Update patchinfo.20251112155258859667.187004354831441/_patchinfo

remove seperate build arch

.gitmodules

@@ -26106,3 +26106,7 @@
 	path = perl-MCP
 	url = ../../pool/perl-MCP
 	branch = leap-16.0
+[submodule "fprintd"]
+	path = fprintd
+	url = ../../pool/fprintd
+	branch = leap-16.0

patchinfo.20251016111300220521.93181000773252/_patchinfo

@@ -0,0 +1,17 @@
+<patchinfo incident="packagehub-11">
+  <issue tracker="bnc" id="1250487">VUL-0: CVE-2025-59682: python-Django,python-Django4: Potential partial directory-traversal via archive.extract()</issue>
+  <issue tracker="cve" id="2025-59682">VUL-0: CVE-2025-59682: python-Django,python-Django4: Potential partial directory-traversal via archive.extract()</issue>
+  <issue tracker="cve" id="2025-59681"/>
+  <issue tracker="bnc" id="1250485">VUL-0: CVE-2025-59681: python-Django,python-Django4: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB</issue>
+  <packager>mcalabkova</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-Django</summary>
+  <description>This update for python-Django fixes the following issues:
+
+- CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (boo#1250485)
+- CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract() (boo#1250487)
+</description>
+  <package>python-Django</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251023150135882810.90520734224245/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-9">
+  <packager>dgarcia</packager>
+  <rating>moderate</rating>
+  <category>optional</category>
+  <summary>Optional update for fprintd</summary>
+  <description>
+This update ships fprintd 1.94.4 to openSUSE Leap 16.0 and SLES Package Hub 16.0
+</description>
+  <package>fprintd</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251025182237146698.93181000773252/_patchinfo

@@ -0,0 +1,129 @@
+<patchinfo incident="packagehub-13">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst</summary>
+  <description>This update for openQA, os-autoinst fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1761296552.ae7c17aa:
+  * Add tests for file_security_policy
+  * Pass parameter $is_userfile to log_url
+  * Remove redirect and serve files as attachments if necessary
+  * Serve files uploaded by tests via asset domain
+  * Use direct link to subdomain for the test assets
+  * Revert "Don't redirect to asset domain via /needles/ID/(image|json) route"
+  * Revert "Don't redirect screenshots, thumbs and needles to files_domain"
+
+- Update to version 5.1761228068.a3a7f84d:
+  * Dependency cron 2025-10-23
+
+- Update to version 5.1761037330.ad78558e:
+  * Avoid needless check for number of clones
+  * Avoid creation of `git_clone` tasks for jobs with empty `DISTRI`
+
+- Update to version 5.1760515610.a802d1dd:
+  * Lower the prio of archiving jobs to avoid piling up finalize jobs
+  * Add signatures in Schema::Result::ApiKeys
+
+- Update to version 5.1760245411.e3aeaaec:
+  * Dependency cron 2025-10-12
+
+- Update to version 5.1760108577.fd2f2a48:
+  * Log unavailability due to high load only as warning
+  * Filter job stats of scheduled products also by arch and build
+  * Document how to disable image optimizations
+  * Make image optimization errors stop the job producing an incomplete job
+  * Improve wording in description about job stats API
+  * Run `optipng` for real and handle errors if it fails
+
+- Update to version 5.1759912962.689b31ed:
+  * Avoid failing `obs_rsync_run` jobs when restarting `openqa-gru.service`
+
+- Update to version 5.1759834744.06a7028a:
+  * parser: ktap: Return earlier if subtest result is SKIP
+  * parser: ktap: Fallback to subtest index if name is not available
+
+- Update to version 5.1759440640.bb989cab:
+  * Don't redirect to asset domain via /needles/ID/(image|json) route
+
+- Update to version 5.1759402042.49e912c3:
+  * Introduce array job settings
+  * Retry `obs_rsync_update_*` tasks if Gru service terminates
+
+- Update to version 5.1759329378.3b8e8685:
+  * Reduce the number of required checks for Mergify again
+  * Ensure a failing cache service is seen as such by the worker/scheduler
+
+- Update to version 5.1759248257.70b23b32:
+  * Increase number of successful checks in Mergify config again
+  * Disable Helm Chart CI checks temporarily
+  * Consider all jobs for cleanup, not just jobs that were executed
+  * Verify job deletion when dependent job present
+
+- Update to version 5.1759149505.49c40b0b:
+  * Use always the latest PostgreSQL image in Compose and documentation
+  * Update the PostgreSQL version in the contributing documentation
+  * Update PostgreSQL data path in Docker Compose file after updating to v18
+  * Specify PostgreSQL version in Docker Compose configuration explicitly
+  * mergify: Allow more time for dependabot update reaction
+  * Remove version property from docker-compose
+  * README: Fix openQA badge after switch to UEFI
+  * build(deps-dev): bump eslint from 9.35.0 to 9.36.0
+
+- Update to version 5.1758910696.7549bb98:
+  * Replace argument assignment with signatures on ObsRsync/Task
+  * Enable automatic dependabot updates again after improvements
+  * docs: Add instructions for a continuous dashboard setup
+  * Replace argument assignment with signatures Folders package
+  * Fully cover WebAPI::Plugin::ObsRsync::Controller::Folders
+  * script: Also use OPENQA_WEBUI_MODE for related services
+
+- Update to version 5.1758814503.03d923a4:
+  * Use Mojo::File in Worker for is_qemu_running
+  * Use Mojo::File in Worker for meminfo
+  * Document archiving of important jobs
+
+- Update to version 5.1758729450.b88c0b40:
+  * Reject jobs if worker is broken when receiving a new job
+
+- Update to version 5.1758711845.e5c02221:
+  * script: Allow to configure openQA mode
+  * t: run at least once Memorylimit register with max_rss_limit &gt; 0
+  * Replace argument assignation with signatures on MemoryLimit
+
+Changes in os-autoinst:
+
+- Update to version 5.1761036042.c43e4ab:
+  * Update perltidy
+  * Allow redirects in needle NeedleDownloader
+  * Don't overwrite firewall xml
+  * Add UEFI support for ipxe kernel boot
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+
+- Update to version 5.1759328765.e7438f7:
+  * Allow redirects in needle NeedleDownloader
+  * Don't overwrite firewall xml
+  * Add UEFI support for ipxe kernel boot
+  * t: Use consistent Mojo::File in 08-autotest as well
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+
+- Update to version 5.1759134946.e08d7c7:
+  * Add UEFI support for ipxe kernel boot
+  * t: Use consistent Mojo::File in 08-autotest as well
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+  * os-autoinst-setup-multi-machine: Only call zypper when necessary
+  * os-autoinst-setup-multi-machine: Improve network interface check
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251025182836794674.93181000773252/_patchinfo

