Skip to content

CSPL-4153: Update dependencies and restore helm chart 3.0.0#1831

Open
gabrielm-splunk wants to merge 5 commits intomainfrom
cspl-4153-dependencies-helm-only
Open

CSPL-4153: Update dependencies and restore helm chart 3.0.0#1831
gabrielm-splunk wants to merge 5 commits intomainfrom
cspl-4153-dependencies-helm-only

Conversation

@gabrielm-splunk
Copy link
Copy Markdown
Collaborator

@gabrielm-splunk gabrielm-splunk commented Apr 8, 2026

Summary

  • Update grpc dependencies to address security vulnerabilities
  • Update Go version to 1.25.8 in .env and Dockerfile.distroless
  • Update UBI 8 minimal base image to 8.10-1775152441
  • Restore helm chart version 3.0.0 to repository index

Security Updates

gRPC vulnerability fix:

  • Updated google.golang.org/grpc and related dependencies to address security vulnerabilities

Base image update:

  • Updated UBI 8 minimal base image from 8.10-1770223153 to 8.10-1775152441
  • Updated Go version from 1.25.0 to 1.25.8

Helm Chart 3.0.0 Restoration

Version 3.0.0 was inadvertently removed by automated PR (commit 1139fcf) when 3.1.0 was added. Customers reported the version missing from helm search repo splunk/splunk-operator --versions results.

Changes:

  • Restored 3.0.0 packaged chart from git tag
  • Added 3.0.0 entries to docs/index.yaml for both splunk-enterprise and splunk-operator charts

Test plan

  • Security vulnerabilities addressed
  • Helm chart 3.0.0 restored and verified locally
  • CI/CD pipeline validation
  • Verify helm chart 3.0.0 appears in search after merge to main

🤖 Generated with Claude Code

kasiakoziol and others added 5 commits April 8, 2026 12:49
@kasiakoziol @gabrielm-splunk
Update grpc dependencu due to sec vuln (#1804)
f9f9476
@gabrielm-splunk @claude
CSPL-4153: Update dependencies to fix security vulnerabilities
d94edfd 
- Update google.golang.org/grpc from v1.78.0 to v1.79.3 (VULN-67797)
- Update github.com/buger/jsonparser from v1.1.1 to v1.1.2 (VULN-67794)
- Update Go stdlib from 1.25.7 to 1.25.8 (VULN-65734)
- Update gnutls via explicit microdnf update (VULN-69140)
- Update other dependencies to latest compatible versions

Fixes: VULN-67797, VULN-67794, VULN-65734, VULN-69140

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Gabriel Mendoza <gabrielm@splunk.com>
@gabrielm-splunk @claude
Update Go version in .env and Dockerfile.distroless
726c7af 
- Update GO_VERSION in .env: 1.25.7 → 1.25.8
- Update Dockerfile.distroless FROM golang:1.25.7 → 1.25.8

Addresses review comment to update all Go version occurrences.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Gabriel Mendoza <gabrielm@splunk.com>
@gabrielm-splunk
Update UBI 8 minimal base image to 8.10-1775152441
b9b0d29 
- Updated Dockerfile: ARG BASE_IMAGE_VERSION
- Updated Makefile: comment and BASE_IMAGE_VERSION variable
- Latest version pulled from registry.access.redhat.com/ubi8/ubi-minimal:8.10

Addresses review comment on PR #1809

Signed-off-by: Gabriel Mendoza <gabmendo@splunk.com>
@gabrielm-splunk @claude
Restore helm chart version 3.0.0 to repository index
4459672 
Version 3.0.0 was inadvertently removed by automated PR (commit 1139fcf)
when 3.1.0 was added. Customers reported the version missing from
`helm search repo` results.

Changes:
- Restored 3.0.0 packaged chart from git tag
- Added 3.0.0 entries to docs/index.yaml for both splunk-enterprise and splunk-operator charts
- Chart digest: db5890e3bcc95f9ca7298873cc08b4a5d1ee86ccb4ad4e5334a0ab5d7a5fdb5e

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gabrielm-splunk gabrielm-splunk mentioned this pull request Apr 8, 2026
Open
2 tasks
vivekr-splunk
vivekr-splunk requested changes Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@vivekr-splunk vivekr-splunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found one blocking issue in the restored Helm repo metadata.

docs/index.yaml
repository: file://splunk-operator/helm-chart/splunk-operator
version: 3.0.0
description: A Helm chart for Splunk Enterprise managed by the Splunk Operator
digest: db5890e3bcc95f9ca7298873cc08b4a5d1ee86ccb4ad4e5334a0ab5d7a5fdb5e
Copy link
Copy Markdown
Collaborator

@vivekr-splunk vivekr-splunk Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The restored 3.0.0 index entries are not consistent with the published chart artifacts under docs/. Both new entries use digest db5890..., but docs/splunk-enterprise-3.0.0.tgz hashes to ae82f6... and docs/splunk-operator-3.0.0.tgz hashes to bd318b.... Current 3.1.0 entries match their tarballs, so this looks like the digest from the embedded dependency chart was copied into the repo index. Since Helm clients consume docs/index.yaml, I don’t think this is ready to merge until the index is regenerated from the actual published packages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vivekr-splunk vivekr-splunk vivekr-splunk requested changes

@rlieberman-splunk rlieberman-splunk rlieberman-splunk approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gabrielm-splunk @vivekr-splunk @rlieberman-splunk @kasiakoziol