Merge branch 'helm:main' into feature/rollback-revision-history

.github/env

@@ -1,2 +1,2 @@
 GOLANG_VERSION=1.25
-GOLANGCI_LINT_VERSION=v2.10.1
+GOLANGCI_LINT_VERSION=v2.11.3

.github/workflows/codeql-analysis.yml

@@ -47,7 +47,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@e296a935590eb16afc0c0108289f68c87e2a89a5 # pinv4.30.7
+      uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # pinv4.35.1
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@e296a935590eb16afc0c0108289f68c87e2a89a5 # pinv4.30.7
+      uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # pinv4.35.1
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -72,4 +72,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@e296a935590eb16afc0c0108289f68c87e2a89a5 # pinv4.30.7
+      uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # pinv4.35.1

.github/workflows/scorecards.yml

@@ -64,6 +64,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v4
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           sarif_file: results.sarif

.golangci.yml

@@ -29,6 +29,7 @@ linters:
     - modernize
     - nakedret
     - nolintlint
+    - perfsprint
     - revive
     - sloglint
     - staticcheck
@@ -77,9 +78,11 @@ linters:
       require-specific: true
 
     revive:
-      max-open-files: 2048
+      enable-all-rules: false
       enable-default-rules: true
+      max-open-files: 2048
       rules:
+        - name: unnecessary-format
         - name: var-naming
           arguments:
             - ["ID"] # AllowList

go.mod

@@ -10,20 +10,20 @@ require (
 	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/Masterminds/squirrel v1.5.4
 	github.com/Masterminds/vcs v1.13.3
-	github.com/ProtonMail/go-crypto v1.3.0
+	github.com/ProtonMail/go-crypto v1.4.1
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
 	github.com/cyphar/filepath-securejoin v0.6.1
 	github.com/distribution/distribution/v3 v3.0.0
 	github.com/evanphx/json-patch/v5 v5.9.11
 	github.com/extism/go-sdk v1.7.1
-	github.com/fatih/color v1.18.0
+	github.com/fatih/color v1.19.0
 	github.com/fluxcd/cli-utils v0.37.2-flux.1
 	github.com/foxcpp/go-mockdns v1.2.0
 	github.com/gobwas/glob v0.2.3
 	github.com/gofrs/flock v0.13.0
 	github.com/gosuri/uitable v0.0.4
 	github.com/jmoiron/sqlx v1.4.0
-	github.com/lib/pq v1.11.2
+	github.com/lib/pq v1.12.1
 	github.com/mattn/go-shellwords v1.0.12
 	github.com/moby/term v0.5.2
 	github.com/opencontainers/go-digest v1.0.0
@@ -35,9 +35,9 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/tetratelabs/wazero v1.11.0
 	go.yaml.in/yaml/v3 v3.0.4
-	golang.org/x/crypto v0.48.0
+	golang.org/x/crypto v0.49.0
 	golang.org/x/term v0.41.0
-	golang.org/x/text v0.34.0
+	golang.org/x/text v0.35.0
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.35.1
 	k8s.io/apiextensions-apiserver v0.35.1
@@ -105,7 +105,7 @@ require (
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/miekg/dns v1.1.57 // indirect
@@ -158,16 +158,16 @@ require (
 	go.opentelemetry.io/otel/trace v1.40.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
-	golang.org/x/mod v0.32.0 // indirect
-	golang.org/x/net v0.49.0 // indirect
+	golang.org/x/mod v0.33.0 // indirect
+	golang.org/x/net v0.51.0 // indirect
 	golang.org/x/oauth2 v0.34.0 // indirect
-	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sync v0.20.0 // indirect
 	golang.org/x/sys v0.42.0 // indirect
 	golang.org/x/time v0.12.0 // indirect
-	golang.org/x/tools v0.41.0 // indirect
+	golang.org/x/tools v0.42.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect
-	google.golang.org/grpc v1.78.0 // indirect
+	google.golang.org/grpc v1.79.3 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect

go.sum

@@ -22,8 +22,8 @@ github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8
 github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Masterminds/vcs v1.13.3 h1:IIA2aBdXvfbIM+yl/eTnL4hb1XwdpvuQLglAix1gweE=
 github.com/Masterminds/vcs v1.13.3/go.mod h1:TiE7xuEjl1N4j016moRd6vezp6e6Lz23gypeXfzXeW8=
-github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw=
-github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
+github.com/ProtonMail/go-crypto v1.4.1 h1:9RfcZHqEQUvP8RzecWEUafnZVtEvrBVL9BiF67IQOfM=
+github.com/ProtonMail/go-crypto v1.4.1/go.mod h1:e1OaTyu5SYVrO9gKOEhTc+5UcXtTUa+P3uLudwcgPqo=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
@@ -87,8 +87,8 @@ github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
 github.com/extism/go-sdk v1.7.1 h1:lWJos6uY+tRFdlIHR+SJjwFDApY7OypS/2nMhiVQ9Sw=
 github.com/extism/go-sdk v1.7.1/go.mod h1:IT+Xdg5AZM9hVtpFUA+uZCJMge/hbvshl8bwzLtFyKA=
-github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
-github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
+github.com/fatih/color v1.19.0 h1:Zp3PiM21/9Ld6FzSKyL5c/BULoe/ONr9KlbYVOfG8+w=
+github.com/fatih/color v1.19.0/go.mod h1:zNk67I0ZUT1bEGsSGyCZYZNrHuTkJJB+r6Q9VuMi0LE=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fluxcd/cli-utils v0.37.2-flux.1 h1:tQ588ghtRN+E+kHq415FddfqA9v4brn/1WWgrP6rQR0=
@@ -192,15 +192,14 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtB
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.11.2 h1:x6gxUeu39V0BHZiugWe8LXZYZ+Utk7hSJGThs8sdzfs=
-github.com/lib/pq v1.11.2/go.mod h1:/p+8NSbOcwzAEI7wiMXFlgydTwcgTr3OSKMsD2BitpA=
+github.com/lib/pq v1.12.1 h1:x1nbl/338GLqeDJ/FAiILallhAsqubLzEZu/pXtHUow=
+github.com/lib/pq v1.12.1/go.mod h1:/p+8NSbOcwzAEI7wiMXFlgydTwcgTr3OSKMsD2BitpA=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
 github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
 github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
@@ -381,14 +380,14 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
-golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
-golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
+golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
+golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
-golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -399,8 +398,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
-golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
-golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
+golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
+golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
 golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
 golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -411,8 +410,8 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
-golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
+golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -423,7 +422,6 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -448,8 +446,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
-golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
+golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
 golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
 golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -458,8 +456,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk=
-golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
-golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
@@ -467,8 +465,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 h1:
 google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409/go.mod h1:fl8J1IvUjCilwZzQowmw2b7HQB2eAuYBabMXzWurF+I=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
-google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
-google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
+google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
+google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=

internal/chart/v3/lint/lint_test.go

@@ -95,7 +95,7 @@ func TestInvalidYaml(t *testing.T) {
 		t.Fatalf("All didn't fail with expected errors, got %#v", m)
 	}
 	if !strings.Contains(m[0].Err.Error(), "deliberateSyntaxError") {
-		t.Errorf("All didn't have the error for deliberateSyntaxError")
+		t.Error("All didn't have the error for deliberateSyntaxError")
 	}
 }
 
@@ -107,7 +107,7 @@ func TestInvalidChartYamlV3(t *testing.T) {
 		t.Fatalf("All didn't fail with expected errors, got %#v", m)
 	}
 	if !strings.Contains(m[0].Err.Error(), "failed to strictly parse chart metadata file") {
-		t.Errorf("All didn't have the error for duplicate YAML keys")
+		t.Error("All didn't have the error for duplicate YAML keys")
 	}
 }
 