@@ -0,0 +1,28 @@
+<patchinfo incident="packagehub-18">
+  <packager>jsulig</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for amarok</summary>
+  <description>This update for amarok fixes the following issues:
+
+Changes in amarok:
+
+- Update to version 3.3.1
+  * Enable saving and loading script console items, autocompletion
+    in script console, and re-enable some more scripting functionality
+  * Convert the remaining main UI toolbuttons to use icons from theme
+  * Clear out remnants of the now-discontinued MusicDNS service
+  * Fix example permission grant command in database settings (kde#386004)
+  * Fix equalizer gains not updating when selecting some presets (kde#463908)
+  * Fix continuing playback after timecoded tracks (cue files etc, (kde#270003)
+  * Fix MusicBrainz search
+  * Properly start CD playback if Amarok is not already running (kde#503310)
+  * Also transmit embedded cover art through MPRIS (kde#357620)
+  * Don't show transcoding dialog after canceling download (kde#275840)
+  * Load network information earlier to avoid crashes on startup (kde#507497)
+  * Try to export as-compatible-as-possible playlist files (kde#507329)
+  * Fix some random crashes during playback
+
+</description>
+  <package>amarok</package>
+</patchinfo>

patchinfo.20251027101618101208.187004354831441/_patchinfo

@@ -0,0 +1,32 @@
+<patchinfo incident="packagehub-16">
+  <packager>miska</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for knot</summary>
+  <description>This update for knot fixes the following issues:
+
+Changes in knot:
+
+- disable quic in stable releases due to the missing libraries
+
+update to version 3.5.1, see
+
+  https://www.knot-dns.cz/2025-10-16-version-351.html
+
+update to version 3.5.0, see
+
+  https://www.knot-dns.cz/2025-09-18-version-350.html
+
+update to version 3.4.8, see
+
+  https://www.knot-dns.cz/2025-07-29-version-348.html
+
+Use the libngtcp2_crypto_gnutls-devel instead of libngtcp2-devel
+to account for the openssl and gnutls devel files split in ngtcp2.
+
+update to version 3.4.7, see
+
+  https://www.knot-dns.cz/2025-06-04-version-347.html
+</description>
+  <package>knot</package>
+</patchinfo>

patchinfo.20251027101939269288.187004354831441/_patchinfo

@@ -0,0 +1,48 @@
+<patchinfo incident="packagehub-10">
+  <issue tracker="cve" id="2025-10527">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10536">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10528">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10537">Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10529">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10532">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10533">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 115.28, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="bnc" id="1249391">VUL-0: MozillaFirefox / MozillaThunderbird: update to 143.0 and 140.3esr</issue>
+  <packager>Yoshio_Sato</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Changes in MozillaThunderbird:
+
+Mozilla Thunderbird 140.3.0 ESR:
+
+  * Right-clicking 'List-ID' -&gt; 'Unsubscribe' created double encoded
+    draft subject
+  * Thunderbird could crash on startup
+  * Thunderbird could crash when importing mail
+  * Opening Website header link in RSS feed incorrectly re-encoded
+    URL parameters
+  MFSA 2025-78 (bsc#1249391)
+  * CVE-2025-10527
+    Sandbox escape due to use-after-free in the Graphics:
+    Canvas2D component
+  * CVE-2025-10528
+    Sandbox escape due to undefined behavior, invalid pointer in
+    the Graphics: Canvas2D component
+  * CVE-2025-10529
+    Same-origin policy bypass in the Layout component
+  * CVE-2025-10532
+    Incorrect boundary conditions in the JavaScript: GC component
+  * CVE-2025-10533
+    Integer overflow in the SVG component
+  * CVE-2025-10536
+    Information disclosure in the Networking: Cache component
+  * CVE-2025-10537
+    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
+    ESR 140.3, Firefox 143 and Thunderbird 143
+
+</description>
+  <package>MozillaThunderbird</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251027103924170417.187004354831441/_patchinfo

@@ -0,0 +1,27 @@
+<patchinfo incident="packagehub-17">
+  <issue tracker="cve" id="2025-59438">VUL-0: CVE-2025-59438: TRACKERBUG: mbedtls: padding oracle attack possible through timing of cipher error reporting</issue>
+  <packager>dheidler</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for micropython</summary>
+  <description>This update for micropython fixes the following issues:
+
+Changes in micropython:
+
+- Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438
+
+Version 1.26.0:
+
+  * Added machine.I2CTarget for creating I2C target devices on multiple ports.
+  * New MCU support: STM32N6xx (800 MHz, ML accel) &amp; ESP32-C2 (WiFi + BLE).
+  * Major float accuracy boost (~28% → ~98%), constant folding in compiler.
+  * Optimized native/Viper emitters; reduced heap use for slices.
+  * Time functions standardized (1970–2099); new boards across ESP32, SAMD, STM32, Zephyr.
+  * ESP32: ESP-IDF 5.4.2, flash auto-detect, PCNT class, LAN8670 PHY.
+  * RP2: compressed errors, better lightsleep, hard IRQ timers.
+  * Zephyr v4.0.0: PWM, SoftI2C/SPI, BLE runtime services, boot.py/main.py support.
+  * mpremote adds fs tree, improved df, portable config paths.
+  * Updated lwIP, LittleFS, libhydrogen, stm32lib; expanded hardware/CI tests.
+</description>
+  <package>micropython</package>
+</patchinfo>

