Skip to content

build(deps): Bump the gomod group with 2 updates#830

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-9d56e789db
Open

build(deps): Bump the gomod group with 2 updates#830
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-9d56e789db

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 13, 2026

Bumps the gomod group with 2 updates: github.com/mattn/go-shellwords and helm.sh/helm/v3.

Updates github.com/mattn/go-shellwords from 1.0.12 to 1.0.13

Commits
  • fd1aa6c Run gofmt: add missing //go:build directives and trailing newlines
  • e73986e Treat bare ')' as syntax error regardless of ParseBacktick
  • 9a78803 Merge pull request #60 from scumfrog/security-fix-cve
  • b074fa0 fix: preserve parser compatibility for unmatched ')' handling
  • 735b5e8 Implement tests for shellwords parser functionality
  • e2951fc Fix dollarQuote state management in shellwords.go
  • 551a1d0 Update CI: Go 1.25/1.26 and latest GitHub Actions
  • f3bbb6f Merge pull request #53 from ndeloof/master
  • f6737fe parse \t as TAB, not escaped t
  • See full diff in compare view

Updates helm.sh/helm/v3 from 3.20.1 to 3.20.2

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.20.2

v3.20.2

Helm v3.20.2 is a security patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Security fixes

  • GHSA-hr2v-4r36-88hr Helm Chart extraction output directory collapse via Chart.yaml name dot-segment

Installation and Upgrading

Download Helm v3.20.2. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 4.1.5 and 3.20.3 are the next patch (bug fix) releases and will be on April 8, 2026
  • 4.2.0 and 3.21.0 are the next minor (feature) releases and will be on May 13, 2026

Changelog

  • fix: Chart dot-name path bug 8fb76d6ab555577e98e23b7500009537a471feee (George Jenkins)
  • fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow 3a8927e275c50cecde273872dad2a5576bd46375 (Terry Howe)
Commits
  • 8fb76d6 fix: Chart dot-name path bug
  • 3a8927e fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): Bump the gomod group with 2 updates
e2964b5 
Bumps the gomod group with 2 updates: [github.com/mattn/go-shellwords](https://github.com/mattn/go-shellwords) and [helm.sh/helm/v3](https://github.com/helm/helm).


Updates `github.com/mattn/go-shellwords` from 1.0.12 to 1.0.13
- [Commits](mattn/go-shellwords@v1.0.12...v1.0.13)

Updates `helm.sh/helm/v3` from 3.20.1 to 3.20.2
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.20.1...v3.20.2)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-shellwords
  dependency-version: 1.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.20.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants