Update helm.sh/helm/v3 to v3.19.0 (!1277) · Merge requests · GitLab.org / Cloud Native / GitLab Operator

This MR contains the following updates:

Package	Type	Update	Change
helm.sh/helm/v3	require	minor	`v3.18.6` -> `v3.19.0`

MR created with the help of gitlab-org/frontend/renovate-gitlab-bot

Release Notes

helm/helm (helm.sh/helm/v3)

`v3.19.0`: Helm v3.19.0

Compare Source

Helm v3.19.0 is a feature release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

Join the discussion in Kubernetes Slack:
- for questions and just to hang out
- for discussing MRs, code, and bugs
Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

Fixed a helm pull regression from 3.18 - error pulling OCI charts with --password #31230
Fixed a helm lint regression from Helm 3.18 - rejected JSON Schema $ref URLs that worked in 3.17.x #31166
Fixed go mod tidy #31154
Fixed k8s version parsing not matching original #31091
Fixed charts failing when using a redirect registry #31087
Fixed missing debug logging for OCI transport
Fixed broken legacy docker support for login #30941
Fixed bugs from the move to ORAS v2
Fixed processing all hook deletions on failure #30673
Feature for helm create added httproute from gateway-api to create chart template #30658

Installation and Upgrading

Download Helm v3.19.0. The common platform binaries are here:

MacOS amd64 (checksum / 09a108c0abda42e45af172be65c49125354bf7cd178dbe10435e94540e49c7b9)
MacOS arm64 (checksum / 31513e1193da4eb4ae042eb5f98ef9aca7890cfa136f4707c8d4f70e2115bef6)
Linux amd64 (checksum / a7f81ce08007091b86d8bd696eb4d86b8d0f2e1b9f6c714be62f82f96a594496)
Linux arm (checksum / 8708367b8e8bed9bdf8429bb57536e4223cdca96245dffc205cb0cb670b151f4)
Linux arm64 (checksum / 440cf7add0aee27ebc93fada965523c1dc2e0ab340d4348da2215737fc0d76ad)
Linux i386 (checksum / ca0329cd1b09267e7c63c563e32462265949c31512b537dd6615d0b5190040fc)
Linux ppc64le (checksum / f57ea04d7fa62cc3e90a831eb67edb1400c810df6083875bee3a7c195a795ce4)
Linux s390x (checksum / 0dff2f249f71690e3b420ebb5efc573eb26a51b4a614c4391c8c7fa3e47863f2)
Linux riscv64 (checksum / 978af545a3d72a253ce1d4c03c9febb509a239a48b2581107e548883ab61a227)
Windows amd64 (checksum / 6488630c2e5d5945ed990fa02fd9e99f9c6792cdbcd79eb264b6cfb90179d2d1)
Windows arm64 (checksum / 488f7530a1776da1b46b14e988bf305c9d7419c78e7e73aeb92f198a41c9ef6b)

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

3.19.1 will contain only bug fixes.
3.20.0 is the next feature release.

