fix(deps): update module helm.sh/helm/v3 to v3.18.0

[botty-mcbottington]

This PR contains the following updates:

Package	Type	Update	Change
helm.sh/helm/v3	require	minor	v3.17.3 -> v3.18.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

helm/helm (helm.sh/helm/v3)

v3.18.0: Helm v3.18.0

Compare Source

Helm v3.18.0 is a feature release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

• Add support for JSON Schema 2020
• Enabled cpu and memory profiling
• Add hook annotation to output hook logs to client on error

Installation and Upgrading

Download Helm v3.18.0. The common platform binaries are here:

• MacOS amd64 (checksum / 2be99836549413c2f0212d644e8740abd8ba5d7f55484c29d3363cea339891d9)
• MacOS arm64 (checksum / 4ce30bd86a3fc4f31d297827a5bf5b10ced8c4da2ff810bf9f53f561dbed7d10)
• Linux amd64 (checksum / 961e587fc2c03807f8a99ac25ef063fa9e6915f1894729399cbb95d2a79af931)
• Linux arm (checksum / 88f6264801fd9c5bb3d2d24c7b3da4e239d137b39bacd18d25b22823e6bd31f7)
• Linux arm64 (checksum / 489c9d2d3ea4e095331249d74b4407fb5ac1d338c28429d70cdedccfe6e2b029)
• Linux i386 (checksum / 3302c90957e259897d238feee65e05abb3fc586ab80a49cb577fd123b2e94cb3)
• Linux ppc64le (checksum / 559036fe183593488275a19796ca0b13f56e9d586b697a0d968e8b1e24472d7c)
• Linux s390x (checksum / ab0e347751b425ed9c4b619159a9ffeb85a82e07f7333921dec1a26780195a72)
• Linux riscv64 (checksum / ae98c3d9d352ac91909d28dbb03d91fc506cafcce647cfbd1954a02ef84f91d1)
• Windows amd64 (checksum / ae6a1b832043e3433d2823fc42692057dbf007efad34292708130b412c169a94)
• Windows arm64 (checksum / f354f0bdf725a0530162754632bc54fed2c56ad11a899b031702ee1c70ecb5fc)

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.18.1 on June 11th, 2025 will contain only bug fixes.
• 3.19.0 on September 11th, 2025 is the next feature release.

