:10Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"helmfile-0.169.0-bp160.1.13.aarch64","product":{"name":"helmfile-0.169.0-bp160.1.13.aarch64","product_id":"helmfile-0.169.0-bp160.1.13.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"helmfile-bash-completion-0.169.0-bp160.1.13.noarch","product":{"name":"helmfile-bash-completion-0.169.0-bp160.1.13.noarch","product_id":"helmfile-bash-completion-0.169.0-bp160.1.13.noarch"}},{"category":"product_version","name":"helmfile-fish-completion-0.169.0-bp160.1.13.noarch","product":{"name":"helmfile-fish-completion-0.169.0-bp160.1.13.noarch","product_id":"helmfile-fish-completion-0.169.0-bp160.1.13.noarch"}},{"category":"product_version","name":"helmfile-zsh-completion-0.169.0-bp160.1.13.noarch","product":{"name":"helmfile-zsh-completion-0.169.0-bp160.1.13.noarch","product_id":"helmfile-zsh-completion-0.169.0-bp160.1.13.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"helmfile-0.169.0-bp160.1.13.ppc64le","product":{"name":"helmfile-0.169.0-bp160.1.13.ppc64le","product_id":"helmfile-0.169.0-bp160.1.13.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"helmfile-0.169.0-bp160.1.13.s390x","product":{"name":"helmfile-0.169.0-bp160.1.13.s390x","product_id":"helmfile-0.169.0-bp160.1.13.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"helmfile-0.169.0-bp160.1.13.x86_64","product":{"name":"helmfile-0.169.0-bp160.1.13.x86_64","product_id":"helmfile-0.169.0-bp160.1.13.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 16.0","product":{"name":"openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0"}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"helmfile-0.169.0-bp160.1.13.aarch64 as component of openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.aarch64"},"product_reference":"helmfile-0.169.0-bp160.1.13.aarch64","relates_to_product_reference":"openSUSE Leap 16.0"},{"category":"default_component_of","full_product_name":{"name":"helmfile-0.169.0-bp160.1.13.ppc64le as component of openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.ppc64le"},"product_reference":"helmfile-0.169.0-bp160.1.13.ppc64le","relates_to_product_reference":"openSUSE Leap 16.0"},{"category":"default_component_of","full_product_name":{"name":"helmfile-0.169.0-bp160.1.13.s390x as component of openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.s390x"},"product_reference":"helmfile-0.169.0-bp160.1.13.s390x","relates_to_product_reference":"openSUSE Leap 16.0"},{"category":"default_component_of","full_product_name":{"name":"helmfile-0.169.0-bp160.1.13.x86_64 as component of openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.x86_64"},"product_reference":"helmfile-0.169.0-bp160.1.13.x86_64","relates_to_product_reference":"openSUSE Leap 16.0"},{"category":"default_component_of","full_product_name":{"name":"helmfile-bash-completion-0.169.0-bp160.1.13.noarch as component of openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0:helmfile-bash-completion-0.169.0-bp160.1.13.noarch"},"product_reference":"helmfile-bash-completion-0.169.0-bp160.1.13.noarch","relates_to_product_reference":"openSUSE Leap 16.0"},{"category":"default_component_of","full_product_name":{"name":"helmfile-fish-completion-0.169.0-bp160.1.13.noarch as component of openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0:helmfile-fish-completion-0.169.0-bp160.1.13.noarch"},"product_reference":"helmfile-fish-completion-0.169.0-bp160.1.13.noarch","relates_to_product_reference":"openSUSE Leap 16.0"},{"category":"default_component_of","full_product_name":{"name":"helmfile-zsh-completion-0.169.0-bp160.1.13.noarch as component of openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0:helmfile-zsh-completion-0.169.0-bp160.1.13.noarch"},"product_reference":"helmfile-zsh-completion-0.169.0-bp160.1.13.noarch","relates_to_product_reference":"openSUSE Leap 16.0"}]},"vulnerabilities":[{"cve":"CVE-2024-45338","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-45338"}],"notes":[{"category":"general","text":"An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.aarch64","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.ppc64le","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.s390x","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.x86_64","openSUSE Leap 16.0:helmfile-bash-completion-0.169.0-bp160.1.13.noarch","openSUSE Leap 16.0:helmfile-fish-completion-0.169.0-bp160.1.13.noarch","openSUSE Leap 16.0:helmfile-zsh-completion-0.169.0-bp160.1.13.noarch"]},"references":[{"category":"external","summary":"CVE-2024-45338","url":"https://www.suse.com/security/cve/CVE-2024-45338"},{"category":"external","summary":"SUSE Bug 1234794 for CVE-2024-45338","url":"https://bugzilla.suse.com/1234794"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.aarch64","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.ppc64le","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.s390x","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.x86_64","openSUSE Leap 16.0:helmfile-bash-completion-0.169.0-bp160.1.13.noarch","openSUSE Leap 16.0:helmfile-fish-completion-0.169.0-bp160.1.13.noarch","openSUSE Leap 16.0:helmfile-zsh-completion-0.169.0-bp160.1.13.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.9,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.aarch64","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.ppc64le","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.s390x","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.x86_64","openSUSE Leap 16.0:helmfile-bash-completion-0.169.0-bp160.1.13.noarch","openSUSE Leap 16.0:helmfile-fish-completion-0.169.0-bp160.1.13.noarch","openSUSE Leap 16.0:helmfile-zsh-completion-0.169.0-bp160.1.13.noarch"]}],"threats":[{"category":"impact","date":"2025-11-26T14:11:10Z","details":"moderate"}],"title":"CVE-2024-45338"},{"cve":"CVE-2025-0377","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-0377"}],"notes":[{"category":"general","text":"HashiCorp's go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.aarch64","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.ppc64le","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.s390x","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.x86_64","openSUSE Leap 16.0:helmfile-bash-completion-0.169.0-bp160.1.13.noarch","openSUSE Leap 16.0:helmfile-fish-completion-0.169.0-bp160.1.13.noarch","openSUSE Leap 16.0:helmfile-zsh-completion-0.169.0-bp160.1.13.noarch"]},"references":[{"category":"external","summary":"CVE-2025-0377","url":"https://www.suse.com/security/cve/CVE-2025-0377"},{"category":"external","summary":"SUSE Bug 1236209 for CVE-2025-0377","url":"https://bugzilla.suse.com/1236209"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.aarch64","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.ppc64le","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.s390x","openSUSE Leap 16.0:helmfile-0.169.0-bp160.1.13.x86_64","openSUSE Leap 16.0:helmfile-bash-completion-0.169.0-bp160.1.13.noarch","openSUSE Leap 16.0:helmfile-fish-completion-0.169.0-bp160.1.13.noarch","openSUSE Leap 16.0:helmfile-zsh-completion-0.169.0-bp160.1.13.noarch"]}],"threats":[{"category":"impact","date":"2025-11-26T14:11:10Z","details":"important"}],"title":"CVE-2025-0377"}]}