patchinfo.20251030080843825030.187004354831441/_patchinfo

@@ -0,0 +1,56 @@
+<patchinfo incident="packagehub-12">
+  <issue tracker="cve" id="2025-12441"/>
+  <issue tracker="cve" id="2025-12429"/>
+  <issue tracker="cve" id="2025-12431"/>
+  <issue tracker="cve" id="2025-12444"/>
+  <issue tracker="cve" id="2025-12428"/>
+  <issue tracker="cve" id="2025-12438"/>
+  <issue tracker="cve" id="2025-12435"/>
+  <issue tracker="cve" id="2025-12437"/>
+  <issue tracker="cve" id="2025-12443"/>
+  <issue tracker="cve" id="2025-12430"/>
+  <issue tracker="cve" id="2025-12440"/>
+  <issue tracker="cve" id="2025-12445"/>
+  <issue tracker="cve" id="2025-12446"/>
+  <issue tracker="cve" id="2025-12432"/>
+  <issue tracker="cve" id="2025-12436"/>
+  <issue tracker="cve" id="2025-12434"/>
+  <issue tracker="cve" id="2025-54874">VUL-0: CVE-2025-54874: TRACKERBUG: openjpeg: missing error check can lead to the use of an uninitialized pointer and cause an out-of-bounds heap</issue>
+  <issue tracker="cve" id="2025-12433"/>
+  <issue tracker="bnc" id="1252881">VUL-0: chromium: release 142.0.7444.59</issue>
+  <issue tracker="cve" id="2025-12439"/>
+  <issue tracker="cve" id="2025-12447"/>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 142.0.7444.59, the stable channel promotion of 142.
+
+Security fixes (boo#1252881):
+
+  * CVE-2025-12428: Type Confusion in V8
+  * CVE-2025-12429: Inappropriate implementation in V8
+  * CVE-2025-12430: Object lifecycle issue in Media
+  * CVE-2025-12431: Inappropriate implementation in Extensions
+  * CVE-2025-12432: Race in V8
+  * CVE-2025-12433: Inappropriate implementation in V8
+  * CVE-2025-12434: Race in Storage
+  * CVE-2025-12435: Incorrect security UI in Omnibox
+  * CVE-2025-12436: Policy bypass in Extensions
+  * CVE-2025-12437: Use after free in PageInfo
+  * CVE-2025-12438: Use after free in Ozone
+  * CVE-2025-12439: Inappropriate implementation in App-Bound Encryption
+  * CVE-2025-12440: Inappropriate implementation in Autofill
+  * CVE-2025-12441: Out of bounds read in V8
+  * CVE-2025-12443: Out of bounds read in WebXR
+  * CVE-2025-12444: Incorrect security UI in Fullscreen UI
+  * CVE-2025-12445: Policy bypass in Extensions
+  * CVE-2025-12446: Incorrect security UI in SplitView
+  * CVE-2025-12447: Incorrect security UI in Omnibox
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251030134459405257.187004354831441/_patchinfo

@@ -0,0 +1,24 @@
+<patchinfo incident="packagehub-14">
+  <packager>adrianSuSE</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for product-composer</summary>
+  <description>This update for product-composer fixes the following issues:
+
+Update to version 0.6.16:
+
+  - merge updateinfo's with same id into one
+  - error out on updateinfo with same id, but non-mergable content
+
+Update to version 0.6.15:
+
+  * Support updateinfo handling in arch specific meta data
+
+Update to version 0.6.14:
+
+  * option to disable joliet extensions on media
+  * no joliet extensions on source and debug media anymore
+</description>
+  <package>product-composer</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251104153107003768.187004354831441/_patchinfo

@@ -0,0 +1,63 @@
+<patchinfo incident="packagehub-15">
+  <issue tracker="cve" id="2025-11710"/>
+  <issue tracker="cve" id="2025-11709"/>
+  <issue tracker="cve" id="2025-11715"/>
+  <issue tracker="bnc" id="1247774">[SLFO:Main] [SLES16.0] MozillaFirefox fails to build on s390x</issue>
+  <issue tracker="cve" id="2025-11712"/>
+  <issue tracker="cve" id="2025-11708"/>
+  <issue tracker="cve" id="2025-11714"/>
+  <issue tracker="cve" id="2025-11713"/>
+  <issue tracker="cve" id="2025-11711"/>
+  <issue tracker="bnc" id="1251263">VUL-0: MozillaFirefox / MozillaThunderbird: update to 144.0 and 140.4esr</issue>
+  <packager>MSirringhaus</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Mozilla Thunderbird 140.4:
+
+  * changed: Account Hub is now disabled by default for second
+    email account
+  * changed: Flatpak runtime has been updated to Freedesktop SDK
+    24.08
+  * fixed: Users could not read mail signed with OpenPGP v6 and
+    PQC keys
+  * fixed: Image preview in Insert Image dialog failed with CSP
+    error for web resources
+  * fixed: Emptying trash on exit did not work with some
+    providers
+  * fixed: Thunderbird could crash when applying filters
+  * fixed: Users were unable to override expired mail server
+    certificate
+  * fixed: Opening Website header link in RSS feed incorrectly
+    re-encoded URL parameters
+  * fixed: Security fixes
+
+MFSA 2025-85 (bsc#1251263):
+
+  * CVE-2025-11708
+    Use-after-free in MediaTrackGraphImpl::GetInstance()
+  * CVE-2025-11709
+    Out of bounds read/write in a privileged process triggered by
+    WebGL textures
+  * CVE-2025-11710
+    Cross-process information leaked due to malicious IPC
+    messages
+  * CVE-2025-11711
+    Some non-writable Object properties could be modified
+  * CVE-2025-11712
+    An OBJECT tag type attribute overrode browser behavior on web
+    resources without a content-type
+  * CVE-2025-11713
+    Potential user-assisted code execution in “Copy as cURL”
+    command
+  * CVE-2025-11714
+    Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
+    140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
+  * CVE-2025-11715
+    Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
+    ESR 140.4, Firefox 144 and Thunderbird 144
+</description>
+  <package>MozillaThunderbird</package>
+</patchinfo>

