chore(argo-cd): Update dependency argoproj/argo-cd to v2.14.21 #6
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/argoproj-argo-cd-2.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
v2.14.2→v2.14.21Release Notes
argoproj/argo-cd (argoproj/argo-cd)
v2.14.21Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
8b31544: fix: make webhook payload handlers recover from panics (cherry-pick #24862 for 2.14) (#24926) (@jake-ciolek)Dependency updates
9b7bf3e: chore(deps): bump redis from 7.0.14 to 7.2.11 to address vuln (release-2.14) (#24892) (@carlosrodfern)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.20...v2.14.21
v2.14.20Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
4ab9cd4: fix: allow for backwards compatibility of durations defined in days (cherry-pick #24769 for 2.14) (#24772) (@argo-cd-cherry-pick-bot[bot])Other work
7b219ee: Merge commit from fork (@crenshaw-dev)e889f0a: Merge commit from fork (@crenshaw-dev)741f00e: Merge commit from fork (@crenshaw-dev)1f98e3f: Merge commit from fork (@thevilledev)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.19...v2.14.20
v2.14.19Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
4a133ce: fix: limit number of resources in appset status (#24690) (#24694) (@alexmt)Other work
376525e: ci(release): only set latest release in github when latest (#24525) (#24688) (@agaudreault)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.18...v2.14.19
v2.14.18Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
caa4dc1: fix(util): Fix default key exchange algorthims used for SSH connection to be FIPS compliant (#24499) (@anandf)4f6686f: fix: correct post-delete finalizer removal when cluster not found (cherry-pick #24415 for 2.14) (#24591) (@argo-cd-cherry-pick-bot[bot])4359b3c: fix: use informer in webhook handler to reduce memory usage (#24622) (#24628) (@alexmt)Documentation
3d76aa5: docs: Update URL for HA manifests to stable. (#24456) (@Kelketek)Other work
981e7f7: fix(2.14): change the appset namespace to server namespace when generating appset (#24481) (@nitishfy)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.17...v2.14.18
v2.14.17Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.16...v2.14.17
v2.14.16Compare Source
Quick Start
Use v2.14.17
There was an issue with immutable releases for v2.14.16 which caused some release steps to fail (uploading provenance and SBOMs). There should be nothing wrong with v2.14.16, but v2.14.17 is equivalent with a fully-successful release.
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
5d0a4f0: fix(appset): When Appset is deleted, the controller should reconcile applicationset #23723 (cherry-pick ##23823) (#23832) (@rumstead)d95b710: fix(controller): get commit server url from env (cherry-pick #23536) (#23543) (@gcp-cherry-pick-bot[bot])72e2387: fix(security): repository.GetDetailedProject exposes repo secrets (#24389) (@crenshaw-dev)8a3b2fd: fix(server): infer resource status health for apps-in-any-ns (#22944) (#23707) (@crenshaw-dev)ddb6073: fix: improves the ui message when an operation is terminated due to controller sync timeout (cherry-pick #23657) (#23673) (@gcp-cherry-pick-bot[bot])Other work
510b775: chore(cherry-pick-2.14): replace bitnami images (#24289) (@nitishfy)d77ecdf: chore: adds all components in goreman run script (cherry-pick #23777) (#23790) (@gcp-cherry-pick-bot[bot])f9bb3b6: chore: update Go to 1.24.6 (release-2.14) (#24091) (@thevilledev)f8eba3e: fix(cherry-pick-2.14): custom resource health for flux helm repository of type oci (#24339) (@adberger)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.15...v2.14.16
v2.14.15Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
ec51989: fix(applicationset): requeue applicationste when application status changes (#23413) (@rumstead)da2ef7d: fix(sync): auto-sync loop when FailOnSharedResource (#23357) (@agaudreault)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.14...v2.14.15
