chore(deps): update all non-major dependencies#22
Merged
barrydobson merged 1 commit intomainfrom Jul 7, 2025
Merged
Conversation
b018414 to
83566ac
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.60.0->v0.64.1v2.14.7->v2.14.15v2.69.0->v2.74.2v0.40.10->v0.50.6v0.50.71.16->1.17v3.42.1->v3.44.0v1.19.0->v1.20.0v3.17.2->v3.18.31.7.1->1.8.1v0.60.3->v0.63.0v0.64.0v0.27.0->v0.29.0v5.6.0->v5.7.01.32.3->1.33.2v4.45.1->v4.45.4v3.9.4->v3.10.2v0.2.75->v0.2.79v0.10.4->v0.11.2v0.55.1->v0.58.0v0.13.0->v0.13.1v0.6.7->v0.7.0Release Notes
aquasecurity/trivy (aquasecurity/trivy)
v0.64.1Compare Source
Changelog
86ee3c1release: v0.64.1 [release/v0.64] (#9122)4e12722fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127)9a7d384fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124)53adfbafix(rootio): check full version to detectroot.iopackages [backport: release/v0.64] (#9120)8cf1bf9fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119)v0.64.0Compare Source
👉 Trivy v.64.0 release notes (click here)
⬇️ Download Trivy
Full changelog
v0.63.0Compare Source
👉 Trivy v.63.0 release notes (click here)
⬇️ Download Trivy
Full changelog
v0.62.1Compare Source
Changelog
c75ed21release: v0.62.1 [release/v0.62] (#8825)aafebebchore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831)99485cffix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826)b4fc9e8fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824)v0.62.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/8801
Changelog
https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0620-2025-04-30
v0.61.1Compare Source
Changelog
7d3b4ffrelease: v0.61.1 [release/v0.61] (#8704)80d120ffix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748)9d6290bfix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699)3799ebbtest: useaquasecurityrepository for test images [backport: release/v0.61] (#8698)v0.61.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/8639
Changelog
https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0610-2025-03-28
argoproj/argo-cd (argoproj/argo-cd)
v2.14.15Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
ec51989: fix(applicationset): requeue applicationste when application status changes (#23413) (@rumstead)da2ef7d: fix(sync): auto-sync loop when FailOnSharedResource (#23357) (@agaudreault)Full Changelog: argoproj/argo-cd@v2.14.14...v2.14.15
v2.14.14Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
a2361bf: fix: add cooldown to prevent resetting autoheal exp backoff preemptively (cherry-pick #23057) (#23188) (@gdsoumya)14fa0e0: fix: parse project with applicationset resource (cherry-pick #23252) (#23268) (@gcp-cherry-pick-bot[bot])2aceb1d: fix: update broken yarn.lock (#23212) (@svghadi)Other work
3c68b26: chore: upgrade Go from 1.23.4 to 1.24.4 (release-2.14) (#23294) (@thevilledev)e24ee58: chore: upgrade golangci-lint to v2 (release-2.14) (#23305) (@thevilledev)5f89062: chore: upgrade mockery to v2.53.4 (release-2.14) (#23316) (@thevilledev)Full Changelog: argoproj/argo-cd@v2.14.13...v2.14.14
v2.14.13Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
This release fixes a critical security issue: GHSA-2hj5-g64g-fp6p
Other work
24d5722: Merge commit from fork (@crenshaw-dev)d213c30: chore: bump gitops-engine ssd fix (#23072) (@pjiang-dev)Full Changelog: argoproj/argo-cd@v2.14.12...v2.14.13
v2.14.12Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
f7ad2ad: fix(ApplicationSet): Check strategy type to verify it's a progressive sync (cherry-pick #22563) (#22833) (@gcp-cherry-pick-bot[bot])ced6a78: fix(health): handle nil lastTransitionTime (#22897) (cherry-pick #22900) (#22909) (@gcp-cherry-pick-bot[bot])25235fb: fix(test): broken e2e test (cherry-pick #22975) (#23052) (@gcp-cherry-pick-bot[bot])78e61ba: fix: Only port-forward to ready pods (#10610) (cherry-pick #22794) (#22826) (@mikebryant)fe93963: fix: do not normalize resource tracking on live crds (#22722) - cherrypick 2.14 (#22746) (@blakepettersson)5bc6f47: fix: infinite reconciliation loop when app is in error (#23047) (@agaudreault)b163de0: fix: remove project from cache key for project scoped credentials (#22816) (@pjiang-dev)Dependency updates
efe5d29: chore(deps): resolve CVE GO-2025-3540, GO-2025-3503, GO-2025-3487 within 2.14.10 (#22709) (@nathanlaceyraft)Other work