patchinfo.20251106083153138720.187004354831441/_patchinfo

@@ -0,0 +1,23 @@
+<patchinfo incident="packagehub-19">
+  <issue tracker="bnc" id="1253089">VUL-0: chromium: release 142.0.7444.134</issue>
+  <issue tracker="cve" id="2025-12727"/>
+  <issue tracker="cve" id="2025-12725"/>
+  <issue tracker="cve" id="2025-12729">VUL-0: chromium: release 142.0.7444.134</issue>
+  <issue tracker="cve" id="2025-12728"/>
+  <issue tracker="cve" id="2025-12726"/>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 142.0.7444.134 (boo#1253089):
+
+  * CVE-2025-12725: Out of bounds write in WebGPU
+  * CVE-2025-12726: Inappropriate implementation in Views
+  * CVE-2025-12727: Inappropriate implementation in V8
+  * CVE-2025-12728: Inappropriate implementation in Omnibox
+  * CVE-2025-12729: Inappropriate implementation in Omnibox
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20251111094408723997.187004354831441/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-20">
+  <packager>adrianSuSE</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for product-composer</summary>
+  <description>This update for product-composer fixes the following issues:
+
+Update to version 0.6.17:
+
+  - fix multiarch media handling of updateinfo id's
+</description>
+  <package>product-composer</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251112155258859667.187004354831441/_patchinfo

@@ -0,0 +1,571 @@
+<patchinfo>
+  <issue tracker="cve" id="2025-0377">VUL-0: CVE-2025-0377: TRACKERBUG: go-slug: improper validation of paths when extracting tar files containing Terraform configuration files can lead to arbitrary file writes</issue>
+  <issue tracker="cve" id="2024-45338">VUL-0: CVE-2024-45338: TRACKERBUG: golang.org/x/net/html: denial of service due to non-linear parsing of case-insensitive content</issue>
+  <packager>manfred-h</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for helmfile</summary>
+  <description>This update for helmfile fixes the following issues:
+
+Changes in helmfile:
+
+Update to version 1.1.9:
+
+  * feat: update strategy for reinstall by @simbou2000 in #2019
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3
+    from 1.88.7 to 1.89.0 by @dependabot[bot] in #2239
+  * Fix: Handle empty helmBinary in base files with environment
+    values by @Copilot in #2237
+
+Update to version 1.1.8:
+
+  * build(deps): bump github.com/hashicorp/go-getter from 1.8.0 to
+    1.8.1 by @dependabot[bot] in #2194
+  * fix typos in both comment and error message by @d-fal in #2199
+  * cleanup disk in release ci by @yxxhero in #2203
+  * Migrate AWS SDK from v1 to v2 to resolve deprecation warnings
+    by @Copilot in #2202
+  * build(deps): bump github.com/helmfile/vals from 0.42.1 to 0.42.2
+    by @dependabot[bot] in #2200
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from
+    1.88.2 to 1.88.3 by @dependabot[bot] in #2206
+  * Bump Alpine to 3.22 in Dockerfile by @orishamir in #2205
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/config from
+    1.31.10 to 1.31.12 by @dependabot[bot] in #2207
+  * Add yq to Dockerfile by @orishamir in #2208
+  * fix: skip chartify for build command jsonPatches by @sstarcher
+    in #2212
+  * build(deps): bump github.com/hashicorp/go-getter from 1.8.1 to
+    1.8.2 by @dependabot[bot] in #2210
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from
+    1.88.3 to 1.88.4 by @dependabot[bot] in #2213
+  * build(deps): bump golang.org/x/term from 0.35.0 to 0.36.0 by
+    @dependabot[bot] in #2214
+  * Avoid fetching same chart/version multiple times by @Copilot
+    in #2197
+  * build(deps): bump github.com/helmfile/vals from 0.42.2 to
+    0.42.4 by @dependabot[bot] in #2217
+  * docs: add zread badge to README by @yxxhero in #2219
+  * Bump helm-diff to v3.13.1 by @Copilot in #2223
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from
+    1.88.4 to 1.88.5 by @dependabot[bot] in #2226
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/config from
+    1.31.12 to 1.31.13 by @dependabot[bot] in #2225
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from
+    1.88.5 to 1.88.6 by @dependabot[bot] in #2230
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from
+    1.88.6 to 1.88.7 by @dependabot[bot] in #2232
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/config from
+    1.31.13 to 1.31.15 by @dependabot[bot] in #2233
+  * Fix helmBinary and kustomizeBinary being ignored when using
+    bases by @Copilot in #2228
+
+Update to version 1.1.7:
+
+  What's Changed
+
+  * fix pflag error by @zhaque44 in #2164
+  * build(deps): bump actions/setup-go from 5 to 6 by
+    @dependabot[bot] in #2166
+  * build(deps): bump github.com/hashicorp/go-getter from 1.7.9 to
+    1.7.10 by @dependabot[bot] in #2165
+  * build(deps): bump github.com/spf13/pflag from 1.0.9 to 1.0.10
+    by @dependabot[bot] in #2163
+  * Add helm diff installation to README by @nwneisen in #2170
+  * build(deps): bump github.com/hashicorp/go-getter from 1.7.10
+    to 1.8.0 by @dependabot[bot] in #2175
+  * build(deps): bump golang.org/x/term from 0.34.0 to 0.35.0 by
+    @dependabot[bot] in #2174
+  * build(deps): bump github.com/zclconf/go-cty from 1.16.4 to
+    1.17.0 by @dependabot[bot] in #2173
+  * Fix panic when helm isn't installed by @nwneisen in #2169
+  * build(deps): bump golang.org/x/sync from 0.16.0 to 0.17.0 by
+    @dependabot[bot] in #2172
+  * ci: update minikube and kubernetes versions by @yxxhero in #2181
+  * build(deps): bump k8s.io/apimachinery from 0.34.0 to 0.34.1 by
+    @dependabot[bot] in #2180
+  * Remove deprecated --wait-retries flag support to fix Helm
+    compatibility error by @Copilot in #2179
+  * build(deps): bump go.yaml.in/yaml/v2 from 2.4.2 to 2.4.3 by
+    @dependabot[bot] in #2183
+  * build: update Helm to v3.19.0 across all components by @yxxhero
+    in #2187
+  * build: update helm-diff plugin to v3.13.0 by @yxxhero in #2189
+  * feat: Implement caching for pulling OCI charts by @mustdiechik
+    in #2171
+  * build(deps): bump github.com/helmfile/chartify from 0.24.7 to
+    0.25.0 by @dependabot[bot] in #2190
+
+- Update to version 1.1.6:
+  What's Changed
+  * build(deps): bump github.com/hashicorp/go-getter from 1.7.8 to
+    1.7.9 by @dependabot[bot] in #2139
+  * build(deps): bump github.com/zclconf/go-cty from 1.16.3 to
+    1.16.4 by @dependabot[bot] in #2145
+  * build: update helm to v3.18.6 by @yxxhero in #2144
+  * build(deps): bump github.com/stretchr/testify from 1.10.0 to
+    1.11.0 by @dependabot[bot] in #2150
+  * Add missing --timeout flag to helmfile sync command with
+    documentation by @Copilot in #2148
+  * Fix enableDNS flag missing in diff command and refactor
+    duplicate logic by @Copilot in #2147
+  * build(deps): bump github.com/stretchr/testify from 1.11.0 to
+    1.11.1 by @dependabot[bot] in #2151
+  * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.14
+    by @dependabot[bot] in #2154
+  * Bump github.com/ulikunitz/xz from v0.5.14 to v0.5.15 by @Copilot
+    in #2159
+  * build(deps): bump github.com/helmfile/vals from 0.42.0 to
+    0.42.1 by @dependabot[bot] in #2161
+  * build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.9
+    by @dependabot[bot] in #2160
+  * build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1
+    by @dependabot[bot] in #2162
+  * Fix error propagation in helmfile diff when Kubernetes is
+    unreachable by @Copilot in #2149
+
+- Update to version 1.1.5:
+  What's Changed
+  * build(deps): bump actions/checkout from 4 to 5 by
+    @dependabot[bot] in #2128
+  * Update recommended Helm versions in init.go and run.sh by
+    @yxxhero in #2129
+  * Add comprehensive .github/copilot-instructions.md for coding
+    agents by @Copilot in #2131
+  * refactor(state): extract getMissingFileHandler method for
+    clarity by @yxxhero in #2133
+  * Fix parseHelmVersion to handle helm versions without 'v'
+    prefix by @Copilot in #2132
+  * build(deps): bump k8s.io/apimachinery from 0.33.3 to 0.33.4
+    by @dependabot[bot] in #2136
+  * build(deps): bump github.com/helmfile/chartify from 0.24.6 to
+    0.24.7 by @dependabot[bot] in #2135
+
+- Update to version 1.1.4:
+  What's Changed
+  * build(deps): bump github.com/helmfile/vals from 0.41.2 to
+    0.41.3 by @dependabot[bot] in #2100
+  * build(deps): bump k8s.io/apimachinery from 0.33.2 to 0.33.3
+    by @dependabot[bot] in #2101
+  * fix: update Helm version to v3.17.4 in CI and init.go by
+    @yxxhero in #2102
+  * build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7
+    by @dependabot[bot] in #2104
+  * feat(state): add missingFileHandlerConfig and related logic
+    by @yxxhero in #2105
+  * refactor(filesystem): add CopyDir method and optimize Fetch
+    function by @yxxhero in #2111
+  * Allow caching of remote files to be disabled by @jess-sol in
+    #2112
+  * refactor(yaml): switch yaml library import paths from gopkg.in
+    to go.yaml.in by @yxxhero in #2114
+  * build(deps): bump actions/download-artifact from 4 to 5 by
+    @dependabot[bot] in #2121
+  * build(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 by
+    @dependabot[bot] in #2123
+
+- Update to version 1.1.3:
+  What's Changed
+  * build: update Helm to v3.18.3 and related dependencies by
+    @yxxhero in #2082
+  * Expose release version as .Release.ChartVersion for templating
+    by @Simske in #2080
+  * build(deps): bump github.com/helmfile/chartify from 0.24.3 to
+    0.24.4 by @dependabot[bot] in #2083
+  * build(deps): bump k8s.io/apimachinery from 0.33.1 to 0.33.2
+    by @dependabot[bot] in #2086
+  * build(deps): bump github.com/helmfile/chartify from 0.24.4 to
+    0.24.5 by @dependabot[bot] in #2087
+  * build(deps): bump github.com/Masterminds/semver/v3 from 3.3.1
+    to 3.4.0 by @dependabot[bot] in #2089
+  * build(deps): bump github.com/hashicorp/hcl/v2 from 2.23.0 to
+    2.24.0 by @dependabot[bot] in #2092
+  * build: update Helm and plugin versions to v3.18.4 and v3.12.3
+    by @yxxhero in #2093
+  * docs: update status section with May 2025 release information
+    by @yxxhero in #2096
+  * build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 by
+    @dependabot[bot] in #2099
+  * build(deps): bump golang.org/x/term from 0.32.0 to 0.33.0 by
+    @dependabot[bot] in #2098
+
+- Update to version 1.1.2:
+  What's Changed
+  * build(deps): bump github.com/helmfile/chartify from 0.24.2 to
+    0.24.3 by @dependabot in #2065
+  * build: update Helm to v3.18.2 and adjust related configurations
+    by @yxxhero in #2064
+  * build(deps): bump github.com/helmfile/vals from 0.41.1 to
+    0.41.2 by @dependabot in #2067
+  * build(deps): bump golang.org/x/sync from 0.14.0 to 0.15.0
+    by @dependabot in #2068
+  * fix-insecure-flag by @anontrex in #2072
+  * build(deps): bump github.com/cloudflare/circl from 1.4.0 to
+    1.6.1 by @dependabot in #2074
+  * fix: update helm-diff to version 3.12.2 in CI and Dockerfiles
+    by @yxxhero in #2073
+  * fix: TestToYaml not working with 32-bit architectures by
+    @ProbstDJakob in #2075
+
+- Update to version 1.1.1:
+  What's Changed
+  * Update README.md by @mumoshu in #2046
+  * build(deps): bump github.com/helmfile/vals from 0.41.0 to
+    0.41.1 by @dependabot in #2048
+  * build(helm) update to v3.18.0 by @yxxhero in #2044
+  * build(deps): bump github.com/helmfile/chartify from 0.23.0 to
+    0.24.1 by @dependabot in #2049
+  * build: update Helm and plugin versions in CI and Dockerfiles
+    by @yxxhero in #2059
+
+- Update to version 1.1.0:
+  What's Changed
+  * chore: fix typo in create_test.go by @sadikkuzu in #2025
+  * build(deps): bump golangci/golangci-lint-action from 7 to 8 by
+    @dependabot in #2029
+  * build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 by
+    @dependabot in #2028
+  * build(deps): bump github.com/helmfile/chartify from 0.22.0 to
+    0.23.0 by @dependabot in #2027
+  * chore: remove test data files by @yxxhero in #2026
+  * build(deps): bump golang.org/x/term from 0.31.0 to 0.32.0 by
+    @dependabot in #2033
+  * build(deps): bump github.com/helmfile/vals from 0.40.1 to
+    0.41.0 by @dependabot in #2032
+  * build(deps): bump dario.cat/mergo from 1.0.1 to 1.0.2 by
+    @dependabot in #2035
+  * feat(tmpl): enhance ToYaml test with multiple scenarios by
+    @yxxhero in #2031
+  * [sops, age] update to have SSH key support with sops by
+    @itscaro in #2036
+  * feat(yaml): add JSON style encoding option to NewEncoder by
+    @yxxhero in #2038
+  * refactor(yaml): upgrade from gopkg.in/yaml.v2 to v3 by @yxxhero
+    in #2039
+  * Update readme &amp; documentation with 2025 status of helmfile
+    project by @zhaque44 in #2040
+  * build(deps): bump k8s.io/apimachinery from 0.33.0 to 0.33.1 by
+    @dependabot in #2041
+  * build(deps): bump github.com/zclconf/go-cty from 1.16.2 to
+    1.16.3 by @dependabot in #2043
+
+- Update to version 1.0.0:
+  PLEASE READ
+  https://github.com/helmfile/helmfile/blob/main/docs/proposals/towards-1.0.md
+
+  What's Changed:
+  * build(deps): bump github.com/helmfile/vals from 0.39.0 to 0.39.1
+    by @dependabot in #1926
+  * Bump kubectl to current version (1.32.1) by @DerDaku in #1924
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.21 to 1.15.22
+    by @dependabot in #1925
+  * build: update Helm to v3.17.1 and related dependencies by
+    @yxxhero in #1928
+  * build(deps): bump k8s.io/apimachinery from 0.32.1 to 0.32.2 by
+    @dependabot in #1931
+  * feat: inject cli state values (--state-values-set) into environment
+    templating context by @Vince-Chenal in #1917
+  * docs: add skipSchemaValidation to index.md and update related
+    structs by @yxxhero in #1935
+  * refactor(state): optimize HelmState flags handling by @yxxhero
+    in #1937
+  * Update vals package to v0.39.2 by @aditmeno in #1938
+  * build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by
+    @dependabot in #1940
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.22 to 1.15.23
+    by @dependabot in #1941
+  * build(deps): bump github.com/helmfile/chartify from 0.20.8 to
+    0.20.9 by @dependabot in #1942
+  * feat: colorized DELETED by @yurrriq in #1944
+  * feat(docs): add proposal to remove charts and delete subcommands
+    by @yxxhero in #1936
+  * build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0
+    by @dependabot in #1945
+  * build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to
+    4.0.5 by @dependabot in #1946
+  * build: update golang version to 1.24 and golangci-lint to
+    v1.64.5 by @yxxhero in #1949
+  * build(deps): bump github.com/helmfile/vals from 0.39.2 to 0.39.3
+    by @dependabot in #1951
+  * build(deps): bump github.com/helmfile/chartify from 0.20.9 to
+    0.21.0 by @dependabot in #1950
+  * build(deps): bump golang.org/x/sync from 0.11.0 to 0.12.0 by
+    @dependabot in #1955