v2.14.14Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
a2361bf: fix: add cooldown to prevent resetting autoheal exp backoff preemptively (cherry-pick #23057) (#23188) (@gdsoumya)14fa0e0: fix: parse project with applicationset resource (cherry-pick #23252) (#23268) (@gcp-cherry-pick-bot[bot])2aceb1d: fix: update broken yarn.lock (#23212) (@svghadi)Other work
3c68b26: chore: upgrade Go from 1.23.4 to 1.24.4 (release-2.14) (#23294) (@thevilledev)e24ee58: chore: upgrade golangci-lint to v2 (release-2.14) (#23305) (@thevilledev)5f89062: chore: upgrade mockery to v2.53.4 (release-2.14) (#23316) (@thevilledev)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.13...v2.14.14
v2.14.13Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
This release fixes a critical security issue: GHSA-2hj5-g64g-fp6p
Other work
24d5722: Merge commit from fork (@crenshaw-dev)d213c30: chore: bump gitops-engine ssd fix (#23072) (@pjiang-dev)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.12...v2.14.13
v2.14.12Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
f7ad2ad: fix(ApplicationSet): Check strategy type to verify it's a progressive sync (cherry-pick #22563) (#22833) (@gcp-cherry-pick-bot[bot])ced6a78: fix(health): handle nil lastTransitionTime (#22897) (cherry-pick #22900) (#22909) (@gcp-cherry-pick-bot[bot])25235fb: fix(test): broken e2e test (cherry-pick #22975) (#23052) (@gcp-cherry-pick-bot[bot])78e61ba: fix: Only port-forward to ready pods (#10610) (cherry-pick #22794) (#22826) (@mikebryant)fe93963: fix: do not normalize resource tracking on live crds (#22722) - cherrypick 2.14 (#22746) (@blakepettersson)5bc6f47: fix: infinite reconciliation loop when app is in error (#23047) (@agaudreault)b163de0: fix: remove project from cache key for project scoped credentials (#22816) (@pjiang-dev)Dependency updates
efe5d29: chore(deps): resolve CVE GO-2025-3540, GO-2025-3503, GO-2025-3487 within 2.14.10 (#22709) (@nathanlaceyraft)Other work
3a9ab77: fix(commit-server): apply image override (cherry-pick #22916) (#22918) (@gcp-cherry-pick-bot[bot])Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.11...v2.14.12
v2.14.11Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Features
91f5445: feat(hydrator): handle sourceHydrator fields from webhook (#19397) (cherry-pick #22485) (#22754) (@gcp-cherry-pick-bot[bot])Bug fixes
0451723: fix(appset): generated app errors should use the default requeue (#21887) (cherry-pick #21936) (#22672) (@gcp-cherry-pick-bot[bot])f6f7d29: fix(ui): avoid spurious error on hydration (#22506) (cherry-pick #22711) (#22714) (@gcp-cherry-pick-bot[bot])Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.10...v2.14.11
v2.14.10Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
b31d700: fix(cli): wrong variable to store --no-proxy value (cherry-pick #21226) (#22590) (@gcp-cherry-pick-bot[bot])6b15a04: fix: [cherry-pick] selfhealattemptscount needs to be reset at times (#22095, #20978) (#22583) (@Aaron-9900)be81419: fix: login return_url doesn't work with custom server paths (cherry-pick #21588) (#22594) (@gcp-cherry-pick-bot[bot])3b308d6: fix: respect delete confirmation for argocd app deletion (cherry-pick #22657) (#22664) (@gcp-cherry-pick-bot[bot])Dependency updates
4826fb0: chore(deps): Update github.com/expr-lang/expr to v1.17.0 fixing CVE-2025-29786 (#22651) (@heshamelsherif97)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.9...v2.14.10
v2.14.9Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
31a5545: fix: Check for semver constraint matching in application webhook handler (cherry-pick #21648) (#22508) (@gcp-cherry-pick-bot[bot])Other work
c868711: chore(dep): bump gitops-engine 2.14 (#22520) (@pjiang-dev)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.8...v2.14.9
v2.14.8Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
9a9e62d: fix(server): fully populate app destination before project checks (#22408) (#22426) (@crenshaw-dev)7acdaa9: fix: CVE-2025-26791 upgrading redoc dep to 2.4.0 to avoid DOMPurify b… (#21997) (@nmirasch)872319e: fix: handle annotated git tags correctly in repo server cache (#21771) (#22424) (@aali309)Dependency updates
9f832cd: chore(deps): bump github.com/golang-jwt/jwt to 4.5.2/5.2.2 (#22465) (@crenshaw-dev)Other work
ec45e33: fix(ui, rbac): project-roles (#21829) (2.14 backport) (#22461) (@blakepettersson)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.7...v2.14.8
v2.14.7Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Dependency updates
3940782: chore(deps): bump gitops engine (#22405) (@crenshaw-dev)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.6...v2.14.7
v2.14.6Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Features
38c0376: feat(server): make deep copies of objects returned by informers (#22173) (#22179) (#22340) (@rumstead)Dependency updates
defd4be: chore(deps): Update go-git from 5.12.0 to 5.13.2 to include several CVE fixes (#22313) (@anandf)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.5...v2.14.6
v2.14.5Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Dependency updates
ed242b9: chore(deps): bump github.com/redis/go-redis/v9 from 9.7.0 to 9.7.1 (#21957) (#22255) (@anandf)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.4...v2.14.5
v2.14.4Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
52231db: fix(actions): don't run empty Lua scripts (#22084) (cherry-pick #22161) (#22172) (@gcp-cherry-pick-bot[bot])962d7a9: fix(ci): use pinned Helm version for init-release (#22164) (cherry-pick #22165) (#22171) (@gcp-cherry-pick-bot[bot])54170a4: fix: make codegen permissions (cherry-pick #21667) (#22145) (@gcp-cherry-pick-bot[bot])Dependency updates
2eab10a: chore(deps): revert accidental upgrade of go.mod packages (#22162) (@crenshaw-dev)2b1e829: chore(deps): switch gitops-engine back to release-2.14 branch (#22163) (@crenshaw-dev)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.3...v2.14.4
v2.14.3Compare Source
Known Issues
securityContextfields in Redis manifests.All these issues are fixed in 2.14.4.
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
aaed35c: fix(applicationset): ApplicationSets with rolling sync stuck in Pending (cherry-pick #20230) (#21948) (@gcp-cherry-pick-bot[bot])d79185a: fix(hydrator): don't get cluster or API versions for hydrator (#21985) (#22038) (@crenshaw-dev)2dd70de: fix(hydrator): don't use manifest-generate-paths (#22039) (cherry-pick #22015) (#22061) (@gcp-cherry-pick-bot[bot])3adb83c: fix(hydrator): refresh by annotation instead of work queue (#22016) (#22067) (@crenshaw-dev)71fd4e5: fix: Check placement exists before length check (#22060) (cherry-pick #22057) (#22089) (@gcp-cherry-pick-bot[bot])896a461: fix: New kube applier for server side diff dry run with refactoring (#21488) (#21819) (@andrii-korotkov-verkada)63edc3e: fix: accidental v3 imports (#22068) (@crenshaw-dev)cb1df5d: fix: correct lookup for the kustomization file when applying patches (cherry-pick #22024) (#22086) (@nitishfy)92a3c3d: fix: correctly set compareWith when requesting app refresh with delay (fixes #18998) (cherry-pick #21298) (#21952) (@gcp-cherry-pick-bot[bot])8f925c6: fix: fetch syncedRevision in UpdateRevisionForPaths (#21014) (cherry-pick #21015) (#22011) (@gcp-cherry-pick-bot[bot])Documentation
b5be1df: docs: document source hydrator maturity (cherry-pick #21969) (#21970) (@gcp-cherry-pick-bot[bot])Other work
2b422d2: chore: add cherry pick for v2.14 (#21901) (@nitishfy)Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.14.2...v2.14.3
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
⚠️ Artifact update problem
Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
File name: charts/argo-cd/Chart.yaml
File name: charts/argo-cd/Chart.yaml
View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Forgejo.Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.