chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Update	Change	Age	Confidence
helm	patch	4.1.1 → 4.1.3
poetry (changelog)	patch	2.3.2 → 2.3.3

---

Release Notes

helm/helm (helm)

v4.1.3: Helm v4.1.3

Compare Source

Helm v4.1.3 is a patch release. Users are encouraged to upgrade for the best experience.

Note there was no 4.1.2 release due to a release automation issue.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

• Fixed a bug where --dry-run=server was not respecting generateName #​31563
• Fixed a bug where empty CRD resources caused a crash. Now it prints an error #​31578
• Fixed a bug where OCI references with tag+digest failed with "invalid byte" error #​31601
• Fixed a bug where user-provided nil value was not preserved when chart has an empty map or no default for a key #​31644
• Fixed a regression since Helm 3.18.0 where Pulling charts from OCI repositories that use an index to store both Container Images and Helm Charts under the same tag failed #​31776
• Fixed a Helm 4 regression where gotemplate white space trimming directly after YAML doc separators, when present after postrendering, caused YAML file corruption #​31868
• Fixed a bug where FailedStatus is treated as a terminal state, causing upgrades to fail prematurely when cluster autoscalers needed time to provision nodes, or when pods were being deleted during rolling updates #​31897
• Fixed broken backwards compatibility for deprecated --atomic flag on install command #​31901
• SDK: Fixed a Windows 'Access Deined' error if multiple processes try to download the same chart version concurrently #​31128
• SDK: Fixed a bug where users did not receive any logs from the waiter, causing confusion as several minutes could pass with no user feedback #​31717
• SDK: Fixed a bug where server-side apply defaults did not always match the CLI defaults #​31732
• SDK: Fixed a Go import issue when downstream tooling attempted to vendor helm.sh/helm/v4/pkg/kube #​31852

Installation and Upgrading

Download Helm v4.1.3. The common platform binaries are here:

• MacOS amd64 (checksum / 742132e11cc08a81c97f70180cd714ae8376f8c896247a7b14ae1f51838b5a0b)
• MacOS arm64 (checksum / 21c02fe2f7e27d08e24a6bf93103f9d2b25aab6f13f91814b2cfabc99b108a5e)
• Linux amd64 (checksum / 02ce9722d541238f81459938b84cf47df2fdf1187493b4bfb2346754d82a4700)
• Linux arm (checksum / 5ea614cd1562e682e213e07f3632b76f9d7b4b0917918e820c515a9030a59951)
• Linux arm64 (checksum / 5db45e027cc8de4677ec869e5d803fc7631b0bab1c1eb62ac603a62d22359a43)
• Linux i386 (checksum / 6cbf1f7cca1f4917a0d4a593a22b7c6ec88207e159196eac94f8eaaad8730431)
• Linux loong64 (checksum / BlobNotFoundThe specified blob does not exist.
  RequestId:a97d6fdb-301e-0045-72a5-b120d7000000
  Time:2026-03-11T22:20:16.6057319Z)
• Linux ppc64le (checksum / 413c21ea07f85beb952807b45cafbcd3bb0ff50aa3ed66e8e87b47bebf2312ce)
• Linux s390x (checksum / c1a5c613429ca50e70ebed3e7535d272805ed4a7aa61c1af20d85121a07e7bcd)
• Linux riscv64 (checksum / 0a0beb5b30c24947d71586a7c6bcd774e207ce42b072b046513cf0cff46106a8)
• Windows amd64 (checksum / a69356c872fca122650e8c392341c5c49c19da004353514611118087ea2ee7cf)
• Windows arm64 (checksum / 6b05bec8659014df56ede28068a216451b6401d0fbbfd2dadffbef908cd03ff5)

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @​scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 4.2.0 and 3.21.0 are the next minor releases and will be on May 13, 2026
• 4.1.4 and 3.20.2 are the next patch releases and will be on April 8, 2026

