🚀 argoproj/argo-cd - Release Notes

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.9/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.9/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 31a554568aa0cc3fa203ef7a0c59eb17705726c7: fix: Check for semver constraint matching in application webhook handler (cherry-pick #21648) (#22508) (@gcp-cherry-pick-bot[bot])
### Other work
* c868711d035bce8636f26218a41a04a1edfc0308: chore(dep): bump gitops-engine 2.14 (#22520) (@pjiang-dev)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.8...v2.14.9

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.0.0-rc3/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.0.0-rc3/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.

## Release Notes Blog Post
For a detailed breakdown of the key changes and improvements in this release, check out the [official blog post](https://blog.argoproj.io/argo-cd-v2-14-release-candidate-57a664791e2a)  

## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Dependency updates
* 20f0fc67860e9afb88ed4f9a5b690283753235c9: chore(deps): bump github.com/golang-jwt/jwt to 4.5.2/5.2.2 (#22464) (@crenshaw-dev)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v3.0.0-rc2...v3.0.0-rc3

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.8/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.8/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 9a9e62d392cd81928b163db6b65c00d09c4c4c6c: fix(server): fully populate app destination before project checks (#22408) (#22426) (@crenshaw-dev)
* 7acdaa96e04ab9a49a5754c66a9ae3d9d40d1e37: fix: CVE-2025-26791 upgrading redoc dep to 2.4.0 to avoid DOMPurify b… (#21997) (@nmirasch)
* 872319e8e759cc141d57ea870ba7ef974ab84fd8: fix: handle annotated git tags correctly in repo server cache (#21771) (#22424) (@aali309)
### Dependency updates
* 9f832cd099a2729bf5157282a6fa58423b2dca4d: chore(deps): bump github.com/golang-jwt/jwt to 4.5.2/5.2.2 (#22465) (@crenshaw-dev)
### Other work
* ec45e338006b2be0b52afc9c39c715cde7f7dff6: fix(ui, rbac): project-roles (#21829) (2.14 backport) (#22461) (@blakepettersson)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.7...v2.14.8

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.6/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.6/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 43f3cff4ca142ca1ca4b9f30beb0619e3c835acd: fix(ci): use pinned Helm version for init-release (#22164) (#22472) (@crenshaw-dev)
* 17a535f6d42f6bab6adaf1637daf1aa346e5982b: fix(server): Fix server crash due to race condition in go-redis triggered by DNS instability (#22251) (@anandf)
* 3875dde5ccc6213fb04a808b56998839a60be99b: fix: CVE-2025-26791 upgrading redoc dep to 2.4.0, DOMPurify before 3.2.4 (#21966) (@nmirasch)
* 6ef7f61d9ab1de20b6eb1516800eabdc7d9a7b3b: fix: correct lookup for the kustomization file when applying patches (cherry-pick #22024) (#22087) (@nitishfy)
* c7937f101cb3f882984f200510209dff9239449b: fix: correctly set compareWith when requesting app refresh with delay (fixes #18998) (cherry-pick #21298) (#21953) (@gcp-cherry-pick-bot[bot])
* 6207fd0040f0871d787ba3fa6b86ea0f2933441b: fix: handle annotated git tags correctly in repo server cache (#21771) (#22397) (@aali309)
### Dependency updates
* 58ded158632ebf16134239cc7935a954ead55251: chore(deps): bump github.com/golang-jwt/jwt to 4.5.2 (#22466) (@crenshaw-dev)
### Other work
* 8d0279895c0bfb394162ab7c77e07b48b5954b0e: chore: Update change log for 2.13.6  (#22438) (@keithchong)
* 180d6890af94bec86bf8f2e063f055c268309684: chore: cherry-pick #21786 for v2.13 (#21906) (@nitishfy)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.13.5...v2.13.6

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.11/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.11/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 7400d147c750a6a05bd247620ec4940b7c335742: fix(ci): use pinned Helm version for init-release (#22164) (#22473) (@crenshaw-dev)
* 44c36b86045c7069c1c4d8df44bc8c16eb7d4899: fix: CVE-2025-26791 upgrading redoc dep to 2.4.0 to avoid DOMPurify b… (#21994) (@nmirasch)
* 61a1c74b5354300b614347389f94b8b3b170b165: fix: correctly set compareWith when requesting app refresh with delay (fixes #18998) (cherry-pick #21298) (#21954) (@gcp-cherry-pick-bot[bot])
### Dependency updates
* 59f23e2a516646a9fe0b625925f3c10c35c3f1c0: chore(deps): bump github.com/golang-jwt/jwt to 4.5.2 (#22467) (@crenshaw-dev)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.12.10...v2.12.11

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.0.0-rc2/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.0.0-rc2/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.

## Release Notes Blog Post
For a detailed breakdown of the key changes and improvements in this release, check out the [official blog post](https://blog.argoproj.io/argo-cd-v3-0-release-candidate-a0b933f4e58f)  

## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 0d2471b3f93ace800cbe7af6cf718e922a6b1149: fix: Enable service account token automount for haproxy (#22226) (cherry-pick #22353) (#22406) (@gcp-cherry-pick-bot[bot])

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v3.0.0-rc1...v3.0.0-rc2

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.7/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.7/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Dependency updates
* 39407827d31e0a35593faef9af06464209d35d3f: chore(deps): bump gitops engine (#22405) (@crenshaw-dev)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.6...v2.14.7

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.6/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.6/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Features
* 38c03769af1d62ae07c0ffcf8f74d7a8cb283570: feat(server): make deep copies of objects returned by informers (#22173) (#22179) (#22340) (@rumstead)
### Dependency updates
* defd4be943983ccd2bafb52a822bd7e25045a86f: chore(deps): Update go-git from 5.12.0 to 5.13.2 to include several CVE fixes (#22313) (@anandf)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.5...v2.14.6

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.0.0-rc1/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.0.0-rc1/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.

## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/overview/) documentation.