@@ -237,7 +237,7 @@ func TestMalformedTemplate(t *testing.T) {
 			t.Fatalf("All didn't fail with expected errors, got %#v", m)
 		}
 		if !strings.Contains(m[0].Err.Error(), "invalid character '{'") {
-			t.Errorf("All didn't have the error for invalid character '{'")
+			t.Error("All didn't have the error for invalid character '{'")
 		}
 	}
 }

internal/chart/v3/lint/rules/chartfile_test.go

@@ -50,26 +50,26 @@ func TestValidateChartYamlNotDirectory(t *testing.T) {
 
 	err := validateChartYamlNotDirectory(nonExistingChartFilePath)
 	if err == nil {
-		t.Errorf("validateChartYamlNotDirectory to return a linter error, got no error")
+		t.Error("validateChartYamlNotDirectory to return a linter error, got no error")
 	}
 }
 
 func TestValidateChartYamlFormat(t *testing.T) {
 	err := validateChartYamlFormat(errors.New("Read error"))
 	if err == nil {
-		t.Errorf("validateChartYamlFormat to return a linter error, got no error")
+		t.Error("validateChartYamlFormat to return a linter error, got no error")
 	}
 
 	err = validateChartYamlFormat(nil)
 	if err != nil {
-		t.Errorf("validateChartYamlFormat to return no error, got a linter error")
+		t.Error("validateChartYamlFormat to return no error, got a linter error")
 	}
 }
 
 func TestValidateChartName(t *testing.T) {
 	err := validateChartName(badChart)
 	if err == nil {
-		t.Errorf("validateChartName to return a linter error, got no error")
+		t.Error("validateChartName to return a linter error, got no error")
 	}
 
 	err = validateChartName(badChartName)
@@ -149,7 +149,7 @@ func TestValidateChartMaintainer(t *testing.T) {
 	badChart.Maintainers = []*chart.Maintainer{nil}
 	err := validateChartMaintainer(badChart)
 	if err == nil {
-		t.Errorf("validateChartMaintainer did not return error for nil maintainer as expected")
+		t.Error("validateChartMaintainer did not return error for nil maintainer as expected")
 	}
 	if err.Error() != "a maintainer entry is empty" {
 		t.Errorf("validateChartMaintainer returned unexpected error for nil maintainer: %s", err.Error())
@@ -185,7 +185,7 @@ func TestValidateChartIconPresence(t *testing.T) {
 		err := validateChartIconPresence(testChart)
 
 		if err == nil {
-			t.Errorf("validateChartIconPresence to return a linter error, got no error")
+			t.Error("validateChartIconPresence to return a linter error, got no error")
 		} else if !strings.Contains(err.Error(), "icon is recommended") {
 			t.Errorf("expected %q, got %q", "icon is recommended", err.Error())
 		}

internal/chart/v3/lint/rules/dependencies_test.go

@@ -72,7 +72,7 @@ func TestValidateDependencyInMetadata(t *testing.T) {
 	c := chartWithBadDependencies()
 
 	if err := validateDependencyInMetadata(&c); err == nil {
-		t.Errorf("chart should have been flagged for missing deps in chart metadata")
+		t.Error("chart should have been flagged for missing deps in chart metadata")
 	}
 }
 
@@ -132,7 +132,7 @@ func TestValidateDependenciesUnique(t *testing.T) {
 
 	for _, tt := range tests {
 		if err := validateDependenciesUnique(&tt.chart); err == nil {
-			t.Errorf("chart should have been flagged for dependency shadowing")
+			t.Error("chart should have been flagged for dependency shadowing")
 		}
 	}
 }

internal/chart/v3/lint/rules/deprecations_test.go

@@ -36,6 +36,6 @@ func TestValidateNoDeprecations(t *testing.T) {
 		APIVersion: "v1",
 		Kind:       "Pod",
 	}, nil); err != nil {
-		t.Errorf("Expected a v1 Pod to not be deprecated")
+		t.Error("Expected a v1 Pod to not be deprecated")
 	}
 }

internal/chart/v3/lint/rules/values_test.go

@@ -57,7 +57,7 @@ func TestValidateValuesYamlNotDirectory(t *testing.T) {
 
 	err := validateValuesFileExistence(nonExistingValuesFilePath)
 	if err == nil {
-		t.Errorf("validateValuesFileExistence to return a linter error, got no error")
+		t.Error("validateValuesFileExistence to return a linter error, got no error")
 	}
 }
 

internal/chart/v3/loader/load_test.go

@@ -61,7 +61,7 @@ func TestLoadDirWithDevNull(t *testing.T) {
 		t.Fatalf("Failed to load testdata: %s", err)
 	}
 	if _, err := l.Load(); err == nil {
-		t.Errorf("packages with an irregular file (/dev/null) should not load")
+		t.Error("packages with an irregular file (/dev/null) should not load")
 	}
 }
 

internal/chart/v3/util/chartfile_test.go

@@ -56,11 +56,11 @@ func verifyChartfile(t *testing.T, f *chart.Metadata, name string) {
 	}
 
 	if f.Maintainers[0].Name != "The Helm Team" {
-		t.Errorf("Unexpected maintainer name.")
+		t.Error("Unexpected maintainer name.")
 	}
 
 	if f.Maintainers[1].Email != "nobody@example.com" {
-		t.Errorf("Unexpected maintainer email.")
+		t.Error("Unexpected maintainer email.")
 	}
 
 	if len(f.Sources) != 1 {
@@ -111,7 +111,7 @@ func TestIsChartDir(t *testing.T) {
 	}
 	validChartDir, err = IsChartDir("testdata")
 	if validChartDir || err == nil {
-		t.Errorf("expected error but did not get any")
+		t.Error("expected error but did not get any")
 		return
 	}
 }

internal/chart/v3/util/create_test.go

@@ -140,7 +140,7 @@ func TestCreate_Overwrite(t *testing.T) {
 	}
 
 	if errlog.Len() == 0 {
-		t.Errorf("Expected warnings about overwriting files.")
+		t.Error("Expected warnings about overwriting files.")
 	}
 }
 

internal/plugin/installer/http_installer_test.go

@@ -53,16 +53,16 @@ var fakePluginB64 = "H4sIAAAAAAAAA+3SQUvDMBgG4Jz7K0LwapdvSxrwJig6mCKC5xHabBaXdDS
 
 func TestStripName(t *testing.T) {
 	if stripPluginName("fake-plugin-0.0.1.tar.gz") != "fake-plugin" {
-		t.Errorf("name does not match expected value")
+		t.Error("name does not match expected value")
 	}
 	if stripPluginName("fake-plugin-0.0.1.tgz") != "fake-plugin" {
-		t.Errorf("name does not match expected value")
+		t.Error("name does not match expected value")
 	}
 	if stripPluginName("fake-plugin.tgz") != "fake-plugin" {
-		t.Errorf("name does not match expected value")
+		t.Error("name does not match expected value")
 	}
 	if stripPluginName("fake-plugin.tar.gz") != "fake-plugin" {
-		t.Errorf("name does not match expected value")
+		t.Error("name does not match expected value")
 	}
 }
 
@@ -345,7 +345,7 @@ func TestMediaTypeToExtension(t *testing.T) {
 			t.Errorf("Media type %q failed test", mt)
 		}
 		if shouldPass && ext == "" {
-			t.Errorf("Expected an extension but got empty string")
+			t.Error("Expected an extension but got empty string")
 		}
 		if !shouldPass && len(ext) != 0 {
 			t.Error("Expected extension to be empty for unrecognized type")

internal/plugin/installer/installer.go

@@ -99,7 +99,7 @@ func InstallWithOptions(i Installer, opts Options) (*VerificationResult, error)
 		// Check if provenance data exists
 		if len(provData) == 0 {
 			// No .prov file found - emit warning but continue installation
-			fmt.Fprintf(os.Stderr, "WARNING: No provenance file found for plugin. Plugin is not signed and cannot be verified.\n")
+			fmt.Fprint(os.Stderr, "WARNING: No provenance file found for plugin. Plugin is not signed and cannot be verified.\n")
 		} else {
 			// Provenance data exists - verify the plugin
 			verification, err := plugin.VerifyPlugin(archiveData, provData, filename, opts.Keyring)

internal/plugin/installer/installer_test.go

@@ -23,18 +23,18 @@ func TestIsRemoteHTTPArchive(t *testing.T) {
 	source := srv.URL + "/plugins/fake-plugin-0.0.1.tar.gz"
 
 	if isRemoteHTTPArchive("/not/a/URL") {
-		t.Errorf("Expected non-URL to return false")
+		t.Error("Expected non-URL to return false")
 	}
 
 	// URLs with valid archive extensions are considered valid archives
 	// even if the server is unreachable (optimization to avoid unnecessary HTTP requests)
 	if !isRemoteHTTPArchive("https://127.0.0.1:123/fake/plugin-1.2.3.tgz") {
-		t.Errorf("URL with .tgz extension should be considered a valid archive")
+		t.Error("URL with .tgz extension should be considered a valid archive")
 	}
 
