Bump github.com/argoproj/argo-cd/v2 from 2.10.10 to 2.11.2

[dependabot]

Bumps github.com/argoproj/argo-cd/v2 from 2.10.10 to 2.11.2.

Release notes

Sourced from github.com/argoproj/argo-cd/v2's releases.

v2.11.2

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.11.2/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.11.2/manifests/ha/install.yaml

Release Signatures and Provenance

All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Changelog

Bug fixes

• 212a6ed05a306de78f1df0f5c21064ed2561544a: fix(deps): upgrade otel dependency (#18285) (#18324) (@​gcp-cherry-pick-bot[bot])
• 2b463d4103be1d9175b8d60beb7c5c421ece9348: fix: remove Egress NetworkPolicy for argocd-redis and argocd-redis-ha-haproxy (#18367) (#18372) (@​gcp-cherry-pick-bot[bot])
• 9d58e7e330f3ad67ae092d77c83b6419169200ae: fix: revert registry change (#18328) (@​crenshaw-dev)

Documentation

• 140ffdda4d91de280e1ade4496b8f8c6d663636d: docs: add v2.11 notes to upgrading page (#18333) (@​crenshaw-dev)

Other work

• 47e7470726715d409a0397d617a6c0756b9e2647: chore(ci): fix release notes (#18132) (#18330) (@​gcp-cherry-pick-bot[bot])

Full Changelog: argoproj/argo-cd@v2.11.1...v2.11.2

v2.11.1

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.11.1/manifests/install.yaml

... (truncated)

Commits

• 25f7504 Bump version to 2.11.2 (#18384)
• 2b463d4 fix: remove Egress NetworkPolicy for argocd-redis and argocd-redis-ha-haproxy...
• 9d58e7e fix: revert registry change (#18328)
• 212a6ed fix(deps): upgrade otel dependency (#18285) (#18324)
• 140ffdd docs: add v2.11 notes to upgrading page (#18333)
• 47e7470 chore(ci): fix release notes (#18132) (#18330)
• 9f40df0 Bump version to 2.11.1 (#18319)
• 6ef7b62 Merge pull request from GHSA-9766-5277-j5hr
• f1a449e Merge pull request from GHSA-9766-5277-j5hr
• 6530c6f fix: UI MultiSource - Helm Chart with values.yaml (#18188) (#18200)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[zapier-sre-bot]

Mergecat's Review

Click to read mergecats review!

😼 Mergecat review of go.mod

@@ -5,7 +5,7 @@ go 1.21
 toolchain go1.21.6
 
 require (
-	github.com/argoproj/argo-cd/v2 v2.10.10
+	github.com/argoproj/argo-cd/v2 v2.11.2
 	github.com/argoproj/gitops-engine v0.7.1-0.20240416142647-fbecbb86e412
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
@@ -103,7 +103,7 @@ require (
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.10.2 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect

Feedback & Suggestions:

1. Dependency Updates: The updates to github.com/argoproj/argo-cd/v2 and github.com/evanphx/json-patch are generally good for keeping dependencies current. However, ensure that these updates are compatible with your codebase and do not introduce breaking changes. Run your test suite thoroughly to catch any issues early.

2. Security Considerations: Always check the changelogs or release notes of the updated dependencies for any security patches or vulnerabilities that have been addressed. This is crucial to maintain the security posture of your application.

3. Version Pinning: Consider pinning the versions more strictly if you are not already doing so. For example, instead of v2.11.2, you might use v2.11.2+incompatible if applicable, to avoid unintentional updates that could break your build.

4. Indirect Dependencies: The // indirect comment indicates that these dependencies are not directly imported by your code but are required by other dependencies. Regularly review these to ensure they are still necessary and consider removing any that are no longer needed to keep your dependency tree clean.

---

---

Dependency Review

Click to read mergecats review!

No suggestions found

[github-actions]

Temporary image deleted.