## Changelog
### Features
* 402802b08974bb0f1c2e417f7a190d042813c108: feat!: Logs rbac enforce by default (#21678) (@reggie-k)
* cca748591737d568e5b976cb060b960c40bd8c14: feat!: update compareoptions default values  (#22230) (@agaudreault)
* 029927b25ee19b3b4dfaba554014233920a2b150: feat(appcontroller): store application health status in redis by default (#10312) (#21532) (@rumstead)
* f775e7bf28f9cd73fd8dd3f653817d4a1b10d47e: feat(appset): Add values to PR generator (#21557) (@dudo)
* b9131c180246272ad7edf441bb80736e683187ab: feat(cmp): pass empty env vars to plugins (#18720) (#22096) (@crenshaw-dev)
* ac50d8e1c11ce1ea4d943ae7723a1d4a8f9aa3ff: feat(config)!: exclude known interim resources by default (#20013) (#21635) (@agaudreault)
* 910b9518e4752472a3a9594b3a6b6b4f9796be78: feat(controller): enable batch event processing by default (#22338) (@crenshaw-dev)
* 7edaef54d456a9f5f59760f0bb4958e41a43fd94: feat(helm): upgrading helm to 3.17.0 (#21722) (@rumstead)
* 88e43cb730a26e58c52dbdf9e7df6cc5aa4801be: feat(kubectl): upgrading kubectl to 1.32.1 (#21724) (@rumstead)
* c6757573ae350c37ce601ab9b7787fd9b33164af: feat(kustomize): support --include-templates for labels (#15283) (#22069) (@crenshaw-dev)
* 6f9389c2ea6497d5285cde9e16e7e2b1bdcdb866: feat(log): support match case in pod log search (#21919) (@linghaoSu)
* feb7097fc9808bd725b26d012bf04121e5c59995: feat(metrics): add more kubectl metrics (#21720) (@crenshaw-dev)
* 606bd5b04393a06461d007d066da0f0d4a6c6d95: feat(rbac)!: disable fine-grained inheritance by default (#19988) (#20671) (@fffinkel)
* e3bd56972d98d139e79df85d930ac5dd441b3834: feat(server): make deep copies of objects returned by informers (#22173) (#22179) (@rumstead)
* 72962014b53970b7eae3922ee0458fdc6d896f92: feat(ui): Added link to start page in argo logo (#21461) (@surajyadav1108)
* 6d2792896598a39828b8716ba8437c1b50772cf8: feat(ui): highlight log lines by pod name (#21001) (@aali309)
* b8508f29162b91a547ec94b25df8e1011c6576fb: feat(ui): rename filter message status on SYNC STATUS view (#21061) (@aali309)
* 55f8a434d06ee335b195783a0a83c6a7c8dd3078: feat(ui): split arrays in yaml to fix ambiguous collapse when array items have nested objects (#21064) (@aali309)
* 0fab3cfeec9c68a4d762679b6cd8b5214d2ea2f3: feat(ui): support display sync wave (#20614) (@linghaoSu)
* 922c9e9cccf5e3652ba1c6934d670d1c9e3c3920: feat(ui): support filter repo when input (#21451) (@linghaoSu)
* 89c48172138eabe03b062989f5928ae9a19d5dc7: feat: Add support for Azure workload identity for Git and OCI repositories. (#21118) (@jagpreetstamber)
* f9ffb6ae35b23f2a47fb33b2017ae1ab6cb89efb: feat: Added env reference objects to manifests for otlp.attrs (#21563) (@almoelda)
* 0973409273918eebe0f8ff436056261cc477bfc7: feat: Kustomize ignore missing components (#18634) (#21674) (@bradkwadsworth)
* 74b35322a2639ad027c2fada1e675704faab9952: feat: Make certain Status panel items look more 'clickable' (#19698) (#22232) (@keithchong)
* c0b278738cd75621a1b3ed2128acfe19cb548700: feat: Support kube 1.32 (#21805) (@sivchari)
* d301b40c6b7b4061bf1741e8a155659c08856bbe: feat: Upgrade notifications engine (#22273) (@sivchari)
* c9c40684b79aea7deed03de8df9de77768b971a6: feat: add AND operator opt-in option for sync windows matches (#16846) (@adriananeci)
* f258c450b8d115df8185d103aebfeffbebdef8a6: feat: add `ARGOCD_APP_PROJECT_NAME` to the build environment (#15185) (#21586) (@MacroPower)
* c71dd1a9e670844e4a72d3851185cb61c3ddbec7: feat: add a check for user defined role referential integrity (#21065) (@devopsjedi)
* 8044d6849273bb6e3ad59ad35d94d8300e43c733: feat: add bearer token auth  (#21462) (@reggie-k)
* fa0b5f56abd38ee99a10dfd665dae3faf445e31d: feat: add force promote actions for Numaplane rollouts (#22141) (@dpadhiar)
* e4311d830926aba78d6ae1f69d4572df261fba91: feat: add name and labels in cluster metrics (#17870) (#18453) (@flbla)
* ecb9dbac426351f9079517f6af3c5ee653ec91b3: feat: add support for azure workload identity in Microsoft Entra SSO (#21433) (@jagpreetstamber)
* 951d9d3f17d53e79368886882949504c68e94070: feat: add the `--redis-compress` as the global flag to set redis compression. (#21786) (@nitishfy)
* 561cbef5cc360a2f8b750d6a35d117cfcfc6c5b7: feat: checking user defined roles and policies for referential integrity (#20825) (#22132) (@devopsjedi)
* d23e6ac79bb95a911b988551ba33bfc9939c5f18: feat: configurable log timestamp format (#21478) (@crenshaw-dev)
* c09e6fa6ad2f48017e2d66e65a679226414e6653: feat: improve StatefulSet immutable field error messages (#21209) (@aali309)
* 1698370363f8b5ca8df186d84012906c23a20390: feat: replace spdy with websocket for portforward and pod exec #21517 (#21518) (@maoqide)
* 3e09f946f4f229534bbcac7cf238546812e7a817: feat: resource customization for CustomResourceDefinition (#21416) (@almoelda)
* 6b002a51067387055c8cc7226c0c6b8a1e19121c: feat: upgrade to v1.32.2 (#22168) (@sivchari)
* fbd7f29056458deed52816d9cad3dc0139fe3656: feat: use errors.Join for debuggable (#22235) (@sivchari)
* dbdc1e737ab81184aa20a12430da69462fe138ff: feat: use log format config for klog (#5715) (#21458) (@crenshaw-dev)
### Bug fixes
* 46bfc10e4d4e84ec75245f554b2c9d0ed2348ab4: Revert "fix: Graceful shutdown for the API server (#18642) (#20981)" (#21221) (@pasha-codefresh)
* c6b00007f2b2c05093f34c89f69e2de34f6815a9: fix(actions): don't run empty Lua scripts (#22084) (#22161) (@crenshaw-dev)
* e6f94f227cf92e82652e79bd19ec91878da4e912: fix(appcontroller): selfhealattemptscount needs to be reset at times (#22095) (@blakepettersson)
* 079341c65cde946d260a1cb96324ce0be53f2b6b: fix(applicationset): ApplicationSets with rolling sync stuck in Pending (#20230) (@Fsero)
* f6a84a470d1f8241207280a8d334ec9cb021443f: fix(appset): Reconcile appset only once when appset is refreshed (fix 21171) (#21172) (@dacofr)
* f3509d2f8ac6c9067d53c3a45b6ccc66ab02ead3: fix(appset): dont requeue appsets on status change (#21364) (@rumstead)
* e852142fb9467d32cd580b633e744d34bd875adf: fix(appset): events not honouring configured namespaces (#21219) (#21241) (@eadred)
* e44ae96c0706ca15c8a7cd80ba352f2e19e4857e: fix(appset): generated app errors should use the default requeue (#21887) (#21936) (@rumstead)
* 922dd771e36973d8d1cc69ad14dd9e3002ab313a: fix(appset): improve git generator repo credential fallback (#21167) (@blakepettersson)
* 55aab6efb6e8dd510050e23b876ff25792e39e54: fix(appset): reverted Gitlab SCM HasPath search and consider 404 errors as file not found (#16253) (#21597) (@prune998)
* 37a7231bd3fe5c28470e1fbb46f34b3bdef98632: fix(appset): update gitlab SCM provider to search on parent folder (#16253) (#21491) (@prune998)
* 06bd2ad10f5124ba98364a85ff1ec42947d34706: fix(ci): all version bump changes go in the PR (#21409) (@crenshaw-dev)
* 2933154a5c05c45f2c5405e87973092cd0e03d82: fix(ci): get correct previous version, fail workflow if not (cherry-pick #22376) (#22377) (@gcp-cherry-pick-bot[bot])
* 15046b992e27856993d88d4609d3433b1948f6b3: fix(ci): handle major versions in compatibility table generator (cherry-pick #22370) (#22371) (@gcp-cherry-pick-bot[bot])
* 43d2a3d93772cab395e611a75ef6026a96282915: fix(ci): proto references bump (#21391) (@crenshaw-dev)
* 05c76253f0574c3a98134bca6319a71f257f5705: fix(ci): updating action-gh-release after upstream fix (#21407) (@rumstead)
* eb6732ec9e3a69cd9b28fb858471403f531cb3a6: fix(ci): use pinned Helm version for init-release (#22164) (#22165) (@crenshaw-dev)
* 6e4c8fd53d8fa9589ff6663b40b45058869329d5: fix(ci): use tags instead of branches (cherry-pick #22372) (#22373) (@gcp-cherry-pick-bot[bot])
* 99cd3c765015f04b5c6bd2265457a1809c6490ac: fix(cli): add flags to admin import for retrying updates on conflicts and skipping resources with specific labels. (#21694) (@ashutosh16)
* 85684a8919104ce0e286837d771a28437aeb160a: fix(cli): application cannot be refreshed when invalid and hangs (#21615) (@agaudreault)
* eb6dd46e194974d6216d8def5f80f10e127dd0dc: fix(cli): ignored resources should not be pruned during restore (#21894) (@agaudreault)
* 9c443b65013945c1cbae77b0ff24f2c07200529f: fix(cli): improve performance for admin export/import cmd (#22322) (@agaudreault)
* 546383a8e56355f90530c00a78385444efb943b1: fix(cli): log correct error message when updating a cluster that is not present (#22190) (@nitishfy)
* 613d06d0b1f258bfe8dd7f5aa5a57d9b231ddb22: fix(cli): use correct CA when adding kube-public clusters (#21326) (#21327) (@aminarefzadeh)
* f2ee9a62d2120abd2ba8eed1915ecb0011bcd0c9: fix(cli): wrong variable to store --no-proxy value (#21226) (@the-technat)
* 1a9f22625db5d5c968031e0a32c2ec1f6ce8ce60: fix(controller): rename cluster batch param and add to argocd-cmd-params-cm (#21402) (@crenshaw-dev)
* d54ae98b20a7700bb143804d6029a41c057bc0c2: fix(controller): wrong tracking annotation for malformed resources (#22325) (@crenshaw-dev)
* b4a63aeba87d5d4d7b0c72a608fe873abc8be7f6: fix(dex): always request `federated:id` scope (#17908) (#21726) (@agaudreault)
* ad09b9c744853d3dad0a7dbef27b49258dda6266: fix(docs): 2.14 upgrading docs (#21756) (@rumstead)
* 43822815f76cd5c0bd6989029f20f56b787f2420: fix(docs): Fix syntax in e2e test docs (#21796) (@pjiang-dev)
* 8545d214b6cf934ed1476f14a790657730e8bcc3: fix(docs): update --auth-token description in argocd_appset_update.md to account for environment variable (#22350) (@chengfang)
* 68d60cd09269e0f81b09188c8eee30f73d0f5720: fix(docs): update mkdocs for upgrade guide (#21768) (@rumstead)
* 7c7dda0e93c0745a1d50aa399b6f7caca3108027: fix(grafanadashboard): add memory units to panels showing memory usage (#22078) (@BWagenerGenerali)
* 9429275a91cbf78e81703e35bca25ce97f02e67c: fix(hydrator): UI nil checks (#21598) (@crenshaw-dev)
* 3baca9b6960691435e039dd756ae122a272ebd42: fix(hydrator): don't get cluster or API versions for hydrator (#21985) (@crenshaw-dev)
* 35009a7d1c278c5f609160651a843d17fcf1b8ef: fix(hydrator): don't use manifest-generate-paths (#22039) (#22015) (@crenshaw-dev)
* 8a97c1d138b4c7fe0c19af284f753b69cb4dda95: fix(hydrator): refresh by annotation instead of work queue (#22016) (@crenshaw-dev)
* d1574c204f8213a684962520fd8525827008dae0: fix(rbac): Add rights on applicationsets for the application controller (#20352) (@OpenGuidou)
* 13b7b09668307f8365346dd74c7bd032e216fecf: fix(settings): race condition on settings configMap (#21225) (@agaudreault)
* 416b7d0c32947b0adc7b85893c8d3901b59146e5: fix(test): Use t.Fatal instead of os.Exit in tests (part 1) (#21003) (#22114) (@andrii-korotkov-verkada)
* 2afcb6f107deada4210dec8f44b2f57cd95f93db: fix(test): delete CRD between tests, install CRD before syncing CRs (#22299) (@crenshaw-dev)
* fa747f987c83d6a761a6745a1b809ce1c741a111: fix(tests): Improved the e2e tests for app sync with impersonation feature (#21792) (@anandf)
* b88ad57986aa75af414f4316ad4a74f574cb157b: fix(ui): Added SSV option to helm type repos (#22006) (@surajyadav1108)
* 544aea18c32b34eac523791e7e2ef186abbd6daf: fix(ui): Cannot add an app that has both name and server destination (#21440) (@rpelczar)
* 1ce0123fa57a66998858b40b416e23b904354dda: fix(ui): Group Nodes breaks Kinds counts / views (#21337) (@surajyadav1108)
* 71c7700f2eb4578e23b59c082c19c0f784e36dbc: fix(ui): Show error message when max pods to view logs are reached (#21725) (@pjiang-dev)
* 854c62fc70bbc6b962c97b232cdb962e56086817: fix(ui): Solve issue with navigating with dropdown from an application's page (#21737) (@amit-o)
* 38b0fd5cd4cb675a9e5708d95c949192dfbd0f8c: fix(ui): columns-adjusted for kind and Namespace in sync details. (#21038) (@surajyadav1108)
* bfb04ddf3e9735a7a1e06c5b3c44c4de2f6ed9e8: fix(ui): parameter tab null ref w/ hydrator (#22097) (#22131) (@crenshaw-dev)
* e2e6faa3b53ef50aa3aac47a245410ac0f0c8d73: fix(ui): prevent parameter editor from resetting when props update (fixes #14351) (#21625) (@k4r1)
* 4202168c4424609698169dc0530168377838f9db: fix(ui): reduce rerender in pod log view (#22241) (@linghaoSu)
* 0d34340c20b6bb1770f4e0fa97de49848e4a0a7a: fix: 21062 Support GitLab "System Hook" webhooks for ApplicationSets (#21243) (@eadred)
* 911a9c6776afccb98a0c0f73bd749497c3a66ab4: fix: Add proxy registry key by dest server + name (#21791) (@leoluz)
* f39b425facb2a4fdc05193c85b51d145b0124d1c: fix: CVE-2024-21538 upgrading the indirect dep cross-spawn to greater than 7.0.5 (#21259) (@nmirasch)
* 644315ace198159ccb0dacc31ebac906a8b1ff12: fix: Change applicationset generate HTTP method to avoid route conflicts (#20758) (@amit-o)
* 1905d127a57c4cc30b9818c5bc08d2bee9a4bbc0: fix: Check placement exists before length check (#22060) (#22057) (@dhaiducek)
* 8841b0dd1d943b333e30c1d1de02dad77530e203: fix: Fix calculating SelfHealBackOff delay when exceeding maximum (#20976) (#20978) (@mrysavy)
* 4dcabb933e54f21cd922e7450c5b46ae86b08793: fix: Fix link about http middlewear and  add adopter hetao101 (#21802) (@wanghonglei5181)
* e3b333a8609134daa570c2b098134ef26e35ffa4: fix: JSON format (#22237) (@sivchari)
* 5b79c34c72300e6e2e6336051ce6992f6d54011c: fix: New kube applier for server side diff dry run with refactoring (#21488) (#21749) (@andrii-korotkov-verkada)
* a8f646e430781a3b1707d3bedde8ea4c8cd76e9a: fix: Notifications on-deployed would now be delivered if sync didn't change the health status of the app in a process (#22203) (#22204) (@andrii-korotkov-verkada)
* 7b1ed5218ae864d60792b7f424c13b7375a141ff: fix: On deployed trigger must consider race between last transition time and sync finished time (#9070) (#21944) (@andrii-korotkov-verkada)
* ed3cc488471a26d1f342eaf92a62a2731ac77ebb: fix: Policy/policy.open-cluster-management.io stuck in progressing status when no clusters match the policy (#21296) (#21297) (@mbaldessari)
* 43e594104212bae8ec15bacf7f31c504061842ee: fix: Race condition occurs during initial sharding (#22264) (@kahou82)
* 74244323f8495a2369b79dc0a26655b711d1afa5: fix: Rephrased sentence to a meaningfull one (#22113) (@babugeet)
* bfd72b42dff5e0b05d3748ff8ea1c20d1561976a: fix: Revert "fix: Race condition occurs during initial sharding (#22264)" (#22354) (@andrii-korotkov-verkada)
* f542ae51588405065557e8ede710a50042cf529e: fix: Revert "split arrays in yaml to fix ambiguous collapse when array items have nested objects (#21064)" (#22099) (#22128) (@andrii-korotkov-verkada)
* 4a1d0f3af5cb1f093b3b17a82093f48f36959b99: fix: Switch default logging to JSON (issue: 20897) (#21656) (@teddy-wahle)
* 0ed7c5618f727edb7aead256ff828def6da15b3e: fix: Unable to edit http repo credentials from ArgoCD UI (#22065) (@aali309)
* e8a3f7aa33c05b1e2e9011cadaa2d240f811a4ca: fix: Update argo-ui dependency to pull in OCI icon (#18646) (#21698) (@keithchong)
* 376e8d52605e8b18fc46e830892fe570968a30a8: fix: Update haproxy version to match the chart (#22226) (#22236) (@andrii-korotkov-verkada)
* 9f81cd47980805ed9b590ab418b121e33b8d5b8b: fix: Use ARGOCD_SERVER for default value (#21930) (@sivchari)
* 62ec9fef36b0e998e202405d70adb93ab3d78771: fix: Use t.Fatal instead of os.Exit in tests (part 2) (#21003) (#22187) (@andrii-korotkov-verkada)
* c93924b3ccabdf769510db58b7684e3dc8a2d20c: fix: Wait for Subscription resources to reach AtLatestKnown (#21425) (@vinzent)
* e6e92552167ad10ce7ca45c02f5534af6741e710: fix: correct lookup for the kustomization file when applying patches (#22024) (@nitishfy)
* f548fd7a247a0311ac31f9df5acf135fd44f401b: fix: correctly set compareWith when requesting app refresh with delay (fixes #18998) (#21298) (@shenxn)
* d183d9c614d05979f1327a554942a9e656f1c2ec: fix: dynamic cluster distribution issue 20965, update the shard… (#21042) (@ivan-cai)
* 49a4b7f14fb6a006d76446a1b44ad5309c8ebc2d: fix: fetch syncedRevision in UpdateRevisionForPaths (#21014) (#21015) (@toyamagu-2021)
* 563ccb20c7f9e246c1ac790f055fe2ce14e35fa4: fix: fix KustomizeImage Match function to pass added unit tests (#21872) (@chengfang)
* 6959e54f06688bb5409305c1b62e4c6625af40aa: fix: have argocd server pass the appLabelKey for proper caching (#22186) (@gdsoumya)
* 87671f55c512b306451855b4a4b4f2c4c2762045: fix: ignore prune=false resources from PruningRequired count  (#21941) (@gdsoumya)
* 75cb7fc42de2b6aa4e58c899a28a3a07d88cf671: fix: issue 22206 - fixes overlapping lines in logs by increasing line height (#22207) (@GP3-RS)
* eed70eed6ef38bb64cfa950dc5fcae37c244ce76: fix: login return_url doesn't work with custom server paths (#21588) (@alexmt)
* b600c5ec7d6bf5f84268a0495b92e4b6fe942aff: fix: make codegen permissions (#21667) (@dudo)
* c7e02eefdd6ea3e9ab84f4014724175dca0edac5: fix: make test fails with exec format error (#21630) (@reggie-k)
* 85c6d267ba9fd1e62e9f77ffdee7affc9ddd3f1f: fix: override sub with federated_claims.user_id when dex is used (#20683) (@aali309)
* 11b866578fa6aa6b115378bfb81cc800212261cd: fix: remove kustomize binary from git (#21526) (@rumstead)
* 686964daaa468bf4bf0ae76f3d84ed69a308723e: fix: removed null security context from redis-ha values.yaml to placate helm 3.17.1 (#22035) (@reggie-k)
* 6f383276477ec00b04644322885fb44b4949b299: fix: resolve the failing e2e appset tests for ksonnet applications (#21580) (@reggie-k)
* 806c5f6b6da75b74219c2317a3a124c6c9276841: fix: return cluster URL in error message, not full cluster object (#22094) (@crenshaw-dev)
* 94b34f88ecefb7c81bcd5c8a9489e8dd4c46b69f: fix: upgrade x/crypto to v0.35.0 to solve CVE-2025-22869 (#22048) (@gergelyfabian)
### Documentation
* e3caebae56c6f6c1a7ce3a6bb9f4b3543e8a31e7: docs(hydrator): document signature verification limitation (#21504) (@crenshaw-dev)
* 04a1608643b8c4843fbc07c02bb7dcc21a83bccf: docs: 3.0 release date on May 06 (#22189) (@reggie-k)
* fdf9a305b394e9dc65463781b66f50aeb55b590c: docs: 3.0 upgrade guide (#21457) (@crenshaw-dev)
* c687247ce84db325ce100f43ce05f18ae86b2c17: docs: Add LY Corporation to list of users (#21592) (@Asuforce)
* 898a126f105e54f11db49aa73dc7a6b6ac575e78: docs: Add section on how to lock down/restrict the default project (#21757) (@dag-andersen)
* 3f74b24c0a2580594fb08d0970e144681e1d78c0: docs: Adding Argo CD CLI plugin support proposal (#19624) (@christianh814)
* 7ba7fc028ec328d09973b2b0fea375464436efb9: docs: Auto Sync toggle does not work for Applications created with an ApplicationSet (#21577) (@revitalbarletz)
* f27515783a85f120a497f89e2484a73c0929c2c6: docs: Document Helm 3.17.1 breaking changes (#22283) (@reggie-k)
* c4183aad7657bef4eddc26776e5c33c7d69bf84b: docs: Document askpass socket sharing between reposerver and cmp sidecar (#22083) (@peschmae)
* d19b02dcd0f3223de03d81054d4ecaa265a839ca: docs: Ensure Argo CD Hydrator branch prefix consistency  (#21836) (@dag-andersen)
* 167e122eba964f2c61d41745f7ffcf3aae0964e2: docs: Fix typo code-gen/codegen contributors-quickstart.md (#21922) (@fe-ax)
* dc3286730af6bc9537c4b63181127e163a47492e: docs: Fix typos and grammar in tls.md (#22229) (@todaywasawesome)
* 87539aa55870f3a4f3a824b9ae447a9c0af2e98e: docs: Surface blog with (actual) release notes better (#21572) (@revitalbarletz)
* 499f74dc27e288220a6c1476db8894ba23d2c28b: docs: Update USERS.md (#22093) (@mreparaz)
* 961147d3874cf90a142c08d912d62cdb555fea14: docs: Update sync-kubectl.md - Correct kubectl command for a sample (#22030) (@taeyeopkim1)
* 1823d8fcd27b1249d4834925b3ef9878df5bb11c: docs: add applicationset controller doc to preserve annotations and labels (#22008) (@leoluz)
* 77ff8f0dd48e49f1b558c6a2cc0be901735c192e: docs: add missing word (#21428) (@nitishfy)
* 2d10d4e78567afcbb18db5e60f3fe48583a7e5b9: docs: add mkdocs configuration stanza to .readthedocs.yaml (#21475) (@reggie-k)
* 975e966e26a3b86bfe129944b0a8b093db0030f5: docs: add more info on what `login --core` does (#21487) (@nitishfy)
* db8d2f08d926c9f811a3d4f26d2883856e135e38: docs: add note about comments in policy.csv files (#21339) (@morremeyer)
* 9fd6beea7f07d0b83e154d6fe20f9db00dcc50e0: docs: add statusbadge.url override information (#21529) (@tobiasehlert)
* 1645d576fd0c8e9e822037d5ff6dd4469aeaf0ff: docs: add wildcard globbing example to docs (#21429) (@LRost)
* 65664ce5f302f46e765ea5da89109145b8b543c6: docs: clarify wording on cluster secrets (#21865) (@todaywasawesome)
* 7327093b66274a99661eed2f1947a22c6f4d9bfb: docs: custom resource action UI tweaks (#22202) (@crenshaw-dev)
* 8a752a56d6e6279f33af658176c1a57a0ac441c6: docs: document bearerToken in repo example doc (#22195) (@crenshaw-dev)
* 8d12e352f4db7dea923dc5a37da8ef6c5ef9d4c2: docs: document logs RBAC enforcement remediation (#22285) (@reggie-k)
* f63f5f954ea6f2f9ebf37b40d8d25e9dcc3ac259: docs: document source hydrator maturity (#21969) (@crenshaw-dev)
* c32afb4ee28dc224808d306c1aa9db4017d34af3: docs: endorse secrets operators, caution against plugins (#21629) (#21631) (@crenshaw-dev)
* 05cde71efc9297b8b620ae4d6f4fcfa1c2fb7a0b: docs: fix aws sso documentation (#20681) (@chansuke)
* 40d86e7b184f257da368b446c266e766c8d7b18e: docs: fix broken link in notifications overview (#21684) (@jeanmorais)
* ce819128f9f46b9d58b73aac75d39ae0d4d04eda: docs: fix project role docs (#21832) (@klemmster)
* bd1018af5eeb5b4ef54ebb95d04895e987257b40: docs: fix tmp path and document Rancher caveat (#22252) (@crenshaw-dev)
* 3c3410cf5d76afd06666a11adf9678479c3c7258: docs: fix typo in declarative-setup.md (#22256) (@muffl0n)
* 846503bb0e7c9cd994586395192cac17f05a37ff: docs: note idle connections issue for cluster namespaces (#21978) (@crenshaw-dev)
* 1a56ea7417eb25494d7f6c00ecb47be17d546c1a: docs: remove branch var outdated from the cluster param (#21549) (@afzal442)
* 070287cecc632bd0a9b7ed00f20aa9d789e78e2d: docs: update contributors guide with repo clone and make targets (#21473) (@reggie-k)
* 9f8d68f07b53af26f228c5180b2affde14c2af87: docs: various wording fixes for 3.0 migration guide (#22343) (@todaywasawesome)
### Dependency updates
* f2c509301378d4524dab03add2ea4720b7740dd1: chore(deps): bump @types/selenium-webdriver from 4.1.27 to 4.1.28 in /ui-test (#21414) (@dependabot[bot])
* e6b110d05b7c3e2337a8fe46edd9c610e5ca6a79: chore(deps): bump SonarSource/sonarqube-scan-action from 4.1.0 to 4.2.1 (#21230) (@dependabot[bot])
* cb135fdd0d6bfa23036cf04f33e06fde5ff7946c: chore(deps): bump axios from 1.7.4 to 1.8.2 in /ui-test (#22247) (@dependabot[bot])
* 5e30858705d830e41ab006f263afde509f71bf10: chore(deps): bump bitnami/kubectl from 1.31 to 1.32 in /test/container (#21234) (@dependabot[bot])
* 812a9da62a0a7b70fc9f48d427d6ec750a78ae5e: chore(deps): bump chromedriver from 131.0.3 to 131.0.4 in /ui-test (#21268) (@dependabot[bot])
* c3600d240a42a4708ec65091ffb23689b4513f85: chore(deps): bump chromedriver from 131.0.4 to 131.0.5 in /ui-test (#21415) (@dependabot[bot])
* 742d45a1f5ee49292680887dbab57543e952bbc9: chore(deps): bump chromedriver from 131.0.5 to 132.0.0 in /ui-test (#21512) (@dependabot[bot])
* cdb7995693211e378bfd8ab49b28b43c33fcaf5e: chore(deps): bump chromedriver from 132.0.0 to 132.0.1 in /ui-test (#21646) (@dependabot[bot])
* 6c64d5ff552efcb63409e3ba077b9b37f576ba58: chore(deps): bump chromedriver from 132.0.1 to 133.0.2 in /ui-test (#21916) (@dependabot[bot])
* c47152d0174a56bc30e22fae795fcd06648367e8: chore(deps): bump chromedriver from 133.0.2 to 133.0.3 in /ui-test (#22018) (@dependabot[bot])
* 2cefcc5a364b4bc4ba2eaf2a4c3d960d88d8ae34: chore(deps): bump chromedriver from 133.0.3 to 134.0.0 in /ui-test (#22218) (@dependabot[bot])
* a45f71576314245beb297880c1060f8547596c32: chore(deps): bump chromedriver from 134.0.0 to 134.0.2 in /ui-test (#22307) (@dependabot[bot])
* 5207508871d35ca7fd0cc429722b71b3a1d2e2bb: chore(deps): bump code.gitea.io/sdk/gitea from 0.19.0 to 0.20.0 (#21464) (@dependabot[bot])
* 8ce1c33ce6b5a45ca68f70119fcb8333ab6f6e26: chore(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 (#21210) (@dependabot[bot])
* 1d47e1c7eb1371472f08c300bb9cd0ec52594c3f: chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.8.0 to 1.8.1 (#21566) (@dependabot[bot])
* b3bf182a65acc8f09b6c2d837d6f6b3ec5fb3489: chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.8.1 to 1.8.2 (#21867) (@dependabot[bot])
* 627da1138487912f4410c560e298d33a87bb19f1: chore(deps): bump github.com/Azure/kubelogin from 0.1.6 to 0.1.8 (#22271) (@dependabot[bot])
* c8e1de61461eb1bd5612c10b6586760baa89172d: chore(deps): bump github.com/Azure/kubelogin from 0.1.8 to 0.1.9 (#22308) (@dependabot[bot])
* 2a760e1fd1eb65f082d1778369613228d59d233b: chore(deps): bump github.com/alicebob/miniredis/v2 from 2.33.0 to 2.34.0 (#21232) (@dependabot[bot])
* 219444313a06ce0de92fc52ab32ec4e93cfcb49a: chore(deps): bump github.com/aws/aws-sdk-go from 1.55.5 to 1.55.6 (#21514) (@dependabot[bot])
* 5d84eb4ff3b7eee0c800b388b2a3a873f8f7f7d8: chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.0 (#21483) (@dependabot[bot])
* 5e5ec1b021b6a38f2ad9255134e8878096d6bb6d: chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1 (#21677) (@dependabot[bot])
* 4723abd0b4911e39d7aa7c4ba721157436de15d8: chore(deps): bump github.com/bradleyfalzon/ghinstallation/v2 (#21353) (@dependabot[bot])
* ecee599640bee639d48454b606a3b2183ffcaf54: chore(deps): bump github.com/bradleyfalzon/ghinstallation/v2 from 2.13.0 to 2.14.0 (#21955) (@dependabot[bot])
* 635e592778d1eeba74070f887aec974e5afde664: chore(deps): bump github.com/casbin/casbin/v2 from 2.102.0 to 2.103.0 (#21330) (@dependabot[bot])
* 84f2ab850d714de17cea9dcb621146895d98eaa2: chore(deps): bump github.com/casbin/govaluate from 1.2.0 to 1.3.0 (#21331) (@dependabot[bot])
* b3e31ed1f4fb54b3523a19c2b4efa65b33d8b16a: chore(deps): bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 (#21383) (@dependabot[bot])
* de40dc23347c1fc251bd47da3430b483b02b7792: chore(deps): bump github.com/coreos/go-oidc/v3 from 3.12.0 to 3.13.0 (#22347) (@dependabot[bot])
* d29124fd3aa045bf4f3a0a8ce90ae8648e4a06f8: chore(deps): bump github.com/cyphar/filepath-securejoin (#21233) (@dependabot[bot])
* 9a51757049dc028596d4950d7a6c7cd5a446301a: chore(deps): bump github.com/cyphar/filepath-securejoin from 0.3.6 to 0.4.0 (#21484) (@dependabot[bot])
* eb8f05a9fd187245a3afab54a5dc8f1a616a2d58: chore(deps): bump github.com/cyphar/filepath-securejoin from 0.4.0 to 0.4.1 (#21700) (@dependabot[bot])
* ab05f355074d8982d292d9375ac27bd83b9ba7ca: chore(deps): bump github.com/dlclark/regexp2 from 1.11.4 to 1.11.5 (#21853) (@dependabot[bot])
* b9f49df757372822b16ff9d8871b629c41f8d11a: chore(deps): bump github.com/evanphx/json-patch from 5.9.0+incompatible to 5.9.11+incompatible (#21699) (@dependabot[bot])
* dd366f56fa9fac94aeb04989a0164742d4e82c22: chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 (#21329) (@dependabot[bot])
* 8200e3d315abd5f2a8cbf447bcc11585c8ddded9: chore(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to 5.13.1 (#21352) (@dependabot[bot])
* bcf2143dfee5c979d6ee97bbefcd8b82ff2c18dc: chore(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2 (#21641) (@dependabot[bot])
* cbef55e566f3ef2e4c5230b6f50990712590dc94: chore(deps): bump github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0 (#22076) (@dependabot[bot])
* 0b0c737af0a385d5f6618b080d8b71e6dd5a1aed: chore(deps): bump github.com/go-jose/go-jose/v3 to v4 (#22154) (@nitishfy)
* c897e944dbeec58f111543002c080f8cc65c8793: chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 (#21989) (@dependabot[bot])
* 1b1735f5f0eb77ea97c625f95fb459e3e34f2595: chore(deps): bump github.com/golang/glog from 1.2.2 to 1.2.4 (#21693) (@dependabot[bot])
* f32f69f7d28019504612f77ce3e935809290cf51: chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#21956) (@dependabot[bot])
* f429352c0a223ba14adaebcb5ae31e1d245f3bdc: chore(deps): bump github.com/gosimple/slug from 1.14.0 to 1.15.0 (#21304) (@dependabot[bot])
* 78702004612afdfecffb2d3cde16fcaed6dcebcf: chore(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 (#21915) (@dependabot[bot])
* 0444fcdf37195e3a1be3f31b893be61471f86327: chore(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.21.1 (#22180) (@dependabot[bot])
* 562fa065c645fddf85c447bd36043c0ba8f00655: chore(deps): bump github.com/redis/go-redis/v9 from 9.7.0 to 9.7.1 (#21957) (@dependabot[bot])
* ca9da799d8a0ca0d8f55af45bbdce455da237645: chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#21889) (@dependabot[bot])
* b17c5e4e2a6493fdc978aa0d4d8cfdca9dc17ecb: chore(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 (#21717) (@dependabot[bot])
* edbce2a524967827ac96b8363bda94bac3abf156: chore(deps): bump gitops-engine to latest (#22071) (@pjiang-dev)
* d46f224e7982c74b51f11e26fbe47a7e265b9659: chore(deps): bump gitpod/workspace-full from `230285e` to `bec45eb` (#20980) (@dependabot[bot])
* 84b49c84cac53425d9aaae963103278ebbc8b8b2: chore(deps): bump gitpod/workspace-full from `bec45eb` to `a47a68e` (#21843) (@dependabot[bot])
* e784c47667997d831069b52059b339471a55e712: chore(deps): bump go 1.23.5 & tools (#21748) (@agaudreault)
* 21ea59d60035bfc9477b01f0eb6c41062b680824: chore(deps): bump go.opentelemetry.io/otel from 1.33.0 to 1.34.0 (#21569) (@dependabot[bot])
* 64569e61a1c41ed55f21bb03eb4afa3367017cf5: chore(deps): bump go.opentelemetry.io/otel from 1.34.0 to 1.35.0 (#22217) (@dependabot[bot])
* f2490fccdd2778be609b34fb24f03793cb30aefb: chore(deps): bump go.opentelemetry.io/otel/sdk from 1.33.0 to 1.34.0 (#21570) (@dependabot[bot])
* cce74a33e1276f1d668105236b502f05c5e67625: chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.32.0 (#21397) (@dependabot[bot])
* 50fb7bcd219d3655912f02eb22c94c660cdc1cec: chore(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 (#21827) (@dependabot[bot])
* bf2c4e866a85374e14f8c44a4e99785670c071bd: chore(deps): bump golang.org/x/net from 0.32.0 to 0.33.0 (#21254) (@dependabot[bot])
* a807c0eb69c8a5744792557f54908073d5805582: chore(deps): bump golang.org/x/net from 0.33.0 to 0.34.0 (#21396) (@dependabot[bot])
* 9783c5ea248651a86b688ee8aead29f4912b8406: chore(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 (#22182) (@dependabot[bot])
* a8b76f29519bfeddff2be7f30ef1c5e28cdf2a45: chore(deps): bump golang.org/x/net from 0.36.0 to 0.37.0 (#22209) (@dependabot[bot])
* 0c1d218d88f3dbcae596c89ce48d6f91f7a7eb3d: chore(deps): bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (#21384) (@dependabot[bot])
* 4641e802a49a00e742a11f66edd977e38cc94e93: chore(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (#21777) (@dependabot[bot])
* 94d3899038ba7e28657fc5810deae265a999b6f5: chore(deps): bump golang.org/x/oauth2 from 0.26.0 to 0.27.0 (#21990) (@dependabot[bot])
* 4c27f735596e27f23577a3530613d44dbdc6cf1d: chore(deps): bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 (#22211) (@dependabot[bot])
* 4b087089fbaa7ddb3a2c725982a9d1aa32ae1ce0: chore(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 (#21778) (@dependabot[bot])
* 2d994038be001292fdb77cb6a53fb3db6cfcbffb: chore(deps): bump golang.org/x/sync from 0.11.0 to 0.12.0 (#22216) (@dependabot[bot])
* 38ad4f465332b2fd5ce06d84352bba35ac176e3e: chore(deps): bump golang.org/x/term from 0.27.0 to 0.28.0 (#21382) (@dependabot[bot])
* 73c39350311cdd830c5aa3041a88fd65ec28d747: chore(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 (#21776) (@dependabot[bot])
* 270b352cbd94fca45fb1da59d2fee474142a3dbc: chore(deps): bump golang.org/x/time from 0.10.0 to 0.11.0 (#22212) (@dependabot[bot])
* 76d28b50ddac6e171d839b3279580658ab700ff6: chore(deps): bump golang.org/x/time from 0.8.0 to 0.9.0 (#21385) (@dependabot[bot])
* 7d0c10e0d2f4b35cbdb350e3b0244fab10dac184: chore(deps): bump golang.org/x/time from 0.9.0 to 0.10.0 (#21779) (@dependabot[bot])
* 6b57b163240bfc2f76cbcdf7bce2ddc4c84ee6bc: chore(deps): bump google.golang.org/grpc from 1.68.1 to 1.69.0 (#21163) (@dependabot[bot])
* f15e1bc52c5cafd573174930917ce97de7a1f9dd: chore(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2 (#21270) (@dependabot[bot])
* 9a02f9bc2e303158d20e9452c4e25fe0ecad91ff: chore(deps): bump google.golang.org/grpc from 1.69.2 to 1.69.4 (#21485) (@dependabot[bot])
* b4753d8d00d2ed9295b391573cfafe9825a29e87: chore(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 (#21657) (@dependabot[bot])
* 2731c3f18dced20d95f402edec3aadaabf731dc8: chore(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.0 (#22183) (@dependabot[bot])
* e052670c0b74f662867071298d47f34c57316db6: chore(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 (#21211) (@dependabot[bot])
* 728b31e5e9fad96a4d381c7e6712b102d8f3fa5c: chore(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 (#21303) (@dependabot[bot])
* 2a497ef1fdca4125aa9d0e9435f17e4eec85d7be: chore(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2 (#21412) (@dependabot[bot])
* d4d671316fd89df5a2cbf26cebd9e19851b4829f: chore(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3 (#21513) (@dependabot[bot])
* 7333c7532715d9d3f4c47566f0d2d4d09123fff5: chore(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 (#21676) (@dependabot[bot])
* 4e2902d972518f57c37b1c792fe0680cf7629ee2: chore(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 (#21813) (@dependabot[bot])
* 4f179a192d90144b27cab80c001cac635d7e07e9: chore(deps): bump jinja2 from 3.1.5 to 3.1.6 in /docs (#22219) (@dependabot[bot])
* 0dddb9e6c852ce4745b11bee8418f08e6df19e07: chore(deps): bump library/busybox from `a5d0ce4` to `498a000` in /test/e2e/multiarch-container (#21959) (@dependabot[bot])
* d3dda53cf63fb05fdaa582aacdfd95d51617fbb4: chore(deps): bump library/busybox in /test/e2e/multiarch-container (#21486) (@dependabot[bot])
* 780285b86e506b21621acbb0c5e1cd825dc48009: chore(deps): bump library/golang from 1.23.4 to 1.23.5 in /test/remote (#21535) (@dependabot[bot])
* 7efd2fe2eb563e6f57e4600a0bd479d751892568: chore(deps): bump library/golang from 1.23.5 to 1.23.6 in /test/container (#21774) (@dependabot[bot])
* 8e91ce9b2b5655b7445e6e5976df59cfb5f631e4: chore(deps): bump library/golang from 1.23.5 to 1.23.6 in /test/remote (#21799) (@dependabot[bot])
* 9e6b28b8a28596b8a2c52cb5745083197bfaa152: chore(deps): bump library/golang from 1.23.6 to 1.24.0 in /test/container (#21866) (@dependabot[bot])
* ee83eea7844149cd428c0c898d223a38f1bb3472: chore(deps): bump library/golang from 1.23.6 to 1.24.0 in /test/remote (#21868) (@dependabot[bot])
* 2168221092e13439ae2ff0054025e83813f49986: chore(deps): bump library/golang from 1.24.0 to 1.24.1 in /test/remote (#22184) (@dependabot[bot])
* 98cd061ac901cbb47d8acfb36c9f75d367c88d94: chore(deps): bump library/golang from `2b1cbf2` to `cd0c949` in /test/remote (#22020) (@dependabot[bot])
* dbf93933654077025a44b02170ae7e674cf08f6e: chore(deps): bump library/golang in /test/container (#21533) (@dependabot[bot])
* fe8bab0406467112e7d52466900717b8cf21bbfb: chore(deps): bump library/redis from 7.4.1 to 7.4.2 in /test/container (#21395) (@dependabot[bot])
* f1083320a4a6f5e07062602e52cce16285d82a0d: chore(deps): bump library/redis in /test/container (#20776) (@dependabot[bot])
* e920e71cb5a40a7a9886a540a2404db8afac748b: chore(deps): bump library/redis in /test/container (#21253) (@dependabot[bot])
* 87a7a6eb39381c2b86ab44712664f19510fb914c: chore(deps): bump library/redis in /test/container (#21310) (@dependabot[bot])
* 901139795d476edf026a0fd51b143b041a9ba66d: chore(deps): bump library/redis in /test/container (#21494) (@dependabot[bot])
* 3639bfe7001ee7cd85a8c35d88a82cc1f8eed08f: chore(deps): bump library/registry in /test/container (#20775) (@dependabot[bot])
* 683e4e0d951cf7b3fb58d70822eb2c68d19daf6c: chore(deps): bump selenium-webdriver from 4.27.0 to 4.29.0 in /ui-test (#22117) (@dependabot[bot])
* 871ed62000ff9676c109359b95f7d08372e6a5cb: chore(deps): bump sigs.k8s.io/controller-runtime from 0.19.3 to 0.19.4 (#21411) (@dependabot[bot])
* 527ef92c30f1c2d5d5cc2e5a3cc9d0f14ee2ba55: chore(deps): bump sigs.k8s.io/structured-merge-diff/v4 from 4.4.4-0.20241211184406-7bf59b3d70ee to 4.6.0 (#22181) (@dependabot[bot])
* e18b4d7ac8c3979d5d8fdc014532a9daef2f7d76: chore(deps): switch to new expr package (#21982) (@crenshaw-dev)
* 36d563a3c289fd099aa195666a33cd77217c133c: chore(deps): update dependency gotestyourself/gotestsum to v1.12.0 (#21900) (@renovate[bot])
* cae840bb13f1bbb422df6421ec7d3ea55a3902c6: chore(deps): update dependency gotestyourself/gotestsum to v1.12.1 (#22328) (@renovate[bot])
* cf89ee6279b5c95ade65245e81328260dfc37580: chore(deps): update dependency jinja2 to v3.1.5 (#21289) (@renovate[bot])
* 10293889b7e0c1beaf8ab62b1fdf49a1c3082ced: chore(deps): update dependency pygments to v2.19.0 (#21379) (@renovate[bot])
* 9cc52247c429e686039ca6a1f48560ce90f786fc: chore(deps): update dependency pygments to v2.19.1 (#21392) (@renovate[bot])
* a4158226149bdec3f3df7b4e2499782978a8c5a9: chore(deps): update dependency pymdown-extensions to v10.13 (#21301) (@renovate[bot])
* 4fee6b51e071b0a33da262b6d86327db4709dc01: chore(deps): update dependency pymdown-extensions to v10.14 (#21403) (@renovate[bot])
* 42fa72d4999973290defdbf2bf69c0148e0a8d3c: chore(deps): update dependency pymdown-extensions to v10.14.3 (#21619) (@renovate[bot])
* 065fc31a92eecd35c9b1ee8a1bb9751d6374f58e: chore(deps): update module github.com/golangci/golangci-lint to v1.63.2 (#21343) (@renovate[bot])
* 33f2a6fea169bc0fabbf6d2474377928bb763c37: chore(deps): update module github.com/golangci/golangci-lint to v1.63.3 (#21348) (@renovate[bot])
* 8245cd90b35ebd179f592d06d34570cb767c2176: chore(deps): update module github.com/golangci/golangci-lint to v1.63.4 (#21368) (@renovate[bot])
* 2e1db11ad930c505cc8bfcf3c6d0256c6fc204ff: chore(deps): update module github.com/golangci/golangci-lint to v1.64.5 (#21850) (@renovate[bot])
* 95a43e0416907437e8340fe8ce1a47c9bc03bc19: chore(deps): update module github.com/golangci/golangci-lint to v1.64.6 (#22115) (@renovate[bot])
* 12928cbdcc0c03f7da4e556e75478947bf6de573: chore(deps): update module github.com/golangci/golangci-lint to v1.64.7 (#22306) (@renovate[bot])
* d84ac3a6b264e66647fbdc029d39bd157b4f609d: chore(deps-dev): bump @types/mocha from 10.0.9 to 10.0.10 in /ui-test (#21251) (@dependabot[bot])
* 1f1c33983b53ab647586b304c4603f204f1244ed: chore(deps-dev): bump @types/node from 22.10.10 to 22.13.4 in /ui-test (#21874) (@dependabot[bot])
* 41dec01c7c7a993e6287128f4cbc928a52c8c48a: chore(deps-dev): bump @types/node from 22.10.2 to 22.10.5 in /ui-test (#21381) (@dependabot[bot])
* 2f579404f68ded0b0156fc25d6e554640c4ad009: chore(deps-dev): bump @types/node from 22.10.5 to 22.10.6 in /ui-test (#21482) (@dependabot[bot])
* 3a29a745a38ab2e123eb0137d9285cb203737479: chore(deps-dev): bump @types/node from 22.10.6 to 22.10.7 in /ui-test (#21511) (@dependabot[bot])
* 770664411aa232ae537227aed15250fdc876343f: chore(deps-dev): bump @types/node from 22.10.7 to 22.10.8 in /ui-test (#21644) (@dependabot[bot])
* 75def4f2df3e27892292b8020bfb9100a2784105: chore(deps-dev): bump @types/node from 22.10.8 to 22.10.10 in /ui-test (#21658) (@dependabot[bot])
* 33ad0a7ba717cec4bdfbe205f5ab2d43dba25900: chore(deps-dev): bump @types/node from 22.13.4 to 22.13.5 in /ui-test (#21960) (@dependabot[bot])
* 111cf2ce9fef0a2b355e11b51af75ed0f87e9330: chore(deps-dev): bump @types/node from 22.13.5 to 22.13.10 in /ui-test (#22272) (@dependabot[bot])
* 235470fb2611d327eed2f78483ec46e56c49b4c1: chore(deps-dev): bump @types/node from 22.9.3 to 22.10.2 in /ui-test (#21143) (@dependabot[bot])
* 5b482d738a90b62b65ef503557244f5552997397: chore(deps-dev): bump mocha from 10.7.3 to 11.0.1 in /ui-test (#21030) (@dependabot[bot])
* b77d9d9f5f9cf3862ef75e14a5877a3fcf60fa40: chore(deps-dev): bump typescript from 5.7.2 to 5.7.3 in /ui-test (#21443) (@dependabot[bot])
* 05a9171b4236c8db96a95d895c6dc1542c051719: chore(deps-dev): bump typescript from 5.7.3 to 5.8.2 in /ui-test (#22118) (@dependabot[bot])
### Other work
* fdf21f7763f2f301e244885d0df39d35f87034cd: Add pollinate to USERS.md (#21247) (@shavmohin)
* 3f0a1552e6b01e9ce36cf874d8392c64b7a0d281: Fix application url for custom base href (#21377) (@amit-o)
* c6893527a76749b4f64862b33981572188cc5f0b: Fixing the link in the docs (#21316) (@ali-hamza-noor)
* 6f5537bdf15ddbaa0f27a1a678632ff0743e4107: Merge commit from fork (@svghadi)
* 4d59154a8817e0db3ecbc491cce45b1d9cb8b0c5: Replace deprecated go-gitlab dependency with client-go. (#21175) (@gbw)
* 9309688a8aeb06877e59c0de416f95562813da4d: Stabilize on-deployed notification trigger (#21333) (@svghadi)
* cce4a284be69d0840feb999069f1c0e6f6b8ab3d: Update ingress.md (#21324) (@aliabbasjaffri)
* 80edbfed80d9bffb7348db8ce493424274df900a: Update toolchain-guide.md (#21288) (@Jonty16117)
* 0b542baacb31ec62142277a8cec4ef5b316650cf: add `project` missing field to spec (#21277) (@afzal442)
* 1194766ebaa8279442288e9a3f049b38dbcf5048: added-ACL (#21238) (@surajyadav1108)
* fe598a831e42a2838242f99d6a74be520f27908a: chore!: add 60s default jitter (#22342) (@agaudreault)
* 47bec8b43808af1ffd07dac6d686503a869a7869: chore!: remove legacy repo support (#19768) (#21249) (@crenshaw-dev)
* 5d147a3ae665053ed4ec6f77c994540abf9ce40e: chore(appset)!: always apply nested selectors (#14152) (#21492) (@crenshaw-dev)
* 928fd19593823aff01da189baee0aa662ab05624: chore(appset): simplify cluster list code (#21820) (@crenshaw-dev)
* 75bbb50db3a7d31daf815feeb29b498308c773a6: chore(appset): use DB instead of kube client for cluster validation (#21190) (@crenshaw-dev)
* 226a670fe6b3c6769ff6d18e6839298a58e4577d: chore(ci): improve previous-version script readability, fix bug (cherry-pick #22378) (#22381) (@gcp-cherry-pick-bot[bot])
* 77ad48aa09c301b41fdbaee5908a5b18b3f93a26: chore(ci): run codegen as part of version bump job (#21404) (@crenshaw-dev)
* 335b65baf88c4c7155f851bb3450f72d4800a355: chore(config)!: Ignore all `.status` updates & known high churn changes by default (#21760) (@agaudreault)
* ab07b0aed57d46bd52e0544b210b7be5ce5db66e: chore(controller): simplify sharding code (#21244) (@crenshaw-dev)
* 261137df9de628b3519ba638e3a8facc5ee0d327: chore(health): report progressing status for AppSets (#22092) (@crenshaw-dev)
* be293fe9ed300a150357b3df60837ad8517d2a6e: chore(hydrator): improve error message (#21987) (@crenshaw-dev)
* 42219fd7b7b865eb4e0f2343d6f53d613a2fbd95: chore(lint): fix deep copy informers lint (#22290) (@crenshaw-dev)
* 4e08b8dee6ce10bbaceed4fdfbc2704f35e73cc8: chore(metrics)!: remove deprecated metrics (#21697) (@crenshaw-dev)
* bd3745889616ed00d9ba1e7e4e2059ab906935d5: chore(refactor): remove app destination inferrence logic (#21189) (@crenshaw-dev)
* 34fd7296b1d403246b8ca957edab8f45e63e7b48: chore(refactor): remove unused function/file (#21245) (@crenshaw-dev)
* bd9923fd75439821639abe2697e3d99ed723c29b: chore(repo-server): simplify Kustomize/Helm version detection (#21540) (@crenshaw-dev)
* 566bc2e5e8f6b458fbfb64b6a908f8b275f4f5d3: chore(test): simplify test assertions (#21242) (@crenshaw-dev)
* ecd0bcdd589f594b91a11abac548cb810665e84e: chore(ui): resolve `ts-jest` config under `globals` is deprecated (#20036) (@jsoref)
* b6770bdb7985b30a8badec5fda3ff4fde542d0cc: chore: Add divar.ir to USERS.md (#21344) (@aminarefzadeh)
* 12a4dabd1c2011fa570e57223195adb6ea130145: chore: Fix data race detection failures in application tests (#21271) (@eadred)
* 45e488657bf3d9dd1dc249b0485634a5c500e7b8: chore: Graceful shutdown for API Server (#18642) (#21224) (@andrii-korotkov-verkada)
* 2ce593b5de337a9a40ab0a53e7fac31577d7d031: chore: Optimize Docker image layers (#21525) (@marcofranssen)
* 07da3d41da22b0d16defa9bfcf9f1ac2428aa4ed: chore: Option to disable sync with replace on API Server level (#21427) (#22073) (@andrii-korotkov-verkada)
* 9d66e89d14fcdbd761ddd02b60a69f5cf11179a5: chore: Remove k8s 1.28 from e2e testing (#22245) (@andrii-korotkov-verkada)
* e14d6b7bf9dc4800307576fbec1351548e5d43b9: chore: Update notifications to be less spammy (#20871) (#21884) (@andrii-korotkov-verkada)
* 8d1aeb58a2aa61bc13bffb797b857cf750bc5f62: chore: Update some dependencies and add some comments about old libs (#22104) (#22208) (@andrii-korotkov-verkada)
* 5223ce546a677565a24dc37d53a360d544891ba1: chore: Upgrade Redis from 7.0.15-alpine to 7.2.7-alpine and haproxy (#22108) (#22110) (@andrii-korotkov-verkada)
* d765aabc1ff29a1524dc06164403b117d1c2f2d7: chore: Upgrade ubuntu base image to latest 24.04 digest (#21524) (@marcofranssen)
* 91cb69316479fbe7144e66291d38c8c00996bca3: chore: action docker warnings (#21556) (@Softyy)
* 8a447d9ae01f0c4358bc0d7553c120c43a8b99e5: chore: add e2e test for hook finalizer which prevents external resource deletion (#21113) (@dejanzele)
* 6daaac59249d76e16a63fc6e047ded67d39222cf: chore: add log context to proxy extension requests (#21834) (@leoluz)
* acb47b418ca3270ad4b24a754fd3292988aaa5b1: chore: add script to bump major version (#21363) (@crenshaw-dev)
* 944f9f7b68b92e78a249a99f19dba001837461c6: chore: add the Argo CD type definitions and method comments  (#21854) (@nitishfy)
* f044200d9e1d548002422d0a9d109ba95381f52a: chore: bump gitops-engine (#22335) (@pjiang-dev)
* 76dbaaa3e0a315892623fadb3e9f867d9665dfb4: chore: bump to github.com/grpc-ecosystem/go-grpc-middleware/v2 (#22098) (@mmorel-35)
* 9b91454968eafed8b2a8e181b036270d27779117: chore: cleanup `diff-cache` testdata (#21600) (@llavaud)
* 8507a87bfa7b7a66351d0b0972f99624ec3d01c9: chore: define apiextensionsv1 alias with importas (#21823) (@mmorel-35)
* 74582e9965c09f17f2d5dd6629a2a03c50548d2f: chore: embed trivial rand string function (#22177) (@crenshaw-dev)
* 35a174b95631887760c4347975a0c0c6092bf900: chore: enable badCond from gocritic (#21632) (@mmorel-35)
* b04a7c101dfa4512e12145d5241685ab337d6532: chore: enable context-as-argument from revive (#21371) (@mmorel-35)
* c80325737efd30acca2ccbcd5cd68d6134ad38ca: chore: enable duplicated-imports from revive (#21378) (@mmorel-35)
* 6c457217305a2e5f3f431b406a18cdc1b5d4503a: chore: enable early-return from revive (#21423) (@mmorel-35)
* f245e8beb52e2dd08860f9222a33a2c215b7f291: chore: enable err-error and strconcat of perfsprint linter (#21267) (@mmorel-35)
* 8a6f53d04412a0cef0233eeee7c2df68b6be8495: chore: enable errorf of perfsprint linter (#21280) (@mmorel-35)
* bf082c26c272e1f1a1e91e36110551d86204d11d: chore: enable ifElseChain from gocritic (#21636) (@mmorel-35)
* 5508d1fedaf56be03d74f8d5bed8cd82eb46e10f: chore: enable importas for k8s.io/apimachinery/pkg/api/errors (#21262) (@mmorel-35)
* 812650847cfe349c6700060db37e8da615637d3a: chore: enable importas for k8s.io/apimachinery/pkg/apis/meta/v1 (#21284) (@mmorel-35)
* 4e5db16fbfce29ba0c20a58ac99294658339e975: chore: enable increment-decrement from revive (#21366) (@mmorel-35)
* 947a7b84d7b5096fd986cff3a60c0bc5905ffa4b: chore: enable indent-error-flow from revive (#21394) (@mmorel-35)
* 5ef4faa8a4ba5486ffde9cffc4ec4f60eedec1ec: chore: enable nolintlint (#21559) (@mmorel-35)
* 753f7b6e7297b65698a9fbd4e33dcdceda031ecf: chore: enable parallel helm manifest generation by default (#22224) (@nitishfy)
* c739478b8bb6e2657ffec762e72f1cea4dca7871: chore: enable receiver-naming from revive (#21372) (@mmorel-35)
* 9f0dc9402fb8245d95834b29f19397ff758147db: chore: enable redundant-import-alias from revive (#21386) (@mmorel-35)
* 24893ad5e9c0b2d9c2f49fa5a4bc958f55fd8833: chore: enable several rules from revive (#21638) (@mmorel-35)
* 27915da5b06f526bc0045302f34b65fff7ed0738: chore: enable singleCaseSwitch and commentFormatting rules from gocritic (#21616) (@mmorel-35)
* cb3024c5ff33fdc393028ff27ebda021fb0de488: chore: enable superfluous-else from revive (#21373) (@mmorel-35)
* 50c49ec8f91997970e1b22b605f94153d51fe622: chore: enable unnecessary-stmt from revive (#21398) (@mmorel-35)
* 53bc19b5f20d56613c57c664f462ad2a484d9424: chore: enable unused-parameter from revive (#21365) (@mmorel-35)
* 9ea979bbcdc76223890388c4b83ced88505b95ce: chore: enable use-any from revive (#21282) (@mmorel-35)
* 37aaeb3dd9fc63f701a96307369f53a9a0c4af12: chore: enable usetesting linter (#21935) (@mmorel-35)
* e66068c11b5a00be03bc9b012801635202ed30ad: chore: enable var-declaration from revive (#21370) (@mmorel-35)
* c1b2f78f4609d2dbf8691a9fb333fa45d3808812: chore: enable var-naming from revive (#21861) (@mmorel-35)
* ceb758c8772ae70d73246fe224e5b9fd6484a0ac: chore: import k8s.io/api/core/v1 as corev1 (#21345) (@mmorel-35)
* 3593f2449179035cf3dd181ecf691658e89376a2: chore: mark with-hydrator manifests as generated (#21639) (@crenshaw-dev)
* 045a0277530c892091069205a49135d6f1e507f8: chore: reggie-k as release champion for 3.0 (#21736) (@reggie-k)
* ffdbcb6f3113c62841d9a6e6d3902efcc9815db9: chore: reuse common PermissionDeniedAPIError (#21283) (@mmorel-35)
* 2b1220c6007b0d23f5b11f3e9c3d2d5227037563: chore: revise wrong resource customization usage example (#22074) (@hanxiaop)
* aeb00028776d5d85508c42c0ee9bc2dd27731f0d: chore: set default tracking to annotation (#22289) (@crenshaw-dev)
* 9b17495bc2fe7c6f07ed5ac5cc154b3ae9027be9: chore: update go-github to use token (#21292) (@aburan28)
* 38c2b34da0c0fe6984a733b36944e9651ce7e710: chore: update gotestsum automatically (#21828) (@mikutas)
* 228b86d3b5ab83c9727426291b037e173b88c211: chore: update mockery version (#22126) (@gdsoumya)
* e3bcc48bf2dc92c1f397dc28a333881106a8a653: chore: updates to Numaplane health checks (#21671) (@juliev0)
* 922d080ae516ef77ca6a74a0b2a90a5c5de15c7f: chore: upgrade Go to 1.24 (#22242) (@sivchari)
* ef55ba549bd7893d80223c19a16fb1d1368d3f0c: chore: use dario.cat/mergo instead of github.com/imdario/mergo (#21274) (@mmorel-35)
* 6087b4f903f0d862618bb43e8496c86c6ea1494d: chore: use github.com/golang-jwt/jwt/v5 (#21276) (@mmorel-35)
* 795bda5dd853a82f4d0234856b0d9dc809f9d303: chore: use github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus (#21937) (@mmorel-35)
* 83257a9e73ce6357e3903f1d585495b7b5532eba: chore: use grpc-middleware interceptors (#22329) (@mmorel-35)
* db82e23ebb291bf9f2bcf4539310fe895c585ab7: chore: use internal errors util instead of pkg's (#22174) (@crenshaw-dev)
* 48334cfcd5812e3291c1bb51768a2317e7df00b3: chore: use standard errors instead of github.com/pkg/errors (#21266) (@mmorel-35)
* 9843bfbdf811a5f959441ec06a47a9ac49e23e7c: chore: use testify instead of native testing (#21781) (@mmorel-35)
* 13235ad477e82723bc749f4410cf38cec3dda55b: chore: use testify instead of testing.Fatal (#21258) (@mmorel-35)
* d7ccf4705719dc0de5d56337a78ba26e0a348df2: chore: use testify instead of testing.Fatal or testing.Error in pkg (#20761) (@mmorel-35)
* e7d909164c161e399391f5c0ac4d1c22600a8cf4: chore: use testify instead of testing.Fatal or testing.Error in reposerver (#20762) (@mmorel-35)
* 644af54a7c61b07021125682f4526dd9c6853974: chore: version bumping helm3 (#22009) (@igaskin)
* e147247aaf49f64b9017e2a7d5b512c4482a4725: ci: disable nolintlint linter (#21707) (@agaudreault)
* 976a8498d48b9475d3899455f6d1b867980aa7bc: ci: fixes #21862 Concurrency in pr-title-check (#21863) (@appiepollo14)
* e5df9991837d7f27ae06a71e3bba9c997e691a0f: crepocreds-short-changed (#21285) (@surajyadav1108)
* 9a3cfcb71d1e1e2fb1420b5b23d8bdca2374a36e: docs(2.14): adding basic upgrading docs for 2.14 (#21744) (@rumstead)
* 622847bcb5f7fbc1228403dd83d9f4ec818cecf3: docs(2.14): use 2.14.1 manifests as remote bases (#21759) (@rumstead)
* 073ccf7c35a63bb203b8c78dec3e8a7c2efecdeb: fix(#19314, #15700): allow `ssh`/`altssh` subdomains in repo URLs to match webhook payload (#21227) (@mtbennett-godaddy)
* 8f285a5dd40308b083523a3fd0aeac03b6f134dc: fix(in-cluster): do not allow the cluster to be used when disabled (#21208) (@agaudreault)
* a1431bef4c3aea396956c53e593078414f0f478e: fix(ui, rbac): project-roles (#21829) (@blakepettersson)
* 26ebb9bb5e07ac095002d06638847b808cff6c7c: fixed the broken link while version upgrade/degrade (#21279) (@afzal442)
* 2bcaa1989418c7b544a003af21789cdf52492883: revert: add a check for user defined role referential integrity  #21065 (#22130) (@rumstead)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.5...v3.0.0-rc1

