Update dependency argoproj/argo-cd to v2.3.4 (!307) · Merge requests · Tristan Gosselin-Hane / infrastructure

Renovate Bot requested to merge renovate/argoproj-argo-cd-2.x into master May 18, 2022

This MR contains the following updates:

Package	Type	Update	Change
argoproj/argo-cd	Kustomization	patch	`v2.3.3` -> `v2.3.4`

Release Notes

argoproj/argo-cd

`v2.3.4`

Compare Source

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.3.4/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.3.4/manifests/ha/install.yaml

Notes

This is a security release. We urge all users of the 2.3.z branch to update as soon as possible. Please refer to the Security fixes section below for more details.

Security fixes

CRITICAL: Argo CD will trust invalid JWT claims if anonymous access is enabled (https://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj)
LOW: Login screen allows message spoofing if SSO is enabled (https://github.com/argoproj/argo-cd/security/advisories/GHSA-xmg8-99r8-jc2j)
MODERATE: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server (https://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h)

Bug Fixes

fix: Fix docs build error (#8895)
fix: fix broken monaco editor collapse icons (#8709)
chore: upgrade to go 1.17.8 (#8866) (#9004)
fix: allow cli/ui to follow logs (#8987) (#9065)

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot.

Update dependency argoproj/argo-cd to v2.3.4