fix(deps): update module helm.sh/helm/v3 to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
helm.sh/helm/v3	v3.19.4 → v4.0.4

---

Release Notes

helm/helm (helm.sh/helm/v3)

v4.0.4: Helm v4.0.4

Helm v4.0.4 is a security fix for a Go CVE in the previous tag. This patch release rebuilds the Helm v4.0.2 release with the latest Go toolchain, to fix the Go CVE. Users are encouraged to upgrade. Note that tag v4.0.3 was skipped due to a build failure.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v4.0.4. The common platform binaries are here:

• MacOS amd64 (checksum / 73bcfd6ab000fdc95acf9fe1c59e8e47179426a653e45ae485889869d4a00523)
• MacOS arm64 (checksum / a7ea99937a9679b3935fa0a2b70e577aa1ea84e5856e7c0821ca6ffa064ea976)
• Linux amd64 (checksum / 29454bc351f4433e66c00f5d37841627cbbcc02e4c70a6d796529d355237671c)
• Linux arm (checksum / 9255732e31b5aa5ee7b55be8497eea4723e3dfb08a63c37603ae0d15a9a9d82c)
• Linux arm64 (checksum / 16b88acc6503d646b7537a298e7389bef469c5cc9ebadf727547abe9f6a35903)
• Linux i386 (checksum / e6dbf45313bab48e51a2b7a5f3271a19bb3d8b9f07b4bb48ba342389d902af53)
• Linux loong64 (checksum / BlobNotFoundThe specified blob does not exist.
  RequestId:11673868-901e-003e-10cd-6b624b000000
  Time:2025-12-13T01:15:26.0922049Z)
• Linux ppc64le (checksum / c108d181a0e29dadf281fbb4f4a0e0f2149922b119ec745ced1a5ae6f0918703)
• Linux s390x (checksum / cdf172c59379f0a3fe1db4743c16f122745fdaaebb2fbbfa40ce5722a4787717)
• Linux riscv64 (checksum / 2cf1c77d993bf5386e85249007bdaf38358d2516b18454212206a81b132e1330)
• Windows amd64 (checksum / 135bffadd3c87aff8856e06efb366bea2a48ac4d1742d73af80250410246f14d)
• Windows arm64 (checksum / b65d05f15260e78311f463773f54fe68f6d74444b3c3e84cecf270cdb927cd8a)

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @​scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.19.5 and 4.0.5 are the next patch releases and will be on January 14, 2026
• 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

• Bump v4.0.2 CVE deps cd700e0 (George Jenkins)
• Use latest patch release of Go in releases 9db13ee (Matt Farina)

v4.0.2: Helm v4.0.2

Compare Source

Helm v4.0.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v4.0.2. The common platform binaries are here:

• MacOS amd64 (checksum / 1dd2ce37855f5380abc86d56ab38387d4f1b8b05be296760addfe32d7c56a393)
• MacOS arm64 (checksum / fed6a23bba5db8a21e40175f44c159e057b26a6361f4280e24c820d0841e150b)
• Linux amd64 (checksum / 980756a9b2fd501a1d6ddd1b21741678875df005c91bb05bb41093988bb83bb7)
• Linux arm (checksum / 24ba97abd1d62194c75293f775f80a342feff872aa5f00df55dd73a47cd9cb8f)
• Linux arm64 (checksum / 3de681b463fb783f49f5ab72d700c057124ef73fa74062624b8fe95deafded4b)
• Linux i386 (checksum / f9d369d25e4b2a2f1c830633f45d4a6d63a61c6a297cc25609888c260c979b96)
• Linux ppc64le (checksum / 374cfb13ec692654cd16f1aac2aa82b0092ac5c12a13809184e9fae61073a830)
• Linux s390x (checksum / b56b77d5a0921bb53a8190e60b520c2e72a58581cb15c38b0d08cc9a238edffd)
• Linux riscv64 (checksum / 48f2366775dff3b0f40d931e0300e1d7068b06accfe21588ab742f521a3aa12f)
• Windows amd64 (checksum / 3a160ca07a0da72bf872601116ed1363120c3fe1d48afb0bb7f53bbba4673f7f)
• Windows arm64 (checksum / dd94baf0ceb0dced8615343ed7a7b1cd5543996a8177866ead3f8a9ce60c8d14)