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.5/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.5/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Dependency updates
* ed242b9eee18b4c3ca14dce1161b656256769a0f: chore(deps): bump github.com/redis/go-redis/v9 from 9.7.0 to 9.7.1 (#21957) (#22255) (@anandf)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.4...v2.14.5

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.4/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.4/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 52231dbc09c25a7b7840f0338b533b94a6332dc5: fix(actions): don't run empty Lua scripts (#22084) (cherry-pick #22161) (#22172) (@gcp-cherry-pick-bot[bot])
* 962d7a9ad9b5b1e13a118a3fb8974fa03647383d: fix(ci): use pinned Helm version for init-release (#22164) (cherry-pick #22165) (#22171) (@gcp-cherry-pick-bot[bot])
* 54170a4fd8760e4274204599e1976a3f273c8962: fix: make codegen permissions (cherry-pick #21667) (#22145) (@gcp-cherry-pick-bot[bot])
### Dependency updates
* 2eab10a3cbe68bb84bbde3c0e82966af408fb52c: chore(deps): revert accidental upgrade of go.mod packages (#22162) (@crenshaw-dev)
* 2b1e829986b30b4be11c3926f111a7a8dd95dc7f: chore(deps): switch gitops-engine back to release-2.14 branch (#22163) (@crenshaw-dev)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.3...v2.14.4

## Known Issues

- A [regression](https://github.com/argoproj/argo-cd/issues/21804) which caused certain apps with resource hooks to fail to sync. This is fixed in 2.14.4. 
- A [regression](https://github.com/argoproj/argo-cd/issues/22122) which caused auth issues when connecting to clusters with Azure workload identity.
- Erroneous [removal](https://github.com/argoproj/argo-cd/issues/22164) of `securityContext` fields in Redis manifests.