Changelog

bump version to v3.19.0 3d8990f (Scott Rigby)
fix: use username and password if provided 9a54bf1 (Evans Mungai)
chore(deps): bump the k8s-io group with 7 updates 5af0f68 (dependabot[bot])
chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 e485606 (dependabot[bot])
chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 6355c3d (dependabot[bot])
chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 ec61f66 (dependabot[bot])
fix(helm-lint): fmt b278020 (Isaiah Lewis)
fix(helm-lint): Add TLSClientConfig d33ac5e (Isaiah Lewis)
fix(helm-lint): Add HTTP/HTTPS URL support for json schema references 8543709 (Isaiah Lewis)
chore(deps): bump the k8s-io group with 7 updates 89a3f90 (dependabot[bot])
fix: go mod tidy for v3 da4c583 (Terry Howe)
chore(deps): bump golang.org/x/crypto from 0.40.0 to 0.41.0 e40b1b3 (dependabot[bot])
chore(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 a27e9db (dependabot[bot])
fix Chart.yaml handling f13afaa (Matt Farina)
Handle messy index files 039b0b1 (Matt Farina)
chore(deps): bump github.com/containerd/containerd from 1.7.27 to 1.7.28 bec98a9 (dependabot[bot])
json schema fix 6d9509a (Robert Sirchia)
fix: k8s version parsing to match original 807225e (Borys Hulii)
chore(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 cbbd569 (dependabot[bot])
Do not explicitly set SNI in HTTPGetter 5e8ff72 (Terry Howe)
chore(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 5b5fb5b (dependabot[bot])
chore(deps): bump the k8s-io group with 7 updates d12538a (dependabot[bot])
chore(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 303f803 (dependabot[bot])
chore(deps): bump golang.org/x/term from 0.32.0 to 0.33.0 abcc2ed (dependabot[bot])
chore(deps): bump golang.org/x/text from 0.26.0 to 0.27.0 521c67b (dependabot[bot])
Disabling linter due to unknown issue 227c9cb (Matt Farina)
Updating link handling 4389fa6 (Matt Farina)
Bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 372e403 (dependabot[bot])
build(deps): bump the k8s-io group with 7 updates 4fa5a64 (dependabot[bot])
build(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 6284ed8 (dependabot[bot])
fix: user username password for login 2c55a4e (Terry Howe)
Update pkg/registry/transport.go a16e986 (Terry Howe)
Update pkg/registry/transport.go cea26d8 (Terry Howe)
fix: add debug logging to oci transport b52bb41 (Terry Howe)
build(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0 45075cf (dependabot[bot])
build(deps): bump golang.org/x/text from 0.25.0 to 0.26.0 73a7826 (dependabot[bot])
fix: legacy docker support broken for login 733f94c (Terry Howe)
fix: plugin installer test with no Internet fc36041 (Terry Howe)
Handle an empty registry config file. cfe8cef (Matt Farina)
Prevent fetching newReference again as we have in calling method c33215d (Benoit Tigeot)
Prevent failure when resolving version tags in oras memory store f552b67 (Benoit Tigeot)
fix(client): skipnode utilization for PreCopy a18a52e (Brandt Keller)
test: Skip instead of returning early. looks more intentional fedf502 (Jesse Simpson)
test: tests repo stripping functionality fe512ba (Jesse Simpson)
test: include tests for Login based on different protocol prefixes 099a9e1 (Jesse Simpson)
fix(client): layers now returns manifest - remove duplicate from descriptors b07ab77 (Brandt Keller)
fix(client): return nil on non-allowed media types c225c12 (Brandt Keller)
Fix 3.18.0 regression: registry login with scheme c0f3ace (Scott Rigby)
Update pkg/plugin/plugin.go dce60ad (Benoit Tigeot)
Update pkg/plugin/plugin.go cda0865 (Benoit Tigeot)
Wait for Helm v4 before raising when platformCommand and Command are set 5d9d9a0 (Benoit Tigeot)
Revert "fix (helm) : toToml` renders int as float [ backport to v3 ]" c5249c1 (Matt Farina)
build(deps): bump the k8s-io group with 7 updates 5b0520d (dependabot[bot])
chore: update generalization warning message afefca8 (Feng Cao)
build(deps): bump oras.land/oras-go/v2 from 2.5.0 to 2.6.0 8d6d27c (dependabot[bot])
build(deps): bump the k8s-io group with 7 updates 502c0d5 (dependabot[bot])
build(deps): bump golang.org/x/crypto from 0.37.0 to 0.38.0 92be9ac (dependabot[bot])
fix: move warning to top of block eb5b6d5 (Feng Cao)
fix: govulncheck workflow 6b15f26 (Matthieu MOREL)
fix: replace fmt warning with slog 6b5c944 (Feng Cao)
fix: add warning when ignore repo flag 247bf7c (Feng Cao)
bump version to v3.18.0 9404459 (Robert Sirchia)
backport #30673 to dev-v3 0a800e8 (Gerard Nguyen)
feat: add httproute from gateway-api to create chart template bd1b67b (Henrik Gerdes)

Full Changelog: https://github.com/helm/helm/compare/v3.18.6...v3.19.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Sep 12, 2025 by GitLab Dependency Bot

Update helm.sh/helm/v3 to v3.19.0