 	// Test with invalid extension and unreachable server
 	if isRemoteHTTPArchive("https://127.0.0.1:123/fake/plugin-1.2.3.notanarchive") {
-		t.Errorf("Bad URL without valid extension should not succeed")
+		t.Error("Bad URL without valid extension should not succeed")
 	}
 
 	if !isRemoteHTTPArchive(source) {

internal/plugin/installer/oci_installer_test.go

@@ -239,7 +239,7 @@ func TestNewOCIInstaller(t *testing.T) {
 
 			if tt.expectError {
 				if err == nil {
-					t.Errorf("expected error but got none")
+					t.Error("expected error but got none")
 				}
 				return
 			}
@@ -416,7 +416,7 @@ func TestOCIInstaller_Install_WithGetterOptions(t *testing.T) {
 			err = Install(installer)
 			if tc.wantErr {
 				if err == nil {
-					t.Errorf("Expected installation to fail, but it succeeded")
+					t.Error("Expected installation to fail, but it succeeded")
 				}
 			} else {
 				if err != nil {
@@ -526,13 +526,13 @@ func TestOCIInstaller_Install_ComponentExtraction(t *testing.T) {
 	// Verify plugin.yaml exists
 	pluginYAMLPath := filepath.Join(tempDir, "plugin.yaml")
 	if _, err := os.Stat(pluginYAMLPath); os.IsNotExist(err) {
-		t.Errorf("plugin.yaml not found after extraction")
+		t.Error("plugin.yaml not found after extraction")
 	}
 
 	// Verify bin directory exists
 	binPath := filepath.Join(tempDir, "bin")
 	if _, err := os.Stat(binPath); os.IsNotExist(err) {
-		t.Errorf("bin directory not found after extraction")
+		t.Error("bin directory not found after extraction")
 	}
 
 	// Verify executable exists and has correct permissions
@@ -540,12 +540,12 @@ func TestOCIInstaller_Install_ComponentExtraction(t *testing.T) {
 	if info, err := os.Stat(execPath); err != nil {
 		t.Errorf("executable not found: %v", err)
 	} else if info.Mode()&0111 == 0 {
-		t.Errorf("file is not executable")
+		t.Error("file is not executable")
 	}
 
 	// Verify this would be recognized as a plugin
 	if !isPlugin(tempDir) {
-		t.Errorf("extracted directory is not a valid plugin")
+		t.Error("extracted directory is not a valid plugin")
 	}
 }
 
@@ -798,7 +798,7 @@ func TestOCIInstaller_Install_ValidationErrors(t *testing.T) {
 					t.Error("expected valid gzip data")
 				}
 				if !strings.Contains(tt.errorMsg, "is not a gzip compressed archive") {
-					t.Errorf("expected error message to contain 'is not a gzip compressed archive'")
+					t.Error("expected error message to contain 'is not a gzip compressed archive'")
 				}
 			}
 		})

internal/plugin/installer/verification_test.go

@@ -118,7 +118,7 @@ func TestInstallWithOptions_VerifyWithValidProvenance(t *testing.T) {
 
 	// Plugin should not be installed due to verification failure
 	if _, err := os.Stat(installer.Path()); !os.IsNotExist(err) {
-		t.Errorf("Plugin should not be installed when verification fails")
+		t.Error("Plugin should not be installed when verification fails")
 	}
 }
 
@@ -150,7 +150,7 @@ func TestInstallWithOptions_VerifyWithInvalidProvenance(t *testing.T) {
 
 	// Should fail with verification error
 	if err == nil {
-		t.Fatalf("Expected installation with invalid .prov file to fail")
+		t.Fatal("Expected installation with invalid .prov file to fail")
 	}
 	if result != nil {
 		t.Errorf("Expected nil verification result when verification fails, got: %+v", result)
@@ -164,7 +164,7 @@ func TestInstallWithOptions_VerifyWithInvalidProvenance(t *testing.T) {
 
 	// Plugin should not be installed
 	if _, err := os.Stat(installer.Path()); !os.IsNotExist(err) {
-		t.Errorf("Plugin should not be installed when verification fails")
+		t.Error("Plugin should not be installed when verification fails")
 	}
 }
 

pkg/action/action_test.go

@@ -377,7 +377,7 @@ func TestGetVersionSet(t *testing.T) {
 	}
 
 	if !vs.Has("v1") {
-		t.Errorf("Expected supported versions to at least include v1.")
+		t.Error("Expected supported versions to at least include v1.")
 	}
 	if vs.Has("nosuchversion/v1") {
 		t.Error("Non-existent version is reported found.")

pkg/action/dependency.go

@@ -92,7 +92,7 @@ func (d *Dependency) dependencyStatus(chartpath string, dep *chart.Dependency, p
 		for _, arc := range archives {
 			// we need to trip the prefix dirs and the extension off.
 			filename = strings.TrimSuffix(filepath.Base(arc), ".tgz")
-			maybeVersion := strings.TrimPrefix(filename, fmt.Sprintf("%s-", dep.Name))
+			maybeVersion := strings.TrimPrefix(filename, dep.Name+"-")
 
 			if _, err := semver.StrictNewVersion(maybeVersion); err == nil {
 				// If the version parsed without an error, it is possibly a valid

pkg/action/hooks.go

@@ -257,9 +257,9 @@ func (cfg *Configuration) outputLogsByPolicy(h *release.Hook, releaseNamespace s
 	}
 	switch h.Kind {
 	case "Job":
-		return cfg.outputContainerLogsForListOptions(namespace, metav1.ListOptions{LabelSelector: fmt.Sprintf("job-name=%s", h.Name)})
+		return cfg.outputContainerLogsForListOptions(namespace, metav1.ListOptions{LabelSelector: "job-name=" + h.Name})
 	case "Pod":
-		return cfg.outputContainerLogsForListOptions(namespace, metav1.ListOptions{FieldSelector: fmt.Sprintf("metadata.name=%s", h.Name)})
+		return cfg.outputContainerLogsForListOptions(namespace, metav1.ListOptions{FieldSelector: "metadata.name=" + h.Name})
 	default:
 		return nil
 	}

pkg/action/hooks_test.go

@@ -403,11 +403,11 @@ data:
 			}
 
 			if err != nil && !tc.expectError {
-				t.Fatalf("Got an unexpected error.")
+				t.Fatal("Got an unexpected error.")
 			}
 
 			if err == nil && tc.expectError {
-				t.Fatalf("Expected and error but did not get it.")
+				t.Fatal("Expected and error but did not get it.")
 			}
 		})
 	}

pkg/action/install.go

@@ -377,7 +377,7 @@ func (i *Install) RunWithContext(ctx context.Context, ch ci.Charter, vals map[st
 	}
 	// Check error from render
 	if err != nil {
-		rel.SetStatus(rcommon.StatusFailed, fmt.Sprintf("failed to render resource: %s", err.Error()))
+		rel.SetStatus(rcommon.StatusFailed, "failed to render resource: "+err.Error())
 		// Return a release with partial data so that the client can show debugging information.
 		return rel, err
 	}

pkg/action/install_test.go

@@ -1270,7 +1270,7 @@ func TestInstallCRDs_CheckNilErrors(t *testing.T) {
 
 			err := instAction.installCRDs(tt.input)
 			if err == nil {
-				t.Errorf("got nil expected err")
+				t.Error("got nil expected err")
 			}
 		})
 	}

pkg/action/lint_test.go

@@ -93,7 +93,7 @@ func TestLintChart(t *testing.T) {
 			case err != nil && !tt.err:
 				t.Errorf("%s", err)
 			case err == nil && tt.err:
-				t.Errorf("Expected a chart parsing error")
+				t.Error("Expected a chart parsing error")
 			}
 		})
 	}

pkg/action/validate.go

@@ -17,6 +17,7 @@ limitations under the License.
 package action
 
 import (
+	"errors"
 	"fmt"
 	"maps"
 
@@ -226,7 +227,7 @@ func validateNameAndGenerateName(info *resource.Info) (bool, error) {
 	}
 
 	if info.Name != "" && accessor.GetGenerateName() != "" {
-		return true, fmt.Errorf("metadata.name and metadata.generateName cannot both be set")
+		return true, errors.New("metadata.name and metadata.generateName cannot both be set")
 	}
 
 	return false, nil

pkg/chart/common.go

@@ -17,7 +17,6 @@ package chart
 
 import (
 	"errors"
-	"fmt"
 	"log/slog"
 	"reflect"
 	"strings"
@@ -192,7 +191,7 @@ func structToMap(obj any) (map[string]any, error) {
 