All these issues are fixed in 2.14.4.

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.3/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.3/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* aaed35c6d4db270a1e633e9d89fa4d34fef888b9: fix(applicationset): ApplicationSets with rolling sync stuck in Pending (cherry-pick #20230) (#21948) (@gcp-cherry-pick-bot[bot])
* d79185a4fe6c98475f229d4c9ed606c5387a382c: fix(hydrator): don't get cluster or API versions for hydrator (#21985) (#22038) (@crenshaw-dev)
* 2dd70dede8554fd7d6d0824505d1e8ad36b35a72: fix(hydrator): don't use manifest-generate-paths (#22039) (cherry-pick #22015) (#22061) (@gcp-cherry-pick-bot[bot])
* 3adb83c1dfca20c81dd5231d3c93c4e13a37eaaa: fix(hydrator): refresh by annotation instead of work queue (#22016) (#22067) (@crenshaw-dev)
* 71fd4e501d0d688ab0d70cd649fbf5f909cff12b: fix: Check placement exists before length check (#22060) (cherry-pick #22057) (#22089) (@gcp-cherry-pick-bot[bot])
* 896a461ae6be6b9114a249debca0e2cb86f224f6: fix: New kube applier for server side diff dry run with refactoring (#21488)  (#21819) (@andrii-korotkov-verkada)
* 63edc3eb9c4faa6517223b58d774542b066f7816: fix: accidental v3 imports (#22068) (@crenshaw-dev)
* cb1df5d35f3331e79373826c9fc909f98ea0db9c: fix: correct lookup for the kustomization file when applying patches (cherry-pick #22024) (#22086) (@nitishfy)
* 92a3c3d727df3c15491a9202c4b6da85ed7a02cd: fix: correctly set compareWith when requesting app refresh with delay (fixes #18998) (cherry-pick #21298) (#21952) (@gcp-cherry-pick-bot[bot])
* 8f925c6754d569e4ac03fbfa9cef3f6e1c93fd2f: fix: fetch syncedRevision in UpdateRevisionForPaths (#21014) (cherry-pick #21015) (#22011) (@gcp-cherry-pick-bot[bot])
### Documentation
* b5be1df8904722eb91a3de2d2d080d79d9b757fb: docs: document source hydrator maturity (cherry-pick #21969) (#21970) (@gcp-cherry-pick-bot[bot])
### Other work
* 2b422d2c7001987e7bdd7b134c00d1888dedb4a8: chore: add cherry pick for v2.14 (#21901) (@nitishfy)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.2...v2.14.3

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.2/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.2/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* efd9c32e258602f7a37ab26a0f0fd5bd7e7aab9f: fix: Add proxy registry key by dest server + name (cherry-pick #21791) (#21794) (@gcp-cherry-pick-bot[bot])

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.1...v2.14.2

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.5/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.5/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 49771c1d4f967b260017afa2e0f1edfe5604b8f5: fix(ui): Solve issue with navigating with dropdown from an application's page (cherry-pick #21737) (#21747) (@gcp-cherry-pick-bot[bot])
* c6112c05fe0ba9142eb48fd70e6d5dd4484e1244: fix: Add proxy registry key by dest server + name (cherry-pick #21791) (#21793) (@gcp-cherry-pick-bot[bot])

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.13.4...v2.13.5

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.1/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.1/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.0...v2.14.1

## Important!

The 2.14.0 release manifests incorrectly use the 2.14.0-rc7 image. The 2.14.1 release will correct this error.

