From bdd30f7fbfbf431cb95327e4a338a16fa5f29e4b Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Tue, 23 Jan 2024 22:41:42 -0800 Subject: [PATCH] helm: update version 3.13.2 -> 3.14.0 to address CVE-2023-44487 (#7419) AUTO-CHERRYPICK of PR: #7359 Changelog: https://github.com/helm/helm/releases/tag/v3.14.0 Co-authored-by: Muhammad Falak R Wani --- SPECS/helm/helm.signatures.json | 4 ++-- SPECS/helm/helm.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/SPECS/helm/helm.signatures.json b/SPECS/helm/helm.signatures.json index cfd3bbb344..d1d4a148e9 100644 --- a/SPECS/helm/helm.signatures.json +++ b/SPECS/helm/helm.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "helm-3.13.2-vendor.tar.gz": "0b832480c492ca47190d8ad36953e20447b4276f3f4fa7a1d3ec4aca4db1d036", - "helm-3.13.2.tar.gz": "f67a5af5a08d9aec06c46c6eade8e742d3bb9cc6df195fd825deb48df9eb9c0b" + "helm-3.14.0-vendor.tar.gz": "1118bf4d91fb175a66d523e419e820d06e6eda4d654e6d3b78e77cab5304c98f", + "helm-3.14.0.tar.gz": "8897a9cf1733b4fc96630bbd677a3c884209afc974b630ecd28061e2a4546ea6" } } \ No newline at end of file diff --git a/SPECS/helm/helm.spec b/SPECS/helm/helm.spec index 460f62e62b..240e4627de 100644 --- a/SPECS/helm/helm.spec +++ b/SPECS/helm/helm.spec @@ -1,7 +1,7 @@ %global debug_package %{nil} Name: helm -Version: 3.13.2 +Version: 3.14.0 Release: 1%{?dist} Summary: The Kubernetes Package Manager Group: Applications/Networking @@ -55,6 +55,9 @@ install -m 755 ./helm %{buildroot}%{_bindir} go test -v ./cmd/helm %changelog +* Fri Jan 19 2024 Muhammad Falak - 3.14.0-1 +- Bump version to address CVE-2023-44487 + * Thu Nov 30 2023 Sindhu Karri - 3.13.2-1 - Upgrade to 3.13.2 to fix CVE-2023-2253, CVE-2023-28840, CVE-2022-27664, CVE-2022-41721, CVE-2022-41723, CVE-2023-39325, CVE-2022-32149, GHSA-m425-mq94-257g, CVE-2022-23471, CVE-2023-25153, CVE-2023-25173, GHSA-6xv5-86q9-7xr8, CVE-2023-28841, CVE-2023-28842, GHSA-jq35-85cj-fj4p, CVE-2023-3978, CVE-2023-44487, CVE-2023-44487, CVE-2023-25165 - Remove dependency on golang version <= 1.18.8. Builds with latest golang version 1.20.10 diff --git a/cgmanifest.json b/cgmanifest.json index 03b0e6cab5..2ecc0b02fa 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -5240,8 +5240,8 @@ "type": "other", "other": { "name": "helm", - "version": "3.13.2", - "downloadUrl": "https://github.com/helm/helm/archive/v3.13.2.tar.gz" + "version": "3.14.0", + "downloadUrl": "https://github.com/helm/helm/archive/v3.14.0.tar.gz" } } },