Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.1 #260

dependabot · 2024-08-19T18:13:36Z

Bumps github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.1.

Release notes

Sourced from github.com/argoproj/argo-cd/v2's releases.

v2.12.1

Quick Start

Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.1/manifests/install.yaml
HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.1/manifests/ha/install.yaml
Release Signatures and Provenance

All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Changelog

Bug fixes

952838cdde0a1825986acb7356090a24b321af69: fix(appset): cherry-pick - fix appset-in-any-namespace issue with git generators (#19558) (@ishitasequeira)

b156b61e223e70f425d3c7a28d6cbd647b757395: fix(appset): missing permissions for cluster install (#19059) (#19430) (#19435) (@gcp-cherry-pick-bot[bot])

7af4526666e1d9500695b82d945797da9071c5fd: fix: appset gpg limitation for templated project fields (#19492) (#19534) (@gcp-cherry-pick-bot[bot])

fd478450e68c59fb6e240ea2f8f8c1ebf6be153c: fix: docs version regex changed (#18756) (#19352) (@ft-jasong)

Full Changelog: argoproj/argo-cd@v2.12.0...v2.12.1

v2.12.0

Quick Start

Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.0/manifests/install.yaml
HA:
</tr></table> 

... (truncated)

Changelog

Sourced from github.com/argoproj/argo-cd/v2's changelog.

Changelog

v2.4.8 (2022-07-29)

Bug fixes

feat: support application level extensions (#9923)

feat: support multiple extensions per resource group/kind (#9834)

fix: extensions is not loading for ConfigMap/Pods (#10010)

fix: upgrade moment from 2.29.2 to 2.29.3 (#9330)

fix: skip redirect url validation when it's the base href (#10058) (#10116)

fix: avoid CVE-2022-28948 (#10093)

fix: Set HOST_ARCH for yarn build from platform (#10018)

Other changes

chore(deps): bump moment from 2.29.3 to 2.29.4 in /ui (#9897)

docs: add OpenSSH breaking change notes (#10104)

chore: update parse-url (#10101)

docs: add api field example in the appset security doc (#10087)

chore: update redis to 7.0.4 avoid CVE-2022-30065 (#10059)

docs: add argocd-server grpc metric usage (#10007)

chore: upgrade Dex to 2.32.0 (#10036) (#10042)

chore: update redis to avoid CVE-2022-2097 (#10031)

chore: update haproxy to 2.0.29 for redis-ha (#10045)

v2.4.7 (2022-07-18)

Bug fixes

fix: Support files in argocd.argoproj.io/manifest-generate-paths annotation (#9908) fix: terminal websocket write lock to avoid races (#10011) fix: updated all a tags to Link tags in app summary (#9777) fix: e2e test to use func from clusterauth instead creating one with old logic (#9989) fix: add missing download CLI tool URL response for ppc64le, s390x (#9983)

Other

chore: upgrade parse-url to avoid SNYK-JS-PARSEURL-2936249 (#9826) docs: use quotes to emphasize that ConfigMap value is a string (#9995) docs: document directory app include/exclude fields (#9997) docs: simplify Docker toolchain docs (#9966) (#10006) docs: supported versions (#9876)

v2.4.6 (2022-07-12)

Features

feat: Treat connection reset as a retryable error (#9739)

... (truncated)

Commits

26b2039 Bump version to 2.12.1 (#19568)
952838c fix(appset): cherry-pick - fix appset-in-any-namespace issue with git generat...
7af4526 fix: appset gpg limitation for templated project fields (#19492) (#19534)
b156b61 fix(appset): missing permissions for cluster install (#19059) (#19430) (#19435)
fd47845 fix: docs version regex changed (#18756) (#19352)
ec30a48 Bump version to 2.12.0 (#19383)
57e61b2 feat: Add custom health check for cluster-api AWSManagedControlPlane (#19304)...
6f2ae0d Bump version to 2.12.0-rc5 (#19349)
3e31ce9 fix: ArgoCD 2.11 - Loop of PATCH calls to Application objects (#19340) (#19343)
dee59f3 feat(rbac): allow validation of fine-grained policy in project (#19338) (#19339)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/argoproj/argo-cd/v2](https://github.com/argoproj/argo-cd) from 2.11.6 to 2.12.1. - [Release notes](https://github.com/argoproj/argo-cd/releases) - [Changelog](https://github.com/argoproj/argo-cd/blob/master/CHANGELOG.md) - [Commits](argoproj/argo-cd@v2.11.6...v2.12.1) --- updated-dependencies: - dependency-name: github.com/argoproj/argo-cd/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

zapier-sre-bot · 2024-08-19T18:14:29Z

Mergecat's Review

Click to read mergecats review!

😼 Mergecat review of go.mod

@@ -1,11 +1,10 @@
 module github.com/zapier/kubechecks
 
 go 1.21
-
-toolchain go1.21.6
+toolchain go1.22.5
 
 require (
-	github.com/argoproj/argo-cd/v2 v2.11.6
+	github.com/argoproj/argo-cd/v2 v2.12.1
 	github.com/argoproj/gitops-engine v0.7.1-0.20240715141605-18ba62e1f1fb
 	github.com/aws/aws-sdk-go-v2 v1.30.1
 	github.com/aws/aws-sdk-go-v2/config v1.27.24
@@ -57,11 +56,11 @@ require (
 	google.golang.org/grpc v1.64.0
 	gopkg.in/dealancer/validate.v2 v2.1.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.26.15
-	k8s.io/apiextensions-apiserver v0.26.10
-	k8s.io/apimachinery v0.26.15
-	k8s.io/client-go v0.26.15
-	sigs.k8s.io/controller-runtime v0.14.7
+	k8s.io/api v0.29.6
+	k8s.io/apiextensions-apiserver v0.29.6
+	k8s.io/apimachinery v0.29.6
+	k8s.io/client-go v0.29.6
+	sigs.k8s.io/controller-runtime v0.17.2
 	sigs.k8s.io/yaml v1.4.0
 )
 