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Features
* 7d28c89f36313f016a9c6279b014357ccf8dd420:  feat(health): resource customization for RabbitMQCluster (#15286) (@aaguilartablada)
* 29c59ab1356c62b1c2b3db275a59f73fc482b17a: Revert "feat: exclude Endpoints and EndpointSlices Kubernetes resource by default" (#20334) (@agaudreault)
* 83953fe276846924da95f997fc14ff07180fcd71: feat(app): Add optional 'name' to Source object (#20470) (@CefBoud)
* 4a140515fea53bb398fc997bce733d6ba34f0633: feat(app): add ignore-healthcheck annotation (#20462) (@CefBoud)
* 5543900345678545a6aa8b654fb7a85cdb6e2be8: feat(applicationset): Add FlatList option to cluster generator - Fixes #20212 (#20231) (@OpenGuidou)
* 92e0b553a752096fee93af7ac73e7a529cfb123b: feat(appset): Add a cache layer for Argo Projects to speed-up application validation (#18703) (@dacofr)
* 27eebaa53cf5f603550b9499e68496daea2ea9b7: feat(appset): add 'project' to the Cluster Generator params (#20338) (@CefBoud)
* 9e9c9a9aca2d43f5dbebb074394dd154b5c21603: feat(appset): parameterize requeue time #20063 (#20064) (@rumstead)
* dfbfdbab1188dfb26b454e47ac06c70ed484c066: feat(appset): reduce cluster secret logging (#21109) (@rumstead)
* 4c29c33f027be9a94ce9dbd06ac09d49a3eb6cfb: feat(cli): Add app diff option to specify exit code when diff (#20144) (@eugene70)
* 3988861edf37f2c52b229bcf9c7b5ff8d9022205: feat(cmp): parameter to enable git creds to be shared from repo server to the plugin (#15107) (@jmcshane)
* 19613a20fb1819dae0d2e6ab737513775d128499: feat(controller): support Istio ServiceEntry network node #20270 (#20273) (@zapkub)
* 19d85aa9fbb40dca452f0a0f2f9ab462e02c851d: feat(health): Adding more health checks for Keycloak, Postgres, Grafana, SolrCloud (#20294) (@rezellme)
* 2a199bc7ae70ce8b933cda81f8558916621750d5: feat(health): add healthchecks for Gloo resources (#11379) (@zelig81)
* e4599e1a9069c7cbd1e1641e8ab6476449e9d3a2: feat(rbac): add disable fine-grained inheritance flag (#20600) (#21553) (@agaudreault)
* d8dd2fc02c8066a98f2c6c07791f38dedb221486: feat(ui): Added a warning popup before closing the application create panel (#20807) (@surajyadav1108)
* 1120a086539a14a27d5a30a8ce83cdcc0e6c4246: feat(ui): Added timing info to container state UI (#20920) (@surajyadav1108)
* a94a07ecd6421504fbededdfd5633b93867ca485: feat(ui): Added title label for filters (#21149) (@surajyadav1108)
* 36d189c133b2b7b5dde8710fc8b877c1c2959d81: feat(ui): Support filter for `configured` and `unchanged` on SYNC STATUS view (#20850) (@aali309)
* e09ff60d75787f18edc755990988a5a9e17cbc55: feat(ui): add token diff support in diff view (#19983) (@linghaoSu)
* f4c519ade50dca809fa20104c1b87fa8a2517faa: feat(ui): display sha's revision in every history release (#19963) (@Tchoupinax)
* 5796a7c22dbef279e0f6e69c311c8b4e8f8b385d: feat(ui): make name property for repos (#20077) (@surajyadav1108)
* fb825f705af86ac41ea68f7a49323af56548a6b0: feat(ui): move graphs by dragging mouse in app resource tree view (#18025) (#20009) (@linghaoSu)
* 308890661b751529ae8315b2cbf047644e9a369e: feat(ui): support auto theme (#20080) (@linghaoSu)
* 24e67df099821cbdaeac95901e93db9dffacc469: feat(ui): support enable word wrap in live and desired manifest panel (#20299) (@linghaoSu)
* eb10b70e8a2e24d08137143cf01a8d9c26783b12: feat: Add ability to hide certain annotations on secret resources (#18216) (@svghadi)
* ab8fdb8a6d17a09fa3161ce6ddfa2163d86b35ca: feat: Add nodeSelector for Linux nodes (#20148) (@leehosu)
* b5d8eddb8230e45baff18afe257adf48f0072956: feat: Add reusable interactive prompts and `configure` command (issue #19528) (#19637) (@david-wu-octopus)
* 9b481b190743450b9bbedc2a2ad7b6c1a524cd14: feat: Adding skipSchemaValidation flag (#20771) (#20831) (@dmosesson)
* fd4cc93a30e66557dee952aabd5a4009509047b3: feat: Change the file name convention when downloading pod logs (#19938) (@itaynvn-runai)
* 99efafb55a553a9ab962d56c20dab54ba65b7ae0: feat: Confluent Connector Resource Health Checker - #17695 (#17697) (@Clint-Chester)
* 8ebf4a88418ada369943bf4b6ebab8188eb90483: feat: Enable ignoreResourceUpdate by default #19992 (#20303) (@jaehanbyun)
* 9741c065d8143aedc26b1aeae9df3851037ce9c6: feat: Sync timeouts for applications (#6055) (#20816) (@andrii-korotkov-verkada)
* 8f0d3d0f6ad5b0cc94c704ec2fd2c26fa97d8202: feat: Timestamp for Health Status (#16972) (#18660) (@mkieweg)
* c8dcd83f88668a26fff905402efbccadea4b8b74: feat: add ARGOCD_APP_REVISION_SHORT_8 variable in build environment (#19931) (@Falanty)
* 4722a7f78f2e5b38ff261a2760adb431f4334fb2: feat: add Actions for PipelineRollout to allow/disallow data loss (#20298) (@juliev0)
* b05cafdfca543a529870270801b5970f9eaf0d25: feat: add custom actions for Numaflow CRDs (#20332) (@dpadhiar)
* fdf539dc6a027ef975fde23bf734f880570ccdc3: feat: add health check for ClusterResourceSet (#20746) (@nueavv)
* 5138dd51182cf47392b15fc6624f8f1a61957da7: feat: add orphaned resource count metric (#20521) (@jaehanbyun)
* 621330c11bca314209353240cec9587e01b5bfed: feat: add prompting to confirm account token deletion (#20654) (@pasha-codefresh)
* 36ef5639da8101264862a0d6f48618ca64b41bba: feat: add prompting to confirm application commands (#20658) (@pasha-codefresh)
* d44d7ec043e04d93fa9a32aca517487d42226c50: feat: add prompting to confirm application resource deletion (#20611) (@pasha-codefresh)
* 29d52299da90629c2ccbc8a3cc691fdbc603cd4f: feat: add prompting to confirm delete certificate (#20547) (@pasha-codefresh)
* 16e7517044df049a4ee56ff686e5e3a227f9375e: feat: add prompting to confirm deletion of gpg public key (#20539) (@pasha-codefresh)
* 83b1b6c574affb142f471f68b16aae767527fbf4: feat: add prompting to confirm project deletion (#20612) (@pasha-codefresh)
* 8a4e7e021fdfa50aeea6c60b9d2f99a43a6d4fa8: feat: add prompting to confirm project role deletion (#20613) (@pasha-codefresh)
* 262059346bb5656c31c16bd32ae0b3d58e29cfc0: feat: add prompting to confirm project window deletion (#20656) (@pasha-codefresh)
* 9b6d3a9a95fa77a556e68ff2c49da3f2ee6896f2: feat: add prompting to confirm prune during backup import (#20546) (@pasha-codefresh)
* eb6d2e635f62c00d31053120915e9b0d44f5eae8: feat: add prompting to confirm remove of repository credentials (#20541) (@pasha-codefresh)
* 0aa6c49465c85bfbac39316d93a438534dca58fb: feat: add support for helm skipTests flag (#20118) (@jaehanbyun)
* b9d5387979d61195f6c42528714f0c637d9950f7: feat: adopt delete app confirmation to new prompt util (#20664) (@pasha-codefresh)
* 4e13b7f36c41d69f37a05aaf6dcb6f5ec6c89659: feat: allow auth token to be passed in via env (#19898) (@ctrlaltf24)
* 212efa491462f5fe501d6c6edfbb8007fc8ce793: feat: allow individual extension configs (#20491) (@leoluz)
* 7c9bd2d2d3e4d681fee2e419cfeef08cade5c804: feat: application resource deletion protection (#20497) (@alexmt)
* a25378f1efcc09dc25a4169927e57bf2e15accca: feat: appset scm generators and PR generators should be able to access only secrets related to appset (#20309) (@pasha-codefresh)
* 2d8659b466aa02e2c10d3a3958f93e5edc5f0007: feat: basic e2e tests in order to verify notification service health (#20182) (@pasha-codefresh)
* a288b4d8c9000225bc9ce8ef829fd2d365465b3c: feat: exclude Endpoints and EndpointSlices Kubernetes resource by default (#20251) (@jaehanbyun)
* 82484ce758aa80334ecf66bfda28b9d5c41a8c30: feat: introduce health checks for Numaflow CRDs (#20297) (@dpadhiar)
* 5d89339c1471db16668fdf3f4576e527ec3ad082: feat: introduce pause/unpause actions for Numaplane CRDs (#20128) (@dpadhiar)
* d16df525d7a88e7b89313d0ed70c6399c580d58c: feat: manage clusters via proxy (#20374) (@pasha-codefresh)
* 4a38442b99ac459b4ed5985b3416ac09599ac31f: feat: move appset delete confirmation to new prompt logic (#20677) (@pasha-codefresh)
* eba559a4499d17051304785da2d769dd6a31e6af: feat: option to disable writing k8s events(#18205) (#18441) (@Jack-R-lantern)
* 433b317c358b1bfc59352791254d52e504d83dd4: feat: source hydrator (#20345) (@crenshaw-dev)
* 59ea2a809e5ad4db2d08d38e029e8484ae9d48c1: feat: support Suspended state for MonoVertexRollout (#20583) (@dpadhiar)
* dc27102cffff6a7245744d9085aebf60b1586ace: feat: support using exponential backoff between self heal attempts (#20275) (@alexmt)
* b8249567ae1afe657f3d2f235dc3724880c91370: feat: transmit manifest-generate-path resources to the cmp-server for plugin-based applications (#19209) (@jsolana)
### Bug fixes
* 684ee0bceb2c00446c26cdca9cbcf04472022991: Revert "fix: Graceful shutdown for the API server (#18642) (#20981)" (#21221) (#21222) (@gcp-cherry-pick-bot[bot])
* 4471603de2a8f3e7e0bdfbd9d487468b6b20a354: fix(api): send to closed channel in mergeLogStreams (#7006) (#21178) (@crenshaw-dev)
* bce16e9daff1fc00b0cee8c2b0d90b47a13997f6: fix(appset): Fix appset generate in --core mode for cluster gen (#21170) (@OpenGuidou)
* e953a2de8bed3efad87b381f593c03c426f1827e: fix(appset): avoid panic when no steps in rollingSync (#20357) (@CefBoud)
* bd755104eda1eaa917d31c228c37cd52c04780d4: fix(appset): events not honouring configured namespaces (#21219) (#21241) (#21519) (@eadred)
* 479b1825527175836572bb55ec17b738d4834a24: fix(appset): reverted Gitlab SCM HasPath search and consider 404 errors as file not found (#16253) (cherry-pick #21597) (#21602) (@gcp-cherry-pick-bot[bot])
* ebf754e3ab11ec00a3b0f18080e93a441438d59c: fix(appset): update gitlab SCM provider to search on parent folder (#16253) (#21491) (#21503) (@gcp-cherry-pick-bot[bot])
* b8f85c95006e638dce3eb9a87dc178c8370f393d: fix(ci): get correct previous release version for release notes (#19443) (#20315) (@crenshaw-dev)
* 79ba36026a2e8189daad4f2e18d567036131074d: fix(ci): handle new k3s test version matrix (#20223) (#20427) (@crenshaw-dev)
* 76fbc1f0c99df7bfc5005ec5e25ede61cf47d990: fix(ci): ignore temporary files when checking for out of bound symlinks (#20527) (@CefBoud)
* c13c9c1be3a2e65977fe911000d3f3eb71a32a73: fix(ci): updating action-gh-release after upstream fix (#21407) (#21408) (@gcp-cherry-pick-bot[bot])
* 2c2e669247d97cd91c1f5e2c8f419403febdef14: fix(cli): Fix appset generate in --core mode (#20717) (@OpenGuidou)
* e654ed59f8d9c0f2457ffab56294f45f44b916f8: fix(cli): add missing resources and actions to cani CLI (#20347) (@crenshaw-dev)
* 438e01bc4fb74f2c6f665ec2be1751075a36eb09: fix(codegen): use kube_codegen.sh deepcopy and client gen correctly (#20644) (@crenshaw-dev)
* 51471b3b8b4d89e9fa97406b81bf45212e937daf: fix(controller): rename cluster batch param and add to argocd-cmd-params-cm (#21402) (#21419) (@gcp-cherry-pick-bot[bot])
* ec499bb0706241efc0b64a75c1409cff7e85e5b6: fix(diff): avoid cache miss in server-side diff (#20423) (#20424) (@crenshaw-dev)
* e861b550e0a9a74f4ec8b8d84c3a87c7de857ed4: fix(diff): avoid cache miss in server-side diff (#20605) (@crenshaw-dev)
* d1ef0f85fafec00bf84ccde0085ec7f9329e7843: fix(docs): ensure version dropdown sorts correctly regardless of browser language #20289 (#20322) (@jaehanbyun)
* ca91dd9d6b9cce8f9c8230aa11c1e9353cc2558e: fix(extension): add header to support apps-in-any-namespace (#20123) (@agaudreault)
* 5ba2405fa99c87fa0440bc5d8afe3fcd0302408b: fix(health): only consider non-empty health checks (#20232) (@blakepettersson)
* 3070297d6b50d619f3a1dfca03db0d5db7dc22d1: fix(helm): escape consecutive commas in cleanSetParameters (#19269) (#20113) (@eogns47)
* 35174dc196dbda440bc2f209e0ac640ef1855f81: fix(hydrator): UI nil checks (cherry-pick #21598) (#21601) (@gcp-cherry-pick-bot[bot])
* 092bb7328cc7aeeb75460fc25fafa575418cacd3: fix(pkce): 20111 PKCE auth flow does not return user to previous path like dex auth flow (#20202) (@austin5219)
* b187fbbaf779bc9ea515ceff47572ad0c58d947c: fix(redis): CPU stuck at 100% after rolling update (#20645) (@agaudreault)
* a68d057c9dc41951019ab8e5d603c5ca101f3516: fix(server): accept HTTP/1.1 for backward compatibility (#20639) (@agaudreault)
* c8c22d3d5af6c319c7c332e36fb9ab9a911fb0f8: fix(server): make a copy of secret objects when listing from the informers #19913 (#20805) (@rumstead)
* a7637cd106f615119930439d963ec0a9618b404d: fix(server): missing selected ALPN property (#20579) (@agaudreault)
* 8a9de6a8d3533e608792f6d3d23629d35444d679: fix(ui): ArgoCD history tab shows latest values in all recent releases (#13006) (#21161) (@GuySaar8)
* b0e3160ccf6a3800c60cc3192e05c3f36a251795: fix(ui): Change tab title to Sync Windows (#20018) (@jsoref)
* 33ecbbc4a86ed542e1f40cd26ef48f0417673305: fix(ui): Prevent versionId 0 Error on New Applications with No History (#20574) (@pasha-codefresh)
* 46f494592c010b3a948d4aac866c7534f69dc798: fix(ui): Solve issue with navigating with dropdown from an application's page (cherry-pick #21737) (#21746) (@gcp-cherry-pick-bot[bot])
* 9ac1670c91c8829543725f9387535e201bd6e05e: fix(ui): Sync Health Statuses for Applications and everything else (#20020) (@jsoref)
* 555854c3e9cecfbe9f6fcc8b26eb3d7196bd343c: fix(ui): add `state` parameter in the pkce flow (#17235) (@js3692)
* 159eeecd17cb6439c7888189eda7f431e504674d: fix(ui): add optional check to avoid undefined reference in project detail (#20044) (@linghaoSu)
* 7718af14a15ee687283e83bb7b7b8afe484d4286: fix(ui): adjust transform origin in application resource tree (#20180) (@srikanth597)
* 40c60775bbb6ae450be03ec7142e8cbbc81663e7: fix(ui): carry over state when using full screen mode button (#20022) (@linghaoSu)
* f6eaaea7696f88346c1028f43a2bdeb4f4992096: fix(ui): display correct init info in Pod UI (#20387) (@crenshaw-dev)
* 1fcbcc1c23d98c39d3b1407bb38e90d320a4d6e3: fix(ui): fix open application detail in new tab when basehref is set (#20004) (@lsq645599166)
* a78b6287b195ee1a694b6f29f81d7d9e09f39b2a: fix(ui): fix select destination cluster type in create app (#20970) (@lsq645599166)
* d761c94b7d9452de7f57f171b359ab44290cd414: fix(ui): fix the slider tansition (#20641) (@ashutosh16)
* 0681098299246215d091b027719774863d44857e: fix(ui): hide resource actions menu if it's empty (#20051) (@CefBoud)
* 20e2e784764bf4907fd29f83d34666016b73dfc8: fix(ui): history error reported in the dev environment (#20133) (@youhonglian)
* ed4c0ee7138da579a4392824b0632a7056a1d106: fix(ui): source can in fact be `undefined` (#20381) (@blakepettersson)
* e31aebe14cfe450357085be23951c395093e9a8a: fix(ui): update ui e2e tests (#14619) (@ebuildy)
* fa9023a006f65f7a566b709c3124f61571bbd3b0: fix: 20791 - sync multi-source application out of order source syncs (#21071) (@ishitasequeira)
* 7f6340f653ae95b4f7433967c00717b3921843df: fix: API server should not attempt to read secrets in all namespaces (#20950) (@alexmt)
* e2bc96bb8629f547b2667932dba72265c559120f: fix: Ability to disable Server Side Apply on individual resource level (#20697) (@pasha-codefresh)
* fcc186bdd56b38ff08a75d37046d5d98c4c6359b: fix: Add redis password to `forwardCacheClient` struct (#19599) (@NetanelK)
* 155514e8caad2ec5878e55169c8b6c228d911bfe: fix: Allow to delete repos with invalid urls (#20921) (#20975) (@andrii-korotkov-verkada)
* 6d8d32f170c9db33cd34029cc554afeb335a5faf: fix: ApplicationSet webhooks should use stricter comparison of repository URL (#20486) (@dacofr)
* b8e118ff7d08176538e48b09405d162e5ad31eec: fix: Bitbucket Cloud PR Author is processed correctly (#20769) (#20990) (@andrii-korotkov-verkada)
* f03146d3a0652808d2d84db2b703538bc8cdd569: fix: CVE-2024-45296 Backtracking regular expressions cause ReDoS by upgrading path-to-regexp from 1.8.0 to 1.9.0 (#20087) (@chengfang)
* 0a26e0f465ad307bc5d83949afcf8fef2b8d9b59: fix: Change applicationset generate HTTP method to avoid route conflicts (#20758) (#21299) (@gcp-cherry-pick-bot[bot])
* fad534bcfe11b5e2cfcc96079d19710a0754c9d6: fix: Fix argocd appset generate failure due to missing clusterrole (#20162) (@pradithya)
* b2091e3984e8efa4ace6db192d29cbc11fca4509: fix: Fix false positive in plugin application discovery (#20196) (@pradithya)
* 3da5a3de52c9cccc27c303bb5caf94a7e6b11d46: fix: Fix repeated 403 due to app namespace being undefined (#20699) (#20819) (@andrii-korotkov-verkada)
* d9be098d9ce74f996c0faa225ccd2504060c2e29: fix: Fix server side diff with fields removal (#20792) (#20842) (@andrii-korotkov-verkada)
* 345c8a18a2ba8c09fbc533994cb710cf333be035: fix: GOLANGCI_LINT_VERSION (#20264) (@dcoppa)
* dce41c430efa779dd164ed0bbff8cb3822390c04: fix: Get pull request target branch for Azure DevOps  (#19869) (#19871) ( <>)
* 730363f14ba73a020295158452d486154ed3e09f: fix: Graceful shutdown for the API server (#18642) (#20981) (@andrii-korotkov-verkada)
* c6804e9854823b9f22d85ccff6b8e8d80d2ca83e: fix: Memory leak in repo-server (#20876) (@AJChandler)
* e1258ccb9d312f50071582483f0eefc720506b2e: fix: Policy/policy.open-cluster-management.io health check is broken (#20108) (#20109) (@itewk)
* 8a8fc37f3cc1f531c2efce1e763d0960c7a10e1e: fix: Policy/policy.open-cluster-management.io stuck in progressing status when no clusters match the policy (#21296) (cherry-pick #21297) (#21614) (@gcp-cherry-pick-bot[bot])
* 030a7be7e2fd0ae976c9b73196d777ea72bada09: fix: Populate destination name when destination server is specified (#21063) (@adriananeci)
* 7de5d27dc07db88d1bf3d95f06ec51501f9d8a17: fix: Rework git tag semver resolution (#20083) (#20096) (@PaulSonOfLars)
* 8cf990bcedcff8a05102e785cf2db1085eafd316: fix: Rollback multi-source apps; 2nd follow-up to PR 14124 (#20566) (@keithchong)
* 522d07a8d8d50ae68cce4878fd5bc50fe547c611: fix: UI: Nothing happens selecting cluster URL/Name dropdown (#13655) (#21028) (@keithchong)
* 2fe9a220dda581efb9cf2d9110b7f9d02c705439: fix: add missing fields in listrepositories (#20991) (@blakepettersson)
* 6002c7d8f352d5b5b69b0fa7e85b17392f8fc867: fix: allow pipes to be present in git username (#20040) (@blakepettersson)
* dc3f40c31e1a7206e3d021be98e713c7921e802e: fix: avoid resources lock contention (#8172) (#20329) (@mpelekh)
* 9b11b21f00f006ec5bfca1ff39210e54b65bf4b5: fix: check err before use schedule and duration (#20043) (@daengdaengLee)
* 17c412e3f387457caf16457066dc854941532195: fix: check for source position when --show-params is set (#20682) (@gdsoumya)
* 20f97190019163390d0ed7e3e140d2d5565bbb34: fix: cleanup tempdir when errors occur in Helm chart extraction (#19861) (@ilia-medvedev-codefresh)
* fe67cd54eb60806c998029286356fa8a4958c979: fix: corrected --roleARN to --role-arn as per updated CLI option (#20065) (@nueavv)
* cfa1c89c43943eacdfdf6833b01379a4f153d917: fix: disable automaxprocs logging (#20069) (@nitishfy)
* 76104dae211d4bfdbef8e9b713aa163abd24f54b: fix: don't disable buttons for multi-source apps (#20446) (@blakepettersson)
* dbc94ba13f9ce72ccfbfc68990eba4733c77d14d: fix: fix broken link (#20070) (@nitishfy)
* fe7771cc83562adf8759927f95d4b8c8c9b05c76: fix: handle incorrect cluster RESTconfig without panic (#20150) (@CefBoud)
* 6897c2e33f056d8a2fe8a1c8c55ba3d54e34d140: fix: incorrect expr for server stats in Grafana dashboard.json (#21098) (@minchao)
* fa54ce221e62e881c5c7920e9b053fe80fd34792: fix: oras-go client should fallback to docker config if no credentials specified (#18133) (@tonyay163)
* 0ca1ddb88c4127512de3464cde02ad588b240268: fix: order conditions summary (#20759) (@mmorel-35)
* be880add20a295325acd88953881caef82c85bf8: fix: refine deny destination checks (#20045) (@blakepettersson)
* be24ef4acc987f190e1d37a3abf09526b9a6f7bb: fix: remove broken link from code-contributions.md (#20795) ( <>)
* 951f749406db7aa0df95f4cbf9887fad71974f68: fix: remove hardcoded conditions from Numaflow CRD health checks (#20316) (@dpadhiar)
* 52c3f93010e835693d56d893d6a13531402c3bd6: fix: repo generate paths value in namespace install is incorrectly formatted (#20139) (@todaywasawesome)
* 70ea86523e1b97daa3161b00abeabec6e7bb57c7: fix: resolve the failing e2e appset tests for ksonnet applications (cherry-pick #21580) (#21604) (@gcp-cherry-pick-bot[bot])
* 32cc6638f78e15652c24eb2cd6403e6e7ec26ab0: fix: show multisource details for an appset when using `argocd appset get` command (#20903) (@nitishfy)
* 03a16099b048223e29d3f3620b2c02ccdd93f5f9: fix: support managing cluster with multiple argocd instances and annotation based tracking (#20222) (@alexmt)
* 4faf8dd11c951531eeeab08a6f009face7509830: fix: the unmatching template issue introduced from #20237 (#20410) (@xcompass)
* 49431b9add9393ef2ece78d4f63968b6c10276e0: fix: update health check to support modelmesh (#20142) (@strangiato)
* 96876195410393c742bb40330c7f174c454f1a9d: fix: updates to health status for Numaplane resources (#20544) (@juliev0)
* 1c6ec19a86e5df618c62b273485b6d25e228771f: fix: use `ErrorContains(t, err` instead of `Contains(t, err.Error()` (#20220) (@mmorel-35)
### Documentation
* b546ea7b138f0233eafd45997994ccbc013ad53b: docs(applicationset): complete sentence about Application deletion (#20944) (@tdabasinskas)
* ac69f5223cd0fc42fcc638b340a3703addda3812: docs(applicationset): explain how to add repo credentials (#20453) (@ruant)
* 9b15589729cb9c1c3986f1e0eda1b1bd60ac7a9b: docs(cli): fix example command (#20402) (@crenshaw-dev)
* bab2c41e109c95ffcb6a08024926747dab45a606: docs(hydrator): document signature verification limitation (cherry-pick #21504) (#21585) (@gcp-cherry-pick-bot[bot])
* 205b3d38c74c8578ef16dda8c9e49e274a5d42d6: docs(ingress): use GRPC instead of HTTP2 (#21029) (@agaudreault)
* b60d28c71a5410c36a6739b6b5380168f6005e63: docs(proposal): manifest hydrator (#17755) (@crenshaw-dev)
* f89e1cf80f0a22f7e06a9daee8962981331dc736: docs(rbac): clarify glob pattern behavior for fine-grain RBAC (#20624) (@crenshaw-dev)
* 735d090061dcc2850132a44ae1c893742ce1cba8: docs(reconcile): adding optional condition when ignoring json (#20010) (@rumstead)
* ff086431863009320bba58d98499c83af7bfdaf1: docs(resource_actions): specify when mergeBuiltinActions was introduced (#20917) (@morey-tech)
* 6b19f10e7f0ee3f43d2b262c5837b3c4453e76a2: docs(ui): sorting version (#20181) (@nueavv)
* 6a9fe45871968075ec462a253516aabff8d33303: docs: Add `404 Not Found` github notify error to troubleshooting docs (#20085) (@moleus)
* 4b478ef2c8182ea41993da1097215dd2695837d5: docs: Add empty GitHub.repoURL error to troubleshooting docs (#19926) (@moleus)
* f2e473917884b205acaf41b46444131021cd8690: docs: Add keycloak PKCE and argo-cd cli method documentation (#20698) (@albundy83)
* 2f6b6adb1c9405f521c04ff8a92ca2586113bb0d: docs: Correct ApplicationSet (spec.preservedFields) (#20206) (@jyoungs)
* c4453999f2937c4304348d4a0ae496aa8519b9e4: docs: Declarative argo clusters docs update for EKS (#20503) (@fideloper)
* a78594beb1d737585f6fe0d22ba0b0520b17f253: docs: Endpoints not excluded by default (#16023) (#20014) (@agaudreault)
* eb1bb831d4b1a0f68d0039d74941d85b57608b0f: docs: Fix `argocd admin proj` docs and examples (#21057) (@amine7536)
* fc6105b2bd7de98cfdb8bbfc75f306ba5713cb03: docs: Fix post selector example (#20969) (@eriksjolund)
* b3916428c130768dbd010e2fc4691d500a98e25e: docs: Improve self-heal and auto-sync behaviors explanation for multi-source apps (#20809) (#20811) (@andrii-korotkov-verkada)
* a849d41b6f7dabe4cea9fd396261a927843cfe28: docs: Proposal to add installation steps for local development using Kind (#20821) (@revitalbarletz)
* de06f7716c1590b1c233e781b30a3ee68b03ba7d: docs: Remove FOSSA badge (#20038) (@jsoref)
* d408909df6f950dd4b1a0b898c3b77259aef394f: docs: Update Dex OIDC example (#20545) (@preethi-sv)
* 2d9d2fd4e86fb061eb3ee30b1a350cdb761b1f60: docs: Update FAQ about known types (#6008) (#20929) (@andrii-korotkov-verkada)
* f460bf4573eb55b6ebddf8bfa499987ebf3908b1: docs: Update Okta OIDC CLI instructions (#20021) (@34fathombelow)
* 86769fc4dbbd121277625678951b7ce141bbb8f2: docs: Update USERS.md (#20349) (@a-manraj-pvotal)
* 807b6fb472845767604549bf4abc8d899589ad4c: docs: Update argocd path for command in notifification in troubleshooting docs (#20120) (@owngr)
* b6cc0e6193df38265aee4230e3b9e5f75d13517d: docs: Update orphaned resource number metric explanation in doc (#20702) (@jaehanbyun)
* 3b623a66630119e42e0d84f6a2ac9b8e29b47979: docs: add TBC Bank to USERS.md (#20227) (@mategogiberidze)
* 602665feed5a6dd717617edea144ed7786c0ebae: docs: add `project` to repo creds examples (#20057) (@morey-tech)
* 1a69663a70cd53a0a63e42e2895203c8cfeed990: docs: add link to sprig website in the template docs site (#21184) (@KyriosGN0)
* bb8185e2ec005d18ff65fcf47bed68a9c9b56113: docs: add mkdocs configuration stanza to .readthedocs.yaml (cherry-pick #21475) (#21608) (@gcp-cherry-pick-bot[bot])
* 1dcf3a56653c907f8b6d6dbadc8e2c66a61f3236: docs: add outpost24 to users.md (#20197) (@minhphong306)
* 5f23bb60974b3c9e33d0ef0a3626700b6c778cac: docs: add user to users.md (#20042) (@nueavv)
* 439edd0ef03c8390b04706a0b3c2322b570f4bcd: docs: added Podman based set up in contributors quick-start (#20367) (@kswadi)
* 0cd5ac473c4f3dad5094c6fd9cbb9e8e559e79d7: docs: added note re. arch of example application on getting_started.md (#20143) (@Crumb5)
* 0b48670ebbefb6ecb4d675bed5e368f8f6f495de: docs: clarify priority of health statuses (#20490) (@crenshaw-dev)
* 049ba0aab3965f3fa73447ae2db08f3a2afd95a0: docs: correct typos in authz-authn.md and proxy-extensions.md (#20391) (@cowboysj)
* 4dcbbd7d24d20b53c97e6dc9d036d48be3d5fb0e: docs: correct typos in documentation (#20569) (@SuminSSon)
* aff5e6132b2c7b08d7d3df1eca64010bd6cf1cef: docs: document all unstable configurations (#20336) (#20438) (@agaudreault)
* 6b5cdc764da090a0107ae1721d357ee7c73ada84: docs: document server side pagination proposal (#17222) (@alexmt)
* 7ab50156918aeb2dd2dc1ba74f12f2f5a9af6f13: docs: feature maturity page for alpha and beta features (#20336) (#20337) (@crenshaw-dev)
* e77727cf127b6e75822783c6a65fe4336fc8e4f9: docs: fix paragraph in "User Guide/Kustomize" (#20053) (@4llan)
* 038a83276c395e09f31923ebe510bf65bb4348bb: docs: fix typo in ingress section of operator manual (#19946) (@kswadi)
* 757c395e64336b4f8dd8619b078dc6b3a7270358: docs: fix typo in upgrading section of operator manual (#19950) (@vmdude)
* 21d1f88106b9e7eed8e0d0f0b0d34e8e3ecc06bd: docs: include cluster-management.md in TOC (#19964) (@VannTen)
* 91360648d373575034e03b693979a0157a08d0b8: docs: remove outdated ciphers (#21006) (@xlanor)
* dff4152e8e0adaad6156f963003be60fac4ff1a4: docs: update note about timeout.reconciliation (#20407) (@crenshaw-dev)
* 4d17bf3d8b9c774694b3cdd1d068d812883554a9: docs: update sync-wave documentation (#21155) (@chansuke)
* d542b023f24f28bed764247e01cc19011d232fbc: docs: updating links to the directory and wording (#20335) (@ali-hamza-noor)
### Dependency updates
* c90deaabd64d64fdd0d9424155de715fba7dc8dc: chore(deps): bump @types/selenium-webdriver in /ui-test (#20589) (@dependabot[bot])
* ea71067059b802e1e72da0892da329ef32ee507c: chore(deps): bump Helm from 3.15.2 to 3.15.4 (#20135) (@pasha-codefresh)
* 948aaf6f908d90479b50d39ed3a0166095e31a80: chore(deps): bump SonarSource/sonarqube-scan-action (#20278) (@dependabot[bot])
* ae183ad245df5b900353c895dfb5feb4a36801d7: chore(deps): bump SonarSource/sonarqube-scan-action from 2.3.0 to 3.0.0 (#19524) (@dependabot[bot])
* 1fba4ea04911a030869aa6fc8a7b3d99bc5cce6f: chore(deps): bump SonarSource/sonarqube-scan-action from 3.0.0 to 3.1.0 (#20740) (@dependabot[bot])
* 523b0e6a784683156dd6dbc525d78330c81bfb7b: chore(deps): bump SonarSource/sonarqube-scan-action from 3.1.0 to 4.1.0 (#21034) (@dependabot[bot])
* 4272b03b3366d6d0ef5bf54a0f5e69415aeb4850: chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#20240) (@dependabot[bot])
* f9845694d0de5684ca3765c4b016f95b6e7dacc8: chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#20301) (@dependabot[bot])
* e9ff075610a7fac34590daf46cc71b64de9b0a9d: chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#20493) (@dependabot[bot])
* 96d0226a4963d9639aea81ec1d3a310fed390133: chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#21084) (@dependabot[bot])
* bb1e75fe824ebdec361d1df14a826e98f4bb7162: chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#20529) (@dependabot[bot])
* be080a53190969f137434034aac6f9475d24c153: chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (#21123) (@dependabot[bot])
* 6b6d23bdf506b6b96cc79913e21e930ec34f46c2: chore(deps): bump actions/setup-node from 4.0.3 to 4.0.4 (#20025) (@dependabot[bot])
* 683d0308431237f2c8c5b0fc2671caa1abfc6692: chore(deps): bump actions/setup-node from 4.0.4 to 4.1.0 (#20528) (@dependabot[bot])
* 1e84af73dffad4f49a373678f9ba2366797841b9: chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#20279) (@dependabot[bot])
* 3da774bb0b8b4e6a9f619ef42c6bfebba96eef54: chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 (#20300) (@dependabot[bot])
* 7031387b7fc0f9e00eef6dacbdd4a29432356ca4: chore(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 (#20320) (@dependabot[bot])
* 9b01c46e4890609b019e1808960b3da4cdcec2ee: chore(deps): bump bitnami/kubectl in /test/container (#20024) (@dependabot[bot])
* 109473fca4e0c6acf63f3d8d33a520de384fc50f: chore(deps): bump bitnami/kubectl in /test/container (#20191) (@dependabot[bot])
* 1a478a531b4942547792689f950d0c625073f21e: chore(deps): bump bitnami/kubectl in /test/container (#20516) (@dependabot[bot])
* 02a4d9f2c0ff8dd865a15e92f1f32b59c596445a: chore(deps): bump chromedriver from 128.0.3 to 129.0.0 in /ui-test (#19998) (@dependabot[bot])
