0.74.2 (2026-04-08)

What's Changed

🚀 Updates

• chore(dependencies): update init package registry image from 3.0.0 to 3.1.0 by @AustinAbro321 in #4792
• fix: git host matching by @AustinAbro321 in #4801
• fix: sanitize inspect output path by @AustinAbro321 in #4793
• chore(main): release 0.74.2 by @zarf-release-please[bot] in #4802

📦 Dependencies

• chore(deps): bump github.com/fatih/color from 1.18.0 to 1.19.0 by @dependabot[bot] in #4778
• chore(deps): bump github.com/fluxcd/source-controller/api from 1.8.0 to 1.8.1 by @dependabot[bot] in #4779
• chore(deps): bump actions/setup-go from 6.3.0 to 6.4.0 in the actions-organization group by @dependabot[bot] in #4785
• chore(deps): bump docker/login-action from 4.0.0 to 4.1.0 by @dependabot[bot] in #4786
• chore(deps): bump github.com/moby/moby/client from 0.3.0 to 0.4.0 by @dependabot[bot] in #4787
• chore(deps): bump github.com/distribution/distribution/v3 from 3.0.1-0.20250417064513-e016d9595f53 to 3.1.0 by @dependabot[bot] in #4788
• chore(deps): bump github.com/sigstore/cosign/v3 from 3.0.5 to 3.0.6 by @dependabot[bot] in #4790
• chore(deps): bump github.com/google/go-containerregistry from 0.21.3 to 0.21.4 by @dependabot[bot] in #4791

Full Changelog: v0.74.1...v0.74.2

0.74.1 (2026-04-02)

Features

• enable plugin support for vender-ed kubectl (#4705) (d812a6b)
• introduce page for schema on docs site (#4732) (1d193d0)
• state: deprecate "nodeport" in registry info in favor of "node" (#4729) (c8dd855)

Bug Fixes

• cache: sbom cachepath existence (#4762) (8785473)
• set transport in zarf tools registry catalog when mtls is enabled (#4728) (b8e38ec)
• values with zarf dev find-images (#4734) (78b7202)

What's Changed

🚀 Updates

• fix: set transport in zarf tools registry catalog when mtls is enabled by @AustinAbro321 in #4728
• feat: introduce page for schema on docs site by @AustinAbro321 in #4732
• fix(cache): sbom cachepath existence by @brandtkeller in #4762
• feat(state): deprecate "nodeport" in registry info in favor of "node" by @AustinAbro321 in #4729
• fix: values with zarf dev find-images by @AustinAbro321 in #4734
• feat: enable plugin support for vender-ed kubectl by @a1994sc in #4705
• chore(main): release 0.74.1 by @zarf-release-please[bot] in #4736

📦 Dependencies

• chore(deps): bump h3 from 1.15.5 to 1.15.9 in /site by @dependabot[bot] in #4737
• chore(deps): bump the k8s group across 1 directory with 7 updates by @dependabot[bot] in #4730
• chore(deps): bump the actions-organization group with 2 updates by @dependabot[bot] in #4740
• chore(deps): bump github/codeql-action from 4.32.6 to 4.34.1 by @dependabot[bot] in #4741
• chore(deps): bump codecov/codecov-action from 5.5.2 to 5.5.3 by @dependabot[bot] in #4742
• chore(deps): bump github.com/anchore/syft from 1.42.1 to 1.42.3 by @dependabot[bot] in #4738
• chore(deps): bump astro from 5.16.11 to 5.18.1 in /site by @dependabot[bot] in #4755
• chore(deps): bump codecov/codecov-action from 5.5.3 to 6.0.0 by @dependabot[bot] in #4759
• chore(deps): bump github/codeql-action from 4.34.1 to 4.35.1 by @dependabot[bot] in #4760
• chore(deps): bump github.com/go-git/go-git/v5 from 5.17.0 to 5.17.1 by @dependabot[bot] in #4763
• chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.25.0 to 1.26.0 by @dependabot[bot] in #4757
• chore(deps): bump the cosign-providers group across 1 directory with 4 updates by @dependabot[bot] in #4770
• chore(deps): bump github.com/docker/cli to 29.3.0+incompatible by @dependabot[bot] in #4692
• chore(deps): bump github.com/google/go-containerregistry from 0.21.1 to 0.21.3 by @dependabot[bot] in #4721
• chore(deps): bump github.com/mikefarah/yq/v4 from 4.50.1 to 4.52.5 by @dependabot[bot] in #4758
• chore(deps): bump sigs.k8s.io/controller-runtime from 0.23.1 to 0.23.3 by @dependabot[bot] in #4775
• chore(deps): bump github.com/go-git/go-git/v5 from 5.17.1 to 5.17.2 by @dependabot[bot] in #4773