@@ -83,7 +82,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
@@ -122,20 +121,20 @@ require (
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.2 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
-	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.8.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/fvbommel/sortorder v1.0.1 // indirect
+	github.com/fvbommel/sortorder v1.1.0 // indirect
 	github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
-	github.com/go-git/go-git/v5 v5.11.0 // indirect
+	github.com/go-git/go-git/v5 v5.12.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
@@ -152,6 +151,7 @@ require (
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-github/v53 v53.2.0 // indirect
 	github.com/google/go-jsonnet v0.20.0 // indirect
@@ -171,7 +171,7 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-getter v1.7.5 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -200,6 +200,7 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
@@ -234,7 +235,7 @@ require (
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
-	github.com/sergi/go-diff v1.3.1 // indirect
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/shteou/go-ignore v0.3.1 // indirect
 	github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 // indirect
@@ -267,8 +268,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.28.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
@@ -288,23 +288,23 @@ require (
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/apiserver v0.26.15 // indirect
-	k8s.io/cli-runtime v0.26.15 // indirect
-	k8s.io/component-base v0.26.15 // indirect
-	k8s.io/component-helpers v0.26.15 // indirect
-	k8s.io/klog/v2 v2.100.1 // indirect
-	k8s.io/kube-aggregator v0.26.15 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
-	k8s.io/kubectl v0.26.15 // indirect
-	k8s.io/kubernetes v1.26.15 // indirect
+	k8s.io/apiserver v0.29.6 // indirect
+	k8s.io/cli-runtime v0.29.6 // indirect
+	k8s.io/component-base v0.29.6 // indirect
+	k8s.io/component-helpers v0.29.6 // indirect
+	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/kube-aggregator v0.29.6 // indirect
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/kubectl v0.29.6 // indirect
+	k8s.io/kubernetes v1.29.6 // indirect
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect
 	layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 // indirect
 	muzzammil.xyz/jsonc v1.0.0 // indirect
 	olympos.io/encoding/edn v0.0.0-20201019073823-d3554ca0b0a3 // indirect
 	oras.land/oras-go/v2 v2.3.1 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/kustomize/api v0.12.1 // indirect
-	sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect
+	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
+	sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )

Feedback & Suggestions:

Toolchain Update:
- The update from go1.21.6 to go1.22.5 is generally good for keeping up with the latest features and security patches. Ensure that all dependencies are compatible with Go 1.22.5.
Dependency Updates:
- Argo CD: Updated from v2.11.6 to v2.12.1. Ensure that the new version does not introduce breaking changes.
- Kubernetes Dependencies: Updated from v0.26.15 to v0.29.6. This is a significant version jump. Verify that there are no breaking changes or deprecated features that could affect your project.
- Controller Runtime: Updated from v0.14.7 to v0.17.2. Similar to the Kubernetes dependencies, ensure compatibility.
- ProtonMail Crypto: Updated from a specific commit to v1.0.0. This is a stable release, which is generally good, but check for any changes in the API.
- Other Libraries: Updates to various other libraries (e.g., go-restful, json-patch, sortorder, go-git, etc.). Ensure that these updates do not introduce any breaking changes or new bugs.
New Indirect Dependencies:
- google/gnostic-models: Added as an indirect dependency. Ensure that this is necessary and does not introduce any unwanted side effects.
- minio/blake2b-simd: Added as an indirect dependency. Verify its necessity and impact on your project.
Removed Indirect Dependency:
- go.uber.org/atomic: Removed. Ensure that this removal does not affect any part of your codebase that might have been using it indirectly.
General Advice:
- Testing: After updating dependencies, run your full test suite to catch any issues early.
- Documentation: Update any relevant documentation to reflect the changes in dependencies and toolchain.
- Security: Review the changelogs of the updated dependencies for any security patches or vulnerabilities that have been addressed.

Dependency Review

Click to read mergecats review!

No suggestions found

dependabot · 2024-08-26T18:59:12Z

Superseded by #263.

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 19, 2024

dependabot bot mentioned this pull request Aug 19, 2024

Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.0 #257

Closed

dependabot bot closed this Aug 26, 2024

dependabot bot deleted the dependabot/go_modules/github.com/argoproj/argo-cd/v2-2.12.1 branch August 26, 2024 18:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.1 #260

Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.1 #260

dependabot bot commented on behalf of github Aug 19, 2024

zapier-sre-bot commented Aug 19, 2024

😼 Mergecat review of go.mod

Feedback & Suggestions:

dependabot bot commented on behalf of github Aug 26, 2024

Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.1 #260

Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.1 #260

Conversation

dependabot bot commented on behalf of github Aug 19, 2024

v2.12.1

Quick Start

Non-HA:

HA:

Release Signatures and Provenance

Upgrading

Changelog

Bug fixes

v2.12.0

Quick Start

Non-HA:

HA:

Changelog

v2.4.8 (2022-07-29)

Bug fixes

Other changes

v2.4.7 (2022-07-18)

Bug fixes

Other

v2.4.6 (2022-07-12)

Features

zapier-sre-bot commented Aug 19, 2024

Mergecat's Review

😼 Mergecat review of go.mod

Feedback & Suggestions:

Dependency Review

dependabot bot commented on behalf of github Aug 26, 2024