* 54bd69463b5b1f129943fa59711a4504f23f82f0: chore(deps): bump chromedriver from 129.0.0 to 129.0.2 in /ui-test (#20189) (@dependabot[bot])
* c4fb5d9b2ad9e0ded9e2a3aab7da63bbf9d76281: chore(deps): bump chromedriver from 129.0.2 to 129.0.3 in /ui-test (#20317) (@dependabot[bot])
* 47f63f0d1492bdb9291527afde63ef1ac783466d: chore(deps): bump chromedriver from 129.0.3 to 129.0.4 in /ui-test (#20340) (@dependabot[bot])
* 1d12fcfecff7387b6b00c2873dfb01aacbb8786a: chore(deps): bump chromedriver from 129.0.4 to 130.0.0 in /ui-test (#20415) (@dependabot[bot])
* 7eb2a198b10c0bdf2772b47f5fc16adf76410189: chore(deps): bump chromedriver from 130.0.0 to 130.0.1 in /ui-test (#20515) (@dependabot[bot])
* df54a43e2ee83a0968cdbfdd385d874b44a43b10: chore(deps): bump chromedriver from 130.0.1 to 130.0.2 in /ui-test (#20648) (@dependabot[bot])
* b652b6aacbf450f503bd9dda3728dcca77f5bb68: chore(deps): bump chromedriver from 130.0.2 to 130.0.4 in /ui-test (#20687) (@dependabot[bot])
* 0ea189d5a23f59e57b5bb6ae0b3775caebdce6d2: chore(deps): bump chromedriver from 130.0.4 to 131.0.1 in /ui-test (#20855) (@dependabot[bot])
* e28aa2eb54221d2bb11b53a9f8dcc5b1b79ecc7b: chore(deps): bump chromedriver from 131.0.1 to 131.0.2 in /ui-test (#21050) (@dependabot[bot])
* 87c853e8729160a5b9add0eaea726b78cdc986e2: chore(deps): bump chromedriver from 131.0.2 to 131.0.3 in /ui-test (#21144) (@dependabot[bot])
* 48551b3746510123285b3ce4aae324b41fd37652: chore(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 (#20188) (@dependabot[bot])
* e03d609a1cb5011fd00783156465305cf3b6854e: chore(deps): bump codecov/test-results-action from 1.0.0 to 1.0.1 (#20359) (@dependabot[bot])
* 7d3661cb219136fb21eaa2fb2153d72e3aba65a8: chore(deps): bump docker/build-push-action from 6.7.0 to 6.8.0 (#20154) (@dependabot[bot])
* afcc71be238f3d25e054916d85f3575665a0fdc5: chore(deps): bump docker/build-push-action from 6.8.0 to 6.9.0 (#20174) (@dependabot[bot])
* 02d6866f8a8276c455986672f2e8709232292e76: chore(deps): bump docker/build-push-action from 6.9.0 to 6.10.0 (#20966) (@dependabot[bot])
* 8ea78a1bc1a6eebe802bc297a9ae1ec5d45f897b: chore(deps): bump docker/setup-buildx-action from 3.6.1 to 3.7.0 (#20224) (@dependabot[bot])
* 5ebb61b5195004ed6ac22fec4751c4fcbb19f834: chore(deps): bump docker/setup-buildx-action from 3.7.0 to 3.7.1 (#20241) (@dependabot[bot])
* 2c206a51d160e37b5ecc1bf5516a319d0a2bc5cf: chore(deps): bump dompurify from 2.3.6 to 2.5.6 in /ui (#19955) (@dependabot[bot])
* dd2b458c435605af61b545e19e1ceed9dd90b1ea: chore(deps): bump github.com/Azure/kubelogin from 0.1.4 to 0.1.5 (#21033) (@dependabot[bot])
* 19eaeb9aca432db15d876d8204bfc07e78cca24d: chore(deps): bump github.com/Azure/kubelogin from 0.1.5 to 0.1.6 (#21193) (@dependabot[bot])
* 29ac23827a0722c96a09a9e1cd52f597679210f2: chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 (#20852) (@dependabot[bot])
* 898c2b59023154e0e50df2d12ddbed04ecbdd9a1: chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.1 (#20363) (@dependabot[bot])
* 32c9e41248da48d5b358ba57fc220edaa2a54951: chore(deps): bump github.com/bradleyfalzon/ghinstallation/v2 (#20778) (@dependabot[bot])
* 00d45ed74f459b6151b3029f95eafbc5509f3c11: chore(deps): bump github.com/casbin/casbin/v2 from 2.100.0 to 2.101.0 (#20817) (@dependabot[bot])
* 2d0a5e904a54f7ad79e5f8d7ea98d75c94a2d2da: chore(deps): bump github.com/casbin/casbin/v2 from 2.101.0 to 2.102.0 (#21019) (@dependabot[bot])
* 308c6cb526a643ac5e0f5904fa208b8b356a7b7f: chore(deps): bump github.com/casbin/casbin/v2 from 2.99.0 to 2.100.0 (#19960) (@dependabot[bot])
* f78e741220d173dd2e725eb61ed9800285dfc7b1: chore(deps): bump github.com/cyphar/filepath-securejoin (#20173) (@dependabot[bot])
* e144d5c18939efc640885b7850216e0cf7713766: chore(deps): bump github.com/cyphar/filepath-securejoin (#20319) (@dependabot[bot])
* ed2fde1a8f735aaf7d528f4c4c70c02b492e8424: chore(deps): bump github.com/cyphar/filepath-securejoin (#21096) (@dependabot[bot])
* a8f95dcb0deac9e3d91fa7cff8475ff8a3edb8c5: chore(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#20629) (@dependabot[bot])
* d7731790fdab62d4ad2f7cecb272c482ef4c1ec7: chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#20649) (@dependabot[bot])
* c06974f21330f746f51a5c69fbdec90fc9e146b2: chore(deps): bump github.com/itchyny/gojq from 0.12.16 to 0.12.17 (#21018) (@dependabot[bot])
* f4577e3b5a944675f18ab08d94a596bfbee46d93: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.80 to 0.9.81 (#20397) (@dependabot[bot])
* f64db6dba7aec61783b0a0d0e403f1a02b674635: chore(deps): bump github.com/prometheus/client_golang (#19974) (@dependabot[bot])
* f031f490e65a1a67420d3d1dd7fe8a33dd182f15: chore(deps): bump github.com/prometheus/client_golang (#20398) (@dependabot[bot])
* 195de1a7ab191551bc91cdd3cb8261d6cb86a41c: chore(deps): bump github.com/redis/go-redis/v9 from 9.6.1 to 9.6.2 (#20377) (@dependabot[bot])
* e7e6f5bae994fb36d6c4c7d2ee95c20740aeecf6: chore(deps): bump github.com/redis/go-redis/v9 from 9.6.2 to 9.7.0 (#20441) (@dependabot[bot])
* 8bce61e330f2235caeea1c0ac284b78ee50be7a2: chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#20930) (@dependabot[bot])
* 1e359c8c0d25dc3a223ab184c1d623bb4d68aa5a: chore(deps): bump github.com/xanzy/go-gitlab from 0.109.0 to 0.110.0 (#20260) (@dependabot[bot])
* 94e81cdae5f107d0f36eeeb3a98172301c9f1b83: chore(deps): bump github.com/xanzy/go-gitlab from 0.110.0 to 0.111.0 (#20339) (@dependabot[bot])
* 81785b861c9ed0cf74aead664a02513ea2860775: chore(deps): bump github.com/xanzy/go-gitlab from 0.111.0 to 0.112.0 (#20378) (@dependabot[bot])
* 35b91584186ff045878bdd893120214ffc82eca6: chore(deps): bump github.com/xanzy/go-gitlab from 0.112.0 to 0.113.0 (#20676) (@dependabot[bot])
* 74b219a628d04ed69f76190bf3d3d0d451c06c2e: chore(deps): bump github.com/xanzy/go-gitlab from 0.113.0 to 0.114.0 (#20832) (@dependabot[bot])
* 4f6e4088efc789a8cb44d3e25a444467c46d761f: chore(deps): bump gitops-engine to latest (#21056) (@jmeridth)
* b2e52de591853f3bc9006f6fde99dfa70f692776: chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#20376) (@dependabot[bot])
* ed9d18f4e634a8eef2e42428e2f959434c37fef4: chore(deps): bump go.opentelemetry.io/otel from 1.30.0 to 1.31.0 (#20360) (@dependabot[bot])
* 2a72df260d86f794adbb9329febaf116b2b34634: chore(deps): bump go.opentelemetry.io/otel from 1.31.0 to 1.32.0 (#20744) (@dependabot[bot])
* 4b229c04841d014ef25fbaf957857ce76ac3f326: chore(deps): bump go.opentelemetry.io/otel from 1.32.0 to 1.33.0 (#21166) (@dependabot[bot])
* e2c4b23701e14af9ceedf89cb64a2ea66b7583b5: chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#20361) (@dependabot[bot])
* aef4c5a2765781077377a434277a3992346d3e03: chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#20741) (@dependabot[bot])
* 3b81d3c072b5418a826980dbc36e2291328a4a2e: chore(deps): bump go.opentelemetry.io/otel/sdk from 1.31.0 to 1.32.0 (#20745) (@dependabot[bot])
* 75b0b3c8eebf5904951d78421fa696454a410b2f: chore(deps): bump go.opentelemetry.io/otel/sdk from 1.32.0 to 1.33.0 (#21165) (@dependabot[bot])
* 0710ff91036d7120c6be64528ef01c51939f6169: chore(deps): bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 (#20068) (@dependabot[bot])
* 3b2de54b66d76318ce7a5449782fc59e191906fd: chore(deps): bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#20243) (@dependabot[bot])
* 146c1bb9b04b6dfca5aa357312afa11a327766a8: chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#20707) (@dependabot[bot])
* 6ace657e2aace206590e8387b424fe0c6148eb4f: chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0 (#21068) (@dependabot[bot])
* cc68f018fe62e9ed073bf07d776b94d1fe4233c5: chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#21147) (@dependabot[bot])
* d063e6087fcee6ecc0add34b6148de50ee97ae22: chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 (#20246) (@dependabot[bot])
* 4a66a2a1ea35992480b6e77a339d5695eff5d2c6: chore(deps): bump golang.org/x/net from 0.30.0 to 0.31.0 (#20742) (@dependabot[bot])
* cdec7e28686a0819f8445f08d587999c1d5d9602: chore(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 (#21069) (@dependabot[bot])
* 556b8c6d5d359843c986bb25034e4ffa06242f5e: chore(deps): bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 (#20708) (@dependabot[bot])
* 0eaa3d44d2851f2cf45a0d00df52bbf0f8121edb: chore(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 (#20709) (@dependabot[bot])
* 3a666dd400249456ef6caf9150b4f8234156f5e0: chore(deps): bump golang.org/x/term from 0.24.0 to 0.25.0 (#20245) (@dependabot[bot])
* b78f2097165d62a9010e0facc3ca7e4a0e8ad520: chore(deps): bump golang.org/x/term from 0.25.0 to 0.26.0 (#20705) (@dependabot[bot])
* 0fbbc0dda978f5029733b888ddbb3b9c482b1c86: chore(deps): bump golang.org/x/term from 0.26.0 to 0.27.0 (#21070) (@dependabot[bot])
* 853c6b49359ef67587fb8a72e58841ff47b624ce: chore(deps): bump golang.org/x/time from 0.6.0 to 0.7.0 (#20244) (@dependabot[bot])
* aac69803ae6a11645a8072b5e458668e3e037554: chore(deps): bump golang.org/x/time from 0.7.0 to 0.8.0 (#20704) (@dependabot[bot])
* 8d268e78c7eb215cee566367ad3674d5a5fd9fb7: chore(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (#20207) (@dependabot[bot])
* 864917b7cc64b2881d248c3c8cbf833e4bcdb0ba: chore(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#20059) (@dependabot[bot])
* 2e9532d79b1fbdfa6c0da9df3206e2090bca9281: chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.67.1 (#20190) (@dependabot[bot])
* 9f71ecbf5fe36eadb8e99a551c0a79f04047db94: chore(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.1 (#21066) (@dependabot[bot])
* 419cf25f28a814daea99b35dc6e844c0d07d8971: chore(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#20277) (@dependabot[bot])
* c4f51c0313ceb623262754135df01364d0eda57b: chore(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 (#20804) (@dependabot[bot])
* c68776e32ab2454c9b16573f7eebb48a143097ba: chore(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (#20701) (@dependabot[bot])
* 8c00cf0ce14dae8baf7edad782174ed198f93694: chore(deps): bump http-proxy-middleware from 2.0.4 to 2.0.7 in /ui (#20518) (@dependabot[bot])
* 1a84db5dad2c27e9d32747a383c5b4a40c4cb2ec: chore(deps): bump library/busybox in /test/e2e/multiarch-container (#20193) (@dependabot[bot])
* 8d4ae266869e599ae4b26a550b9d24e0bfe4b225: chore(deps): bump library/busybox in /test/e2e/multiarch-container (#21145) (@dependabot[bot])
* 21fa4814950214a9d890beee10c470a2dfed5cf1: chore(deps): bump library/golang from 1.23.1 to 1.23.3 in /test/remote (#20703) (@dependabot[bot])
* 955858eaad03daf83fbdb8bbb0919cfd21f0d809: chore(deps): bump library/golang from 1.23.3 to 1.23.4 in /test/remote (#21049) (@dependabot[bot])
* cc7c21ea1eeef4866393c500f8afae166092cab5: chore(deps): bump library/golang in /test/container (#20700) (@dependabot[bot])
* 0a57d21c3d27f2d3d38f852da06bed0df1317a1c: chore(deps): bump library/golang in /test/container (#21048) (@dependabot[bot])
* c8eb5b54438e8096d49d1c353c5f98727820bd94: chore(deps): bump library/node from 22.8.0 to 22.9.0 (#19999) (@dependabot[bot])
* 9e6d78effa8d005d89eba49c0164226da38119f4: chore(deps): bump library/node from 22.8.0 to 22.9.0 in /test/container (#20001) (@dependabot[bot])
* 04919f0a6fb70fc81d334061ce5e57ddba2d1d1f: chore(deps): bump library/node from 22.8.0 to 22.9.0 in /ui-test (#19975) (@dependabot[bot])
* 97d110bf27a5fd23ab1f5cad2d396852b7e02339: chore(deps): bump library/node from `fa4b468` to `cbe2d5f` in /ui-test (#19997) (@dependabot[bot])
* 8d9a3a743af75602c4ad790ba7eb465464939921: chore(deps): bump library/redis from 7.4.0 to 7.4.1 in /test/container (#20282) (@dependabot[bot])
* ea46572326ab0f8bdf2ff6996df2c081e0ea7949: chore(deps): bump library/redis in /test/container (#20442) (@dependabot[bot])
* a0b694384cbcbe14bce9e8b659bd4abeefda8971: chore(deps): bump library/redis in /test/container (#20494) (@dependabot[bot])
* 065700c5e185ea1643775b9db491f129845fc365: chore(deps): bump nanoid from 3.3.7 to 3.3.8 in /ui (#21131) (@dependabot[bot])
* d636e536650ead1a27d87ac8efb8a3455f633d8c: chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3 (#19957) (@dependabot[bot])
* 229826eb68621ffcdc5c3af3900f6e3b5cac9b29: chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 (#20000) (@dependabot[bot])
* 2b64c71e4d240fc07e48c41072a17116b6277bb4: chore(deps): bump selenium-webdriver and @types/selenium-webdriver (#19959) (@dependabot[bot])
* 86519ca690b4b78a5c09fda6bcf4407152649c9f: chore(deps): bump selenium-webdriver from 4.24.1 to 4.25.0 in /ui-test (#20058) (@dependabot[bot])
* efd196407acfefdc9f5e8eb60a494565466300c1: chore(deps): bump selenium-webdriver from 4.25.0 to 4.26.0 in /ui-test (#20633) (@dependabot[bot])
* d6deaa96e10254c482f75cd5fa69aec26f8d4058: chore(deps): bump selenium-webdriver from 4.26.0 to 4.27.0 in /ui-test (#20953) (@dependabot[bot])
* 745f1cc34851cb04a76d602e44a8478c325918d6: chore(deps): bump sigs.k8s.io/controller-runtime from 0.19.0 to 0.19.1 (#20530) (@dependabot[bot])
* 9f1431e1eb1d0b767df110ccacb0fe1860a85e37: chore(deps): bump sigs.k8s.io/controller-runtime from 0.19.1 to 0.19.2 (#20906) (@dependabot[bot])
* 51a7966b92ecf0d0346952a10ac21b09280c9243: chore(deps): bump sigs.k8s.io/controller-runtime from 0.19.2 to 0.19.3 (#21032) (@dependabot[bot])
* 0014b2505b4ee300c26faddb5b71dc706a3b2c09: chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#20242) (@dependabot[bot])
* 11267b912b8b38cd1b9cefcfd2a1d11877473f48: chore(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 (#20631) (@dependabot[bot])
* 79b05d62c3decf17b1394f9b4039314b1f00df60: chore(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 (#20760) (@dependabot[bot])
* 6a3cdb6ea529b63726f8a1a620819b8f5ccca184: chore(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 (#21124) (@dependabot[bot])
* 9a14d7f5dddc841efca09243aeb4348cb336df99: chore(deps): bump thehanimo/pr-title-checker from 1.4.2 to 1.4.3 (#20951) (@dependabot[bot])
* 8f65594ca9046fde4b6cfd96bd34dbc4d14d0f3a: chore(deps): bump tj-actions/changed-files from 45.0.1 to 45.0.2 (#19958) (@dependabot[bot])
* ba0683c4d4cd98557f8037e2de9c750b625aa332: chore(deps): bump tj-actions/changed-files from 45.0.2 to 45.0.3 (#20225) (@dependabot[bot])
* 0066b0ab9d0ed91a0bc3fba6aa839cf86c74a2c8: chore(deps): bump tj-actions/changed-files from 45.0.3 to 45.0.4 (#20739) (@dependabot[bot])
* 1bf56d8905dec905aa290c8624a4449f0d8242b9: chore(deps): bump tj-actions/changed-files from 45.0.4 to 45.0.5 (#21095) (@dependabot[bot])
* 67b2336cac0c6ca6d056d6082a365936f2f7d9a5: chore(deps): fix bump golang.org/x/net from 0.32.0 to 0.34.0 - CVE-2024-45338 (#21628) (@ishitasequeira)
* 3625689264215d9e83bfafc5fe165c8fcd764ece: chore(deps): update dependency pymdown-extensions to v10.12 (#20567) (@renovate[bot])
* 77b57af230a2a673c1ff2122660d482e004219d0: chore(deps): update docker.io/library/golang:1.23.2 docker digest to a7f2fc9 (#20318) (@renovate[bot])
* 229ac1bf9d49cb5075451e5358c28e9a9d823f5a: chore(deps): update docker.io/library/golang:1.23.2 docker digest to ad5c126 (#20419) (@renovate[bot])
* 95922502c7a0fe32d7ae64c46a380e2b0c578f61: chore(deps): update docs dependencies (#20257) (@renovate[bot])
* 14c50bd50d516666f6b6faf1e05b5442847861a1: chore(deps): update group golang to v1.23.2 (#20256) (@renovate[bot])
* aa1267aa8bcebd680c0ef9ace31774d3069badfb: chore(deps): update group golang to v1.23.3 (#20686) (@renovate[bot])
* b39f3b15fbf1abf59177b58b6e87a44e32600bbe: chore(deps): update module github.com/golangci/golangci-lint to v1.62.0 (#20737) (@renovate[bot])
* 98688e0686763ef7ade31c00f4bb53943f6e6dd8: chore(deps): update module github.com/golangci/golangci-lint to v1.62.2 (#20947) (@renovate[bot])
* e0863d9e33e6842bb9f07efdd13eca0c374da1b0: chore(deps): update node version (#20248) (@renovate[bot])
* 8b063075001cdf66bf3cc8d5dd76d31deaafc891: chore(deps): update node.js to v23 (#20413) (@renovate[bot])
* cf498f674de7082f5d34d5c9df4f0b4c9b4fabd5: chore(deps): upgrade `argo-ui`, including breaking changes (#19655) (@agilgur5)
* c641304b2ae571e9824003db38ca7ce66a8d617e: chore(deps-dev): bump @types/mocha from 10.0.8 to 10.0.9 in /ui-test (#20280) (@dependabot[bot])
* e28a05f5c04975f30eec64de38e69a20937d63f0: chore(deps-dev): bump @types/node from 22.5.5 to 22.7.2 in /ui-test (#20112) (@dependabot[bot])
* 78c85a229579fd2ea584fed793ba4b46d6dfbe2f: chore(deps-dev): bump @types/node from 22.7.2 to 22.7.5 in /ui-test (#20281) (@dependabot[bot])
* 4e92079c9169b96164008257a495543b5d8407ce: chore(deps-dev): bump @types/node from 22.7.5 to 22.7.6 in /ui-test (#20414) (@dependabot[bot])
* adf08ed87fdc3988f88b6fa7a77255cfee7a60ed: chore(deps-dev): bump @types/node from 22.7.6 to 22.7.9 in /ui-test (#20514) (@dependabot[bot])
* 14ba2216d70603828f440b29f831d0d3134ffc43: chore(deps-dev): bump @types/node from 22.7.9 to 22.8.4 in /ui-test (#20588) (@dependabot[bot])
* 16649c64f868533fad7b11fe900f9e21de586897: chore(deps-dev): bump @types/node from 22.8.4 to 22.8.7 in /ui-test (#20647) (@dependabot[bot])
* c92efcf1300cc4880b0ff3600f4d5fac43bf2fe7: chore(deps-dev): bump @types/node from 22.8.7 to 22.9.3 in /ui-test (#20932) (@dependabot[bot])
* 52dbe514e05819d4eaf743b8d52b2630f71e9b89: chore(deps-dev): bump dotenv from 16.4.5 to 16.4.6 in /ui-test (#21031) (@dependabot[bot])
* 89f222b6a2c75f7d1fa600b8df7589a67774a1be: chore(deps-dev): bump dotenv from 16.4.6 to 16.4.7 in /ui-test (#21051) (@dependabot[bot])
* c6d45d8dcf672abdb07a8d40c53c6e0cdce9aeae: chore(deps-dev): bump typescript from 5.6.2 to 5.6.3 in /ui-test (#20302) (@dependabot[bot])
* e8d52650b1599e22feadfdf093c20e846a9b2e5b: chore(deps-dev): bump typescript from 5.6.3 to 5.7.2 in /ui-test (#20931) (@dependabot[bot])
### Other work
* b14f1d13a6422d4b0d9fa6814228c9ec9e2c97e0: Add Alarm.com to users list. (#20672) (@max-lancaster)
* faa10098bac805e91ebef8e38fedf4425b246fe1: Add Alauda to USERS (#20936) (@tossmilestone)
* d8fe100278df0ed6d56edc8d4feebb4f7f375afb: Docs: Added prerequisites for argoCD, fork and clone repository, upstreaming, common make targets, steps before submitting a PR. (#20540) (@Shubhamzanzad)
* 2bf5dc6ed143b83d78b842753e994590b60c4ed7: Fix application url for custom base href (#21377) (#21516) (@gcp-cherry-pick-bot[bot])
* 38546a5e434ebcb525567356f4b7f9ac0a29b59e: Fix docs/user-guide/diffing.md code block (#20596) (@q-yusufmahtab)
* acfc03e2c27d67b32b1681e54f25bfc8f564bbea: Fix minor grammatical error in operator manual overview (#20691) (@Dutchy-)
* bc15ae89d868f6f30134575ba64563468ebeff9e: Fix typo (#20127) (@symaras)
* 5b25b281c89e5208a5060c659bb9e517b4ba6b30: Fixed incorrect pluralization on resources (#20468) (@yashrtalele)
* 04e47cd5d468701e6ba4498d49cf0f948dce4713: Fixes minor typo which lead to using the bearer token as api URL and was obviously not working. (#20169) (@appiepollo14)
* d59c85c5eb55d5ccba3ef5ce6624306a1113ce00: Merge commit from fork (@svghadi)
* 8dbddb101ac8fa509f9ce857afcc7a57deccd59a: Update golang test image to use 1.23.4 multiarch (#21174) (@todaywasawesome)
* 99560fbbba4074a76b02cc15cd1efe49f305b61d: Update troubleshooting-errors.md (#20201) (@todaywasawesome)
* ed311fea135f6c2bd26394aa4280c15e0b4750ec: add docs to build site locally (#20342) (@nitishfy)
* 5d0a3e6e9abd7e922e72e27c992ed0cdc0824f99: add flaglerhealth.io to userlist (#20724) (@XinyuanHu)
* 0de5f60cdc6f5a087518fca9e64fa9aa18ece8ef: chore(appset): reduce dupe code w/ DB (#21192) (@crenshaw-dev)
* d17aafd19a465fb9992d8189381adc3bdd488ead: chore(ci): add renovate for golangci-lint, go and node version (#20236) (@ggjulio)
* d3a3fe5e688460d0994f08c6f33e97a87a2e16e6: chore(ci): better handling of Go and Node dependency bumps (#20168) (@crenshaw-dev)
* 7b1c076148e3742d89c170db2e3d8ea7824db536: chore(ci): update renovate config (#20254) (@ggjulio)
* 8647db1157931d64dc33670f2160c65abcfb3d7e: chore(controller): remove unnecessary field (#20295) (@crenshaw-dev)
* c216ece3a47b137a208c3232b9d73db846cfdce8: chore(server): better error message for missing action (#20408) (#20409) (@crenshaw-dev)
* 9203dd16af6dc39381ce01289d24ca3b9617d6cd: chore(server): simplify project validation logic (#21191) (@crenshaw-dev)
* 45bbd4628727342d692978183dae229a6cfe734c: chore(ui): fix sonarcloud warning (#16496) (@crenshaw-dev)
* 79abbbe4ec885c144e7b4c20540452b774366483: chore: Add TextNow to USERS.md (#20602) (@nikolai-momot)
* d963b6135037fa6a0c332aa8feaaac9a098bf051: chore: Add some empty dir volume mounts for the application controller (#19474) (#19480) (@andrii-korotkov-verkada)
* 975786629f91240785867e0a5d8c5338f98a84e7: chore: Add support for AdditionalURLs field in server settings query (#21045) (@andrii-korotkov-verkada)
* 5f8de971c6edad61f151c150c6eb6e2eb07c8dd3: chore: Added unit tests and fix e2e tests for application sync decoupling feature (#19966) (@anandf)
* a7ff791ba5d6dcffdee3fe2ada07b0f50ce32925: chore: Don't degrade PDB on InsufficientPods (#20171) (#20665) (@andrii-korotkov-verkada)
* e2eb655e41ce321420d310188fc41384d41ee2a2: chore: Fix data race detection failures in application tests (#21271) (#21302) (@gcp-cherry-pick-bot[bot])
* fc9b33b325082b4cd72f0802c0593f1d3a13ae1d: chore: Fix get-previous-release test case (#20863) (@leoluz)
* 9587ec9c92f43b413c4f10ce8c75a0b4b09dd4b8: chore: Fix to intermittent E2E test failures in deployment_test.go (#20974) (@jgwest)
* 9009e57c3220d8232b15b4efeff2c3b8ea972c5e: chore: Graceful handling of panic in application set controller reconcile (#20935) (#20940) (@andrii-korotkov-verkada)
* 018014c4b0db70e420c9a780f22c2ba90be6a04b: chore: Graceful shutdown for API Server (#18642) (#21224) (#21229) (@gcp-cherry-pick-bot[bot])
* 3c366edc2423eb3839e59f466ea8dcc2e11eafea: chore: Improve a sync with replace warning (#14161) (#20638) (@andrii-korotkov-verkada)
* bd322fe451c476a2a36468358dac78558e806e7c: chore: Improve the documentation regarding the selection of Application by Sync Windows (#21093) (@thecooldrop)
* a8e70e43ac2da903828aca88d8b7d4cbbcd9eaaf: chore: Make dev env redis password protected (#19863) (@reggie-k)
* 19bdbcaddb305f26070407db706f9ca3ee8dfdb9: chore: Optimize e2e tests by improving EnsureCleanState (#20942) (@andrii-korotkov-verkada)
* 97701f353a538ee1b2f67db71d17fa3c3610fe98: chore: Optimize e2e tests by removing redundant ensure clean state + some refactoring (#20939) (@andrii-korotkov-verkada)
* bd5d76f254d36f3beacc03504535b3cea01ee64f: chore: Parallelize EnsureCleanState for e2e tests, adding timing information (#20998) (@andrii-korotkov-verkada)
* 4d306f1139ee7922289e5e80f871d6e67251f04b: chore: Reduse e2e tests runtime by using better sleep intervals in Expect (#20926) (@andrii-korotkov-verkada)
* 5fc306ed3a34424e51f467e99397d48808162d0d: chore: Remove or reduce sleep in e2e tests (#21010) (@andrii-korotkov-verkada)
* 8320f88fa296391c858dd6cfcd73e2839913259d: chore: Remove sleep from when/then in e2e tests (#21008) (@andrii-korotkov-verkada)
* fc1986e3e5848e6170da9c5135634b9f1d684827: chore: Try to make CodeQL happy (#20094) (#20129) (@jsoref)
* 1675b0b2aeac95316a65252e2b6c6dfff5704e72: chore: Update USERS.md (#20513) (@rohen-compatio)
* 3f249ffc8de31ae3ddbb385faa00dfb1e729fe3e: chore: Update notification engine to 2fef5c9 (#20276) (@ayatk)
* 73fbcc9ce4df743f119dfe1606fc6bc27844fe7d: chore: add bajaj finserv health ltd. in list of users (#20555) (@coderchirag-bfhl)
* 71658c889769e05cf7250e5e6540e80acc95e67d: chore: add ziprecruiter to users (#21076) (@fffinkel)
* deb4d2b01e69a92c608725ee803740c901a81046: chore: avoid unnecessary alloc (#21121) (@crenshaw-dev)
* ae028c2322ad7ad6bc01c44828fd10bbcd023dd5: chore: bump gitops-engine for performance improvement (#19954) (@crenshaw-dev)
* 14a1a552dcdd19671def1fc8a4392a0de8435251: chore: bump gitops-engine for performance improvements (#19953) (@crenshaw-dev)
* 9a76d9f40bc407810fb309968fa4714e09502f43: chore: bump k8s versions in e2e tests (#19669) (@crenshaw-dev)
* 604c75b00dc87f30a5645614492ed2ed884d4d82: chore: change invalid comment (#20500) (@pasha-codefresh)
* 881025b3cac51b9e47975a5551f2380600e2eff1: chore: cover cli utils and prompts utils with tests  (#20674) (@pasha-codefresh)
* f869d235cbcf58fdf046e6b617436b8943d0d365: chore: document credentials server (#20078) (@crenshaw-dev)
* 29986874165a411cd6346c97166db3676d210a20: chore: enable perfsprint linter (#20685) (@mmorel-35)
* cc989251ef2917cd15a3f6b90e6ca85af6a43a60: chore: enable thelper linter (#20405) (@mmorel-35)
* e0ebb02443d4369ea409f5ad0e7eec715291aea5: chore: enable usestdlibvars linter (#20399) (@mmorel-35)
* 0d7f1f705359cd53fc4f493876fa56987f235304: chore: fix tests failing with Kustomize based errors (#21037) (@dudinea)
* 0573ed79c1a09ef9a4c70c032219f139ebd7b5fc: chore: improve error logs (#20050) (@ajinkyak423)
* 5c01cf6ebfcaa5116b3a4e7cf3de964591126e23: chore: improve error logs in  commands/admin/app.go (#20549) (@rameshgkwd05)
* 0f872f51be36a474a27e70e0c9300231f026ffb3: chore: improve error logs in server/cluster/cluser.go (#20711) (@SuminSSon)
* 6a091023893d0c0b26179b920e1ee4eb9816c3a7: chore: log panics in JSON (#20924) (#20925) (@crenshaw-dev)
* 90a148987daec2303e758a022ccc4aa78350ee48: chore: reduce default max payload size in webhooks to 50MB (#21101) (@pasha-codefresh)
* e878ad5f31a2ca1921e2504d6cba26dacf8e1146: chore: remove unused defaults from image workflow (#21183) (@crenshaw-dev)
* 62a84d5747d8d09a9f60cb3403ab3f101cb7479f: chore: rename Rollout 'Restart' action to 'Restart Pods' (#20841) (@crenshaw-dev)
* 76537ce5576209f2976efd39a486e6f608e152d0: chore: rename force-prompts-enabled to prompts-enabled flag name (#20752) (@pasha-codefresh)
* f5061272b84120ab2b95c636633ab5f91f3022c6: chore: rename protobuf field according to convention (#20221) (@alexmt)
* e1472f309ae90ea548130701bf6940c90f970092: chore: replacing custom map util functions with golang std (#20311) (@DaanV2)
* 6cf363c0fa92bf0b7d7fb1c3ffaa854c6a195f1f: chore: setting up 2.14 release champion and approver (#20870) (@rumstead)
* 0cdbc3cb3e7e8bbf7d15b735d89463f18db3bbec: chore: simplify 'get repo' API implementation (#20348) (@crenshaw-dev)
* 72c711e7f06f633a63b15e94946a2e76e9922619: chore: simplify sync status comparison (#21140) (@crenshaw-dev)
* 4776e486a39dfa075f7f0d2d22ebea461b731d17: chore: update azure/kubelogin to address CVE (#20578) (@imjasonh)
* 5583ebdcb8b1ced645c67532671f2df1fba1df90: chore: update notifications-engine to 22ccfe0caf45 (#20239) (@SLASHLogin)
* 35c12d9486684fc54d715e2461c36c318981a438: chore: use %q to simplify fmt.Sprintf (#21108) (@marinesnow34)
* 5cdb1a0a158758b391bbc7ec9b7288eb6a36f558: chore: use new fake k8s client constructor (#21186) (@crenshaw-dev)
* 7cc5907be38e15aa39bb40d6e716e5e4818b03c6: chore: use testify instead of testing.Fatal or testing.Error in applicationset (#20726) (@mmorel-35)
* 6b3e53219473c8903270e469aa497576715731c6: chore: use testify instead of testing.Fatal or testing.Error in cmd (#20750) (@mmorel-35)
* 993d79ca27b4bc407a52a080e12f2db5f999a967: chore: use testify instead of testing.Fatal or testing.Error in server (#20755) (@mmorel-35)
* 0da57447884e18d52f3f99eae70972c106700b8f: chore: use testify instead of testing.Fatal or testing.Error in test (#20754) (@mmorel-35)
* a6cce1d0b3197561e3aaad00701c020962a620da: chore: use testify instead of testing.Fatal or testing.Error in util (#20751) (@mmorel-35)
* ddb79fe2e3eeda4f145c7b68908f7ffcad8eb313: ci: Allow forks to opt-in for codeql (#19996) (@jsoref)
* f4d1e0f9f63520ca0549ee66e3bcaae7c907b574: clarify usage of `ref` for multiple sources doc (#21011) (@agoddard)
* 4e215234ad718a6028f1d11ef1da05ddf414acf5: doc: Update Show Orphaned Button Screenshot in Orphaned Resources Monitoring Documentation (#20533) (@jaehanbyun)
* b4b6307cd2a90865044d66b547fbfff52dffa77d: doc: fix grammar (#21004) (@corneliusroemer)
* 4745e08d4fbd9b115e208880eac9a63119a8821c: docs(2.14): adding basic upgrading docs for 2.14 (#21744) (#21752) (@rumstead)
* 1bbeab7a03e80596c998b5a95b0ec14243db22f8: feat(clusters) - Add disableCompression option in the cluster config (#20291) (@OpenGuidou)
* 7f417e2be4b68acb3b5ef04cea59158bc7d6ee68: fix notificaion controller crash loop (#19984) (@pasha-codefresh)
* 52d5653c8660315e7214bc27b70d4c3a83f58a55: fix notification-catlog issue (#20237) (@ajinkyak423)
* d85a1dee2300c2e1253436c9c2456f3b3ffd950f: fix(#18495): Add Alternate color of resources in sync panel (#19250) (@xyq175com)
* e80de49043f3ba0d876bc30f6aab789e8f8d413f: fix(controller/ui): fix pod with sidecar state (#19843) (@linghaoSu)
* 21026dba43d2ca1c07917614ce7c94de55b11b32: fixed formatting issue + added a few tidbits (#20522) (@fideloper)
* bcc224b32c5e85cba01d77b01ffd1c861b42a9eb: prevent crash during timer expiration after stream is closed (#19917) (@morapet)
* c090f849b076e1371989ef5117be36613d5e8a38: pruned-icon-changed-to-trash (#21088) (@surajyadav1108)
* 2f51067e7559ae705d823b979eb8244cf24678c1: psmdb.percona.com/PerconaServerMongoDB resource customization (#20628) (@niv8)
* 83eb0b18712de4ab214c1382ced8dec419fa6eb3: rerender when extensions update (#20559) (@imwithye)
* 3570d7de1414bae837ea76d6768bc471cd1ae178: sec: update alpine/helm to 3.16.1 (#20253) (@pasha-codefresh)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.13.4...v2.14.0