Full Changelog: v0.74.0...v0.74.1

0.74.0 (2026-03-19)

⚠ BREAKING CHANGES

• upgrade to Helm 4 (#4350)
• deploy: override actions wait commands (#4531)

What's Changed

🚀 Updates

• chore(test): update external testing for local development by @brandtkeller in #4638
• chore(deps): update k9s to v0.50.18 by @brandtkeller in #4648
• fix: close leaked file handles in pull_test.go HTTP handlers by @joonas in #4657
• fix: close chunk file descriptors per iteration in SplitFile by @joonas in #4656
• feat: add retries on create operations by @mjnagel in #4664
• feat: update kubectl vender logic by @a1994sc in #4676
• feat(connect): create zarf connect resource sub-command by @AustinAbro321 in #4683
• feat(publish): support for tag specification by @brandtkeller in #4641
• test: fix registry flake by @AustinAbro321 in #4700
• feat(state): remove architecture field by @AustinAbro321 in #4701
• fix(deploy)!: override actions wait commands by @brandtkeller in #4531
• fix(agent): support create idempotency for mutation operations by @brandtkeller in #4691
• feat(init): clarify --registry-secret or --registry-url by @bm54cloud in #4694
• feat!: upgrade to Helm 4 by @AustinAbro321 in #4350
• fix: set field manager once during pre-run to avoid data race by @AustinAbro321 in #4707
• docs(install): add conda-forge community install method by @connor-stewarty in #4706
• docs: add 2026 community meeting notes link by @nick-adkins in #4715
• feat(init): enable switching between nodeport and proxy mode by @AustinAbro321 in #4608
• feat: use Zarf Package Config as image config by @AustinAbro321 in #4675
• feat: use legacy Helm wait + reconciliation Healthchecks by @AustinAbro321 in #4720
• feat: stop managing scale down policy in CLI by @AustinAbro321 in #4725
• docs(registry-proxy): describe registry proxy in init package docs by @AustinAbro321 in #4622
• chore(main): release 0.74.0 by @zarf-release-please[bot] in #4682

📦 Dependencies

• chore(deps): bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.0 by @dependabot[bot] in #4677
• chore(deps): bump svgo from 4.0.0 to 4.0.1 in /site by @dependabot[bot] in #4686
• chore(deps): bump dompurify from 3.3.1 to 3.3.2 in /site by @dependabot[bot] in #4689
• chore(deps): bump the actions-organization group with 3 updates by @dependabot[bot] in #4660
• chore(deps): bump github/codeql-action from 4.32.4 to 4.32.6 by @dependabot[bot] in #4696
• chore(deps): bump the actions-organization group with 2 updates by @dependabot[bot] in #4695
• chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 by @dependabot[bot] in #4697
• chore(deps): bump the actions-organization group with 2 updates by @dependabot[bot] in #4714
• chore(deps): bump the golang group across 1 directory with 2 updates by @dependabot[bot] in #4718
• chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 by @dependabot[bot] in #4724

New Contributors

• @bm54cloud made their first contribution in #4694
• @connor-stewarty made their first contribution in #4706

Full Changelog: v0.73.1...v0.74.0

0.73.1 (2026-03-03)

Bug Fixes

• archive: update to use os.root API (#4674) (93f9c33)
• buffer errChan in Tunnel.establish to prevent goroutine leak (#4653) (f087c17)
• check svc.Spec.Ports bounds before indexing in tunnel code (#4654) (1d017f4)
• preserve error chains by using %w instead of %s (#4658) (3a4875e)
• prevent panic on double call to Tracker.StopReporting (#4655) (2d19e74)
• return the correct error on io.CopyN failure (#4652) (c69273c)

What's Changed

🚀 Updates

• chore(main): release 0.73.1 by @zarf-release-please[bot] in #4663

Full Changelog: v0.73.1-rc1...v0.73.1

What's Changed

🚀 Updates

• chore(deps): update npm deps for vulns by @brandtkeller in #4639
• fix: return the correct error on io.CopyN failure by @joonas in #4652
• fix: preserve error chains by using %w instead of %s by @joonas in #4658
• fix: prevent panic on double call to Tracker.StopReporting by @joonas in #4655
• fix: check svc.Spec.Ports bounds before indexing in tunnel code by @joonas in #4654
• fix: buffer errChan in Tunnel.establish to prevent goroutine leak by @joonas in #4653
• chore(deps): bump go version to v1.25.7 by @brandtkeller in #4672
• fix(archive): update to use os.root API by @brandtkeller in #4674

📦 Dependencies

• chore(deps): bump github/codeql-action from 4.32.3 to 4.32.4 by @dependabot[bot] in #4633
• chore(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 in the actions-organization by @dependabot[bot] in #4632
• chore(deps): bump github.com/google/go-containerregistry from 0.20.7 to 0.21.0 by @dependabot[bot] in #4635
• chore(deps): bump github.com/google/go-containerregistry from 0.21.0 to 0.21.1 by @dependabot[bot] in #4643
• chore(deps): bump sigs.k8s.io/controller-runtime from 0.23.0 to 0.23.1 by @dependabot[bot] in #4636
• chore(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by @dependabot[bot] in #4634
• chore(deps): bump github.com/anchore/syft from 1.38.0 to 1.42.1 by @dependabot[bot] in #4625
• chore(deps): bump github.com/fluxcd/source-controller/api from 1.7.4 to 1.8.0 by @dependabot[bot] in #4642
• chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @dependabot[bot] in #4649
• chore(deps): bump github.com/pterm/pterm from 0.12.82 to 0.12.83 by @dependabot[bot] in #4650
• chore(deps-dev): bump minimatch from 10.2.2 to 10.2.4 in /site by @dependabot[bot] in #4647
• chore(deps): bump rollup from 4.55.1 to 4.59.0 in /site by @dependabot[bot] in #4646
• chore(deps): bump the k8s group across 1 directory with 7 updates by @dependabot[bot] in #4661
• chore(deps): bump github.com/go-git/go-billy/v5 from 5.7.0 to 5.8.0 by @dependabot[bot] in #4662
• chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by @dependabot[bot] in #4659

Full Changelog: v0.73.0...v0.73.1-rc1

0.73.0 (2026-02-20)

⚠ BREAKING CHANGES

• SDK: avoid os exit in cmd (#4615)

Features

• SDK: avoid os exit in cmd (#4615) (7f67816)
• split wait-for command (#4614) (3340ead)

Bug Fixes

• wait: properly resolve kind when group conflicts between resources (#4628) (db3cd9d)

What's Changed

🚀 Updates

• feat(SDK)!: avoid os exit in cmd by @AustinAbro321 in #4615
• feat: split wait-for command by @AustinAbro321 in #4614
• fix(wait): properly resolve kind when group conflicts between resources by @AustinAbro321 in #4628
• chore(main): release 0.73.0 by @zarf-release-please[bot] in #4627

📦 Dependencies

• chore(deps): bump the golang group across 1 directory with 2 updates by @dependabot[bot] in #4624
• chore(deps): bump the k8s group across 1 directory with 4 updates by @dependabot[bot] in #4623

Full Changelog: v0.72.0...v0.73.0

0.72.0 (2026-02-19)

⚠ BREAKING CHANGES

• bundle: bundle feature flag and version requirement (#4600)

Features

• add ability to supply custom init package (#4562) (f09b126)

Bug Fixes

• bundle: bundle feature flag and version requirement (#4600) (24f2738)
• make: always run unit tests with -race flag (#4610) (76950b3)
• skeleton: better error for missing skeleton (#4611) (25b3c78)
• template variables and values in .wait actions (#4604) (bfc0582)
• use cli tmpdir arg for image unpacks (#4618) (ea6dc0f)
• wait: ensure cluster is connectable in loop (#4616) (ade37d0)