 	// Check if the input is a struct
 	if objValue.Kind() != reflect.Struct {
-		return nil, fmt.Errorf("input must be a struct or a pointer to a struct")
+		return nil, errors.New("input must be a struct or a pointer to a struct")
 	}
 
 	result := make(map[string]any)

pkg/chart/common/capabilities_test.go

@@ -68,7 +68,7 @@ func TestDefaultCapabilities(t *testing.T) {
 func TestParseKubeVersion(t *testing.T) {
 	kv, err := ParseKubeVersion("v1.16.0")
 	if err != nil {
-		t.Errorf("Expected v1.16.0 to parse successfully")
+		t.Error("Expected v1.16.0 to parse successfully")
 	}
 	if kv.Version != "v1.16.0" {
 		t.Errorf("Expected parsed KubeVersion.Version to be v1.16.0, got %q", kv.String())

pkg/chart/common/util/values_test.go

@@ -85,7 +85,7 @@ func TestToRenderValues(t *testing.T) {
 		t.Error("Expected upgrade to be false.")
 	}
 	if !relmap["IsInstall"].(bool) {
-		t.Errorf("Expected install to be true.")
+		t.Error("Expected install to be true.")
 	}
 	if !res["Capabilities"].(*common.Capabilities).APIVersions.Has("v1") {
 		t.Error("Expected Capabilities to have v1 as an API")

pkg/chart/common/values_test.go

@@ -113,7 +113,7 @@ chapter:
 	}
 
 	if _, err := d.Table("title"); err == nil {
-		t.Fatalf("Title is not a table.")
+		t.Fatal("Title is not a table.")
 	}
 
 	if _, err := d.Table("chapter"); err != nil {
@@ -131,7 +131,7 @@ chapter:
 	}
 
 	if _, err := d.Table("chapter.OneHundredThirtySix"); err == nil {
-		t.Errorf("I think you mean 'Epilogue'")
+		t.Error("I think you mean 'Epilogue'")
 	}
 }
 
@@ -150,13 +150,13 @@ func matchValues(t *testing.T, data map[string]any) {
 	if o, err := ttpl("{{.mariner.shot}}", data); err != nil {
 		t.Errorf(".mariner.shot: %s", err)
 	} else if o != "ALBATROSS" {
-		t.Errorf("Expected that mariner shot ALBATROSS")
+		t.Error("Expected that mariner shot ALBATROSS")
 	}
 
 	if o, err := ttpl("{{.water.water.where}}", data); err != nil {
 		t.Errorf(".water.water.where: %s", err)
 	} else if o != "everywhere" {
-		t.Errorf("Expected water water everywhere")
+		t.Error("Expected water water everywhere")
 	}
 }
 
@@ -199,7 +199,7 @@ chapter:
 	}
 	if v, err := d.PathValue("title"); err == nil {
 		if v != "Moby Dick" {
-			t.Errorf("Failed to return values for root key title")
+			t.Error("Failed to return values for root key title")
 		}
 	}
 }

pkg/chart/v2/lint/lint_test.go

@@ -100,7 +100,7 @@ func TestInvalidYaml(t *testing.T) {
 		t.Fatalf("All didn't fail with expected errors, got %#v", m)
 	}
 	if !strings.Contains(m[0].Err.Error(), "deliberateSyntaxError") {
-		t.Errorf("All didn't have the error for deliberateSyntaxError")
+		t.Error("All didn't have the error for deliberateSyntaxError")
 	}
 }
 
@@ -111,7 +111,7 @@ func TestInvalidChartYaml(t *testing.T) {
 		t.Fatalf("All didn't fail with expected errors, got %#v", m)
 	}
 	if !strings.Contains(m[0].Err.Error(), "failed to strictly parse chart metadata file") {
-		t.Errorf("All didn't have the error for duplicate YAML keys")
+		t.Error("All didn't have the error for duplicate YAML keys")
 	}
 }
 
@@ -241,7 +241,7 @@ func TestMalformedTemplate(t *testing.T) {
 			t.Fatalf("All didn't fail with expected errors, got %#v", m)
 		}
 		if !strings.Contains(m[0].Err.Error(), "invalid character '{'") {
-			t.Errorf("All didn't have the error for invalid character '{'")
+			t.Error("All didn't have the error for invalid character '{'")
 		}
 	}
 }

pkg/chart/v2/lint/rules/chartfile_test.go

@@ -50,26 +50,26 @@ func TestValidateChartYamlNotDirectory(t *testing.T) {
 
 	err := validateChartYamlNotDirectory(nonExistingChartFilePath)
 	if err == nil {
-		t.Errorf("validateChartYamlNotDirectory to return a linter error, got no error")
+		t.Error("validateChartYamlNotDirectory to return a linter error, got no error")
 	}
 }
 
 func TestValidateChartYamlFormat(t *testing.T) {
 	err := validateChartYamlFormat(errors.New("Read error"))
 	if err == nil {
-		t.Errorf("validateChartYamlFormat to return a linter error, got no error")
+		t.Error("validateChartYamlFormat to return a linter error, got no error")
 	}
 
 	err = validateChartYamlFormat(nil)
 	if err != nil {
-		t.Errorf("validateChartYamlFormat to return no error, got a linter error")
+		t.Error("validateChartYamlFormat to return no error, got a linter error")
 	}
 }
 
 func TestValidateChartName(t *testing.T) {
 	err := validateChartName(badChart)
 	if err == nil {
-		t.Errorf("validateChartName to return a linter error, got no error")
+		t.Error("validateChartName to return a linter error, got no error")
 	}
 
 	err = validateChartName(badChartName)
@@ -176,7 +176,7 @@ func TestValidateChartMaintainer(t *testing.T) {
 	badChart.Maintainers = []*chart.Maintainer{nil}
 	err := validateChartMaintainer(badChart)
 	if err == nil {
-		t.Errorf("validateChartMaintainer did not return error for nil maintainer as expected")
+		t.Error("validateChartMaintainer did not return error for nil maintainer as expected")
 	}
 	if err.Error() != "a maintainer entry is empty" {
 		t.Errorf("validateChartMaintainer returned unexpected error for nil maintainer: %s", err.Error())
@@ -212,7 +212,7 @@ func TestValidateChartIconPresence(t *testing.T) {
 		err := validateChartIconPresence(testChart)
 
 		if err == nil {
-			t.Errorf("validateChartIconPresence to return a linter error, got no error")
+			t.Error("validateChartIconPresence to return a linter error, got no error")
 		} else if !strings.Contains(err.Error(), "icon is recommended") {
 			t.Errorf("expected %q, got %q", "icon is recommended", err.Error())
 		}

pkg/chart/v2/lint/rules/dependencies_test.go

@@ -72,7 +72,7 @@ func TestValidateDependencyInMetadata(t *testing.T) {
 	c := chartWithBadDependencies()
 
 	if err := validateDependencyInMetadata(&c); err == nil {
-		t.Errorf("chart should have been flagged for missing deps in chart metadata")
+		t.Error("chart should have been flagged for missing deps in chart metadata")
 	}
 }
 
@@ -132,7 +132,7 @@ func TestValidateDependenciesUnique(t *testing.T) {
 
 	for _, tt := range tests {
 		if err := validateDependenciesUnique(&tt.chart); err == nil {
-			t.Errorf("chart should have been flagged for dependency shadowing")
+			t.Error("chart should have been flagged for dependency shadowing")
 		}
 	}
 }

pkg/chart/v2/lint/rules/deprecations_test.go

@@ -36,6 +36,6 @@ func TestValidateNoDeprecations(t *testing.T) {
 		APIVersion: "v1",
 		Kind:       "Pod",
 	}, nil); err != nil {
-		t.Errorf("Expected a v1 Pod to not be deprecated")
+		t.Error("Expected a v1 Pod to not be deprecated")
 	}
 }

pkg/chart/v2/lint/rules/values.go

@@ -17,6 +17,7 @@ limitations under the License.
 package rules
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -47,7 +48,7 @@ func ValuesWithOverrides(linter *support.Linter, valueOverrides map[string]any,
 func validateValuesFileExistence(valuesPath string) error {
 	_, err := os.Stat(valuesPath)
 	if err != nil {
-		return fmt.Errorf("file does not exist")
+		return errors.New("file does not exist")
 	}
 	return nil
 }

pkg/chart/v2/lint/rules/values_test.go

@@ -57,7 +57,7 @@ func TestValidateValuesYamlNotDirectory(t *testing.T) {
 
 	err := validateValuesFileExistence(nonExistingValuesFilePath)
 	if err == nil {
-		t.Errorf("validateValuesFileExistence to return a linter error, got no error")
+		t.Error("validateValuesFileExistence to return a linter error, got no error")
 	}
 }
 

pkg/chart/v2/loader/load.go

@@ -120,7 +120,7 @@ func LoadFiles(files []*archive.BufferedFile) (*chart.Chart, error) {
 				c.Metadata = new(chart.Metadata)
 			}
 			if c.Metadata.APIVersion != chart.APIVersionV1 {
-				log.Printf("Warning: Dependencies are handled in Chart.yaml since apiVersion \"v2\". We recommend migrating dependencies to Chart.yaml.")
+				log.Print("Warning: Dependencies are handled in Chart.yaml since apiVersion \"v2\". We recommend migrating dependencies to Chart.yaml.")
 			}
 			if err := yaml.Unmarshal(f.Data, c.Metadata); err != nil {
 				return c, fmt.Errorf("cannot load requirements.yaml: %w", err)
@@ -138,7 +138,7 @@ func LoadFiles(files []*archive.BufferedFile) (*chart.Chart, error) {
 				c.Metadata = new(chart.Metadata)
 			}
 			if c.Metadata.APIVersion != chart.APIVersionV1 {
-				log.Printf("Warning: Dependency locking is handled in Chart.lock since apiVersion \"v2\". We recommend migrating to Chart.lock.")
+				log.Print("Warning: Dependency locking is handled in Chart.lock since apiVersion \"v2\". We recommend migrating to Chart.lock.")
 			}
 			if c.Metadata.APIVersion == chart.APIVersionV1 {
 				c.Files = append(c.Files, &common.File{Name: f.Name, ModTime: f.ModTime, Data: f.Data})