3a9ab77: fix(commit-server): apply image override (cherry-pick #22916) (#22918) (@gcp-cherry-pick-bot[bot])Full Changelog: argoproj/argo-cd@v2.14.11...v2.14.12
v2.14.11Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Features
91f5445: feat(hydrator): handle sourceHydrator fields from webhook (#19397) (cherry-pick #22485) (#22754) (@gcp-cherry-pick-bot[bot])Bug fixes
0451723: fix(appset): generated app errors should use the default requeue (#21887) (cherry-pick #21936) (#22672) (@gcp-cherry-pick-bot[bot])f6f7d29: fix(ui): avoid spurious error on hydration (#22506) (cherry-pick #22711) (#22714) (@gcp-cherry-pick-bot[bot])Full Changelog: argoproj/argo-cd@v2.14.10...v2.14.11
v2.14.10Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
b31d700: fix(cli): wrong variable to store --no-proxy value (cherry-pick #21226) (#22590) (@gcp-cherry-pick-bot[bot])6b15a04: fix: [cherry-pick] selfhealattemptscount needs to be reset at times (#22095, #20978) (#22583) (@Aaron-9900)be81419: fix: login return_url doesn't work with custom server paths (cherry-pick #21588) (#22594) (@gcp-cherry-pick-bot[bot])3b308d6: fix: respect delete confirmation for argocd app deletion (cherry-pick #22657) (#22664) (@gcp-cherry-pick-bot[bot])Dependency updates
4826fb0: chore(deps): Update github.com/expr-lang/expr to v1.17.0 fixing CVE-2025-29786 (#22651) (@heshamelsherif97)Full Changelog: argoproj/argo-cd@v2.14.9...v2.14.10
v2.14.9Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
31a5545: fix: Check for semver constraint matching in application webhook handler (cherry-pick #21648) (#22508) (@gcp-cherry-pick-bot[bot])Other work
c868711: chore(dep): bump gitops-engine 2.14 (#22520) (@pjiang-dev)Full Changelog: argoproj/argo-cd@v2.14.8...v2.14.9
v2.14.8Compare Source
Quick Start
Non-HA:
HA:
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
9a9e62d: fix(server): fully populate app destination before project checks (#22408) (#22426) (@crenshaw-dev)7acdaa9: fix: CVE-2025-26791 upgrading redoc dep to 2.4.0 to avoid DOMPurify b… (#21997) (@nmirasch)872319e: fix: handle annotated git tags correctly in repo server cache (#21771) (#22424) (@aali309)Dependency updates
9f832cd: chore(deps): bump github.com/golang-jwt/jwt to 4.5.2/5.2.2 (#22465) (@crenshaw-dev)Other work
ec45e33: fix(ui, rbac): project-roles (#21829) (2.14 backport) (#22461) (@blakepettersson)Full Changelog: argoproj/argo-cd@v2.14.7...v2.14.8
cli/cli (cli/cli)
v2.74.2: GitHub CLI 2.74.2Compare Source
What's Changed
🐛 Fixes
gh pr editby @BagToad in https://github.com/cli/cli/pull/11065📚 Docs & Chores
help wantedlabelling by @williammartin in https://github.com/cli/cli/pull/11105New Contributors
Full Changelog: cli/cli@v2.74.1...v2.74.2
v2.74.1: GitHub CLI 2.74.1Compare Source
What's Changed
@copilotingh [pr|issue] edit --add-assigneeand--remove-assigneeby @timrogers in https://github.com/cli/cli/pull/11056Full Changelog: cli/cli@v2.74.0...v2.74.1
v2.74.0: GitHub CLI 2.74.0Compare Source
Security
A security vulnerability has been identified in a core
ghdependency,go-gh, where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing.This issue is addressed in this
ghrelease by updatinggo-ghto a fixed version.For more information, see GHSA-g9f5-x53j-h563
What's changed
✨ Features
preview promptercommand by @BagToad in https://github.com/cli/cli/pull/10745--compactflag by @iamazeem in https://github.com/cli/cli/pull/10629🐛 Fixes
gh config --helpby @BagToad in https://github.com/cli/cli/pull/11003gh gist editpanic when no file in a gist by @phanen in https://github.com/cli/cli/pull/10627gh attestationcommands by @malancas in https://github.com/cli/cli/pull/10943📚 Docs & Chores
RenderJobsandRenderJobsCompactby @babakks in https://github.com/cli/cli/pull/11013--headoption topr listdocs by @babakks in https://github.com/cli/cli/pull/10979pr createwill print the created PR's URL by @babakks in https://github.com/cli/cli/pull/10980go-ghto v2.12.1 by @BagToad in https://github.com/cli/cli/pull/11043New Contributors
Full Changelog: cli/cli@v2.73.0...v2.74.0
v2.73.0: GitHub CLI 2.73.0Compare Source
You can now assign issues to GitHub Copilot directly from