Refactoring

• wait: avoid shelling out to kubectl during wait (#4567) (3660ece)

What's Changed

🚀 Updates

• chore(main): release 0.72.0 by @zarf-release-please[bot] in #4602

Full Changelog: v0.72.0-rc1...v0.72.0

What's Changed

🚀 Updates

• test: move build machine info test to e2e-without-cluster by @AustinAbro321 in #4597
• feat: add ability to supply custom init package by @a1994sc in #4562
• refactor(wait): avoid shelling out to kubectl during wait by @AustinAbro321 in #4567
• fix: template variables and values in .wait actions by @AustinAbro321 in #4604
• fix(make): always run unit tests with -race flag by @soltysh in #4610
• fix(bundle)!: bundle feature flag and version requirement by @brandtkeller in #4600
• fix(skeleton): better error for missing skeleton by @brandtkeller in #4611
• chore(docs): update signing deprecation notice by @brandtkeller in #4612
• fix: use cli tmpdir arg for image unpacks by @goubew in #4618
• chore(deps): bump cosign to v3.0.5 by @brandtkeller in #4619
• fix(wait): ensure cluster is connectable in loop by @AustinAbro321 in #4616

📦 Dependencies

• chore(deps): bump actions/setup-go from 6.1.0 to 6.2.0 in the actions-organization group by @dependabot[bot] in #4593
• chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #4594
• chore(deps): bump github/codeql-action from 4.32.0 to 4.32.2 by @dependabot[bot] in #4596
• chore(deps): bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 by @dependabot[bot] in #4595
• chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 by @dependabot[bot] in #4599
• chore(deps): bump github/codeql-action from 4.32.2 to 4.32.3 by @dependabot[bot] in #4607

New Contributors

• @goubew made their first contribution in #4618

Full Changelog: v0.71.1...v0.72.0-rc1

This R.C. was created to give users a chance to test out the upgrade to Helm 4. Here is a summary of the most impactful changes to Zarf:

• Helm 4 introduces Server Side Apply. If it is a first time chart install then server side apply will be used by default. Upgrades default to the apply method that was used in the latest deployment. To control the apply method for a specific packaged chart, a new field .Charts[x].ServerSideApply has been introduced with possible values true, false, auto . Auto will follow the default Helm behavior.
  • A good example of how this could effect some charts can be seen in the init package registry deployment. Server side apply caught that replicas were set even when they were controlled by the autoscaler, which led to a conflict error. To solve this we conditionally set replicas when the autoscaler is not enabled.
    -SSA enforces stricter field validation, if a field does not pass schema validation, you will receive an error instead of a warning.
• Helm now uses slog style logging.
• zarf tools helm is now a true copy of the Helm CLI. Previously, this command was a quasi fork of a subset of the Helm CLI and received infrequent updates. Zarf maintainer contributions made this functionality possible #13617
• Helm's now uses kstatus as a backend for it's wait logic, since Zarf already used kstatus after Helm deploys the wait logic should be near identical to earlier Zarf versions. Zarf maintainers contributed this functionality to Helm in #13604

What's Changed

🚀 Updates

• test: move build machine info test to e2e-without-cluster by @AustinAbro321 in #4597
• feat: add ability to supply custom init package by @a1994sc in #4562

📦 Dependencies

• chore(deps): bump actions/setup-go from 6.1.0 to 6.2.0 in the actions-organization group by @dependabot[bot] in #4593
• chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #4594
• chore(deps): bump github/codeql-action from 4.32.0 to 4.32.2 by @dependabot[bot] in #4596
• chore(deps): bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 by @dependabot[bot] in #4595
• chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 by @dependabot[bot] in #4599

Full Changelog: v0.71.1...v0.72.0-rc1-helm-4

0.71.1 (2026-02-06)

Bug Fixes

• actions: shell quote action wait bug (#4588) (331f46e)

What's Changed

🚀 Updates

• fix(actions): shell quote action wait bug by @AustinAbro321 in #4588
• chore(main): release 0.71.1 by @zarf-release-please[bot] in #4590

Full Changelog: v0.71.0...v0.71.1