+  * build(deps): bump jinja2 from 3.1.5 to 3.1.6 in /docs by
+    @dependabot in #1956
+  * Don't warn if this and the needed release set installed: false
+    by @jayme-github in #1958
+  * build(deps): bump golang.org/x/term from 0.29.0 to 0.30.0 by
+    @dependabot in #1959
+  * Remove all v0.x references by @yxxhero in #1919
+  * build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.3
+    by @dependabot in #1960
+  * build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 by
+    @dependabot in #1961
+  * build(deps): bump github.com/helmfile/vals from 0.39.3 to 0.39.4
+    by @dependabot in #1962
+  * build: update Helm to v3.17.2 and related dependencies by
+    @yxxhero in #1965
+  * build: update yaml.v3 dependency and remove colega/go-yaml-yaml
+    by @yxxhero in #1929
+  * build(deps): bump github.com/containerd/containerd from 1.7.24
+    to 1.7.27 by @dependabot in #1966
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.23 to
+    1.16.0 by @dependabot in #1967
+  * build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to
+    5.2.2 by @dependabot in #1969
+  * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to
+    4.5.2 by @dependabot in #1970
+  * build(deps): bump golangci/golangci-lint-action from 6 to 7
+    by @dependabot in #1975
+  * build(deps): bump github.com/helmfile/vals from 0.39.4 to
+    0.40.0 by @dependabot in #1978
+  * build(deps): bump github.com/helmfile/chartify from 0.21.0 to
+    0.21.1 by @dependabot in #1979
+  * docs(fix): correct typo in 'tier=fronted' to 'tier=frontend'
+    by @yxxhero in #1980
+  * feat: add labels for helm release by @yxxhero in #1046
+  * build(deps): bump github.com/helmfile/vals from 0.40.0 to
+    0.40.1 by @dependabot in #1981
+  * build(deps): bump github.com/goccy/go-yaml from 1.16.0 to 1.17.1
+    by @dependabot in #1982
+  * fix: Check needs with context and namespace by @aarnq in #1986
+  * build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 by
+    @dependabot in #1991
+  * build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0 by
+    @dependabot in #1990
+  * fix(state): enhance error message for missing .gotmpl extension
+    in helmfile v1 by @yxxhero in #1989
+  * build(deps): bump github.com/helmfile/chartify from 0.21.1 to
+    0.22.0 by @dependabot in #1996
+  * build: update Helm plugin versions in CI and Dockerfiles by
+    @yxxhero in #1995
+  * build: update Helm to v3.17.3 and update related Dockerfiles
+    by @yxxhero in #1993
+  * build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by
+    @dependabot in #2010
+  * feat: add helmfile archive configuration in goreleaser by
+    @yxxhero in #2000
+  * docs: add more complex examples section in README by @yxxhero
+    in #2013
+  * Feat: setting reuseValues flag in release by @blaskoa in #2004
+  * build(deps): bump k8s.io/apimachinery from 0.32.3 to 0.32.4 by
+    @dependabot in #2016
+  * build(deps): bump github.com/aws/aws-sdk-go from 1.55.6 to
+    1.55.7 by @dependabot in #2015
+  * chore: support parsing any type with fromYaml by @ProbstDJakob
+    in #2017
+  * build(deps): bump k8s.io/apimachinery from 0.32.4 to 0.33.0 by
+    @dependabot in #2018
+  * feat: add --take-ownership flag to helm diff and related config
+    by @yxxhero in #1992
+
+- Update to version 0.171.0:
+  * feat: execute templates against postRendererHooks by @allanger
+    in #1839
+  * build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6
+    by @dependabot in #1897
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.15 to
+    1.15.16 by @dependabot in #1901
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.16 to
+    1.15.17 by @dependabot in #1905
+  * Use a regex to match --state-values-set-string arguments
+    by @gllb in #1902
+  * build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0
+    by @dependabot in #1911
+  * Chartify v0.20.8 update by @scodeman in #1908
+  * cleanup: remove all about v0.x by @yxxhero in #1903
+  * build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0
+    by @dependabot in #1913
+  * chore: update babel to resolve CVEs by @zhaque44 in #1916
+  * remove deprecated charts.yaml by @yxxhero in #1437
+  * Revert "cleanup: remove all about v0.x" by @yxxhero in #1918
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.17 to
+    1.15.19 by @dependabot in #1920
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.19 to
+    1.15.20 by @dependabot in #1921
+  * feat: Add support for --wait-retries flag. by @connyay in #1922
+  * build: update go-yaml to v1.15.21 by @yxxhero in #1923
+
+- Update to version 0.170.1:
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.14 to
+    1.15.15 by @dependabot in #1882
+  * build(deps): bump github.com/hashicorp/go-slug from 0.15.0 to
+    0.16.3 by @dependabot in #1886 (CVE-2025-0377)
+  * Ensure 'helm repo add' is also not pollute on helmfile template
+    by @baurmatt in #1887
+  * build(deps): bump github.com/zclconf/go-cty from 1.16.1 to
+    1.16.2 by @dependabot in #1888
+  * fix: using correct option for takeOwnership flag by @blaskoa
+    in #1892
+  * fix typo in docs by @adamab48 in #1889
+
+- Update to version 0.170.0:
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.6 to 1.15.7
+    by @dependabot in #1818
+  * build(deps): bump golang.org/x/term from 0.26.0 to 0.27.0 by
+    @dependabot in #1817
+  * chore(doc): fix the indent of the selector usage sample yaml by
+    @Ladicle in #1819
+  * feat(state): add support for setString in ReleaseSpec and
+    HelmState by @yxxhero in #1821
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.7 to 1.15.8
+    by @dependabot in #1822
+  * test(state): add TestHelmState_setStringFlags for setStringFlags
+    method by @yxxhero in #1823
+  * build(deps): bump k8s.io/apimachinery from 0.31.3 to 0.31.4 by
+    @dependabot in #1826
+  * build(deps): bump golang.org/x/crypto from 0.29.0 to 0.31.0 by
+    @dependabot in #1828
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.8 to
+    1.15.9 by @dependabot in #1831
+  * build(deps): bump k8s.io/apimachinery from 0.31.4 to 0.32.0 by
+    @dependabot in #1830
+  * feat: updating sops version to 3.9.2 by @zhaque44 in #1834
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.9 to
+    1.15.10 by @dependabot in #1835
+  * build(deps): bump helm.sh/helm/v3 from 3.16.3 to 3.16.4 by
+    @dependabot in #1836
+  * build: update Helm version to v3.16.4 in CI and Dockerfiles by
+    @yxxhero in #1837
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.10 to
+    1.15.11 by @dependabot in #1838
+  * build(deps): bump filippo.io/age from 1.2.0 to 1.2.1 by
+    @dependabot in #1840
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.11 to
+    1.15.12 by @dependabot in #1843
