search

zapier / kubechecks

Check your Kubernetes changes before they hit the cluster
https://kubechecks.readthedocs.io/en/latest/
Mozilla Public License 2.0
155 stars 14 forks source link

Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.0 #257

Closed dependabot[bot] closed 3 weeks ago

dependabot[bot] commented 1 month ago

Bumps github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.0.

Release notes

Sourced from github.com/argoproj/argo-cd/v2's releases.

v2.12.0

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.0/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.0/manifests/ha/install.yaml

Release Signatures and Provenance

All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Known Issues

ApplicationSets with git generators and a templated spec.template.spec.project field will fail to reconcile due to a bug in the new git signature verification feature.

Changelog

Features

Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.12.0-rc5...v2.12.0

v2.12.0-rc5

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.0-rc5/manifests/install.yaml

HA:

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
zapier-sre-bot commented 1 month ago

Mergecat's Review

Click to read mergecats review! ## 😼 Mergecat review of go.mod ```diff @@ -1,11 +1,10 @@ module github.com/zapier/kubechecks go 1.21 - -toolchain go1.21.6 +toolchain go1.22.5 require ( - github.com/argoproj/argo-cd/v2 v2.11.6 + github.com/argoproj/argo-cd/v2 v2.12.0 github.com/argoproj/gitops-engine v0.7.1-0.20240715141605-18ba62e1f1fb github.com/aws/aws-sdk-go-v2 v1.30.1 github.com/aws/aws-sdk-go-v2/config v1.27.24 @@ -57,11 +56,11 @@ require ( google.golang.org/grpc v1.64.0 gopkg.in/dealancer/validate.v2 v2.1.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.26.15 - k8s.io/apiextensions-apiserver v0.26.10 - k8s.io/apimachinery v0.26.15 - k8s.io/client-go v0.26.15 - sigs.k8s.io/controller-runtime v0.14.7 + k8s.io/api v0.29.6 + k8s.io/apiextensions-apiserver v0.29.6 + k8s.io/apimachinery v0.29.6 + k8s.io/client-go v0.29.6 + sigs.k8s.io/controller-runtime v0.17.2 sigs.k8s.io/yaml v1.4.0 ) @@ -83,7 +82,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect + github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect @@ -122,20 +121,20 @@ require ( github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/emicklei/go-restful/v3 v3.10.2 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.6.0 // indirect + github.com/evanphx/json-patch/v5 v5.8.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/camelcase v1.0.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/fvbommel/sortorder v1.0.1 // indirect + github.com/fvbommel/sortorder v1.1.0 // indirect github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect - github.com/go-git/go-git/v5 v5.11.0 // indirect + github.com/go-git/go-git/v5 v5.12.0 // indirect github.com/go-ini/ini v1.67.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-logr/logr v1.4.2 // indirect @@ -152,6 +151,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.2 // indirect github.com/google/gnostic v0.6.9 // indirect + github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-jsonnet v0.20.0 // indirect @@ -171,7 +171,7 @@ require ( github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-getter v1.7.5 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect @@ -200,6 +200,7 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect @@ -234,7 +235,7 @@ require ( github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect - github.com/sergi/go-diff v1.3.1 // indirect + github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/shopspring/decimal v1.2.0 // indirect github.com/shteou/go-ignore v0.3.1 // indirect github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 // indirect @@ -267,8 +268,7 @@ require ( go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect - go.uber.org/atomic v1.11.0 // indirect - go.uber.org/multierr v1.9.0 // indirect + go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.24.0 // indirect golang.org/x/mod v0.17.0 // indirect golang.org/x/sync v0.7.0 // indirect @@ -288,23 +288,23 @@ require ( gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/apiserver v0.26.15 // indirect - k8s.io/cli-runtime v0.26.15 // indirect - k8s.io/component-base v0.26.15 // indirect - k8s.io/component-helpers v0.26.15 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/kube-aggregator v0.26.15 // indirect - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/kubectl v0.26.15 // indirect - k8s.io/kubernetes v1.26.15 // indirect + k8s.io/apiserver v0.29.6 // indirect + k8s.io/cli-runtime v0.29.6 // indirect + k8s.io/component-base v0.29.6 // indirect + k8s.io/component-helpers v0.29.6 // indirect + k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/kube-aggregator v0.29.6 // indirect + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/kubectl v0.29.6 // indirect + k8s.io/kubernetes v1.29.6 // indirect k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 // indirect muzzammil.xyz/jsonc v1.0.0 // indirect olympos.io/encoding/edn v0.0.0-20201019073823-d3554ca0b0a3 // indirect oras.land/oras-go/v2 v2.3.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.12.1 // indirect - sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect + sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) ``` ### Feedback & Suggestions: 1. **Toolchain Update**: - The update from `go1.21.6` to `go1.22.5` is generally good for keeping up with the latest Go features and improvements. However, ensure that all dependencies are compatible with Go 1.22.5 to avoid any runtime issues. 2. **Dependency Updates**: - **Argo CD**: Updating `github.com/argoproj/argo-cd/v2` from `v2.11.6` to `v2.12.0` is good for getting the latest features and bug fixes. Ensure that the new version does not introduce breaking changes. - **Kubernetes Dependencies**: Updating `k8s.io/api`, `k8s.io/apiextensions-apiserver`, `k8s.io/apimachinery`, and `k8s.io/client-go` to `v0.29.6` is beneficial for compatibility with the latest Kubernetes features. However, verify that these updates do not break existing functionality. - **Controller Runtime**: The update from `sigs.k8s.io/controller-runtime v0.14.7` to `v0.17.2` should be carefully tested as it might introduce breaking changes. - **ProtonMail Crypto**: Updating `github.com/ProtonMail/go-crypto` to `v1.0.0` is a significant version bump. Ensure that the new version is backward compatible. - **Other Libraries**: Updates to libraries like `github.com/emicklei/go-restful/v3`, `github.com/evanphx/json-patch/v5`, `github.com/go-git/go-git/v5`, etc., should be tested to ensure they do not introduce any regressions. 3. **New Indirect Dependencies**: - **Minio Blake2b**: The addition of `github.com/minio/blake2b-simd` as an indirect dependency should be reviewed to ensure it does not introduce any security vulnerabilities or performance issues. - **Google Gnostic Models**: The addition of `github.com/google/gnostic-models` should be checked for compatibility and necessity. 4. **Removed Dependencies**: - **go.uber.org/atomic**: The removal of `go.uber.org/atomic` might affect parts of the code that rely on atomic operations. Ensure that this removal is intentional and does not break any functionality. 5. **General Advice**: - **Testing**: After making these updates, run comprehensive tests to ensure that all functionalities work as expected. - **Security**: Review the changelogs of the updated dependencies for any security patches or vulnerabilities that might affect your project. ---

Dependency Review

Click to read mergecats review! No suggestions found
dependabot[bot] commented 3 weeks ago

Superseded by #260.