pkg/chart/v2/loader/load_test.go

@@ -61,7 +61,7 @@ func TestLoadDirWithDevNull(t *testing.T) {
 		t.Fatalf("Failed to load testdata: %s", err)
 	}
 	if _, err := l.Load(); err == nil {
-		t.Errorf("packages with an irregular file (/dev/null) should not load")
+		t.Error("packages with an irregular file (/dev/null) should not load")
 	}
 }
 

pkg/chart/v2/util/chartfile_test.go

@@ -60,11 +60,11 @@ func verifyChartfile(t *testing.T, f *chart.Metadata, name string) {
 	}
 
 	if f.Maintainers[0].Name != "The Helm Team" {
-		t.Errorf("Unexpected maintainer name.")
+		t.Error("Unexpected maintainer name.")
 	}
 
 	if f.Maintainers[1].Email != "nobody@example.com" {
-		t.Errorf("Unexpected maintainer email.")
+		t.Error("Unexpected maintainer email.")
 	}
 
 	if len(f.Sources) != 1 {
@@ -115,7 +115,7 @@ func TestIsChartDir(t *testing.T) {
 	}
 	validChartDir, err = IsChartDir("testdata")
 	if validChartDir || err == nil {
-		t.Errorf("expected error but did not get any")
+		t.Error("expected error but did not get any")
 		return
 	}
 }

pkg/chart/v2/util/create_test.go

@@ -140,7 +140,7 @@ func TestCreate_Overwrite(t *testing.T) {
 	}
 
 	if errlog.Len() == 0 {
-		t.Errorf("Expected warnings about overwriting files.")
+		t.Error("Expected warnings about overwriting files.")
 	}
 }
 

pkg/cli/environment.go

@@ -24,7 +24,6 @@ These dependencies are expressed as interfaces so that alternate implementations
 package cli
 
 import (
-	"fmt"
 	"net/http"
 	"os"
 	"strconv"
@@ -246,7 +245,7 @@ func (s *EnvSettings) EnvVars() map[string]string {
 		"HELM_CACHE_HOME":        helmpath.CachePath(""),
 		"HELM_CONFIG_HOME":       helmpath.ConfigPath(""),
 		"HELM_DATA_HOME":         helmpath.DataPath(""),
-		"HELM_DEBUG":             fmt.Sprint(s.Debug),
+		"HELM_DEBUG":             strconv.FormatBool(s.Debug),
 		"HELM_PLUGINS":           s.PluginsDirectory,
 		"HELM_REGISTRY_CONFIG":   s.RegistryConfig,
 		"HELM_REPOSITORY_CACHE":  s.RepositoryCache,

pkg/cli/output/output.go

@@ -18,6 +18,7 @@ package output
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 
@@ -50,7 +51,7 @@ func FormatsWithDesc() map[string]string {
 }
 
 // ErrInvalidFormatType is returned when an unsupported format type is used
-var ErrInvalidFormatType = fmt.Errorf("invalid format type")
+var ErrInvalidFormatType = errors.New("invalid format type")
 
 // String returns the string representation of the Format
 func (o Format) String() string {

pkg/cli/values/options_test.go

@@ -19,7 +19,6 @@ package values
 import (
 	"bytes"
 	"errors"
-	"fmt"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -265,7 +264,7 @@ func TestReadFileErrorMessages(t *testing.T) {
 		{
 			name:      "getter error with message",
 			filePath:  "http://example.com/file",
-			providers: getter.Providers{mockProvider([]string{"http"}, nil, fmt.Errorf("connection refused"))},
+			providers: getter.Providers{mockProvider([]string{"http"}, nil, errors.New("connection refused"))},
 			wantErr:   "connection refused",
 		},
 	}
@@ -290,7 +289,7 @@ func TestReadFileOriginal(t *testing.T) {
 	filePath := "%a.txt"
 	_, err := readFile(filePath, p)
 	if err == nil {
-		t.Errorf("Expected error when has special strings")
+		t.Error("Expected error when has special strings")
 	}
 }
 

pkg/cmd/completion.go

@@ -193,7 +193,7 @@ compdef _helm %[1]s
 	}
 
 	// Cobra doesn't source zsh completion file, explicitly doing it here
-	fmt.Fprintf(out, "compdef _helm helm")
+	fmt.Fprint(out, "compdef _helm helm")
 
 	return err
 }

pkg/cmd/history.go

@@ -303,7 +303,7 @@ func compListRevisions(_ string, cfg *action.Configuration, releaseName string)
 			return nil, cobra.ShellCompDirectiveError
 		}
 		for _, version := range hist {
-			appVersion := fmt.Sprintf("App: %s", version.Chart.Metadata.AppVersion)
+			appVersion := "App: " + version.Chart.Metadata.AppVersion
 			chartDesc := fmt.Sprintf("Chart: %s-%s", version.Chart.Metadata.Name, version.Chart.Metadata.Version)
 			revisions = append(revisions, fmt.Sprintf("%s\t%s, %s", strconv.Itoa(version.Version), appVersion, chartDesc))
 		}

pkg/cmd/list.go

@@ -254,7 +254,7 @@ func filterReleases(releases []*release.Release, ignoredReleaseNames []string) [
 
 // Provide dynamic auto-completion for release names
 func compListReleases(toComplete string, ignoredReleaseNames []string, cfg *action.Configuration) ([]string, cobra.ShellCompDirective) {
-	cobra.CompDebugln(fmt.Sprintf("compListReleases with toComplete %s", toComplete), settings.Debug)
+	cobra.CompDebugln("compListReleases with toComplete "+toComplete, settings.Debug)
 
 	client := action.NewList(cfg)
 	client.All = true

pkg/cmd/package.go

@@ -57,7 +57,7 @@ func newPackageCmd(out io.Writer) *cobra.Command {
 		Long:  packageDesc,
 		RunE: func(_ *cobra.Command, args []string) error {
 			if len(args) == 0 {
-				return fmt.Errorf("need at least one argument, the path to the chart")
+				return errors.New("need at least one argument, the path to the chart")
 			}
 			if client.Sign {
 				if client.Key == "" {

pkg/cmd/plugin_install.go

@@ -132,7 +132,7 @@ func (o *pluginInstallOptions) run(out io.Writer) error {
 	if localInst, ok := i.(*installer.LocalInstaller); ok && !localInst.SupportsVerification() {
 		// Local directory installations are allowed without verification
 		shouldVerify = false
-		fmt.Fprintf(out, "Installing plugin from local directory (development mode)\n")
+		fmt.Fprint(out, "Installing plugin from local directory (development mode)\n")
 	} else if shouldVerify {
 		// For remote installations, check if verification is supported
 		if verifier, ok := i.(installer.Verifier); !ok || !verifier.SupportsVerification() {
@@ -140,7 +140,7 @@ func (o *pluginInstallOptions) run(out io.Writer) error {
 		}
 	} else {
 		// User explicitly disabled verification
-		fmt.Fprintf(out, "WARNING: Skipping plugin signature verification\n")
+		fmt.Fprint(out, "WARNING: Skipping plugin signature verification\n")
 	}
 
 	// Set up installation options
@@ -151,7 +151,7 @@ func (o *pluginInstallOptions) run(out io.Writer) error {
 
 	// If verify is requested, show verification output
 	if shouldVerify {
-		fmt.Fprintf(out, "Verifying plugin signature...\n")
+		fmt.Fprint(out, "Verifying plugin signature...\n")
 	}
 
 	// Install the plugin with options

pkg/cmd/plugin_package.go

@@ -81,7 +81,7 @@ func (o *pluginPackageOptions) run(out io.Writer) error {
 		return err
 	}
 	if !fi.IsDir() {
-		return fmt.Errorf("plugin package only supports directories, not tarballs")
+		return errors.New("plugin package only supports directories, not tarballs")
 	}
 
 	// Load and validate plugin metadata
@@ -119,7 +119,7 @@ func (o *pluginPackageOptions) run(out io.Writer) error {
 		}
 	} else {
 		// User explicitly disabled signing
-		fmt.Fprintf(out, "WARNING: Skipping plugin signing. This is not recommended for plugins intended for distribution.\n")
+		fmt.Fprint(out, "WARNING: Skipping plugin signing. This is not recommended for plugins intended for distribution.\n")
 	}
 
 	// Now create the tarball (only after signing prerequisites are met)

pkg/cmd/plugin_test.go

@@ -100,7 +100,7 @@ func TestLoadCLIPlugins(t *testing.T) {
 		"HELM_PLUGINS=testdata/helmhome/helm/plugins",
 		"HELM_REPOSITORY_CONFIG=testdata/helmhome/helm/repositories.yaml",
 		"HELM_REPOSITORY_CACHE=testdata/helmhome/helm/repository",
-		fmt.Sprintf("HELM_BIN=%s", os.Args[0]),
+		"HELM_BIN=" + os.Args[0],
 	}, "\n") + "\n"
 
 	// Test that the YAML file was correctly converted to a command.

pkg/cmd/push.go

@@ -62,7 +62,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 				var comps []string
 				for _, p := range providers {
 					for _, scheme := range p.Schemes {
-						comps = append(comps, fmt.Sprintf("%s://", scheme))
+						comps = append(comps, scheme+"://")
 					}
 				}
 				return comps, cobra.ShellCompDirectiveNoFileComp | cobra.ShellCompDirectiveNoSpace

pkg/cmd/repo_add_test.go

@@ -130,7 +130,7 @@ func TestRepoAdd(t *testing.T) {
 	}
 
 	if err := o.run(io.Discard); err != nil {
-		t.Errorf("Duplicate repository name was added")
+		t.Error("Duplicate repository name was added")
 	}
 }
 
@@ -162,7 +162,7 @@ func TestRepoAddCheckLegalName(t *testing.T) {
 			t.Fatalf("Actual error %s, not equal to expected error %s", err, wantErrorMsg)
 		}
 	} else {
-		t.Fatalf("expect reported an error.")
+		t.Fatal("expect reported an error.")
 	}
 }
 

pkg/cmd/require/args_test.go

@@ -16,8 +16,8 @@ limitations under the License.
 package require
 
 import (
-	"fmt"
 	"io"
+	"strconv"
 	"strings"
 	"testing"
 
@@ -65,7 +65,7 @@ type testCase struct {
 func runTestCases(t *testing.T, testCases []testCase) {
 	t.Helper()
 	for i, tc := range testCases {
-		t.Run(fmt.Sprint(i), func(t *testing.T) {
+		t.Run(strconv.Itoa(i), func(t *testing.T) {
 			cmd := &cobra.Command{
 				Use:  "root",
 				Run:  func(*cobra.Command, []string) {},

pkg/cmd/rollback.go

@@ -76,7 +76,7 @@ func newRollbackCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 				return err
 			}
 
-			fmt.Fprintf(out, "Rollback was a success! Happy Helming!\n")
+			fmt.Fprint(out, "Rollback was a success! Happy Helming!\n")
 			return nil
 		},
 	}

pkg/cmd/search_hub_test.go

@@ -168,7 +168,7 @@ func TestSearchHubCmd_FailOnNoResponseTests(t *testing.T) {
 			_, out, err := executeActionCommandC(storage, tt.cmd)
 			if tt.wantErr {
 				if err == nil {
-					t.Errorf("expected error due to no record in response, got nil")
+					t.Error("expected error due to no record in response, got nil")
 				}
 			} else {
 				if err != nil {

pkg/downloader/cache.go

@@ -17,6 +17,7 @@ package downloader
 
 import (
 	"crypto/sha256"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
@@ -85,5 +86,5 @@ func (c *DiskCache) Put(key [sha256.Size]byte, data io.Reader, cacheType string)
 // fileName generates the filename in a structured manner where the first part is the
 // directory and the full hash is the filename.
 func (c *DiskCache) fileName(id [sha256.Size]byte, cacheType string) string {
-	return filepath.Join(c.Root, fmt.Sprintf("%02x", id[0]), fmt.Sprintf("%x", id)+cacheType)
+	return filepath.Join(c.Root, fmt.Sprintf("%02x", id[0]), hex.EncodeToString(id[:])+cacheType)
 }

pkg/downloader/manager.go

@@ -53,7 +53,7 @@ type ErrRepoNotFound struct {
 
 // Error implements the error interface.
 func (e ErrRepoNotFound) Error() string {
-	return fmt.Sprintf("no repository definition for %s", strings.Join(e.Repos, ", "))
+	return "no repository definition for " + strings.Join(e.Repos, ", ")
 }
 
 // Manager handles the lifecycle of fetching, resolving, and storing dependencies.

pkg/engine/engine_test.go

@@ -1466,7 +1466,7 @@ func TestTraceableError_SimpleForm(t *testing.T) {
 	for _, errString := range testStrings {
 		trace, done := parseTemplateSimpleErrorString(errString)
 		if !done {
-			t.Errorf("Expected parse to pass but did not")
+			t.Error("Expected parse to pass but did not")
 		}
 		if trace.message != "error calling include" {
 			t.Errorf("Expected %q, got %q", errString, trace.message)
@@ -1483,7 +1483,7 @@ func TestTraceableError_ExecutingForm(t *testing.T) {
 		expectedLocation := errTuple[1]
 		trace, done := parseTemplateExecutingAtErrorType(errString)
 		if !done {
-			t.Errorf("Expected parse to pass but did not")
+			t.Error("Expected parse to pass but did not")
 		}
 		if trace.location != expectedLocation {
 			t.Errorf("Expected %q, got %q", expectedLocation, trace.location)
@@ -1498,7 +1498,7 @@ func TestTraceableError_NoTemplateForm(t *testing.T) {
 	for _, errString := range testStrings {
 		trace, done := parseTemplateNoTemplateError(errString, errString)
 		if !done {
-			t.Errorf("Expected parse to pass but did not")
+			t.Error("Expected parse to pass but did not")
 		}
 		if trace.message != errString {
 			t.Errorf("Expected %q, got %q", errString, trace.message)

pkg/engine/funcs.go

@@ -50,6 +50,7 @@ func funcMap() template.FuncMap {
 	// Add some extra functionality
 	extra := template.FuncMap{
 		"toToml":        toTOML,
+		"mustToToml":    mustToTOML,
 		"fromToml":      fromTOML,
 		"toYaml":        toYAML,
 		"mustToYaml":    mustToYAML,
@@ -148,10 +149,11 @@ func fromYAMLArray(str string) []any {
 	return a
 }
 
-// toTOML takes an interface, marshals it to toml, and returns a string. It will
-// always return a string, even on marshal error (empty string).
+// toTOML takes an interface, marshals it to toml, and returns a string.
+// On marshal error it returns the error string.
 //
-// This is designed to be called from a template.
+// This is designed to be called from a template. Use mustToToml if you need
+// the template to fail hard on marshal errors.
 func toTOML(v any) string {
 	b := bytes.NewBuffer(nil)
 	e := toml.NewEncoder(b)
@@ -162,6 +164,21 @@ func toTOML(v any) string {
 	return b.String()
 }
 
+// mustToTOML takes an interface, marshals it to toml, and returns a string.
+// It will panic if there is an error.
+//
+// This is designed to be called from a template when you need to ensure that the
+// output TOML is valid.
+func mustToTOML(v any) string {
+	b := bytes.NewBuffer(nil)
+	e := toml.NewEncoder(b)
+	err := e.Encode(v)
+	if err != nil {
+		panic(err)
+	}
+	return b.String()
+}
+
 // fromTOML converts a TOML document into a map[string]interface{}.
 //
 // This is not a general-purpose TOML parser, and will not parse all valid

pkg/engine/funcs_test.go

@@ -159,6 +159,13 @@ keyInElement1 = "valueInElement1"`,
 		tpl:    `{{ toJson . }}`,
 		expect: "", // should return empty string and swallow error
 		vars:   loopMap,
+	}, {
+		tpl:  `{{ mustToToml . }}`,
+		vars: map[int]string{1: "one"}, // non-string key is invalid in TOML
+	}, {
+		tpl:    `{{ mustToToml . }}`,
+		expect: "foo = \"bar\"\n", // should succeed and return TOML string
+		vars:   map[string]string{"foo": "bar"},
 	},
 	}
 

pkg/getter/httpgetter_test.go

@@ -403,7 +403,7 @@ func TestDownloadTLSWithRedirect(t *testing.T) {
 		// request URL for every request (including redirects). Setting `tls.Config.ServerName` on the
 		// client just overrides the remote endpoint's hostname.
 		// See https://github.com/golang/go/blob/3979fb9/src/net/http/transport.go#L1505-L1513.
-		u.Host = fmt.Sprintf("localhost:%s", u.Port())
+		u.Host = "localhost:" + u.Port()
 
 		http.Redirect(rw, r, u.String(), http.StatusTemporaryRedirect)
 	}))

pkg/getter/ocigetter.go

@@ -58,7 +58,7 @@ func (g *OCIGetter) get(href string) (*bytes.Buffer, error) {
 		client = c
 	}
 
