Skip to content

chore(deps): bump the helm-dependencies group across 2 directories with 1 update#847

Merged
neilime merged 1 commit into
mainfrom
dependabot/helm/tests/charts/application/helm-dependencies-6a528bbb49
Jun 30, 2026
Merged

chore(deps): bump the helm-dependencies group across 2 directories with 1 update#847
neilime merged 1 commit into
mainfrom
dependabot/helm/tests/charts/application/helm-dependencies-6a528bbb49

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps the helm-dependencies group with 1 update in the /tests/charts/application directory: valkey.
Bumps the helm-dependencies group with 1 update in the /tests/charts/umbrella-application directory: valkey.

Updates valkey from 0.9.4 to 0.10.0

Updates valkey from 0.9.4 to 0.10.0

Updates valkey from 0.9.4 to 0.10.0

Updates valkey from 0.9.4 to 0.10.0

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file helm Pull requests that update helm code labels Jun 19, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Hi, thank you for creating your PR, we will check it out very soon

@github-actions

Copy link
Copy Markdown
Contributor

Super-linter summary

Language Validation result
BIOME_FORMAT Pass ✅
BIOME_LINT Pass ✅
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Fail ❌
YAML Pass ✅
YAML_PRETTIER Pass ✅

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

TRIVY

Report Summary

┌──────────────────────────────────────────────┬────────────┬─────────────────┬───────────────────┬─────────┐
│                    Target                    │    Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├──────────────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ actions/helm/generate-docs/package-lock.json │    npm     │        2        │         -         │    -    │
├──────────────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ actions/helm/release-chart/package-lock.json │    npm     │        0        │         -         │    -    │
├──────────────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ tests/charts/package-lock.json               │    npm     │        0        │         -         │    -    │
├──────────────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ Dockerfile                                   │ dockerfile │        -        │         0         │    -    │
├──────────────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ tests/application/Dockerfile                 │ dockerfile │        -        │         0         │    -    │
└──────────────────────────────────────────────┴────────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


actions/helm/generate-docs/package-lock.json (npm)
==================================================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│   Library   │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├─────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ js-yaml     │ CVE-2026-53550 │ MEDIUM   │ fixed  │ 4.1.1             │ 4.2.0         │ JS-YAML: Quadratic-complexity DoS in merge key handling via │
│             │                │          │        │                   │               │ repeated aliases                                            │
│             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-53550                  │
├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ markdown-it │ CVE-2026-48988 │          │        │ 14.1.1            │ 14.2.0        │ markdown-it is a Markdown parser. Versions 14.1.1 and below │
│             │                │          │        │                   │               │ contain a ...                                               │
│             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-48988                  │
└─────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

…th 1 update

Bumps the helm-dependencies group with 1 update in the /tests/charts/application directory: valkey.
Bumps the helm-dependencies group with 1 update in the /tests/charts/umbrella-application directory: valkey.


Updates `valkey` from 0.9.4 to 0.10.0

Updates `valkey` from 0.9.4 to 0.10.0

Updates `valkey` from 0.9.4 to 0.10.0

Updates `valkey` from 0.9.4 to 0.10.0

---
updated-dependencies:
- dependency-name: valkey
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: helm-dependencies
- dependency-name: valkey
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: helm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/helm/tests/charts/application/helm-dependencies-6a528bbb49 branch from 29a49b8 to b53a063 Compare June 30, 2026 17:49
@github-actions

Copy link
Copy Markdown
Contributor

Super-linter summary

Language Validation result
BIOME_FORMAT Pass ✅
BIOME_LINT Pass ✅
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@neilime neilime merged commit 3dd2123 into main Jun 30, 2026
97 of 98 checks passed
@neilime neilime deleted the dependabot/helm/tests/charts/application/helm-dependencies-6a528bbb49 branch June 30, 2026 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file helm Pull requests that update helm code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant