Skip to content

CSPL-4153: Update dependencies and restore helm chart 3.0.0#1831

Open
gabrielm-splunk wants to merge 5 commits intomainfrom
cspl-4153-dependencies-helm-only
Open

CSPL-4153: Update dependencies and restore helm chart 3.0.0#1831
gabrielm-splunk wants to merge 5 commits intomainfrom
cspl-4153-dependencies-helm-only

Conversation

@gabrielm-splunk
Copy link
Copy Markdown
Collaborator

@gabrielm-splunk gabrielm-splunk commented Apr 8, 2026

Summary

  • Update grpc dependencies to address security vulnerabilities
  • Update Go version to 1.25.8 in .env and Dockerfile.distroless
  • Update UBI 8 minimal base image to 8.10-1775152441
  • Restore helm chart version 3.0.0 to repository index

Security Updates

gRPC vulnerability fix:

  • Updated google.golang.org/grpc and related dependencies to address security vulnerabilities

Base image update:

  • Updated UBI 8 minimal base image from 8.10-1770223153 to 8.10-1775152441
  • Updated Go version from 1.25.0 to 1.25.8

Helm Chart 3.0.0 Restoration

Version 3.0.0 was inadvertently removed by automated PR (commit 1139fcf) when 3.1.0 was added. Customers reported the version missing from helm search repo splunk/splunk-operator --versions results.

Changes:

  • Restored 3.0.0 packaged chart from git tag
  • Added 3.0.0 entries to docs/index.yaml for both splunk-enterprise and splunk-operator charts

Test plan

  • Security vulnerabilities addressed
  • Helm chart 3.0.0 restored and verified locally
  • CI/CD pipeline validation
  • Verify helm chart 3.0.0 appears in search after merge to main

🤖 Generated with Claude Code

kasiakoziol and others added 5 commits April 8, 2026 12:49
@kasiakoziol @gabrielm-splunk
Update grpc dependencu due to sec vuln (#1804)
f9f9476
@gabrielm-splunk @claude
CSPL-4153: Update dependencies to fix security vulnerabilities
d94edfd 
- Update google.golang.org/grpc from v1.78.0 to v1.79.3 (VULN-67797)
- Update github.com/buger/jsonparser from v1.1.1 to v1.1.2 (VULN-67794)
- Update Go stdlib from 1.25.7 to 1.25.8 (VULN-65734)
- Update gnutls via explicit microdnf update (VULN-69140)
- Update other dependencies to latest compatible versions

Fixes: VULN-67797, VULN-67794, VULN-65734, VULN-69140

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Gabriel Mendoza <gabrielm@splunk.com>
@gabrielm-splunk @claude
Update Go version in .env and Dockerfile.distroless
726c7af 
- Update GO_VERSION in .env: 1.25.7 → 1.25.8
- Update Dockerfile.distroless FROM golang:1.25.7 → 1.25.8

Addresses review comment to update all Go version occurrences.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Gabriel Mendoza <gabrielm@splunk.com>
@gabrielm-splunk
Update UBI 8 minimal base image to 8.10-1775152441
b9b0d29 
- Updated Dockerfile: ARG BASE_IMAGE_VERSION
- Updated Makefile: comment and BASE_IMAGE_VERSION variable
- Latest version pulled from registry.access.redhat.com/ubi8/ubi-minimal:8.10

Addresses review comment on PR #1809

Signed-off-by: Gabriel Mendoza <gabmendo@splunk.com>
@gabrielm-splunk @claude
Restore helm chart version 3.0.0 to repository index
4459672 
Version 3.0.0 was inadvertently removed by automated PR (commit 1139fcf)
when 3.1.0 was added. Customers reported the version missing from
`helm search repo` results.

Changes:
- Restored 3.0.0 packaged chart from git tag
- Added 3.0.0 entries to docs/index.yaml for both splunk-enterprise and splunk-operator charts
- Chart digest: db5890e3bcc95f9ca7298873cc08b4a5d1ee86ccb4ad4e5334a0ab5d7a5fdb5e

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gabrielm-splunk gabrielm-splunk mentioned this pull request Apr 8, 2026
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gabrielm-splunk @kasiakoziol