gh, just as you would assign them to a teammate. Usegh issue edit <number> --add-assignee @​copilotto assign the GitHub Copilot coding agent, and Copilot will work in the background to understand the issue, propose a solution, and open a pull request when it's ready for your review. If you rungh issue editinteractively,Copilot (AI)will be displayed as a potential assignee. This feature is available for GitHub Copilot Pro+ and Copilot Enterprise subscribers. For more details, refer to the full changelog post for Copilot coding agent.What's Changed
✨ Features
issue editandpr editby @BagToad in https://github.com/cli/cli/pull/10992gh issue edit: actors are assignable to issues by @BagToad in https://github.com/cli/cli/pull/10960gh pr edit: Assign actors to pull requests by @BagToad in https://github.com/cli/cli/pull/10984issue edit,pr edit: handle display names in interactive assignee editing by @BagToad in https://github.com/cli/cli/pull/10990issue edit,pr edit: Support special non-interactive (flags) assignee name@copilotby @BagToad in https://github.com/cli/cli/pull/10991closedByPullRequestsReferencesJSON field by @iamazeem in https://github.com/cli/cli/pull/10941🐛 Fixes
StatusJSONResponseusage by @babakks in https://github.com/cli/cli/pull/10810gh pr view 0by @nopcoder in https://github.com/cli/cli/pull/10729📚 Docs & Chores
pr createby @williammartin in https://github.com/cli/cli/pull/10915gh attestation verifyby @malancas in https://github.com/cli/cli/pull/10670What's Changed
New Contributors
Full Changelog: cli/cli@v2.72.0...v2.73.0
v2.72.0: GitHub CLI 2.72.0Compare Source
This release marks the public preview of several accessibility improvements to the GitHub CLI that have been under development over the past year in partnership with our friends at Charm including:
These new experiences are captured in a new
gh a11yhelp topic command, which goes into greater detail into the motivation behind each of them as well as opt-in configuration settings / environment variables.We would like you to share your feedback and join us on this journey through one of GitHub Accessibility feedback channels! 🙌
What's Changed
✨ Features
gh accessibilityhelp topic highlighting GitHub CLI accessibility experiences by @andyfeller in https://github.com/cli/cli/pull/10890closingIssuesReferencesJSON field by @iamazeem in https://github.com/cli/cli/pull/10544🐛 Fixes
TestRepo/repo-set-defaultby @aconsuegra in https://github.com/cli/cli/pull/10884New Contributors
Full Changelog: cli/cli@v2.71.2...v2.72.0
v2.71.2: GitHub CLI 2.71.2Compare Source
What's Changed
Full Changelog: cli/cli@v2.71.1...v2.71.2
v2.71.1: GitHub CLI 2.71.1Compare Source
What's Changed
Full Changelog: cli/cli@v2.71.0...v2.71.1
v2.71.0: GitHub CLI 2.71.0Compare Source
What's Changed
✨ Features
gh pr create: Support Git's@{push}revision syntax for determining head ref by @BagToad in https://github.com/cli/cli/pull/10513gh config: add config settings for accessible prompter and disabling spinner by @BagToad in https://github.com/cli/cli/pull/10846🐛 Fixes
projectcommands use shared progress indicator by @BagToad in https://github.com/cli/cli/pull/10817issue viewby @williammartin in https://github.com/cli/cli/pull/10813issue createby @williammartin in https://github.com/cli/cli/pull/10815📚 Docs & Chores
New Contributors
Full Changelog: cli/cli@v2.70.0...v2.71.0
v2.70.0: GitHub CLI 2.70.0Compare Source
Accessibility
This release contains dark shipped changes that are part of a larger GitHub CLI accessibility preview still under development. More information about these will be announced later this month including various channels to work with GitHub and GitHub CLI maintainers on shaping these experiences.
Ensure table headers are thematically contrasting
#8292 is a long time issue where table headers were difficult to see in terminals with light background. Ahead of the aforementioned preview,
v2.70.0has shipped changes that improve the out-of-the-box experience based on terminal background detection.The following screenshots demonstrate the Mac Terminal using the Basic profile, which responds to user's appearance preferences:
For more information including demos from various official distributions, see #10649.
What's Changed
✨ Features
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.