Skip to content

inconsistent version validation in helm updates #14246

New issue
New issue
Open
Open
inconsistent version validation in helm updates#14246
Labels
L: elmElm packagesL: helmT: bug 🐞Something isn't working
@rlsf

Description

@rlsf
rlsf
opened on Feb 21, 2026

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

helm

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

following #12423 fix, i've triggered dependabot again and this time it failed differently:

2026/02/21 11:29:41 ERROR <job_1252218358> Error: dependency "dep" has an invalid version/constraint format: improper constraint: 2.0.4.117.gfc3fee5

so, what happens here is that dependabot search code found a "valid" version (2.0.4.117.gfc3fee5) this version isn't considered valid later in the process.
i think the same version rules should be applied by both search and validation code.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    L: elmElm packagesL: helmT: bug 🐞Something isn't working

    Type

    No type

    Projects

    Dependabot

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions