Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: update dependency argoproj/argo-cd to v2.6.7 #1121

Merged
merged 1 commit into from
Mar 27, 2023
Merged

deps: update dependency argoproj/argo-cd to v2.6.7 #1121

merged 1 commit into from
Mar 27, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 26, 2023

Mend Renovate

This PR contains the following updates:

Package Update Change
argoproj/argo-cd patch v2.6.6 -> v2.6.7

Release Notes

argoproj/argo-cd

v2.6.7

Compare Source

Quick Start

Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.6.7/manifests/install.yaml
HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.6.7/manifests/ha/install.yaml

Breaking changes

As part of the fix for GHSA-2q5c-qw9c-fmvq, the API will now return "Unauthorized" instead of "Not found" if an Application does not exist. This change prevents leaking the existence or non-existence of Applications to unauthorized parties.

This change may break applications which depend on "Not found" responses from the Argo CD API's application endpoints.

Workarounds and potential long-term solutions will be discussed on https://github.com/argoproj/argo-cd/issues/13000.

The argocd app create CLI command for versions >= 2.5.0-rc1 and before this security patch is one such application which was affected. (See upgrade notes for details on that issue.)

Release signatures

All Argo CD container images and CLI binaries are signed by cosign. See the documentation on how to verify the signatures.

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEesHEB7vX5Y2RxXypjMy1nI1z7iRG
JI9/gt/sYqzpsa65aaNP4npM43DDxoIy/MQBo9s/mxGxmA+8UXeDpVC9vw==
-----END PUBLIC KEY-----

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Changes

This release includes 1 contributions from 1 contributors with 0 features and 0 bug fixes.

Security (1)
  • MODERATE: Authenticated but unauthorized users may enumerate Application names via the API (GHSA-2q5c-qw9c-fmvq)

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Vienna, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@codecov
Copy link

codecov bot commented Mar 26, 2023
edited
Loading

Codecov Report

Merging #1121 (c0b303d) into main (559acee) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1121   +/-   ##
=======================================
  Coverage   59.05%   59.05%           
=======================================
  Files         126      126           
  Lines       10023    10023           
=======================================
  Hits         5919     5919           
  Misses       3888     3888           
  Partials      216      216
Flag Coverage Δ
certificate-operator 64.15% <ø> (ø)
component-tests 60.61% <ø> (ø)
lifecycle-operator 78.52% <ø> (ø)
metrics-operator 77.35% <ø> (ø)
scheduler 21.17% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@renovate renovate bot force-pushed the renovate/argoproj-argo-cd-2.6.x branch 2 times, most recently from 17e15bc to 50faba1 Compare March 27, 2023 06:41
@renovate
deps: update dependency argoproj/argo-cd to v2.6.7
c0b303d 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/argoproj-argo-cd-2.6.x branch from 50faba1 to c0b303d Compare March 27, 2023 08:34
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

thschue
thschue approved these changes Mar 27, 2023
View reviewed changes
Copy link
Contributor

@thschue thschue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@odubajDT odubajDT merged commit 97c4b58 into main Mar 27, 2023
@odubajDT odubajDT deleted the renovate/argoproj-argo-cd-2.6.x branch March 27, 2023 13:58
@keptn-bot keptn-bot mentioned this pull request Mar 27, 2023
Merged
aepfli pushed a commit to aepfli/lifecycle-toolkit that referenced this pull request Mar 30, 2023
@renovate @aepfli
deps: update dependency argoproj/argo-cd to v2.6.7 (keptn#1121)
6922519 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thschue thschue thschue approved these changes

@bacherfl bacherfl bacherfl approved these changes

@thisthat thisthat Awaiting requested review from thisthat

Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bacherfl @thschue @odubajDT