This update for helm fixes the following issues:

Update to version 3.18.3:

  * build(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0
    6838ebc (dependabot[bot])
  * fix: user username password for login 5b9e2f6 (Terry Howe)
  * Update pkg/registry/transport.go 2782412 (Terry Howe)
  * Update pkg/registry/transport.go e66cf6a (Terry Howe)
  * fix: add debug logging to oci transport 191f05c (Terry Howe)

Update to version 3.18.2:

  * fix: legacy docker support broken for login 04cad46 (Terry
    Howe)
  * Handle an empty registry config file. bc9f8a2 (Matt Farina)

Update to version 3.18.1:

  * Notes:

    - This release fixes regressions around template generation and
      OCI registry interaction in 3.18.0
    - There are at least 2 known regressions unaddressed in this
      release. They are being worked on.
      - Empty registry configuration files. When the file exists
        but it is empty.
      - Login to Docker Hub on some domains fails.

  * Changelog

    - fix(client): skipnode utilization for PreCopy
    - fix(client): layers now returns manifest - remove duplicate
      from descriptors
    - fix(client): return nil on non-allowed media types
    - Prevent fetching newReference again as we have in calling
      method
    - Prevent failure when resolving version tags in oras memory
      store
    - Update pkg/plugin/plugin.go
    - Update pkg/plugin/plugin.go
    - Wait for Helm v4 before raising when platformCommand and
      Command are set
    - Fix 3.18.0 regression: registry login with scheme
    - Revert "fix (helm) : toToml` renders int as float [ backport
      to v3 ]"

Update to version 3.18.0 (bsc#1241802, CVE-2025-22872):

  * Notable Changes

    - Add support for JSON Schema 2020
    - Enabled cpu and memory profiling
    - Add hook annotation to output hook logs to client on error

  * Changelog

    - build(deps): bump the k8s-io group with 7 updates
    - fix: govulncheck workflow
    - bump version to v3.18.0
    - fix:add proxy support when mTLS configured
    - docs: Note about http fallback for OCI registries
    - Bump net package to avoid CVE on dev-v3
    - Bump toml
    - backport #30677to dev3
    - build(deps): bump github.com/rubenv/sql-migrate from 1.7.2 to
      1.8.0
    - Add install test for TakeOwnership flag
    - Fix --take-ownership
    - build(deps): bump github.com/rubenv/sql-migrate from 1.7.1 to
      1.7.2
    - build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0
    - build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0
    - Testing text bump
    - Permit more Go version and not only 1.23.8
    - Bumps github.com/distribution/distribution/v3 from 3.0.0-rc.3
      to 3.0.0
    - Unarchiving fix
    - Fix typo
    - Report as debug log, the time spent waiting for resources
    - build(deps): bump github.com/containerd/containerd from
      1.7.26 to 1.7.27
    - Update pkg/registry/fallback.go
    - automatic fallback to http
    - chore(oci): upgrade to ORAS v2
    - Updating to 0.37.0 for x/net
    - build(deps): bump the k8s-io group with 7 updates
    - build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0
    - build(deps): bump github.com/opencontainers/image-spec
    - build(deps): bump github.com/containerd/containerd from
      1.7.25 to 1.7.26
    - build(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0
    - Fix cherry-pick helm.sh/helm/v4 -> helm.sh/helm/v3
    - Add HookOutputFunc and generic yaml unmarshaller
    - clarify fix error message
    - fix err check
    - add short circuit return
    - Add hook annotations to output pod logs to client on success
      and fail
    - chore: use []error instead of []string
    - Update cmd/helm/profiling.go
    - chore: update profiling doc in CONTRIBUTING.md
    - Update CONTRIBUTING guide
    - Prefer environment variables to CLI flags
    - Move pprof paths to HELM_PPROF env variable
    - feat: Add flags to enable CPU and memory profiling
    - build(deps): bump github.com/distribution/distribution/v3
    - build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
    - Moving to SetOut and SetErr for Cobra
    - build(deps): bump the k8s-io group with 7 updates
    - build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0
    - build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0
    - build(deps): bump golang.org/x/text from 0.21.0 to 0.22.0
    - build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6
    - build(deps): bump github.com/cyphar/filepath-securejoin
    - build(deps): bump github.com/evanphx/json-patch
    - build(deps): bump the k8s-io group with 7 updates
    - fix: check group for resource info match
    - Bump github.com/cyphar/filepath-securejoin from 0.3.6 to
      0.4.0
    - add test for nullifying nested global value
    - Ensuring the file paths are clean prior to passing to
      securejoin
    - Bump github.com/containerd/containerd from 1.7.24 to 1.7.25
    - Bump golang.org/x/crypto from 0.31.0 to 0.32.0
    - Bump golang.org/x/term from 0.27.0 to 0.28.0
    - bump version to v3.17.0
    - Bump github.com/moby/term from 0.5.0 to 0.5.2
    - Add test case for removing an entire object
    - Tests for bugfix: Override subcharts with null values #12879
    - feat: Added multi-platform plugin hook support to v3
    - This commit fixes the issue where the yaml.Unmarshaller
      converts all int values into float64, this passes in option
      to decoder, which enables conversion of int into .
    - merge null child chart objects