Bump helm.sh/helm/v4 from 4.1.0 to 4.1.4

[dependabot]

Bumps helm.sh/helm/v4 from 4.1.0 to 4.1.4.

Release notes

Sourced from helm.sh/helm/v4's releases.

Helm v4.1.4 is a security fix patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Security fixes

• GHSA-hr2v-4r36-88hr Helm Chart extraction output directory collapse via Chart.yaml name dot-segment
• GHSA-q5jf-9vfq-h4h7 Plugin verification fails open when .prov is missing, allowing unsigned plugin install
• GHSA-vmx8-mqv2-9gmg Path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory

A big thank you to the reporters of these issues (@​maru1009, @​1seal).

Installation and Upgrading

Download Helm v4.1.4. The common platform binaries are here:

• MacOS amd64 (checksum / abf09c8503ad1d8ef76d3737a058c3456a998aae5f5966fce4bb3031aeb1654e)
• MacOS arm64 (checksum / 7c2eca678e8001fa863cdf8cbf6ac1b3799f9404a89eb55c08260ef5732e658d)
• Linux amd64 (checksum / 70b2c30a19da4db264dfd68c8a3664e05093a361cefd89572ffb36f8abfa3d09)
• Linux arm (checksum / c4a7d37032379cc7e82c9c76487d1041b193c9a0fbb4b8f3790230899b830a4f)
• Linux arm64 (checksum / 13d03672be289045d2ff00e4e345d61de1c6f21c1257a45955a30e8ae036d8f1)
• Linux i386 (checksum / 3e9bcefb85293854367bea931d669bb742974bbd978b3960df921ed129ff40f9)
• Linux ppc64le (checksum / 35a48f5db5c655b4471b37be75e76bfb2b23fc8a95d0fa2f0f344f0694336358)
• Linux s390x (checksum / c5653d0b3687f008dc48f80219906b574af3b623ddc114f92383327299ad935e)
• Linux riscv64 (checksum / 9d747ed5761a6a5c15aa7ad108b65aee917d8e33448690e83a6451b6a48748e6)
• Windows amd64 (checksum / bd60f567f667631a2c9b698dfabe5e3cd52eaaf4264163c0a9cae566db8560e8)
• Windows arm64 (checksum / d0a651026da4a26b28bdfc3d455ce3dfacbc267182dc2225c2172b1dcc549643)

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 4.1.5 and 3.20.3 are the next patch (bug fix) releases and will be on April 8, 2026
• 4.2.0 and 3.21.0 are the next minor (feature) releases and will be on May 13, 2026

Changelog

• fix: Plugin missing provenance bypass 05fa37973dc9e42b76e1d2883494c87174b6074f (George Jenkins)
• fix: Chart dot-name path bug 4e7994d4467182f535b6797c94b5b0e994a91436 (George Jenkins)
• ignore error plugin loads (cli, getter) 25819432bf87ac0b54f0d3fa54982add2cac609e (George Jenkins)
• fix: Plugin version path traversal 36c8539e99bc42d7aef9b87d136254662d04f027 (George Jenkins)
• fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow c61e0860ec797330a4c26a78dde7020cdc6743b1 (Terry Howe)

Helm v4.1.3 is a patch release. Users are encouraged to upgrade for the best experience.

... (truncated)

Commits

• 05fa379 fix: Plugin missing provenance bypass
• 4e7994d fix: Chart dot-name path bug
• 2581943 ignore error plugin loads (cli, getter)
• 36c8539 fix: Plugin version path traversal
• c61e086 fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow
• c94d381 chore(defaults): server-side apply SDK defaults should always match the CLI d...
• b36d660 whitespace
• 04a91af use logger with waiter
• c3c57db Remove refactorring changes from coalesce_test.go
• d47cb2b Fix import
• Additional commits viewable in compare view