Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.0 #257

dependabot · 2024-08-12T18:33:24Z

Bumps github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.0.

Release notes

Sourced from github.com/argoproj/argo-cd/v2's releases.

v2.12.0

Quick Start

Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.0/manifests/install.yaml
HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.0/manifests/ha/install.yaml
Release Signatures and Provenance

All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Known Issues

ApplicationSets with git generators and a templated spec.template.spec.project field will fail to reconcile due to a bug in the new git signature verification feature.

Changelog

Features

57e61b2d8a7c33bd5dd12f305a255d1185d782fb: feat: Add custom health check for cluster-api AWSManagedControlPlane (#19304) (#19360) (@gcp-cherry-pick-bot[bot])

Full Changelog: argoproj/argo-cd@v2.12.0-rc5...v2.12.0

v2.12.0-rc5

Quick Start

Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.0-rc5/manifests/install.yaml
HA:

... (truncated)

Commits

ec30a48 Bump version to 2.12.0 (#19383)
57e61b2 feat: Add custom health check for cluster-api AWSManagedControlPlane (#19304)...
6f2ae0d Bump version to 2.12.0-rc5 (#19349)
3e31ce9 fix: ArgoCD 2.11 - Loop of PATCH calls to Application objects (#19340) (#19343)
dee59f3 feat(rbac): allow validation of fine-grained policy in project (#19338) (#19339)
d6c37aa Merge commit from fork (#19330)
eaa1972 feat: webhook ddos -2.12 (#19329)
004cabb fix(applicationset): ensure that older applicationStatus is updated with new ...
d926310 chore: revert "feat: removed legacy app tracking label (#13203)" (cherry-pick...
cec8504 fix: cherry-pick #18761 (v2.12) (#19109)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/argoproj/argo-cd/v2](https://github.com/argoproj/argo-cd) from 2.11.6 to 2.12.0. - [Release notes](https://github.com/argoproj/argo-cd/releases) - [Changelog](https://github.com/argoproj/argo-cd/blob/master/CHANGELOG.md) - [Commits](argoproj/argo-cd@v2.11.6...v2.12.0) --- updated-dependencies: - dependency-name: github.com/argoproj/argo-cd/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

zapier-sre-bot · 2024-08-12T18:34:11Z

Mergecat's Review

Click to read mergecats review!

😼 Mergecat review of go.mod

@@ -1,11 +1,10 @@
 module github.com/zapier/kubechecks
 
 go 1.21
-
-toolchain go1.21.6
+toolchain go1.22.5
 
 require (
-	github.com/argoproj/argo-cd/v2 v2.11.6
+	github.com/argoproj/argo-cd/v2 v2.12.0
 	github.com/argoproj/gitops-engine v0.7.1-0.20240715141605-18ba62e1f1fb
 	github.com/aws/aws-sdk-go-v2 v1.30.1
 	github.com/aws/aws-sdk-go-v2/config v1.27.24
@@ -57,11 +56,11 @@ require (
 	google.golang.org/grpc v1.64.0
 	gopkg.in/dealancer/validate.v2 v2.1.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.26.15
-	k8s.io/apiextensions-apiserver v0.26.10
-	k8s.io/apimachinery v0.26.15
-	k8s.io/client-go v0.26.15
-	sigs.k8s.io/controller-runtime v0.14.7
+	k8s.io/api v0.29.6
+	k8s.io/apiextensions-apiserver v0.29.6
+	k8s.io/apimachinery v0.29.6
+	k8s.io/client-go v0.29.6
+	sigs.k8s.io/controller-runtime v0.17.2
 	sigs.k8s.io/yaml v1.4.0
 )
 
@@ -83,7 +82,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
@@ -122,20 +121,20 @@ require (
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.2 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
-	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.8.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/fvbommel/sortorder v1.0.1 // indirect
+	github.com/fvbommel/sortorder v1.1.0 // indirect
 	github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
-	github.com/go-git/go-git/v5 v5.11.0 // indirect
+	github.com/go-git/go-git/v5 v5.12.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
@@ -152,6 +151,7 @@ require (
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-github/v53 v53.2.0 // indirect
 	github.com/google/go-jsonnet v0.20.0 // indirect
@@ -171,7 +171,7 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-getter v1.7.5 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -200,6 +200,7 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
@@ -234,7 +235,7 @@ require (
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
-	github.com/sergi/go-diff v1.3.1 // indirect
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/shteou/go-ignore v0.3.1 // indirect
 	github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 // indirect
@@ -267,8 +268,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.28.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
@@ -288,23 +288,23 @@ require (
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/apiserver v0.26.15 // indirect
-	k8s.io/cli-runtime v0.26.15 // indirect
-	k8s.io/component-base v0.26.15 // indirect
-	k8s.io/component-helpers v0.26.15 // indirect
-	k8s.io/klog/v2 v2.100.1 // indirect
-	k8s.io/kube-aggregator v0.26.15 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
-	k8s.io/kubectl v0.26.15 // indirect
-	k8s.io/kubernetes v1.26.15 // indirect
+	k8s.io/apiserver v0.29.6 // indirect
+	k8s.io/cli-runtime v0.29.6 // indirect
+	k8s.io/component-base v0.29.6 // indirect
+	k8s.io/component-helpers v0.29.6 // indirect
+	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/kube-aggregator v0.29.6 // indirect
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/kubectl v0.29.6 // indirect
+	k8s.io/kubernetes v1.29.6 // indirect
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect
 	layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 // indirect
 	muzzammil.xyz/jsonc v1.0.0 // indirect
 	olympos.io/encoding/edn v0.0.0-20201019073823-d3554ca0b0a3 // indirect
 	oras.land/oras-go/v2 v2.3.1 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/kustomize/api v0.12.1 // indirect
-	sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect
+	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
+	sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )

Feedback & Suggestions:

Toolchain Update:
- The update from go1.21.6 to go1.22.5 is generally good for keeping up with the latest Go features and improvements. However, ensure that all dependencies are compatible with Go 1.22.5 to avoid any runtime issues.
Dependency Updates:
- Argo CD: Updating github.com/argoproj/argo-cd/v2 from v2.11.6 to v2.12.0 is good for getting the latest features and bug fixes. Ensure that the new version does not introduce breaking changes.
- Kubernetes Dependencies: Updating k8s.io/api, k8s.io/apiextensions-apiserver, k8s.io/apimachinery, and k8s.io/client-go to v0.29.6 is beneficial for compatibility with the latest Kubernetes features. However, verify that these updates do not break existing functionality.
- Controller Runtime: The update from sigs.k8s.io/controller-runtime v0.14.7 to v0.17.2 should be carefully tested as it might introduce breaking changes.
- ProtonMail Crypto: Updating github.com/ProtonMail/go-crypto to v1.0.0 is a significant version bump. Ensure that the new version is backward compatible.
- Other Libraries: Updates to libraries like github.com/emicklei/go-restful/v3, github.com/evanphx/json-patch/v5, github.com/go-git/go-git/v5, etc., should be tested to ensure they do not introduce any regressions.
New Indirect Dependencies:
- Minio Blake2b: The addition of github.com/minio/blake2b-simd as an indirect dependency should be reviewed to ensure it does not introduce any security vulnerabilities or performance issues.
- Google Gnostic Models: The addition of github.com/google/gnostic-models should be checked for compatibility and necessity.
Removed Dependencies:
- go.uber.org/atomic: The removal of go.uber.org/atomic might affect parts of the code that rely on atomic operations. Ensure that this removal is intentional and does not break any functionality.
General Advice:
- Testing: After making these updates, run comprehensive tests to ensure that all functionalities work as expected.
- Security: Review the changelogs of the updated dependencies for any security patches or vulnerabilities that might affect your project.

Dependency Review

Click to read mergecats review!

No suggestions found

dependabot · 2024-08-19T18:13:38Z

Superseded by #260.

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 12, 2024

dependabot bot closed this Aug 19, 2024

dependabot bot deleted the dependabot/go_modules/github.com/argoproj/argo-cd/v2-2.12.0 branch August 19, 2024 18:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.0 #257

Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.0 #257

dependabot bot commented on behalf of github Aug 12, 2024

zapier-sre-bot commented Aug 12, 2024

😼 Mergecat review of go.mod

Feedback & Suggestions:

dependabot bot commented on behalf of github Aug 19, 2024

Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.0 #257

Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.12.0 #257

Conversation

dependabot bot commented on behalf of github Aug 12, 2024

v2.12.0

Quick Start

Non-HA:

HA:

Release Signatures and Provenance

Upgrading

Known Issues

Changelog

Features

v2.12.0-rc5

Quick Start

Non-HA:

HA:

zapier-sre-bot commented Aug 12, 2024

Mergecat's Review

😼 Mergecat review of go.mod

Feedback & Suggestions:

Dependency Review

dependabot bot commented on behalf of github Aug 19, 2024