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc7/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc7/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Features
* e4599e1a9069c7cbd1e1641e8ab6476449e9d3a2: feat(rbac): add disable fine-grained inheritance flag (#20600) (#21553) (@agaudreault)
### Bug fixes
* 8a8fc37f3cc1f531c2efce1e763d0960c7a10e1e: fix: Policy/policy.open-cluster-management.io stuck in progressing status when no clusters match the policy (#21296) (cherry-pick #21297) (#21614) (@gcp-cherry-pick-bot[bot])
### Dependency updates
* 67b2336cac0c6ca6d056d6082a365936f2f7d9a5: chore(deps): fix bump golang.org/x/net from 0.32.0 to 0.34.0 - CVE-2024-45338 (#21628) (@ishitasequeira)
### Other work
* d59c85c5eb55d5ccba3ef5ce6624306a1113ce00: Merge commit from fork (@svghadi)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.0-rc6...v2.14.0-rc7

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.4/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.4/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 2fe4536ed2179e41f28356e66c993646ba13f324: fix(appset): events not honouring configured namespaces (#21219) (#21241) (#21520) (@eadred)
* 99aaf43bdb8627f602ff3959ed9375a3a5bcefb9: fix: Policy/policy.open-cluster-management.io stuck in progressing status when no clusters match the policy (#21296) (cherry-pick #21297) (#21594) (@gcp-cherry-pick-bot[bot])
* 2618ccca2d3b006d0efae31cf94c74f84fb992cd: fix: login return_url doesn't work with custom server paths (cherry-pick #21588) (#21603) (@gcp-cherry-pick-bot[bot])
* 53dc116353a90429b16dc88b56a4efc8fd559082: fix: oras-go client should fallback to docker config if no credentials specified (cherry-pick 2.13 #18133) (#20872) (@eestolano)
* fd67e4970facebd1237c91d71af03a96dd121d6e: fix: resolve the failing e2e appset tests for ksonnet applications (cherry-pick #21580) (#21605) (@gcp-cherry-pick-bot[bot])
### Documentation
* c0f847f301584dbdb41db7c28282ad4cbaa1e52c: docs: Update Screenshot in Orphaned Resources Monitoring Section #20510 (cherry-pick #20533) (#21489) (@gcp-cherry-pick-bot[bot])
* c8a62bb16231c382c2c3f4a5291d1737abcc704b: docs: add mkdocs configuration stanza to .readthedocs.yaml (cherry-pick #21475) (#21609) (@gcp-cherry-pick-bot[bot])
### Dependency updates
* 2e794fbbc590bcd98d655ef24c1f417ce64cfb53: chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 (cherry-pick #21329) (#21401) (@gcp-cherry-pick-bot[bot])
* 38e02ab9e81ff06946ae5d819797759156bc8c94: chore(deps): bump go-git version to go-git/v5 5.13.1 (#21551) (@aali309)
### Other work
* 49163b09b196038c00f971e3f567fa63261e0e8b: Fix application url for custom base href (#21377) (#21515) (@gcp-cherry-pick-bot[bot])
* 10b9589f1cefda9b3559708abef3b3c316e99971: Merge commit from fork (@svghadi)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.13.3...v2.13.4

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.10/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.10/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* c26ee6921b1c3a20dfecb2027657399b9f9c048b: fix(appset): events not honouring configured namespaces (#21219) (#21241) (#21521) (@eadred)
* 4ba830f5dd1ed58cf345fdc64dfd97bc6bd17715: fix: resolve the failing e2e appset tests for ksonnet applications (cherry-pick #21580) (#21606) (@gcp-cherry-pick-bot[bot])
### Documentation
* 84ace16689717cf30988d81e1bae6056863b7df5: docs: add mkdocs configuration stanza to .readthedocs.yaml (cherry-pick #21475) (#21610) (@gcp-cherry-pick-bot[bot])
### Dependency updates
* b6e1080936975f18aa0d81ee2396864eb433752c: chore(deps): bump go-git version to go-git/v5 5.13.1 (#21550) (@aali309)
### Other work
* a9d8027d4a8bf3230e16063d4a24fbcaa3a8b457: Merge commit from fork (@svghadi)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.12.9...v2.12.10

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.11.13/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.11.13/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 491f3dfb32708f59982edc201f266bbcf589692c: fix(appset): events not honouring configured namespaces (#21219) (#21241) (#21522) (@eadred)
* 0b8febb11fa0f0cfe38cc10490b995e9bc16545e: fix: CVE-2024-21538 upgrading the indirect dep cross-spawn to greater than 7.0.5 (#21239) (@nmirasch)
* 9d6a60b29594b322f049e3b0edb347534985e2eb: fix: resolve the failing e2e appset tests for ksonnet applications (cherry-pick #21580) (#21607) (@gcp-cherry-pick-bot[bot])
### Dependency updates
* 8198b17fbfdf15a176f7545372ef49ce33b25693: chore(deps): bump go-git version to go-git/v5 5.13.1 (#21544) (@aali309)
* b6879ed35bba85107f142bb0a107435dd716a105: chore(deps): bump http-proxy-middleware from 2.0.4 to 2.0.7 in /ui (#20518) (#20890) (@gcp-cherry-pick-bot[bot])
### Other work
* fa988be375842e78d241a04c27c98ae1e14d69e6: Merge commit from fork (@svghadi)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.11.12...v2.11.13

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc6/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc6/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* bd755104eda1eaa917d31c228c37cd52c04780d4: fix(appset): events not honouring configured namespaces (#21219) (#21241) (#21519) (@eadred)
* 479b1825527175836572bb55ec17b738d4834a24: fix(appset): reverted Gitlab SCM HasPath search and consider 404 errors as file not found (#16253) (cherry-pick #21597) (#21602) (@gcp-cherry-pick-bot[bot])
* ebf754e3ab11ec00a3b0f18080e93a441438d59c: fix(appset): update gitlab SCM provider to search on parent folder (#16253) (#21491) (#21503) (@gcp-cherry-pick-bot[bot])
* 35174dc196dbda440bc2f209e0ac640ef1855f81: fix(hydrator): UI nil checks (cherry-pick #21598) (#21601) (@gcp-cherry-pick-bot[bot])
* 70ea86523e1b97daa3161b00abeabec6e7bb57c7: fix: resolve the failing e2e appset tests for ksonnet applications (cherry-pick #21580) (#21604) (@gcp-cherry-pick-bot[bot])
### Documentation
* bab2c41e109c95ffcb6a08024926747dab45a606: docs(hydrator): document signature verification limitation (cherry-pick #21504) (#21585) (@gcp-cherry-pick-bot[bot])
* bb8185e2ec005d18ff65fcf47bed68a9c9b56113: docs: add mkdocs configuration stanza to .readthedocs.yaml (cherry-pick #21475) (#21608) (@gcp-cherry-pick-bot[bot])
### Other work
* 2bf5dc6ed143b83d78b842753e994590b60c4ed7: Fix application url for custom base href (#21377) (#21516) (@gcp-cherry-pick-bot[bot])

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.0-rc5...v2.14.0-rc6

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc5/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc5/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* c13c9c1be3a2e65977fe911000d3f3eb71a32a73: fix(ci): updating action-gh-release after upstream fix (#21407) (#21408) (@gcp-cherry-pick-bot[bot])
* 51471b3b8b4d89e9fa97406b81bf45212e937daf: fix(controller): rename cluster batch param and add to argocd-cmd-params-cm (#21402) (#21419) (@gcp-cherry-pick-bot[bot])

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.0-rc4...v2.14.0-rc5

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.3/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.3/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* f260510f387d2333dda02f6d93737f734e04af13: fix(api): send to closed channel in mergeLogStreams (#7006) (#21178) (#21187) (@gcp-cherry-pick-bot[bot])
* 09eede0c1775288b3e70a7971dd69492be206f82: fix(appset): Fix appset generate in --core mode for cluster gen (#21170) (#21236) (@gcp-cherry-pick-bot[bot])
* 64a14a08e0cffa3352e99444b81e1446fff1cda4: fix(ui): add optional check to avoid undefined reference in project detail (#20044) (#21263) (@crenshaw-dev)
* c76a131b17eae7ec5b608b2b1dc4aa2c8ac9e8e4: fix: Change applicationset generate HTTP method to avoid route conflicts (#20758) (#21300) (@gcp-cherry-pick-bot[bot])
* 079754c63913522803f7dbe4bded6b6de37f7e34: fix: Populate destination name when destination server is specified (#21063) (cherry-pick 2.13) (#21176) (@adriananeci)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.13.2...v2.13.3

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.9/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.9/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 041133a272e6c23534ff3a17a769f87e32babec7: fix(api): send to closed channel in mergeLogStreams (#7006) (#21178) (#21188) (@gcp-cherry-pick-bot[bot])
* 6934ace32947dbd1ded6677d266f1065db9fb32d: fix: CVE-2024-21538 upgrading the indirect dependency cross-spawn to 7.0.5 (#21156) (@nmirasch)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.12.8...v2.12.9

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc4/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc4/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 0a26e0f465ad307bc5d83949afcf8fef2b8d9b59: fix: Change applicationset generate HTTP method to avoid route conflicts (#20758) (#21299) (@gcp-cherry-pick-bot[bot])
### Other work
* e2eb655e41ce321420d310188fc41384d41ee2a2: chore: Fix data race detection failures in application tests (#21271) (#21302) (@gcp-cherry-pick-bot[bot])

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.0-rc3...v2.14.0-rc4

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc3/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc3/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Other work
* 018014c4b0db70e420c9a780f22c2ba90be6a04b: chore: Graceful shutdown for API Server (#18642) (#21224) (#21229) (@gcp-cherry-pick-bot[bot])

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.0-rc2...v2.14.0-rc3

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc2/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.0-rc2/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog

**NOTE:** There was an error in the 2.14.0-rc1 release, so 2.14.0-rc2 is the first release candidate.

### Features (63)

- feat: source hydrator (#20345)
- feat(ui): Added title label for filters (#21149)
- feat: Confluent Connector Resource Health Checker - #17695 (#17697)
- feat: add health check for ClusterResourceSet (#20746)
- feat: Sync timeouts for applications (#6055) (#20816)
- feat(appset): reduce cluster secret logging (#21109)
- feat: Timestamp for Health Status (#16972) (#18660)
- feat: Adding skipSchemaValidation flag (#20771) (#20831)
- feat(ui): Support filter for `configured` and `unchanged` on SYNC STATUS view (#20850)
- feat(ui): Added timing info to container state UI (#20920)
- feat(app): add ignore-healthcheck annotation (#20462)
- feat(app): Add optional 'name' to Source object (#20470)
- feat(ui): Added a warning popup before closing the application create panel (#20807)
- feat: move appset delete confirmation to new prompt logic (#20677)
- feat: adopt delete app confirmation to new prompt util (#20664)
- feat: add orphaned resource count metric (#20521)
- feat: add prompting to confirm application commands (#20658)
- feat: add prompting to confirm project window deletion (#20656)
- feat: add prompting to confirm account token deletion (#20654)
- feat: support Suspended state for MonoVertexRollout (#20583)
- feat(cmp): parameter to enable git creds to be shared from repo server to the plugin (#15107)
- feat: add prompting to confirm project role deletion (#20613)
- feat: add prompting to confirm project deletion (#20612)
- feat: add prompting to confirm application resource deletion (#20611)
- feat: Add ability to hide certain annotations on secret resources (#18216)
- feat: add prompting to confirm delete certificate (#20547)
- feat: add prompting to confirm prune during backup import (#20546)
- feat: add prompting to confirm remove of repository credentials (#20541)
- feat: add prompting to confirm deletion of gpg public key (#20539)
- feat: Add reusable interactive prompts and `configure` command (issue #19528) (#19637)
- feat: application resource deletion protection (#20497)
- feat: allow individual extension configs (#20491)
- feat: manage clusters via proxy (#20374)
- feat: appset scm generators and PR generators should be able to access only secrets related to appset (#20309)
- feat(appset): add 'project' to the Cluster Generator params (#20338)
- feat: add custom actions for Numaflow CRDs (#20332)
- feat: Enable ignoreResourceUpdate by default #19992 (#20303)
- feat(controller): support Istio ServiceEntry network node #20270 (#20273)
- feat(ui): support enable word wrap in live and desired manifest panel (#20299)
- feat: introduce health checks for Numaflow CRDs (#20297)
- feat: add Actions for PipelineRollout to allow/disallow data loss (#20298)
- feat(health): Adding more health checks for Keycloak, Postgres, Grafana, SolrCloud (#20294)
- feat(clusters) - Add disableCompression option in the cluster config (#20291)
- feat: support using exponential backoff between self heal attempts (#20275)
- feat: exclude Endpoints and EndpointSlices Kubernetes resource by default (#20251)
- feat(applicationset): Add FlatList option to cluster generator - Fixes #20212 (#20231)
- feat: add support for helm skipTests flag (#20118)
- feat(cli): Add app diff option to specify exit code when diff (#20144)
- feat(ui): support auto theme (#20080)
- feat(appset): parameterize requeue time #20063 (#20064)
- feat: Add nodeSelector for Linux nodes (#20148)
- feat: basic e2e tests in order to verify notification service health (#20182)
- feat(ui): make name property for repos (#20077)
- feat(appset): Add a cache layer for Argo Projects to speed-up application validation (#18703)
- feat: introduce pause/unpause actions for Numaplane CRDs (#20128)
- feat: transmit manifest-generate-path resources to the cmp-server for plugin-based applications (#19209)
- feat(ui): move graphs by dragging mouse in app resource tree view (#18025) (#20009)
- feat: option to disable writing k8s events(#18205) (#18441)
- feat(ui): add token diff support in diff view (#19983)
- feat(health): add healthchecks for Gloo resources (#11379)
- feat: Change the file name convention when downloading pod logs (#19938)
- feat: allow auth token to be passed in via env (#19898)
- feat: add ARGOCD_APP_REVISION_SHORT_8 variable in build environment (#19931)

### Bug fixes (60)

- fix: avoid resources lock contention (#8172) (#20329)
- fix(ui): ArgoCD history tab shows latest values in all recent releases (#13006) (#21161)
- fix(appset): Fix appset generate in --core mode for cluster gen (#21170)
- fix(api): send to closed channel in mergeLogStreams (#7006) (#21178)
- fix: Populate destination name when destination server is specified (#21063)
- fix: Fix server side diff with fields removal (#20792) (#20842)
- fix: incorrect expr for server stats in Grafana dashboard.json (#21098)
- fix(ui): fix select destination cluster type in create app (#20970)
- fix: add missing fields in listrepositories (#20991)
- fix: UI: Nothing happens selecting cluster URL/Name dropdown (#13655) (#21028)
- fix: Graceful shutdown for the API server (#18642) (#20981)
- fix(ui): update ui e2e tests (#14619)
- fix: show multisource details for an appset when using `argocd appset get` command (#20903)
- fix(server): make a copy of secret objects when listing from the informers #19913 (#20805)
- fix: order conditions summary (#20759)
- fix: Fix repeated 403 due to app namespace being undefined (#20699) (#20819)
- fix: remove broken link from code-contributions.md (#20795)
- fix: ApplicationSet webhooks should use stricter comparison of repository URL (#20486)
- fix: Ability to disable Server Side Apply on individual resource level (#20697)
- fix: Rollback multi-source apps; 2nd follow-up to PR 14124 (#20566)
- fix(server): accept HTTP/1.1 for backward compatibility (#20639)
- fix(codegen): use kube_codegen.sh deepcopy and client gen correctly (#20644)
- fix(redis): CPU stuck at 100% after rolling update (#20645)
- fix(server): missing selected ALPN property (#20579)
- fix(pkce): 20111 PKCE auth flow does not return user to previous path like dex auth flow (#20202)
- fix: updates to health status for Numaplane resources (#20544)
- fix(ci): ignore temporary files when checking for out of bound symlinks (#20527)
- fix(ui): Prevent versionId 0 Error on New Applications with No History (#20574)
- fixed formatting issue + added a few tidbits (#20522)
- fix(docs): ensure version dropdown sorts correctly regardless of browser language #20289 (#20322)
- fix: the unmatching template issue introduced from #20237 (#20410)
- fix(ui): display correct init info in Pod UI (#20387)
- fix(controller/ui): fix pod with sidecar state (#19843)
- fix(cli): add missing resources and actions to cani CLI (#20347)
- fix(ci): get correct previous release version for release notes (#19443) (#20315)
- fix(#18495): Add Alternate color of resources in sync panel (#19250)
- fix: remove hardcoded conditions from Numaflow CRD health checks (#20316)
- fix: disable automaxprocs logging (#20069)
- fix: allow pipes to be present in git username (#20040)
- fix(ui): history error reported in the dev environment (#20133)
- fix: GOLANGCI_LINT_VERSION (#20264)
- fix(ui): adjust transform origin in application resource tree (#20180)
- fix: handle incorrect cluster RESTconfig without panic (#20150)
- fix notification-catlog issue (#20237)
- fix: support managing cluster with multiple argocd instances and annotation based tracking (#20222)
- fix: use `ErrorContains(t, err` instead of `Contains(t, err.Error()` (#20220)
- fix: refine deny destination checks (#20045)
- fix(helm): escape consecutive commas in cleanSetParameters (#19269) (#20113)
- fix(ui): hide resource actions menu if it's empty (#20051)
- fix: repo generate paths value in namespace install is incorrectly formatted (#20139)
- fix: oras-go client should fallback to docker config if no credentials specified (#18133)
- fix(ui): add optional check to avoid undefined reference in project detail (#20044)
- fix: fix broken link (#20070)
- fix: corrected --roleARN to --role-arn as per updated CLI option (#20065)
- fix(ui): add `state` parameter in the pkce flow (#17235)
- fix(ui): carry over state when using full screen mode button (#20022)
- fix(ui): Sync Health Statuses for Applications and everything else (#20020)
- fix(ui): Change tab title to Sync Windows (#20018)
- fix: cleanup tempdir when errors occur in Helm chart extraction (#19861)
- fix: Get pull request target branch for Azure DevOps  (#19869) (#19871)