Changelog

• build(deps): bump the k8s-io group with 7 updates cc58e3f (dependabot[bot])
• fix: govulncheck workflow bf1436b (Matthieu MOREL)
• bump version to v3.18.0 d8edc2a (Robert Sirchia)
• fix:add proxy support when mTLS configured 48377fe (Rongrong Liu)
• docs: Note about http fallback for OCI registries cdd7c10 (Terry Howe)
• Bump net package to avoid CVE on dev-v3 f9ab8f7 (Benoit Tigeot)
• Bump toml 087fa18 (Benoit Tigeot)
• backport #​30677to dev3 2a5f83b (dongjiang)
• build(deps): bump github.com/rubenv/sql-migrate from 1.7.2 to 1.8.0 5df2f30 (dependabot[bot])
• Add install test for TakeOwnership flag 0906fe7 (Evans Mungai)
• Fix --take-ownership 4ee3a19 (Patrick Seidensal)
• build(deps): bump github.com/rubenv/sql-migrate from 1.7.1 to 1.7.2 3538c2a (dependabot[bot])
• build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 6fa95c8 (dependabot[bot])
• build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0 741b5be (dependabot[bot])
• Testing text bump 017f9fa (Benoit Tigeot)
• Permit more Go version and not only 1.23.8 6667252 (Benoit Tigeot)
• Bumps github.com/distribution/distribution/v3 from 3.0.0-rc.3 to 3.0.0 4ad1ccd (Benoit Tigeot)
• Unarchiving fix 3ce10e4 (Matt Farina)
• Fix typo 422c58e (Benoit Tigeot)
• Report as debug log, the time spent waiting for resources 5e7f12d (Benoit Tigeot)
• build(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27 dcc286c (dependabot[bot])
• Update pkg/registry/fallback.go 1435ec7 (Terry Howe)
• automatic fallback to http 674e882 (Terry Howe)
• chore(oci): upgrade to ORAS v2 c188441 (Terry Howe)
• Updating to 0.37.0 for x/net 2b12490 (Matt Farina)
• build(deps): bump the k8s-io group with 7 updates 0648918 (dependabot[bot])
• build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 0911b9c (dependabot[bot])
• build(deps): bump github.com/opencontainers/image-spec 2f22d55 (dependabot[bot])
• build(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.26 89361c9 (dependabot[bot])
• build(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0 6d64160 (dependabot[bot])
• Fix cherry-pick helm.sh/helm/v4 -> helm.sh/helm/v3 bcb83e4 (Scott Rigby)
• Refactor based on review comment 2aa90b8 (Chris Berry)
• Refactor based on review comment 5739197 (Chris Berry)
• Add HookOutputFunc and generic yaml unmarshaller b8e1387 (Chris Berry)
• clarify fix error message 97b0e11 (Scott Rigby)
• fix err check 2f79afb (Scott Rigby)
• remove comments about previous functionality c77f4ec (Scott Rigby)
• add short circuit return 3cd6afe (Scott Rigby)
• Update based on review comments 5367001 (Chris Berry)
• Update based on review comments 3c44515 (Chris Berry)
• Fix lint 4cb639e (Chris Berry)
• Tidy up imports 20f859c (Chris)
• Add hook annotations to output pod logs to client on success and fail ca90972 (Chris Berry)
• chore: use []error instead of []string a9e2075 (Evans Mungai)
• Update cmd/helm/profiling.go 996ad84 (Evans Mungai)
• chore: update profiling doc in CONTRIBUTING.md 867c97e (Evans Mungai)
• Update CONTRIBUTING guide af24101 (Evans Mungai)
• Prefer environment variables to CLI flags c7dfa87 (Evans Mungai)
• Fix linter warning b39411a (Evans Mungai)
• Move pprof paths to HELM_PPROF env variable 4c50f01 (Evans Mungai)
• Update CONTRIBUTING.md 3b43f7b (Evans Mungai)
• Update CONTRIBUTING.md a32e11b (Evans Mungai)
• Additional review fixes from PR 483ebf9 (Evans Mungai)
• feat: Add flags to enable CPU and memory profiling 461197f (Evans Mungai)
• build(deps): bump github.com/distribution/distribution/v3 e7fa545 (dependabot[bot])
• build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 d1687ba (dependabot[bot])
• Moving to SetOut and SetErr for Cobra 4c2f88b (Matt Farina)
• build(deps): bump the k8s-io group with 7 updates a2413aa (dependabot[bot])
• build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 959d643 (dependabot[bot])
• build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 3a87c68 (dependabot[bot])
• build(deps): bump golang.org/x/text from 0.21.0 to 0.22.0 711cef8 (dependabot[bot])
• build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 7680623 (dependabot[bot])
• build(deps): bump github.com/cyphar/filepath-securejoin 03747d9 (dependabot[bot])
• build(deps): bump github.com/evanphx/json-patch f1db83f (dependabot[bot])
• build(deps): bump the k8s-io group with 7 updates 3bc3751 (dependabot[bot])
• fix: check group for resource info match 2ebce78 (Jiasheng Zhu)
• Bump github.com/cyphar/filepath-securejoin from 0.3.6 to 0.4.0 8e86e76 (dependabot[bot])
• add test for nullifying nested global value 326c1e3 (Ryan Hockstad)
• Ensuring the file paths are clean prior to passing to securejoin fba9d08 (Matt Farina)
• Bump github.com/containerd/containerd from 1.7.24 to 1.7.25 a79be7d (dependabot[bot])
• Bump golang.org/x/crypto from 0.31.0 to 0.32.0 b029d74 (dependabot[bot])
• Bump golang.org/x/term from 0.27.0 to 0.28.0 a1c0ae8 (dependabot[bot])
• bump version to v3.17.0 d6db69e (Matt Farina)
• Bump github.com/moby/term from 0.5.0 to 0.5.2 54ffefb (dependabot[bot])
• Add test case for removing an entire object ef2eb55 (Ryan Hockstad)
• Tests for bugfix: Override subcharts with null values #​12879 60fcce1 (Scott Rigby)
• feat: Added multi-platform plugin hook support to v3 Signed-off-by: Steve Hipwell [email protected] 83dddb1 (Andrew Block)
• This commit fixes the issue where the yaml.Unmarshaller converts all int values into float64, this passes in option to decoder, which enables conversion of int into . 0a6834f (Althaf M)
• merge null child chart objects 5a58751 (Ryan Hockstad)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[botty-mcbottington]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 24 additional dependencies were updated

Details:

Package	Change
github.com/containerd/containerd	v1.7.24 -> v1.7.27
github.com/cyphar/filepath-securejoin	v0.3.6 -> v0.4.1
github.com/evanphx/json-patch	v5.9.0+incompatible -> v5.9.11+incompatible
github.com/google/btree	v1.0.1 -> v1.1.3
github.com/google/cel-go	v0.22.0 -> v0.23.2
github.com/gorilla/websocket	v1.5.0 -> v1.5.4-0.20250319132907-e064f32e3674
github.com/prometheus/client_golang	v1.20.5 -> v1.22.0
github.com/prometheus/common	v0.57.0 -> v0.62.0
github.com/rubenv/sql-migrate	v1.7.1 -> v1.8.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	v0.55.0 -> v0.58.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.54.0 -> v0.58.0
golang.org/x/crypto	v0.36.0 -> v0.37.0
golang.org/x/oauth2	v0.26.0 -> v0.28.0
golang.org/x/sys	v0.32.0 -> v0.33.0
golang.org/x/term	v0.30.0 -> v0.31.0
k8s.io/api	v0.32.2 -> v0.33.0
k8s.io/apiextensions-apiserver	v0.32.2 -> v0.33.0
k8s.io/apiserver	v0.32.2 -> v0.33.0
k8s.io/cli-runtime	v0.32.2 -> v0.33.0
k8s.io/client-go	v0.32.2 -> v0.33.0
k8s.io/component-base	v0.32.2 -> v0.33.0
k8s.io/kubectl	v0.32.2 -> v0.33.0
sigs.k8s.io/kustomize/api	v0.18.0 -> v0.19.0
sigs.k8s.io/kustomize/kyaml	v0.18.1 -> v0.19.0