+  * build: update helm-diff to v3.9.13 in Dockerfiles and init.go
+    by @yxxhero in #1841
+  * build(deps): bump github.com/helmfile/chartify from 0.20.4 to
+    0.20.5 by @dependabot in #1845
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.12 to
+    1.15.13 by @dependabot in #1844
+  * build(deps): bump jinja2 from 3.1.4 to 3.1.5 in /docs by
+    @dependabot in #1846
+  * CVE-2024-45338: updating golang.org/x/net: to version: v0.33.0
+    by @zhaque44 in #1849
+  * build(deps): bump github.com/zclconf/go-cty from 1.15.1 to
+    1.16.0 by @dependabot in #1851
+  * build(deps): bump golang.org/x/term from 0.27.0 to 0.28.0
+    by @dependabot in #1852
+  * update sops versions to 3.9.3 by @zhaque44 in #1861
+  * build(deps): bump github.com/hashicorp/go-getter from 1.7.6
+    to 1.7.7 by @dependabot in #1862
+  * feat: add --take-ownership flag to apply and sync commands by
+    @yxxhero in #1863
+  * fix: ensure plain http is supported across all helmfile
+    commands by @purpleclay in #1858
+  * fix: ensure development versions of charts can be used across
+    helmfile commands by @purpleclay in #1865
+  * build(deps): bump github.com/helmfile/chartify from 0.20.5 to
+    0.20.6 by @dependabot in #1866
+  * update kubectl version (1.30) to stay up to date with new
+    releases by @zhaque44 in #1867
+  * build(deps): bump github.com/zclconf/go-cty from 1.16.0 to
+    1.16.1 by @dependabot in #1870
+  * build(deps): bump github.com/hashicorp/go-getter from 1.7.7 to
+    1.7.8 by @dependabot in #1869
+  * feat: Add "--no-hooks" to helmfile template by @jwlai in #1813
+  * update helm and k8s versions in ci, dockerfiles, and go.mod by
+    @yxxhero in #1872
+  * build(deps): bump github.com/helmfile/vals from 0.38.0 to 0.39.0
+    by @dependabot in #1876
+  * build(deps): bump k8s.io/apimachinery from 0.32.0 to 0.32.1 by
+    @dependabot in #1873
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.13 to
+    1.15.14 by @dependabot in #1874
+  * build: update helm-diff to v3.9.14 in Dockerfiles and init.go
+    by @yxxhero in #1877
+
+- Update to version 0.169.2:
+  * build(deps): bump github.com/helmfile/vals from 0.37.6 to 0.37.7
+    by @dependabot in #1747
+  * build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2 by
+    @dependabot in #1754
+  * Reset extra args before running 'dependency build' by @baurmatt
+    in #1751
+  * Introducing Helmfile Guru on Gurubase.io by @kursataktas in #1748
+  * feat: add skip json schema validation during the install /upgrade
+    of a Chart by @zhaque44 in #1737
+  * fix(maputil): prevent nil value overwrite by @ban11111 in #1755
+  * build(deps): bump github.com/goccy/go-yaml from 1.12.0 to
+    1.13.0 by @dependabot in #1759
+  * fix: this url doesn't work anymore by @zekena2 in #1760
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.0 to
+    1.13.1 by @dependabot in #1762
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.1 to
+    1.13.2 by @dependabot in #1763
+  * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to
+    4.5.1 by @dependabot in #1767
+  * build(deps): bump github.com/helmfile/vals from 0.37.7 to
+    0.37.8 by @dependabot in #1764
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.2 to
+    1.13.4 by @dependabot in #1765
+  * fix(integration-tests): read correct minikube status (#1768)
+    by @ceriath in #1769
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.4 to
+    1.13.5 by @dependabot in #1770
+  * Add integration tests for #1749 by @baurmatt in #1766
+  * fix: update acme chart URL in input.yaml by @yxxhero in #1773
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.5 to
+    1.13.6 by @dependabot in #1771
+  * build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 by
+    @dependabot in #1775
+  * build(deps): bump golang.org/x/term from 0.25.0 to 0.26.0
+    by @dependabot in #1774
+  * Revive dead badge links by @eggplants in #1776
+  * feat: refactor label creation in state.go by @yxxhero in #1758
+  * docs: Add Gurubase badge to README-zh_CN by @yxxhero in #1777
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.6 to
+    1.13.9 by @dependabot in #1781
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.9 to
+    1.14.0 by @dependabot in #1782
+  * build(deps): bump github.com/goccy/go-yaml from 1.14.0 to
+    1.14.3 by @dependabot in #1788
+  * build(deps): bump helm.sh/helm/v3 from 3.16.2 to 3.16.3 by
+    @dependabot in #1786
+  * fix: update helm-diff to version 3.9.12 in CI and Dockerfiles
+    by @yxxhero in #1792
+  * build: update Helm version to v3.16.3 in CI and Dockerfiles
+    by @yxxhero in #1791
+  * feat: add HELMFILE_INTERACTIVE env var to enable interactive
+    mode by @thevops in #1787
+  * build(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to
+    2.23.0 by @dependabot in #1793
+  * build(deps): bump github.com/Masterminds/semver/v3 from 3.3.0
+    to 3.3.1 by @dependabot in #1795
+  * chore: update with testify/assert assertion and table driven
+    tests for fs.go by @zhaque44 in #1794
+  * build(deps): bump k8s.io/apimachinery from 0.31.2 to 0.31.3
+    by @dependabot in #1798
+  * build(deps): bump github.com/stretchr/testify from 1.9.0 to
+    1.10.0 by @dependabot in #1800
+  * build(deps): bump github.com/goccy/go-yaml from 1.14.3 to
+    1.15.0 by @dependabot in #1804
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.0 to
+    1.15.1 by @dependabot in #1807
+  * build(deps): bump github.com/zclconf/go-cty from 1.15.0 to
+    1.15.1 by @dependabot in #1806
+  * update example chart URL in remote-secrets doc by @daveneeley
+    in #1809
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.1 to
+    1.15.3 by @dependabot in #1811
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.3 to
+    1.15.6 by @dependabot in #1812
+  * fix: inject global values in Chartify by @xabufr in #1805
+  * build(deps): bump github.com/helmfile/vals from 0.37.8 to
+    0.38.0 by @dependabot in #1814
+  * build(deps): bump github.com/helmfile/chartify from 0.20.3 to
+    0.20.4 by @dependabot in #1815
+  * build(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0 by
+    @dependabot in #1816
+
+- Update to version 0.169.1:
+  * feat: update sops version to 3.9.1 by @zhaque44 in #1742
+  * chore: improve test assertions and descriptions for file
+    download test by @zhaque44 in #1745
+  * feat: add 'hide-notes' flag to helm in sync and apply commands
+    by @yxxhero in #1746
+</description>
+  <package>helmfile</package>
+</patchinfo>

staging.config

@@ -1,4 +1,4 @@
 {
   "ObsProject": "openSUSE:Backports:SLE-16.0",
-  "StagingProject": "openSUSE:Backports:SLE-16.0:PullRequest"
+  "StagingProject": "openSUSE:Backports:SLE-16.0:PullRequest",
 }