Changelog

• chore(defaults): server-side apply SDK defaults should always match the CLI defaults c94d381 (Matheus Pimenta)
• whitespace b36d660 (Austin Abro)
• use logger with waiter 04a91af (Austin Abro)
• Remove refactorring changes from coalesce_test.go c3c57db (Evans Mungai)
• Fix import d47cb2b (Evans Mungai)
• Update pkg/chart/common/util/coalesce_test.go 790bf92 (Evans Mungai)
• Fix lint warning f7cec12 (Evans Mungai)
• Preserve nil values in chart already d94a5c9 (Evans Mungai)
• fix(values): preserve nil values when chart default is empty map 8c5fe4e (Evans Mungai)
• chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 217db28 (dependabot[bot])
• Restored --atomic flag on install command 7cb43e0 (Travis Leeden)
• fix: bump go.opentelemetry.io/otel/sdk to v1.40.0 for GO-2026-4394 5b26d4f (Terry Howe)
• fix: bump fluxcd/cli-utils to v0.37.2-flux.1 360c131 (Terry Howe)
• chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.21.0 to 0.21.1 69a0a92 (dependabot[bot])
• fix: insert newline after doc separators glued to content by template trimming b868e6a (Matheus Pimenta)
• fix: correct import comment in statuswait.go from v3 to v4 dbfbea9 (rohansood10)
• chore(deps): bump the k8s-io group with 7 updates 099192c (dependabot[bot])
• add image index test 4967ead (Pedro Tôrres)
• fix pulling charts from OCI indices 2fe6b10 (Pedro Tôrres)
• fix: handle OCI digest algorithm prefix in chart downloader (#​31601) e3e2d01 (Evans Mungai)
• fix(install): check nil for restClientGetter and fix tests c15e711 (Manuel Alonso)
• chore(refactor): better testing and functionality for installing crd df82e68 (Manuel Alonso)
• fix(test): fix tests and check nil for restclient 4b896ca (Manuel Alonso)
• fix(test): merge fix correctly 3fc7939 (Manuel Alonso Gonzalez)
• fix(install): add more tests and check nil file data 6017d2b (Manuel Alonso)
• fix(test): no check empty resources f451967 (Manuel Alonso)
• fix(install): check lenght and file nil, add tests fdadff5 (Manuel Alonso)
• fix(action): crd resources can be empty 10d6067 (Manuel Alonso)
• fix: casing issue fixed 0fec40f (Mujib Ahasan)
• fix: error handled correctly 2637498 (Mujib Ahasan)
• fix: doc string added 961d7d7 (Mujib Ahasan)
• update: test coverage added for helper function validateNameAndGenerateName 29e4506 (Mujib Ahasan)
• update: helper function added for the business logic d55b0b9 (Mujib Ahasan)
• generateName is also considered in logic c1c090e (Mujib Ahasan)
• update: business logic respected for skipping object missing name 5e09313 (Mujib Ahasan)
• fixed: --dry-run=server now respect generateName f289d16 (Mujib Ahasan)
• fix(downloader): safely handle concurrent file writes on Windows bfac739 (Orgad Shaneh)

python-poetry/poetry (poetry)

v2.3.3

Compare Source

Fixed

• Fix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory (#​10792).
• Fix an issue where git dependencies from annotated tags could not be updated (#​10719).
• Fix an issue where empty VIRTUAL_ENV or CONDA_PREFIX environment variables (e.g., after conda deactivate) would cause Poetry to incorrectly detect an active virtualenv (#​10784).
• Fix an issue where an incomprehensible error message was printed when .venv was a file instead of a directory (#​10777).
• Fix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (#​10748).
• Fix an issue where poetry publish --no-interaction --build requested user interaction (#​10769).
• Fix an issue where poetry init and poetry new created a deprecated project.license format (#​10787).

Docs

• Clarify the differences between poetry install and poetry update (#​10713).
• Clarify the section of fields in the pyproject.toml examples (#​10753).
• Add a note about the different installation location when Python from the Microsoft Store is used (#​10759).
• Fix the system requirements for Poetry (#​10739).
• Fix the poetry cache clear example (#​10749).
• Fix the link to pipx installation instructions (#​10783).

poetry-core (2.3.2)

• Fix an issue where platform_release could not be parsed on Debian Trixie (#​930).
• Fix an issue where using project.readme.text in the pyproject.toml file resulted in broken metadata (#​914).
• Fix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (#​919).
• Fix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (#​922).
• Fix an issue where PEP 735 include-group entries were lost when [tool.poetry.group] also defined include-groups for the same group (#​924).
• Fix an issue where the union of <value> not in <marker> constraints was wrongly treated as always satisfied (#​925).
• Fix an issue where a post release with a local version identifier was wrongly allowed by a > version constraint (#​921).
• Fix an issue where a version with the local version identifier 0 was treated as equal to the corresponding public version (#​920).
• Fix an issue where a != <version> constraint wrongly disallowed pre releases and post releases of the specified version (#​929).
• Fix an issue where in and not in constraints were wrongly not allowed by specific compound constraints (#​927).

---

Configuration

📅 Schedule: Branch creation - "before 6am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🐳 Docker image built and pushed: ghcr.io/dannysauer/stampbot:pr-69

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (63208a4) to head (9086f50).

Additional details and impacted files

@@            Coverage Diff            @@
##              main       #69   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            9         9           
  Lines          982       982           
  Branches       113       113           
=========================================
  Hits           982       982           

Flag	Coverage Δ
unittests	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

🐳 Docker image built and pushed: ghcr.io/dannysauer/stampbot:pr-69

[github-actions]

🐳 Docker image built and pushed: ghcr.io/dannysauer/stampbot:pr-69

[github-actions]

🐳 Docker image built and pushed: ghcr.io/dannysauer/stampbot:pr-69