Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.1

zapier / kubechecks

Check your Kubernetes changes before they hit the cluster

Mozilla Public License 2.0

155 stars 14 forks source link

Bumps github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.1.

Release notes

Sourced from github.com/argoproj/argo-cd/v2's releases.

v2.12.1

Quick Start

Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.1/manifests/install.yaml
HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.1/manifests/ha/install.yaml
Release Signatures and Provenance

All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Changelog

Bug fixes

952838cdde0a1825986acb7356090a24b321af69: fix(appset): cherry-pick - fix appset-in-any-namespace issue with git generators (#19558) (@ishitasequeira)

b156b61e223e70f425d3c7a28d6cbd647b757395: fix(appset): missing permissions for cluster install (#19059) (#19430) (#19435) (@gcp-cherry-pick-bot[bot])

7af4526666e1d9500695b82d945797da9071c5fd: fix: appset gpg limitation for templated project fields (#19492) (#19534) (@gcp-cherry-pick-bot[bot])

fd478450e68c59fb6e240ea2f8f8c1ebf6be153c: fix: docs version regex changed (#18756) (#19352) (@ft-jasong)

Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.12.0...v2.12.1

v2.12.0

Quick Start

Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.0/manifests/install.yaml
HA:
</tr></table> 

... (truncated)

Changelog

Sourced from github.com/argoproj/argo-cd/v2's changelog.

Changelog

v2.4.8 (2022-07-29)

Bug fixes

feat: support application level extensions (#9923)

feat: support multiple extensions per resource group/kind (#9834)

fix: extensions is not loading for ConfigMap/Pods (#10010)

fix: upgrade moment from 2.29.2 to 2.29.3 (#9330)

fix: skip redirect url validation when it's the base href (#10058) (#10116)

fix: avoid CVE-2022-28948 (#10093)

fix: Set HOST_ARCH for yarn build from platform (#10018)

Other changes

chore(deps): bump moment from 2.29.3 to 2.29.4 in /ui (#9897)

docs: add OpenSSH breaking change notes (#10104)

chore: update parse-url (#10101)

docs: add api field example in the appset security doc (#10087)

chore: update redis to 7.0.4 avoid CVE-2022-30065 (#10059)

docs: add argocd-server grpc metric usage (#10007)

chore: upgrade Dex to 2.32.0 (#10036) (#10042)

chore: update redis to avoid CVE-2022-2097 (#10031)

chore: update haproxy to 2.0.29 for redis-ha (#10045)

v2.4.7 (2022-07-18)

Bug fixes

fix: Support files in argocd.argoproj.io/manifest-generate-paths annotation (#9908) fix: terminal websocket write lock to avoid races (#10011) fix: updated all a tags to Link tags in app summary (#9777) fix: e2e test to use func from clusterauth instead creating one with old logic (#9989) fix: add missing download CLI tool URL response for ppc64le, s390x (#9983)

Other

chore: upgrade parse-url to avoid SNYK-JS-PARSEURL-2936249 (#9826) docs: use quotes to emphasize that ConfigMap value is a string (#9995) docs: document directory app include/exclude fields (#9997) docs: simplify Docker toolchain docs (#9966) (#10006) docs: supported versions (#9876)

v2.4.6 (2022-07-12)

Features

feat: Treat connection reset as a retryable error (#9739)

... (truncated)

Commits

26b2039 Bump version to 2.12.1 (#19568)
952838c fix(appset): cherry-pick - fix appset-in-any-namespace issue with git generat...
7af4526 fix: appset gpg limitation for templated project fields (#19492) (#19534)
b156b61 fix(appset): missing permissions for cluster install (#19059) (#19430) (#19435)
fd47845 fix: docs version regex changed (#18756) (#19352)
ec30a48 Bump version to 2.12.0 (#19383)
57e61b2 feat: Add custom health check for cluster-api AWSManagedControlPlane (#19304)...
6f2ae0d Bump version to 2.12.0-rc5 (#19349)
3e31ce9 fix: ArgoCD 2.11 - Loop of PATCH calls to Application objects (#19340) (#19343)
dee59f3 feat(rbac): allow validation of fine-grained policy in project (#19338) (#19339)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Mergecat's Review

Click to read mergecats review!

