Bump github.com/argoproj/argo-cd/v2 from 2.4.11 to 2.4.14

[dependabot[bot]]

Bumps github.com/argoproj/argo-cd/v2 from 2.4.11 to 2.4.14.

Release notes

Sourced from github.com/argoproj/argo-cd/v2's releases.

v2.4.14

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.4.14/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.4.14/manifests/ha/install.yaml

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Changes

Other

• chore: upgrade dex to v2.35.1 (#10797) (#10799)

v2.4.13

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.4.13/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.4.13/manifests/ha/install.yaml

Security fixes

CVE-2022-39222 is a backchannel attack against the Dex OIDC provider. If you are impacted Argo CD, an attacker could use the process described in the vulnerability description to steal an Argo CD token from some Argo CD user. The attacker could then impersonate the targeted user and act with the victim's privileges.

Am I impacted?

... (truncated)

Commits

• 029be59 Bump version to 2.4.14
• 65abd05 Bump version to 2.4.14
• b9fb762 chore: upgrade dex to v2.35.1 (#10797) (#10799)
• 19ec34e Bump version to 2.4.13
• 5f74aa5 Bump version to 2.4.13
• b350c11 docs: add note about multiple sync options on annotation (#10739)
• c271f1a docs: fix broken links in faq.md (#10744)
• e6bd946 chore: upgrade Dex to 2.35.0 (#10775)
• 2bb180b docs: syncWindows in project.yaml (#10591)
• 216b10e fix: fix subscription health check (#10450)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)