All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Click to read mergecats review!
## š¼ Mergecat review of go.mod
```diff
@@ -5,7 +5,7 @@ go 1.21
toolchain go1.21.6
require (
- github.com/argoproj/argo-cd/v2 v2.10.6
+ github.com/argoproj/argo-cd/v2 v2.11.0
github.com/argoproj/gitops-engine v0.7.1-0.20240411122334-1ade3a199867
github.com/cenkalti/backoff/v4 v4.3.0
github.com/chainguard-dev/git-urls v1.0.2
@@ -103,7 +103,7 @@ require (
github.com/docker/go-units v0.5.0 // indirect
github.com/emicklei/go-restful/v3 v3.10.2 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
- github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+ github.com/evanphx/json-patch v5.9.0+incompatible // indirect
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
github.com/fatih/camelcase v1.0.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -210,7 +210,7 @@ require (
github.com/sergi/go-diff v1.3.1 // indirect
github.com/shteou/go-ignore v0.3.1 // indirect
github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 // indirect
- github.com/skeema/knownhosts v1.2.1 // indirect
+ github.com/skeema/knownhosts v1.2.2 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spdx/tools-golang v0.5.3 // indirect
github.com/spf13/afero v1.11.0 // indirect
```
### Feedback & Suggestions:
1. **Version Compatibility**: Ensure that the new versions of `github.com/argoproj/argo-cd/v2`, `github.com/evanphx/json-patch`, and `github.com/skeema/knownhosts` are compatible with your existing codebase. Run your test suite to verify that there are no breaking changes introduced by these updates.
2. **Security**: Check the release notes and changelogs for the updated dependencies to ensure that they do not introduce any new security vulnerabilities. It's also a good practice to review any security patches that might have been included in these updates.
3. **Performance**: Evaluate the performance implications of the new versions. Sometimes, updates can introduce performance regressions. Benchmark critical parts of your application to ensure that performance remains acceptable.
4. **Documentation**: Update any internal documentation to reflect the changes in dependency versions. This helps maintainers and future developers understand the context of these updates.
5. **Dependency Management**: Consider using a tool like `go mod tidy` to clean up any unused dependencies and ensure that your `go.mod` file remains clean and up-to-date.
---
By following these suggestions, you can ensure a smooth transition to the updated dependencies while maintaining the stability and security of your project. š ļøš
Dependency Review
Click to read mergecats review!
No suggestions found
Bumps github.com/argoproj/argo-cd/v2 from 2.10.6 to 2.11.0.
Release notes
Sourced from github.com/argoproj/argo-cd/v2's releases.
... (truncated)
Commits
d3f33c0
Bump version to 2.11.0 (#18112)8cd8305
docs: fix 404 styling (#18094) (#18104)da6c2e9
fix: status.sync.comparedTo should use replace patch strategy (#18061) (#18071)66f4934
fix: enable sha256 and sha512 for git ssh (#18028) (#18034)20fd621
Bump version to 2.11.0-rc3 (#18019)f875931
feat(cli): add support for multiple sources to sync command (#18016)e1f890d
feat: update notifications (#18017)602f544
Fix post-delete finalizer in appset (#18003) (#18005)617f8a4
fix: codegen after security fix (#17987)0460b98
Merge pull request from GHSA-9m6p-x4h2-6frqDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show