## 😼 Mergecat review of go.mod ```diff @@ -1,11 +1,10 @@ module github.com/zapier/kubechecks go 1.21 - -toolchain go1.21.6 +toolchain go1.22.5 require ( - github.com/argoproj/argo-cd/v2 v2.11.6 + github.com/argoproj/argo-cd/v2 v2.12.1 github.com/argoproj/gitops-engine v0.7.1-0.20240715141605-18ba62e1f1fb github.com/aws/aws-sdk-go-v2 v1.30.1 github.com/aws/aws-sdk-go-v2/config v1.27.24 @@ -57,11 +56,11 @@ require ( google.golang.org/grpc v1.64.0 gopkg.in/dealancer/validate.v2 v2.1.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.26.15 - k8s.io/apiextensions-apiserver v0.26.10 - k8s.io/apimachinery v0.26.15 - k8s.io/client-go v0.26.15 - sigs.k8s.io/controller-runtime v0.14.7 + k8s.io/api v0.29.6 + k8s.io/apiextensions-apiserver v0.29.6 + k8s.io/apimachinery v0.29.6 + k8s.io/client-go v0.29.6 + sigs.k8s.io/controller-runtime v0.17.2 sigs.k8s.io/yaml v1.4.0 ) @@ -83,7 +82,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect + github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect @@ -122,20 +121,20 @@ require ( github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/emicklei/go-restful/v3 v3.10.2 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.6.0 // indirect + github.com/evanphx/json-patch/v5 v5.8.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/camelcase v1.0.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/fvbommel/sortorder v1.0.1 // indirect + github.com/fvbommel/sortorder v1.1.0 // indirect github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect - github.com/go-git/go-git/v5 v5.11.0 // indirect + github.com/go-git/go-git/v5 v5.12.0 // indirect github.com/go-ini/ini v1.67.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-logr/logr v1.4.2 // indirect @@ -152,6 +151,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.2 // indirect github.com/google/gnostic v0.6.9 // indirect + github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-jsonnet v0.20.0 // indirect @@ -171,7 +171,7 @@ require ( github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-getter v1.7.5 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect @@ -200,6 +200,7 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect @@ -234,7 +235,7 @@ require ( github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect - github.com/sergi/go-diff v1.3.1 // indirect + github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/shopspring/decimal v1.2.0 // indirect github.com/shteou/go-ignore v0.3.1 // indirect github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 // indirect @@ -267,8 +268,7 @@ require ( go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect - go.uber.org/atomic v1.11.0 // indirect - go.uber.org/multierr v1.9.0 // indirect + go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.24.0 // indirect golang.org/x/mod v0.17.0 // indirect golang.org/x/sync v0.7.0 // indirect @@ -288,23 +288,23 @@ require ( gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/apiserver v0.26.15 // indirect - k8s.io/cli-runtime v0.26.15 // indirect - k8s.io/component-base v0.26.15 // indirect - k8s.io/component-helpers v0.26.15 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/kube-aggregator v0.26.15 // indirect - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/kubectl v0.26.15 // indirect - k8s.io/kubernetes v1.26.15 // indirect + k8s.io/apiserver v0.29.6 // indirect + k8s.io/cli-runtime v0.29.6 // indirect + k8s.io/component-base v0.29.6 // indirect + k8s.io/component-helpers v0.29.6 // indirect + k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/kube-aggregator v0.29.6 // indirect + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/kubectl v0.29.6 // indirect + k8s.io/kubernetes v1.29.6 // indirect k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 // indirect muzzammil.xyz/jsonc v1.0.0 // indirect olympos.io/encoding/edn v0.0.0-20201019073823-d3554ca0b0a3 // indirect oras.land/oras-go/v2 v2.3.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.12.1 // indirect - sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect + sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) ``` ### Feedback & Suggestions: 1. **Toolchain Update**: - The update from `go1.21.6` to `go1.22.5` is generally good for keeping up with the latest features and security patches. Ensure that all dependencies are compatible with Go 1.22.5. 2. **Dependency Updates**: - **Argo CD**: Updated from `v2.11.6` to `v2.12.1`. Ensure that the new version does not introduce breaking changes. - **Kubernetes Dependencies**: Updated from `v0.26.15` to `v0.29.6`. This is a significant version jump. Verify that there are no breaking changes or deprecated features that could affect your project. - **Controller Runtime**: Updated from `v0.14.7` to `v0.17.2`. Similar to the Kubernetes dependencies, ensure compatibility. - **ProtonMail Crypto**: Updated from a specific commit to `v1.0.0`. This is a stable release, which is generally good, but check for any changes in the API. - **Other Libraries**: Updates to various other libraries (e.g., `go-restful`, `json-patch`, `sortorder`, `go-git`, etc.). Ensure that these updates do not introduce any breaking changes or new bugs. 3. **New Indirect Dependencies**: - **google/gnostic-models**: Added as an indirect dependency. Ensure that this is necessary and does not introduce any unwanted side effects. - **minio/blake2b-simd**: Added as an indirect dependency. Verify its necessity and impact on your project. 4. **Removed Indirect Dependency**: - **go.uber.org/atomic**: Removed. Ensure that this removal does not affect any part of your codebase that might have been using it indirectly. 5. **General Advice**: - **Testing**: After updating dependencies, run your full test suite to catch any issues early. - **Documentation**: Update any relevant documentation to reflect the changes in dependencies and toolchain. - **Security**: Review the changelogs of the updated dependencies for any security patches or vulnerabilities that have been addressed. ---

zapier / kubechecks