-	ref := strings.TrimPrefix(href, fmt.Sprintf("%s://", registry.OCIScheme))
+	ref := strings.TrimPrefix(href, registry.OCIScheme+"://")
 
 	if version := g.opts.version; version != "" && !strings.Contains(path.Base(ref), ":") {
 		ref = fmt.Sprintf("%s:%s", ref, version)

pkg/kube/client_test.go

@@ -20,7 +20,6 @@ import (
 	"bytes"
 	"context"
 	"errors"
-	"fmt"
 	"io"
 	"net/http"
 	"strings"
@@ -1434,7 +1433,7 @@ func TestIsIncompatibleServerError(t *testing.T) {
 			Want: false,
 		},
 		"Generic error": {
-			Err:  fmt.Errorf("some generic error"),
+			Err:  errors.New("some generic error"),
 			Want: false,
 		},
 	}

pkg/kube/fake/printer.go

@@ -17,7 +17,6 @@ limitations under the License.
 package fake
 
 import (
-	"fmt"
 	"io"
 	"strings"
 	"time"
@@ -133,7 +132,7 @@ func (p *PrintingKubeClient) GetPodList(_ string, _ metav1.ListOptions) (*v1.Pod
 
 // OutputContainerLogsForPodList implements KubeClient OutputContainerLogsForPodList.
 func (p *PrintingKubeClient) OutputContainerLogsForPodList(_ *v1.PodList, someNamespace string, _ func(namespace, pod, container string) io.Writer) error {
-	_, err := io.Copy(p.LogOutput, strings.NewReader(fmt.Sprintf("attempted to output logs for namespace: %s", someNamespace)))
+	_, err := io.Copy(p.LogOutput, strings.NewReader("attempted to output logs for namespace: "+someNamespace))
 	return err
 }
 

pkg/kube/wait.go

@@ -246,7 +246,7 @@ func (hw *legacyWaiter) watchUntilReady(timeout time.Duration, info *resource.In
 
 	// Use a selector on the name of the resource. This should be unique for the
 	// given version and kind
-	selector, err := fields.ParseSelector(fmt.Sprintf("metadata.name=%s", info.Name))
+	selector, err := fields.ParseSelector("metadata.name=" + info.Name)
 	if err != nil {
 		return err
 	}

pkg/kube/wait_test.go

@@ -299,7 +299,7 @@ func TestLegacyWaiter_waitForPodSuccess(t *testing.T) {
 			done, err := lw.waitForPodSuccess(tt.obj, "foo")
 			if tt.wantErr {
 				if err == nil {
-					t.Errorf("expected error, got none")
+					t.Error("expected error, got none")
 				} else if !strings.Contains(err.Error(), tt.errMessage) {
 					t.Errorf("expected error to contain %q, got %q", tt.errMessage, err.Error())
 				}
@@ -391,7 +391,7 @@ func TestLegacyWaiter_waitForJob(t *testing.T) {
 			done, err := lw.waitForJob(tt.obj, "test-job")
 			if tt.wantErr {
 				if err == nil {
-					t.Errorf("expected error, got none")
+					t.Error("expected error, got none")
 				} else if !strings.Contains(err.Error(), tt.errMessage) {
 					t.Errorf("expected error to contain %q, got %q", tt.errMessage, err.Error())
 				}

pkg/provenance/sign_test.go

@@ -17,7 +17,7 @@ package provenance
 
 import (
 	"crypto"
-	"fmt"
+	"errors"
 	"io"
 	"os"
 	"path/filepath"
@@ -134,7 +134,7 @@ func TestParseMessageBlock(t *testing.T) {
 	}
 
 	if hash, ok := sc.Files["hashtest-1.2.3.tgz"]; !ok {
-		t.Errorf("hashtest file not found in Files")
+		t.Error("hashtest file not found in Files")
 	} else if hash != "sha256:c6841b3a895f1444a6738b5d04564a57e860ce42f8519c3be807fb6d9bee7888" {
 		t.Errorf("Unexpected hash: %q", hash)
 	}
@@ -330,7 +330,7 @@ func (s failSigner) Public() crypto.PublicKey {
 }
 
 func (s failSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte, error) {
-	return nil, fmt.Errorf("always fails")
+	return nil, errors.New("always fails")
 }
 
 func TestClearSignError(t *testing.T) {

pkg/pusher/ocipusher.go

@@ -76,7 +76,7 @@ func (pusher *OCIPusher) push(chartRef, href string) error {
 	}
 
 	var pushOpts []registry.PushOption
-	provRef := fmt.Sprintf("%s.prov", chartRef)
+	provRef := chartRef + ".prov"
 	if _, err := os.Stat(provRef); err == nil {
 		provBytes, err := os.ReadFile(provRef)
 		if err != nil {
@@ -86,7 +86,7 @@ func (pusher *OCIPusher) push(chartRef, href string) error {
 	}
 
 	ref := fmt.Sprintf("%s:%s",
-		path.Join(strings.TrimPrefix(href, fmt.Sprintf("%s://", registry.OCIScheme)), meta.Metadata.Name),
+		path.Join(strings.TrimPrefix(href, registry.OCIScheme+"://"), meta.Metadata.Name),
 		meta.Metadata.Version)
 
 	// The time the chart was "created" is semantically the time the chart archive file was last written(modified)

pkg/registry/client.go

@@ -202,13 +202,15 @@ func ClientOptCredentialsFile(credentialsFile string) ClientOption {
 	}
 }
 
-// ClientOptHTTPClient returns a function that sets the httpClient setting on a client options set
+// ClientOptHTTPClient returns a function that sets the HTTP client for the registry client.
 func ClientOptHTTPClient(httpClient *http.Client) ClientOption {
 	return func(client *Client) {
 		client.httpClient = httpClient
 	}
 }
 
+// ClientOptPlainHTTP returns a function that enables plain HTTP (non-TLS)
+// communication for the registry client.
 func ClientOptPlainHTTP() ClientOption {
 	return func(c *Client) {
 		c.plainHTTP = true
@@ -236,7 +238,7 @@ func warnIfHostHasPath(host string) bool {
 	return false
 }
 
-// Login logs into a registry
+// Login authenticates the client with a remote OCI registry using the provided host and options.
 func (c *Client) Login(host string, options ...LoginOption) error {
 	for _, option := range options {
 		option(&loginOperation{host, c})
@@ -282,7 +284,8 @@ func LoginOptBasicAuth(username string, password string) LoginOption {
 	}
 }
 
-// LoginOptPlainText returns a function that allows plaintext (HTTP) login
+// LoginOptPlainText returns a function that enables plaintext (HTTP) login
+// instead of HTTPS for the registry client.
 func LoginOptPlainText(isPlainText bool) LoginOption {
 	return func(o *loginOperation) {
 		o.client.plainHTTP = isPlainText
@@ -882,7 +885,7 @@ func (c *Client) ValidateReference(ref, version string, u *url.URL) (string, *ur
 		tag = version
 	} else {
 		// Retrieve list of repository tags
-		tags, err := c.Tags(strings.TrimPrefix(ref, fmt.Sprintf("%s://", OCIScheme)))
+		tags, err := c.Tags(strings.TrimPrefix(ref, OCIScheme+"://"))
 		if err != nil {
 			return "", nil, err
 		}

pkg/registry/client_test.go

@@ -91,7 +91,7 @@ func TestLogin_ResetsForceAttemptOAuth2_OnSuccess(t *testing.T) {
 	}
 
 	if c.authorizer.ForceAttemptOAuth2 {
-		t.Errorf("ForceAttemptOAuth2 should be false after successful Login")
+		t.Error("ForceAttemptOAuth2 should be false after successful Login")
 	}
 }
 
@@ -117,7 +117,7 @@ func TestLogin_ResetsForceAttemptOAuth2_OnFailure(t *testing.T) {
 	_ = c.Login(host, LoginOptPlainText(true), LoginOptBasicAuth("u", "p"))
 
 	if c.authorizer.ForceAttemptOAuth2 {
-		t.Errorf("ForceAttemptOAuth2 should be false after failed Login")
+		t.Error("ForceAttemptOAuth2 should be false after failed Login")
 	}
 }
 

pkg/registry/plugin.go

@@ -18,6 +18,7 @@ package registry
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -190,7 +191,7 @@ func GetPluginName(source string) (string, error) {
 	// e.g., "ghcr.io/user/plugin-name:v1.0.0" -> Repository: "user/plugin-name"
 	repository := ref.Repository
 	if repository == "" {
-		return "", fmt.Errorf("invalid OCI reference: missing repository")
+		return "", errors.New("invalid OCI reference: missing repository")
 	}
 