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

• fix: prevent reporting fallback on version when none specified 94659f2 (Benoit Tigeot)
• fix: prevent segmentation violation on empty yaml in multidoc 2dd1f66 (Benoit Tigeot)
• Ignore duplicated URN in logs bbad438 (Benoit Tigeot)
• jsonschema: warn and ignore unresolved URN $ref to match v3.18.4 bdcf920 (Benoit Tigeot)
• Publish Helm v4 -> helm-latest-version 9ac7c2b (George Jenkins)
• fix: Fix Helm v4 release distribtion/get-helm-3 script 0bef6bd (George Jenkins)

v4.0.1: Helm v4.0.1

Compare Source

Helm v4.0.1 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v4.0.1. The common platform binaries are here:

• MacOS amd64 (checksum / a8d1ca46c3ff5484b2b635dfc25832add4f36fdd09cf2a36fb709829c05b4112)
• MacOS arm64 (checksum / 8e0b9615cf72a62faaa0cfc0e22115f05bcddfd3d7ee58406ef97bc1ba563ae8)
• Linux amd64 (checksum / e0365548f01ed52a58a1181ad310b604a3244f59257425bb1739499372bdff60)
• Linux arm (checksum / b946401f857de078c744990188f8f664ecb1c72cdafde1ed239020fa3bb2fc3c)
• Linux arm64 (checksum / 959fa52d34e2e1f0154e3220ed5f22263c8593447647a43af07890bba4b004d1)
• Linux i386 (checksum / 6a358de71c8dc2cf4a7946930ff9a70a7a3716531e64093a88182f64bdaea5a3)
• Linux ppc64le (checksum / 29ef01eed29b3ba676cf6db45dc90b50e07f2b5ec4b1ea40071326bff4922a4e)
• Linux s390x (checksum / ecf11996bd01a483eca01aa258a58f9e3b3d8e732cd5c84d6975d51ab2abf538)
• Linux riscv64 (checksum / e9a1ce6aa004027ba0349982279b0ecab847ddc51b961b963e64eb800de3ec6c)
• Windows amd64 (checksum / a976ee9f3016ae86d8948c0a6d3fc5ed7489cd264cffdbff4860bd97120bd256)
• Windows arm64 (checksum / 5ecbcd8e50577a325e22d365cd4c4de2e2bd014d81f73b356dbd4f7e6c2427fb)

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.19.3 and 4.0.2 are the next patch releases and will be on December 10, 2025
• 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

• Copy adopted resource info 12500dd (George Jenkins)
• fixup test 1cf3841 (George Jenkins)
• logs 32e2d08 (George Jenkins)
• fix 4b6472f (George Jenkins)
• fix: Use server-side apply for object create during update 9dfe3b3 (George Jenkins)
• Fix kube client logging 861adc2 (Matt Farina)
• update tests b2f7872 (yxxhero)
• Refactor environment variable expansion in PrepareCommands and update tests 77f97a1 (yxxhero)
• Fix syntax errors in the document a156195 (Fish-pro)
• fix: correct LDFLAGS path for default Kubernetes version 2c0dcda (Benoit Tigeot)

v4.0.0: Helm v4.0.0

Compare Source

The Helm Team is proud to announce the first stable release of Helm 4.

New Features

Helm 4 has numerous new features, but a few deserve highlighting here:

• Redesigned plugin system that supports Web Assembly based plugins
• Post-renderers are now plugins
• Server side apply is now supported
• Improved resource watching, to support waiting, based on kstatus
• Local Content-based caching (e.g. for charts)
• Logging via slog enabling SDK logging to integrate with modern loggers
• Reproducible builds of chart archives
• Updated SDK API including support for multiple chart API versions (new experimental v3 chart API version coming soon)

For full release notes, please see: https://helm.sh/docs/overview/

Compatibility with Helm v3

Helm v4 is a major version with backward incompatible changes including to the flags and output of the Helm CLI and to the SDK.

Please evaluate the changes to your workflows. The changes are not as extensive as those from Helm v2 to v3, with the goal that the majority of workflows remain compatible between Helm v3 and v4.

Helm charts apiVersion v2 (majority of today's charts) will continue to be supported in Helm v4. Existing charts should continue to install, upgrade, and otherwise work. Please test the installation and upgrade of charts to ensure it works as expected. Changes (e.g., server side apply) may impact the experience.

Community

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v4.0.0. The common platform binaries are here:

• MacOS amd64 (checksum / 125233cf943e6def2abc727560c5584e9083308d672d38094bae1cc3e0bfeaa2)
• MacOS arm64 (checksum / 4f5d367af9e2141b047710539d22b7e5872cdaef788333396077236feb422419)
• Linux amd64 (checksum / c77e9e7c1cc96e066bd240d190d1beed9a6b08060b2043ef0862c4f865eca08f)
• Linux arm (checksum / 23498ff8f5fb358ad2576269cd41fa9a54b9469332806dff0d689470323180be)
• Linux arm64 (checksum / 8c5c77e20cc29509d640e208a6a7d2b7e9f99bb04e5b5fbe22707b72a5235245)
• Linux i386 (checksum / eda0b6508def454ba07e2f938c55f73be795e7f99552078ccc8af2c2bbd58a45)
• Linux ppc64le (checksum / 73ae83e9888aafa0e9c57a1d4d77dcb6c97c253ef175a4983a8bb4bcc771d2eb)
• Linux s390x (checksum / 9c7368b18c76fcae9e0281e1ee875ea0d9b5970ac3a00c4eb963205948594bad)
• Linux riscv64 (checksum / a688c2559c57d6a858c49b9237b7d6bbce5c634aa5204c4342bdc8a06818b9f1)
• Windows amd64 (checksum / 0f9a8c891b8d908a37fbb68f12dea92b633eb29e49070bd650f5760a1a99aa8d)
• Windows arm64 (checksum / f3ff262427547cc1b1dc3356d587ed8ffaa23f2abf24bc06660a350b9b7925f9)

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.19.3 and 4.0.1 are the next patch releases and will be on December 10, 2025
• 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Thank You!

The Helm project has enjoyed code contributions from many community members. Many more community members have assisted by filing issues and working with us to identify and eliminate bugs while adding new features. The #helm-users slack channel has long been a friendly and open forum for getting help and learning more about Helm. We cannot thank you enough for making this a helpful, friendly, and welcoming community for all.

