chore(deps): Bump azure/setup-helm from 4 to 5#241
Merged
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
dependabot
Bot
force-pushed
the
dependabot/github_actions/azure/setup-helm-5
branch
from
4b71226 to
0304987
Compare
This was referenced Apr 4, 2026
Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 4 to 5. - [Release notes](https://github.com/azure/setup-helm/releases) - [Commits](Azure/setup-helm@v4...v5) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/github_actions/azure/setup-helm-5
branch
from
0304987 to
cb4be6a
Compare
pdettori
reviewed
Apr 8, 2026
Contributor
pdettori
left a comment
pdettori
left a comment
There was a problem hiding this comment.
Review Summary
Compatibility: Safe to merge. setup-helm v5's only breaking change is the Node.js runtime update (node20 → node24), which is transparent to consumers — inputs and outputs are unchanged. All 14 CI checks pass including E2E tests.
One pinning inconsistency noted inline.
Areas reviewed: GitHub Actions, Security (action pinning)
Reviewed with Claude Code
| - name: Set up Helm | ||
| if: github.ref_type == 'tag' | ||
| uses: azure/setup-helm@v4 | ||
| uses: azure/setup-helm@v5 |
Contributor
There was a problem hiding this comment.
suggestion: This uses @v5 (tag) while ci.yaml and security-scans.yaml correctly pin to the SHA (@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0). For consistency and supply-chain security, consider pinning here too:
Suggested change
| uses: azure/setup-helm@v5 | |
| uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 |
This pre-existed from v4 but is a good opportunity to fix.
Pin azure/setup-helm to commit SHA for consistency with ci.yaml and security-scans.yaml, improving supply-chain security. Assisted-By: Claude (Anthropic AI) <noreply@anthropic.com> Signed-off-by: Paolo Dettori <dettori@us.ibm.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps azure/setup-helm from 4 to 5.
Release notes
Sourced from azure/setup-helm's releases.
Commits
dda3372build3894c84chore(release): v5.0.0 (#265)ca66f38Update Node.js runtime from node20 to node24 (#259)316ed5aBump undici (#263)bc9bc0cBump undici and@actions/http-client(#257)16e3094Bump minimatch (#256)6e42753Bump actions/stale in /.github/workflows in the actions group (#255)9651d9dBump actions/checkout in /.github/workflows in the actions group (#251)658bff9Bump the actions group with 2 updates (#248)331c814Bump the actions group with 3 updates (#247)