 	// Get the last part of the repository path as the plugin name

pkg/registry/plugin_test.go

@@ -75,7 +75,7 @@ func TestGetPluginName(t *testing.T) {
 
 			if tt.expectErr {
 				if err == nil {
-					t.Errorf("expected error but got none")
+					t.Error("expected error but got none")
 				}
 				return
 			}

pkg/registry/reference.go

@@ -17,7 +17,6 @@ limitations under the License.
 package registry
 
 import (
-	"fmt"
 	"strings"
 
 	"oras.land/oras-go/v2/registry"
@@ -80,5 +79,5 @@ func (r *reference) String() string {
 
 // IsOCI determines whether a URL is to be treated as an OCI URL
 func IsOCI(url string) bool {
-	return strings.HasPrefix(url, fmt.Sprintf("%s://", OCIScheme))
+	return strings.HasPrefix(url, OCIScheme+"://")
 }

pkg/repo/v1/chartrepo_test.go

@@ -85,7 +85,7 @@ func TestIndexCustomSchemeDownload(t *testing.T) {
 	}
 
 	if len(myCustomGetter.repoUrls) != 1 {
-		t.Fatalf("Custom Getter.Get should be called once")
+		t.Fatal("Custom Getter.Get should be called once")
 	}
 
 	expectedRepoIndexURL := repoURL + "/index.yaml"
@@ -240,7 +240,7 @@ func TestErrorFindChartInRepoURL(t *testing.T) {
 	})
 
 	if _, err := FindChartInRepoURL("http://someserver/something", "nginx", g); err == nil {
-		t.Errorf("Expected error for bad chart URL, but did not get any errors")
+		t.Error("Expected error for bad chart URL, but did not get any errors")
 	} else if !strings.Contains(err.Error(), `looks like "http://someserver/something" is not a valid chart repository or cannot be reached`) {
 		t.Errorf("Expected error for bad chart URL, but got a different error (%v)", err)
 	}
@@ -252,22 +252,22 @@ func TestErrorFindChartInRepoURL(t *testing.T) {
 	defer srv.Close()
 
 	if _, err = FindChartInRepoURL(srv.URL, "nginx1", g); err == nil {
-		t.Errorf("Expected error for chart not found, but did not get any errors")
+		t.Error("Expected error for chart not found, but did not get any errors")
 	} else if err.Error() != `chart "nginx1" not found in `+srv.URL+` repository` {
 		t.Errorf("Expected error for chart not found, but got a different error (%v)", err)
 	}
 	if !errors.Is(err, ChartNotFoundError{}) {
-		t.Errorf("error is not of correct error type structure")
+		t.Error("error is not of correct error type structure")
 	}
 
 	if _, err = FindChartInRepoURL(srv.URL, "nginx1", g, WithChartVersion("0.1.0")); err == nil {
-		t.Errorf("Expected error for chart not found, but did not get any errors")
+		t.Error("Expected error for chart not found, but did not get any errors")
 	} else if err.Error() != `chart "nginx1" version "0.1.0" not found in `+srv.URL+` repository` {
 		t.Errorf("Expected error for chart not found, but got a different error (%v)", err)
 	}
 
 	if _, err = FindChartInRepoURL(srv.URL, "chartWithNoURL", g); err == nil {
-		t.Errorf("Expected error for no chart URLs available, but did not get any errors")
+		t.Error("Expected error for no chart URLs available, but did not get any errors")
 	} else if err.Error() != `chart "chartWithNoURL" has no downloadable URLs` {
 		t.Errorf("Expected error for chart not found, but got a different error (%v)", err)
 	}

pkg/repo/v1/index_test.go

@@ -21,7 +21,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"errors"
-	"fmt"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -131,12 +130,12 @@ func TestIndexFile(t *testing.T) {
 
 	cv, err = i.Get("setter", "0.1.9+alpha")
 	if err != nil || cv.Version != "0.1.9+alpha" {
-		t.Errorf("Expected version: 0.1.9+alpha")
+		t.Error("Expected version: 0.1.9+alpha")
 	}
 
 	cv, err = i.Get("setter", "0.1.8")
 	if err != nil || cv.Version != "0.1.8" {
-		t.Errorf("Expected version: 0.1.8")
+		t.Error("Expected version: 0.1.8")
 	}
 }
 
@@ -175,7 +174,7 @@ func TestLoadIndex(t *testing.T) {
 // TestLoadIndex_Duplicates is a regression to make sure that we don't non-deterministically allow duplicate packages.
 func TestLoadIndex_Duplicates(t *testing.T) {
 	if _, err := loadIndex([]byte(indexWithDuplicates), "indexWithDuplicates"); err == nil {
-		t.Errorf("Expected an error when duplicate entries are present")
+		t.Error("Expected an error when duplicate entries are present")
 	}
 }
 
@@ -187,7 +186,7 @@ func TestLoadIndex_EmptyEntry(t *testing.T) {
 
 func TestLoadIndex_Empty(t *testing.T) {
 	if _, err := loadIndex([]byte(""), "indexWithEmpty"); err == nil {
-		t.Errorf("Expected an error when index.yaml is empty.")
+		t.Error("Expected an error when index.yaml is empty.")
 	}
 }
 
@@ -361,7 +360,7 @@ func verifyLocalIndex(t *testing.T, i *IndexFile) {
 
 	alpine, ok := i.Entries["alpine"]
 	if !ok {
-		t.Fatalf("'alpine' section not found.")
+		t.Fatal("'alpine' section not found.")
 	}
 
 	if l := len(alpine); l != 1 {
@@ -596,7 +595,7 @@ func TestAddFileIndexEntriesNil(t *testing.T) {
 		{&chart.Metadata{APIVersion: "v2", Name: " ", Version: "8033-5.apinie+s.r"}, "setter-0.1.9+beta.tgz", "http://example.com/charts", "sha256:1234567890abc"},
 	} {
 		if err := i.MustAdd(x.md, x.filename, x.baseURL, x.digest); err == nil {
-			t.Errorf("expected err to be non-nil when entries not initialized")
+			t.Error("expected err to be non-nil when entries not initialized")
 		}
 	}
 }
@@ -611,7 +610,7 @@ func TestIgnoreSkippableChartValidationError(t *testing.T) {
 			Input: nil,
 		},
 		"generic_error": {
-			Input: fmt.Errorf("foo"),
+			Input: errors.New("foo"),
 		},
 		"non_skipped_validation_error": {
 			Input: chart.ValidationError("chart.metadata.type must be application or library"),

pkg/repo/v1/repo_test.go

@@ -219,9 +219,9 @@ func TestWriteFile(t *testing.T) {
 
 func TestRepoNotExists(t *testing.T) {
 	if _, err := LoadFile("/this/path/does/not/exist.yaml"); err == nil {
-		t.Errorf("expected err to be non-nil when path does not exist")
+		t.Error("expected err to be non-nil when path does not exist")
 	} else if !strings.Contains(err.Error(), "couldn't load repositories file") {
-		t.Errorf("expected prompt `couldn't load repositories file`")
+		t.Error("expected prompt `couldn't load repositories file`")
 	}
 }
 

pkg/repo/v1/repotest/server.go

@@ -249,7 +249,7 @@ func (srv *OCIServer) RunWithReturn(t *testing.T, opts ...OCIServerOpt) *OCIServ
 		t.Fatalf("error logging into registry with good credentials: %v", err)
 	}
 
-	ref := fmt.Sprintf("%s/u/ocitestuser/oci-dependent-chart:0.1.0", srv.RegistryURL)
+	ref := srv.RegistryURL + "/u/ocitestuser/oci-dependent-chart:0.1.0"
 
 	err = chartutil.ExpandFile(srv.Dir, filepath.Join(srv.Dir, "oci-dependent-chart-0.1.0.tgz"))
 	if err != nil {

pkg/storage/driver/memory_test.go

@@ -280,7 +280,7 @@ func TestMemoryDelete(t *testing.T) {
 		}
 		_, err = ts.Get(tt.key)
 		if err == nil {
-			t.Errorf("Expected an error when asking for a deleted key")
+			t.Error("Expected an error when asking for a deleted key")
 		}
 	}
 

pkg/storage/storage_test.go

@@ -589,7 +589,7 @@ func TestStorageGetsLoggerFromDriver(t *testing.T) {
 	s := Init(d)
 	_, _ = s.Get("doesnt-matter", 123)
 	if !l.Called {
-		t.Fatalf("Expected storage to use driver's logger, but it did not")
+		t.Fatal("Expected storage to use driver's logger, but it did not")
 	}
 }