❤️ The Helm Team

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go mod tidy
go: downloading helm.sh/helm/v4 v4.0.4
go: downloading github.com/onsi/ginkgo/v2 v2.27.2
go: downloading github.com/onsi/gomega v1.38.2
go: downloading github.com/fluxcd/cli-utils v0.36.0-flux.14
go: downloading github.com/lithammer/dedent v1.1.0
go: downloading github.com/DATA-DOG/go-sqlmock v1.5.2
go: downloading go.uber.org/goleak v1.3.0
go: downloading github.com/stretchr/objx v0.5.2
go: downloading github.com/google/gofuzz v1.2.0
go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
go: downloading github.com/creack/pty v1.1.18
go: downloading github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6
go: downloading github.com/ProtonMail/go-crypto v1.3.0
go: downloading github.com/distribution/distribution/v3 v3.0.0
go: downloading github.com/foxcpp/go-mockdns v1.1.0
go: downloading github.com/extism/go-sdk v1.7.1
go: downloading github.com/tetratelabs/wazero v1.9.0
go: downloading github.com/go-sql-driver/mysql v1.8.1
go: downloading github.com/mattn/go-sqlite3 v1.14.22
go: downloading github.com/kr/pretty v0.3.1
go: downloading github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e
go: downloading github.com/jcmturner/gokrb5/v8 v8.4.4
go: downloading github.com/frankban/quicktest v1.14.6
go: downloading github.com/dlclark/regexp2 v1.11.0
go: downloading github.com/redis/go-redis/v9 v9.7.3
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/bshuster-repo/logrus-logstash-hook v1.0.0
go: downloading github.com/docker/go-metrics v0.0.1
go: downloading github.com/gorilla/handlers v1.5.2
go: downloading github.com/miekg/dns v1.1.68
go: downloading github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a
go: downloading filippo.io/edwards25519 v1.1.0
go: downloading github.com/poy/onpar v1.1.2
go: downloading github.com/go-task/slim-sprig/v3 v3.0.0
go: downloading golang.org/x/tools v0.39.0
go: downloading github.com/kr/text v0.2.0
go: downloading github.com/rogpeppe/go-internal v1.14.1
go: downloading github.com/jcmturner/dnsutils/v2 v2.0.0
go: downloading github.com/jcmturner/gofork v1.7.6
go: downloading github.com/hashicorp/go-uuid v1.0.3
go: downloading github.com/jcmturner/goidentity/v6 v6.0.1
go: downloading github.com/cloudflare/circl v1.6.1
go: downloading github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f
go: downloading github.com/gorilla/mux v1.8.1
go: downloading github.com/distribution/reference v0.6.0
go: downloading github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c
go: downloading github.com/redis/go-redis/extra/redisotel/v9 v9.0.5
go: downloading go.opentelemetry.io/contrib/exporters/autoexport v0.57.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0
go: downloading github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca
go: downloading github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834
go: downloading go.opentelemetry.io/otel/sdk/metric v1.37.0
go: downloading go.etcd.io/etcd/server/v3 v3.6.5
go: downloading github.com/google/pprof v0.0.0-20250403155104-27863c87afa6
go: downloading github.com/jcmturner/aescts/v2 v2.0.0
go: downloading github.com/jcmturner/rpc/v2 v2.0.3
go: downloading github.com/docker/docker-credential-helpers v0.8.2
go: downloading github.com/hashicorp/golang-lru/arc/v2 v2.0.5
go: downloading github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5
go: downloading go.opentelemetry.io/contrib/bridges/prometheus v0.57.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0
go: downloading go.opentelemetry.io/otel/exporters/prometheus v0.54.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0
go: downloading go.opentelemetry.io/otel/sdk/log v0.8.0
go: downloading github.com/soheilhy/cmux v0.1.5
go: downloading github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75
go: downloading go.etcd.io/bbolt v1.4.3
go: downloading go.etcd.io/etcd/pkg/v3 v3.6.5
go: downloading gopkg.in/natefinch/lumberjack.v2 v2.2.1
go: downloading golang.org/x/mod v0.30.0
go: downloading github.com/hashicorp/golang-lru/v2 v2.0.5
go: downloading go.opentelemetry.io/otel/log v0.8.0
go: downloading github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674
go: downloading github.com/dustin/go-humanize v1.0.1
go: downloading go.etcd.io/raft/v3 v3.6.0
go: downloading github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510
go: downloading github.com/jonboulle/clockwork v0.5.0
go: downloading github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.1
go: downloading github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
go: downloading github.com/cenkalti/backoff/v4 v4.3.0
go: downloading github.com/golang-jwt/jwt/v5 v5.3.0
go: downloading github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.0
go: downloading gonum.org/v1/gonum v0.16.0
go: downloading github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5
go: finding module for package helm.sh/helm/v4/pkg/chartutil
go: finding module for package helm.sh/helm/v4/pkg/releaseutil
go: github.com/cert-manager/cmctl/v2/pkg/install imports
	helm.sh/helm/v4/pkg/chartutil: module helm.sh/helm/v4@latest found (v4.0.4), but does not contain package helm.sh/helm/v4/pkg/chartutil
go: github.com/cert-manager/cmctl/v2/pkg/uninstall imports
	helm.sh/helm/v4/pkg/releaseutil: module helm.sh/helm/v4@latest found (v4.0.4), but does not contain package helm.sh/helm/v4/pkg/releaseutil

[cert-manager-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign maelvls for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cert-manager-prow]

Hi @renovate[bot]. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[cert-manager-prow]

@renovate[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cert-manager-cmctl-verify	c0b34af	link	true	/test pull-cert-manager-cmctl-verify
pull-cert-manager-cmctl-test	c0b34af	link	true	/test pull-cert-manager-cmctl-test
pull-cert-manager-cmctl-integration	c0b34af	link	true	/test pull-cert-manager-cmctl-integration

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.