### Documentation (45)

- docs: add link to sprig website in the template docs site (#21184)
- docs: update sync-wave documentation (#21155)
- docs(proposal): manifest hydrator (#17755)
- docs: Add keycloak PKCE and argo-cd cli method documentation (#20698)
- docs: Fix `argocd admin proj` docs and examples (#21057)
- docs(ingress): use GRPC instead of HTTP2 (#21029)
- docs: remove outdated ciphers (#21006)
- docs: Fix post selector example (#20969)
- docs(applicationset): complete sentence about Application deletion (#20944)
- docs: Update FAQ about known types (#6008) (#20929)
- docs: Proposal to add installation steps for local development using Kind (#20821)
- docs(resource_actions): specify when mergeBuiltinActions was introduced (#20917)
- docs: Update orphaned resource number metric explanation in doc (#20702)
- docs: Improve self-heal and auto-sync behaviors explanation for multi-source apps (#20809) (#20811)
- docs: Update Dex OIDC example (#20545)
- docs: correct typos in documentation (#20569)
- docs: Declarative argo clusters docs update for EKS (#20503)
- docs: clarify priority of health statuses (#20490)
- docs(applicationset): explain how to add repo credentials (#20453)
- docs: document all unstable configurations (#20336) (#20438)
- docs(cli): fix example command (#20402)
- docs: update note about timeout.reconciliation (#20407)
- docs: correct typos in authz-authn.md and proxy-extensions.md (#20391)
- docs: feature maturity page for alpha and beta features (#20336) (#20337)
- docs: added Podman based set up in contributors quick-start (#20367)
- docs: Update USERS.md (#20349)
- docs: updating links to the directory and wording (#20335)
- docs: document server side pagination proposal (#17222)
- docs: Add `404 Not Found` github notify error to troubleshooting docs (#20085)
- docs: Correct ApplicationSet (spec.preservedFields) (#20206)
- docs: add TBC Bank to USERS.md (#20227)
- docs: Update argocd path for command in notifification in troubleshooting docs (#20120)
- docs: add outpost24 to users.md (#20197)
- docs: added note re. arch of example application on getting_started.md (#20143)
- docs: fix paragraph in "User Guide/Kustomize" (#20053)
- docs: add `project` to repo creds examples (#20057)
- docs: add user to users.md (#20042)
- docs: Remove FOSSA badge (#20038)
- docs: Update Okta OIDC CLI instructions (#20021)
- docs: Endpoints not excluded by default (#16023) (#20014)
- docs(reconcile): adding optional condition when ignoring json (#20010)
- docs: include cluster-management.md in TOC (#19964)
- docs: Add empty GitHub.repoURL error to troubleshooting docs (#19926)
- docs: fix typo in upgrading section of operator manual (#19950)
- docs: fix typo in ingress section of operator manual (#19946)

### Other (234)

- Bump version to 2.14.0-rc2 (#21223)
- Revert "fix: Graceful shutdown for the API server (#18642) (#20981)" (#21221) (#21222)
- Bump version to 2.14.0-rc1 (#21218)
- chore(server): simplify project validation logic (#21191)
- chore(appset): reduce dupe code w/ DB (#21192)
- pruned-icon-changed-to-trash (#21088)
- chore(deps): bump nanoid from 3.3.7 to 3.3.8 in /ui (#21131)
- chore(deps): bump library/busybox in /test/e2e/multiarch-container (#21145)
- chore(deps): bump go.opentelemetry.io/otel/sdk from 1.32.0 to 1.33.0 (#21165)
- chore: remove unused defaults from image workflow (#21183)
- chore(deps): bump github.com/Azure/kubelogin from 0.1.5 to 0.1.6 (#21193)
- chore: use new fake k8s client constructor (#21186)
- Update golang test image to use 1.23.4 multiarch (#21174)
- chore: simplify sync status comparison (#21140)
- chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (#21123)
- chore(deps): bump go.opentelemetry.io/otel from 1.32.0 to 1.33.0 (#21166)
- chore(deps): bump chromedriver from 131.0.2 to 131.0.3 in /ui-test (#21144)
- chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#21147)
- chore(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 (#21124)
- chore: avoid unnecessary alloc (#21121)
- chore: Improve the documentation regarding the selection of Application by Sync Windows (#21093)
- psmdb.percona.com/PerconaServerMongoDB resource customization (#20628)
- chore: reduce default max payload size in webhooks to 50MB (#21101)
- chore(deps): bump tj-actions/changed-files from 45.0.4 to 45.0.5 (#21095)
- chore(deps): bump github.com/cyphar/filepath-securejoin (#21096)
- chore: use %q to simplify fmt.Sprintf (#21108)
- chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#21084)
- chore(deps): bump gitops-engine to latest (#21056)
- chore: add ziprecruiter to users (#21076)
- chore(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 (#21069)
- chore(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.1 (#21066)
- chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0 (#21068)
- chore(deps): bump library/golang in /test/container (#21048)
- chore(deps): bump library/golang from 1.23.3 to 1.23.4 in /test/remote (#21049)
- chore(deps): bump chromedriver from 131.0.1 to 131.0.2 in /ui-test (#21050)
- chore(deps-dev): bump dotenv from 16.4.6 to 16.4.7 in /ui-test (#21051)
- chore(deps): bump golang.org/x/term from 0.26.0 to 0.27.0 (#21070)
- chore(deps): bump SonarSource/sonarqube-scan-action from 3.1.0 to 4.1.0 (#21034)
- chore: Add support for AdditionalURLs field in server settings query (#21045)
- chore(deps-dev): bump dotenv from 16.4.5 to 16.4.6 in /ui-test (#21031)
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.19.2 to 0.19.3 (#21032)
- chore: fix tests failing with Kustomize based errors (#21037)
- chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#20741)
- chore(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 (#20760)
- chore(deps): bump selenium-webdriver from 4.26.0 to 4.27.0 in /ui-test (#20953)
- chore(deps): bump github.com/Azure/kubelogin from 0.1.4 to 0.1.5 (#21033)
- chore: Fix to intermittent E2E test failures in deployment_test.go (#20974)
- chore: Parallelize EnsureCleanState for e2e tests, adding timing information (#20998)
- chore: Remove or reduce sleep in e2e tests (#21010)
- chore(deps): bump github.com/itchyny/gojq from 0.12.16 to 0.12.17 (#21018)
- clarify usage of `ref` for multiple sources doc (#21011)
- chore(deps): bump github.com/casbin/casbin/v2 from 2.101.0 to 2.102.0 (#21019)
- doc: fix grammar (#21004)
- chore: Remove sleep from when/then in e2e tests (#21008)
- chore(deps): bump docker/build-push-action from 6.9.0 to 6.10.0 (#20966)
- chore: Optimize e2e tests by improving EnsureCleanState (#20942)
- chore: Optimize e2e tests by removing redundant ensure clean state + some refactoring (#20939)
- chore(deps): bump thehanimo/pr-title-checker from 1.4.2 to 1.4.3 (#20951)
- chore(deps): update module github.com/golangci/golangci-lint to v1.62.2 (#20947)
- chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#20930)
- chore: Reduse e2e tests runtime by using better sleep intervals in Expect (#20926)
- chore: Graceful handling of panic in application set controller reconcile (#20935) (#20940)
- Add Alauda to USERS (#20936)
- chore(deps-dev): bump typescript from 5.6.3 to 5.7.2 in /ui-test (#20931)
- chore(deps-dev): bump @types/node from 22.8.7 to 22.9.3 in /ui-test (#20932)
- chore: rename Rollout 'Restart' action to 'Restart Pods' (#20841)
- chore: log panics in JSON (#20924) (#20925)
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.19.1 to 0.19.2 (#20906)
- test: more destination check tests (#20617)
- chore(deps): bump go.opentelemetry.io/otel/sdk from 1.31.0 to 1.32.0 (#20745)
- chore(deps): bump github.com/bradleyfalzon/ghinstallation/v2 (#20778)
- chore(deps): bump github.com/xanzy/go-gitlab from 0.113.0 to 0.114.0 (#20832)
- chore(deps): bump chromedriver from 130.0.4 to 131.0.1 in /ui-test (#20855)
- chore: Fix get-previous-release test case (#20863)
- chore: setting up 2.14 release champion and approver (#20870)
- chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 (#20852)
- chore(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 (#20804)
- chore(deps): bump github.com/casbin/casbin/v2 from 2.100.0 to 2.101.0 (#20817)
- chore: improve error logs in server/cluster/cluser.go (#20711)
- chore: use testify instead of testing.Fatal or testing.Error in server (#20755)
- chore(deps): bump go.opentelemetry.io/otel from 1.31.0 to 1.32.0 (#20744)
- chore: rename force-prompts-enabled to prompts-enabled flag name (#20752)
- chore: use testify instead of testing.Fatal or testing.Error in test (#20754)
- chore: use testify instead of testing.Fatal or testing.Error in cmd (#20750)
- chore: use testify instead of testing.Fatal or testing.Error in util (#20751)
- chore(deps): update module github.com/golangci/golangci-lint to v1.62.0 (#20737)
- chore(deps): bump golang.org/x/net from 0.30.0 to 0.31.0 (#20742)
- chore(deps): bump tj-actions/changed-files from 45.0.3 to 45.0.4 (#20739)
- chore(deps): bump SonarSource/sonarqube-scan-action from 3.0.0 to 3.1.0 (#20740)
- chore(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#20629)
- chore: enable perfsprint linter (#20685)
- chore: use testify instead of testing.Fatal or testing.Error in applicationset (#20726)
- add flaglerhealth.io to userlist (#20724)
- chore(deps): update group golang to v1.23.3 (#20686)
- chore(deps): bump library/golang in /test/container (#20700)
- chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#20707)
- Fix minor grammatical error in operator manual overview (#20691)
- chore(deps): bump golang.org/x/term from 0.25.0 to 0.26.0 (#20705)
- chore(deps): bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 (#20708)
- chore(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (#20701)
- chore(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 (#20709)
- chore: update azure/kubelogin to address CVE (#20578)
- chore(deps): bump chromedriver from 130.0.2 to 130.0.4 in /ui-test (#20687)
- chore(deps): bump library/golang from 1.23.1 to 1.23.3 in /test/remote (#20703)
- chore(deps): bump golang.org/x/time from 0.7.0 to 0.8.0 (#20704)
- chore: Improve a sync with replace warning (#14161) (#20638)
- chore(deps): bump github.com/xanzy/go-gitlab from 0.112.0 to 0.113.0 (#20676)
- chore: cover cli utils and prompts utils with tests  (#20674)
- Add Alarm.com to users list. (#20672)
- chore: Add some empty dir volume mounts for the application controller (#19474) (#19480)
- chore(deps-dev): bump @types/node from 22.8.4 to 22.8.7 in /ui-test (#20647)
- chore(deps): bump chromedriver from 130.0.1 to 130.0.2 in /ui-test (#20648)
- chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#20649)
- chore(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 (#20631)
- chore(deps): bump selenium-webdriver from 4.25.0 to 4.26.0 in /ui-test (#20633)
- chore: Add TextNow to USERS.md (#20602)
- chore(deps): bump @types/selenium-webdriver in /ui-test (#20589)
- chore(deps-dev): bump @types/node from 22.7.9 to 22.8.4 in /ui-test (#20588)
- Fix docs/user-guide/diffing.md code block (#20596)
- Docs: Added prerequisites for argoCD, fork and clone repository, upstreaming, common make targets, steps before submitting a PR. (#20540)
- chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#20529)
- chore(deps): bump actions/setup-node from 4.0.4 to 4.1.0 (#20528)
- chore: add bajaj finserv health ltd. in list of users (#20555)
- chore(deps): update dependency pymdown-extensions to v10.12 (#20567)
- chore: improve error logs in  commands/admin/app.go (#20549)
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.19.0 to 0.19.1 (#20530)
- chore(deps): bump chromedriver from 130.0.0 to 130.0.1 in /ui-test (#20515)
- doc: Update Show Orphaned Button Screenshot in Orphaned Resources Monitoring Documentation (#20533)
- chore(deps): bump library/redis in /test/container (#20494)
- chore: change invalid comment (#20500)
- chore(deps-dev): bump @types/node from 22.7.6 to 22.7.9 in /ui-test (#20514)
- chore(deps): bump bitnami/kubectl in /test/container (#20516)
- chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#20493)
- chore(deps): update docker.io/library/golang:1.23.2 docker digest to ad5c126 (#20419)
- chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.80 to 0.9.81 (#20397)
- chore: Update USERS.md (#20513)
- Fixed incorrect pluralization on resources (#20468)
- chore(deps): bump library/redis in /test/container (#20442)
- chore(deps): bump github.com/redis/go-redis/v9 from 9.6.2 to 9.7.0 (#20441)
- chore(deps): bump chromedriver from 129.0.4 to 130.0.0 in /ui-test (#20415)
- chore(deps-dev): bump @types/node from 22.7.5 to 22.7.6 in /ui-test (#20414)
- chore(deps): update node.js to v23 (#20413)
- chore(server): better error message for missing action (#20408) (#20409)
- chore: enable thelper linter (#20405)
- chore(deps): bump github.com/prometheus/client_golang (#20398)
- chore: enable usestdlibvars linter (#20399)
- chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#20376)
- chore(deps): bump github.com/redis/go-redis/v9 from 9.6.1 to 9.6.2 (#20377)
- chore(deps): bump github.com/xanzy/go-gitlab from 0.111.0 to 0.112.0 (#20378)
- chore: simplify 'get repo' API implementation (#20348)
- chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.1 (#20363)
- chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#20361)
- chore(deps): bump codecov/test-results-action from 1.0.0 to 1.0.1 (#20359)
- chore(deps): bump go.opentelemetry.io/otel from 1.30.0 to 1.31.0 (#20360)
- chore(deps): upgrade `argo-ui`, including breaking changes (#19655)
- chore(deps): bump chromedriver from 129.0.3 to 129.0.4 in /ui-test (#20340)
- chore(deps): bump github.com/xanzy/go-gitlab from 0.110.0 to 0.111.0 (#20339)
- add docs to build site locally (#20342)
- Revert "feat: exclude Endpoints and EndpointSlices Kubernetes resource by default" (#20334)
- chore(deps): bump github.com/cyphar/filepath-securejoin (#20319)
- chore(deps): bump chromedriver from 129.0.2 to 129.0.3 in /ui-test (#20317)
- chore(deps): update docker.io/library/golang:1.23.2 docker digest to a7f2fc9 (#20318)
- chore(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 (#20320)
- chore(ui): fix sonarcloud warning (#16496)
- chore: replacing custom map util functions with golang std (#20311)
- chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#20301)
- chore(deps-dev): bump @types/node from 22.7.2 to 22.7.5 in /ui-test (#20281)
- chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 (#20300)
- chore(controller): remove unnecessary field (#20295)
- chore(deps-dev): bump typescript from 5.6.2 to 5.6.3 in /ui-test (#20302)
- chore: Update notification engine to 2fef5c9 (#20276)
- chore(deps): bump library/redis from 7.4.0 to 7.4.1 in /test/container (#20282)
- chore(deps-dev): bump @types/mocha from 10.0.8 to 10.0.9 in /ui-test (#20280)
- chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#20279)
- chore(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#20277)
- chore(deps): bump SonarSource/sonarqube-scan-action (#20278)
- chore(deps): bump SonarSource/sonarqube-scan-action from 2.3.0 to 3.0.0 (#19524)
- chore(deps): bump github.com/xanzy/go-gitlab from 0.109.0 to 0.110.0 (#20260)
- chore: bump k8s versions in e2e tests (#19669)
- chore(deps): update group golang to v1.23.2 (#20256)
- chore(deps): update docs dependencies (#20257)
- chore(ci): update renovate config (#20254)
- sec: update alpine/helm to 3.16.1 (#20253)
- chore(deps): update node version (#20248)
- chore: update notifications-engine to 22ccfe0caf45 (#20239)
- chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 (#20246)
- chore(deps): bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#20243)
- chore(deps): bump golang.org/x/term from 0.24.0 to 0.25.0 (#20245)
- chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#20242)
- chore(deps): bump golang.org/x/time from 0.6.0 to 0.7.0 (#20244)
- chore(deps): bump docker/setup-buildx-action from 3.7.0 to 3.7.1 (#20241)
- chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#20240)
- chore(ci): add renovate for golangci-lint, go and node version (#20236)
- chore(deps): bump tj-actions/changed-files from 45.0.2 to 45.0.3 (#20225)
- chore(deps): bump docker/setup-buildx-action from 3.6.1 to 3.7.0 (#20224)
- chore: rename protobuf field according to convention (#20221)
- chore(deps): bump selenium-webdriver from 4.24.1 to 4.25.0 in /ui-test (#20058)
- chore(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (#20207)
- Update troubleshooting-errors.md (#20201)
- chore(deps): bump library/busybox in /test/e2e/multiarch-container (#20193)
- chore(deps): bump bitnami/kubectl in /test/container (#20191)
- chore(deps): bump chromedriver from 129.0.0 to 129.0.2 in /ui-test (#20189)
- chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.67.1 (#20190)
- chore(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 (#20188)
- chore(ci): better handling of Go and Node dependency bumps (#20168)
- chore(deps): bump github.com/cyphar/filepath-securejoin (#20173)
- chore: document credentials server (#20078)
- chore(deps): bump docker/build-push-action from 6.8.0 to 6.9.0 (#20174)
- chore: Try to make CodeQL happy (#20094) (#20129)
- chore(deps): bump docker/build-push-action from 6.7.0 to 6.8.0 (#20154)
- Fix typo (#20127)
- chore(deps-dev): bump @types/node from 22.5.5 to 22.7.2 in /ui-test (#20112)
- chore(deps): bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 (#20068)
- chore(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#20059)
- ci: Allow forks to opt-in for codeql (#19996)
- chore: improve error logs (#20050)
- chore(deps): bump actions/setup-node from 4.0.3 to 4.0.4 (#20025)
- chore(deps): bump bitnami/kubectl in /test/container (#20024)
- chore(deps): bump selenium-webdriver and @types/selenium-webdriver (#19959)
- chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 (#20000)
- chore(deps): bump library/node from 22.8.0 to 22.9.0 in /test/container (#20001)
- chore(deps): bump chromedriver from 128.0.3 to 129.0.0 in /ui-test (#19998)
- chore(deps): bump library/node from 22.8.0 to 22.9.0 (#19999)
- chore(deps): bump library/node from `fa4b468` to `cbe2d5f` in /ui-test (#19997)
- chore(deps): bump github.com/prometheus/client_golang (#19974)
- chore(deps): bump library/node from 22.8.0 to 22.9.0 in /ui-test (#19975)
-  feat(health): resource customization for RabbitMQCluster (#15286)
- chore: bump gitops-engine for performance improvement (#19954)
- chore: Make dev env redis password protected (#19863)
- chore(deps): bump github.com/casbin/casbin/v2 from 2.99.0 to 2.100.0 (#19960)
- Bump version in master (#19947)
- chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3 (#19957)
- chore(deps): bump tj-actions/changed-files from 45.0.1 to 45.0.2 (#19958)
- chore: bump gitops-engine for performance improvements (#19953)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.14.0-rc1...v2.14.0-rc2

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.2/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.2/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* ad36916ec41bfe49690294aea550ce9bb090e4d5: fix(cli): Fix appset generate in --core mode (#20717) (#20883) (@gcp-cherry-pick-bot[bot])
* 01ae20d1b322aad6020840140693c2c6629d7857: fix: 20791 - sync multi-source application out of order source syncs (cherry-pick #21071) (#21077) (@gcp-cherry-pick-bot[bot])
* 831e4525c3457169ce8a904a3fc2c9c637a4b576: fix: API server should not attempt to read secrets in all namespaces (#20950) (#20960) (@gcp-cherry-pick-bot[bot])
* a3624a3f20855557e0dc5673d68f9f78495cdb26: fix: Allow to delete repos with invalid urls (#20921) (#20975) (#21116) (@gcp-cherry-pick-bot[bot])
* 89ef3563dba240f3af7b37227a732eeff1b41285: fix: Bitbucket Cloud PR Author is processed correctly (#20769) (#20990) (#21039) (@gcp-cherry-pick-bot[bot])
* f8d6665c67bb612045a8cb0d39766aa61000001a: fix: Memory leak in repo-server (#20876) (#20894) (@gcp-cherry-pick-bot[bot])
* b6af657295e68388fa31643ac6819e014170d2d5: fix: add missing fields in listrepositories (#20991) (#21129) (@blakepettersson)
### Dependency updates
* 0680ddbdf9a5fb15c089a5703e6dba0760643eca: chore(deps): bump http-proxy-middleware from 2.0.4 to 2.0.7 in /ui (#20518) (#20892) (@gcp-cherry-pick-bot[bot])

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.13.1...v2.13.2

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.8/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.8/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Bug fixes
* 05c1dd7d60f01fd4d0e5467063567f5c4483d549: fix: 20791 - sync multi-source application out of order source syncs (cherry-pick #21071) (#21078) (@gcp-cherry-pick-bot[bot])
* 60d0786c82ffd3f5ace2fead7d2c98b1552e396b: fix: Allow to delete repos with invalid urls (#20921) (#20975) (#21117) (@gcp-cherry-pick-bot[bot])
* 7642db8ddf74cda499ce1e448026b952abc9a304: fix: add missing fields in listrepositories (#20991) (#21128) (@blakepettersson)
### Dependency updates
* b32d50da45b63449598234fde2c8b3ca9b952eef: chore(deps): bump http-proxy-middleware from 2.0.4 to 2.0.7 in /ui (#20518) (#20891) (@gcp-cherry-pick-bot[bot])
### Other work
* 57cef1d14072ea2e44b0490511ca94e008187307: Add missing 2.12 upgrade to nav menu (#20657) (@fletch3555)

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.12.7...v2.12.8

## Quick Start

### Non-HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.1/manifests/install.yaml
```

### HA:

```shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.1/manifests/ha/install.yaml
```

## Release Signatures and Provenance

All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.


## Upgrading

If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.

## Changelog
### Features
* 6a8cb6eff098ef6db623126fa0d93dcaa2f54bef: feat: option to disable writing k8s events(#18205) (#18441) (#20788) (@Jack-R-lantern)
### Bug fixes
* 449e6939b2a729bba32d11f055d7c6067a44b9cc: fix(pkce): 20202 Backport PKCE auth flow fix for basehref and reauth (#20675) (@austin5219)
* 68606c6caf058f7c4f2ecdbb4381d2cba40aa249: fix: Fix repeated 403 due to app namespace being undefined (#20699) (#20819) (#20860) (@gcp-cherry-pick-bot[bot])
* 99aab9a5f3812f2f4089ce6982d4764145271f78: fix: check for source position when --show-params is set (#20682) (#20689) (@gcp-cherry-pick-bot[bot])
* d03ccf305c60f7305a076e4b3c1c28e1749ba6c9: fix: disable automaxprocs logging (#20069) - cherry-pick 2.13 (#20718) (@pasha-codefresh)
### Other work
* 7f45c9e09398b1d8e65ad9fdf1dab2dd2c1532d7: chore: Don't degrade PDB on InsufficientPods (#20171) (#20665) (#20694) (@gcp-cherry-pick-bot[bot])

**Full Changelog**: https://github.com/argoproj/argo-cd/compare/v2.13.0...v2.13.1