Bump helm version dependency of plugin to the current version - 3.12.0

[azuterios]

Dear Terraform team. Please update the helm dependency version to the latest one - 3.12.0, as 3.11.1 contains several unchecked vulnerabilities, see example below. Thank you for the assistance on this!

Provider and Helm Versions

Provider version: 3.11.1
Helm version: 3.12.0

Steps to Reproduce

Older version dependency

Expected Behavior

When the updated version of helm is used, the vulnerability scanning is passing.

Actual Behavior

When the updated version of helm is used, the vulnerability scanner sees an older helm version from the plugin and stops the deployment.

References

• Helm v3.11.1 contains several unchecked vulnerabilities and the scanners are checking the version
• CVE-2023-25165 - https://nvd.nist.gov/vuln/detail/CVE-2023-25165#range-8965768

[sirantd]

Looks like the problem is not only with CVE. After updating AWS EKS to 1.27 I started to have such problems with provider:

Stack trace from the terraform-provider-helm_v2.9.0_x5 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x103cde640]

goroutine 100 [running]:
k8s.io/client-go/discovery.convertAPIResource(...)
        k8s.io/client-go@v0.26.1/discovery/aggregated_discovery.go:88
k8s.io/client-go/discovery.convertAPIGroup({{{0x0, 0x0}, {0x0, 0x0}}, {{0x14000f44e70, 0x15}, {0x0, 0x0}, {0x0, 0x0}, ...}, ...})
        k8s.io/client-go@v0.26.1/discovery/aggregated_discovery.go:69 +0x4b0
k8s.io/client-go/discovery.SplitGroupsAndResources({{{0x14000f44000, 0x15}, {0x14000db82e0, 0x1b}}, {{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, ...}, ...})
        k8s.io/client-go@v0.26.1/discovery/aggregated_discovery.go:35 +0x2b4
k8s.io/client-go/discovery.(*DiscoveryClient).downloadAPIs(0x1400056e168?)
        k8s.io/client-go@v0.26.1/discovery/discovery_client.go:310 +0x37c
k8s.io/client-go/discovery.(*DiscoveryClient).GroupsAndMaybeResources(0x1400056e2e8?)
        k8s.io/client-go@v0.26.1/discovery/discovery_client.go:198 +0x48
k8s.io/client-go/discovery/cached/memory.(*memCacheClient).refreshLocked(0x140001ad6e0)
        k8s.io/client-go@v0.26.1/discovery/cached/memory/memcache.go:222 +0x4c
k8s.io/client-go/discovery/cached/memory.(*memCacheClient).GroupsAndMaybeResources(0x140001ad6e0)
        k8s.io/client-go@v0.26.1/discovery/cached/memory/memcache.go:128 +0x88
k8s.io/client-go/discovery.ServerGroupsAndResources({0x104bd7da0, 0x140001ad6e0})
        k8s.io/client-go@v0.26.1/discovery/discovery_client.go:392 +0x50
k8s.io/client-go/discovery/cached/memory.(*memCacheClient).ServerGroupsAndResources(0x0?)
        k8s.io/client-go@v0.26.1/discovery/cached/memory/memcache.go:117 +0x2c
helm.sh/helm/v3/pkg/action.GetVersionSet({0x134a0b860?, 0x140001ad6e0?})
        helm.sh/helm/v3@v3.11.1/pkg/action/action.go:317 +0x38
helm.sh/helm/v3/pkg/action.(*Configuration).getCapabilities(0x140007020c0)
        helm.sh/helm/v3@v3.11.1/pkg/action/action.go:263 +0x84
helm.sh/helm/v3/pkg/action.(*Upgrade).prepareUpgrade(0x1400041b200, {0x1400220cc10, 0xc}, 0x14000a3c000, 0x1047d0d80?)
        helm.sh/helm/v3@v3.11.1/pkg/action/upgrade.go:227 +0x304
helm.sh/helm/v3/pkg/action.(*Upgrade).RunWithContext(0x1400041b200, {0x104bcf2f8, 0x1400019c000}, {0x1400220cc10, 0xc}, 0x0?, 0x14000920100?)
        helm.sh/helm/v3@v3.11.1/pkg/action/upgrade.go:145 +0x11c
helm.sh/helm/v3/pkg/action.(*Upgrade).Run(0x104bb3060?, {0x1400220cc10?, 0x14000a3c000?}, 0x14001dc2000?, 0x41?)
        helm.sh/helm/v3@v3.11.1/pkg/action/upgrade.go:128 +0x4c
github.com/hashicorp/terraform-provider-helm/helm.resourceReleaseUpdate({0x104bcf368?, 0x14000b2fec0?}, 0x14000371e80, {0x104a32a00?, 0x14000927140})
        github.com/hashicorp/terraform-provider-helm/helm/resource_release.go:741 +0x928
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0x140002c9340, {0x104bcf368, 0x14000b2fec0}, 0xd?, {0x104a32a00, 0x14000927140})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.22.0/helper/schema/resource.go:741 +0xec
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x140002c9340, {0x104bcf368, 0x14000b2fec0}, 0x14000b040d0, 0x14000371d00, {0x104a32a00, 0x14000927140})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.22.0/helper/schema/resource.go:847 +0x680
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x14000037860, {0x104bcf368?, 0x14000b2fda0?}, 0x14000b4c460)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.22.0/helper/schema/grpc_provider.go:1021 +0xb94
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0x140006b6c80, {0x104bcf368?, 0x14000b2f590?}, 0x140009495e0)
        github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/tf5server/server.go:818 +0x3c0
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x104abec00?, 0x140006b6c80}, {0x104bcf368, 0x14000b2f590}, 0x14000949570, 0x0)
        github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:385 +0x174
google.golang.org/grpc.(*Server).processUnaryRPC(0x140008c03c0, {0x104bd6100, 0x140006029c0}, 0x140012c6ea0, 0x14000285680, 0x105bd2820, 0x0)
        google.golang.org/grpc@v1.49.0/server.go:1301 +0x9d8
google.golang.org/grpc.(*Server).handleStream(0x140008c03c0, {0x104bd6100, 0x140006029c0}, 0x140012c6ea0, 0x0)
        google.golang.org/grpc@v1.49.0/server.go:1642 +0x840
google.golang.org/grpc.(*Server).serveStreams.func1.2()
        google.golang.org/grpc@v1.49.0/server.go:938 +0x88
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/grpc@v1.49.0/server.go:936 +0x298

Error: The terraform-provider-helm_v2.9.0_x5 plugin crashed!

I had similar problems with Helm itself. The problem was solved when I updated it to the latest 3.12.0 version.

[sirantd]

helm/helm#12061 (comment)