argoproj/argo-cd v3.5.0-rc1

on GitHub

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd --server-side --force-conflicts -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.5.0-rc1/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd --server-side --force-conflicts -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.5.0-rc1/manifests/ha/install.yaml

Release Signatures and Provenance

All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.

Release Notes Blog Post

For a detailed breakdown of the key changes and improvements in this release, check out the official blog post

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Changelog

Features

• be19446: feat(Jitter): Add Configurable Jitter for Webhook-Triggered application Refreshes (#25433) (@adityaraj178)
• 5b30739: feat(appset): add concurrency when managing applications (#26642) (@rumstead)
• 29fd8db: feat(appset): filtering repos by archived status #20736 (#21505) (@prune998)
• 57942ce: feat(cli): Add support for Source Integrity configuration (#26997) (@olivergondza)
• 3cc6ba7: feat(cli): add --app-namespace flag to missing argocd app subcommands (#27942) (@Mangaal)
• 0e729cc: feat(cli): add appset-namespace for appset command (#27022) (@Mangaal)
• 744983b: feat(health): Add healthcheck for gardener "Shoot" resources (#25750) (@Sven1410)
• 6cc786d: feat(health): add GatewayClass health check (#26591) (@dnfwlq8054)
• eabd4d6: feat(health): add pause and unpause actions to psmdb resource (#27616) (@KyriosGN0)
• daadf86: feat(health): additional promoter.argoproj.io health checks (#27170) (@crenshaw-dev)
• 4b69a7f: feat(health): finalizer messages for Promoter checks (#27478) (@crenshaw-dev)
• 289a4c0: feat(health): support BackendTLSPolicy.gateway.networking.k8s.io (#27385) (@snorwin)
• 4cdc650: feat(helm): support wildcard glob patterns for valueFiles (#26768) (@nitishfy)
• f7a7deb: feat(hydrator): dynamically manage README template from argocd-cm ConfigMap [updated] (#19067) (#24309) (@gyu-young-park)
• 86936e2: feat(hydrator): make manifest hydration queue concurrency configurable (#27926) (#27948) (@GuruduGanesh)
• 2308e17: feat(hydrator): opt-in source integrity verification for dry sources (Alpha) (#19302) (#28084) (@mladjan-gadzic)
• bf1591d: feat(hydrator): support syncSource repoURL for separate destination repo (#27011) (@boostrack)
• 0c0140c: feat(metrics): add parallelism limit repo server (#27911) (@pjiang-dev)
• 7d2eb77: feat(renovate): clean up config and remove github app (#27738) (@rumstead)
• 153ec67: feat(resource_customizations): add health checks for VictoriaMetrics (#27451) (@megative)
• 6b84ea9: feat(server): drop objects from non-allowed namespaces before they enter the cache. (#28018) (@christianh814)
• 224b75a: feat(server): use typed Argo CD EventList for event-listing APIs (#25767) (#26322) (@chansuke)
• 64a0417: feat(ui): Add AppSet to Application Resource Tree (#26601) (@pjiang-dev)
• b035a77: feat(ui): ApplicationSet Preview Apps tab in UI (#27799) (@pjiang-dev)
• 566c172: feat(ui): add GitOps Promoter resource icon (#26894) (@crenshaw-dev)
• 0dd8874: feat(ui): add nauth.io resource icon (#28226) (@choufraise)
• f16d08a: feat(ui): add repo url as filter in home page (#26670) (#27418) (@adityaraj178)
• 91e7664: feat(ui): per-application notice banner and info icon (#14405) (#27719) (@gdsoumya)
• 1b405ce: feat(ui): search filter by target revision (#24038) (@choejwoo)
• 706a037: feat(ui): support creating multi-source applications in New App panel [CONTINUED..] (#27095) (@aali309)
• 2fcf104: feat(ui): support spec.sourceHydrator.drySource.repoURL (@crenshaw-dev)
• 74d1fe0: feat(ui): use toggle-auto-sync resource action in app details page (#21564) (#27226) (@shiiyan)
• db7d672: feat(webhooks): add webhook support for GHCR (#26462) (@nitishfy)
• 6d92e17: feat: Add ProvideClusterInfo and Config fields to ExecProviderConfig (#24282) (#27976) (@mikeshng)
• 022f935: feat: Add basic support for git tag path prefixes (#27290) (@k4r1)
• aad3422: feat: Add suspend/resume actions for MariaDB (#27675) (#27674) (@mgross2)
• 586430c: feat: Migrate from Helm 3 to Helm 4 (#28076) (@reggie-k)
• c61c1dc: feat: Render Helm ValuesObject as YAML in log output instead of binary (#18342) (#27649) (@subhramit)
• 9a19735: feat: Support Azure Service Principal authentication for Azure DevOps repositories (#25324) (@allanyung)
• 97082e8: feat: add Gateway API support to network view (#26188) (@tete17)
• 603c900: feat: add action to delete recyclable Numaflow pipelines (#25900) (@dpadhiar)
• de94161: feat: add action to restart StrimziPodSet (#27266) (@KyriosGN0)
• a2b91ce: feat: add depth option to ui (#26618) (@blakepettersson)
• 1dc2ad0: feat: add health check for karpenter.sh/NodeClaim (#26876) (@Navneet072300)
• 611fcb0: feat: add sync overrun option to sync windows (#25361) (#25510) (@puskunalis)
• 48f18e2: feat: add toggle-auto-sync resource action for Application (#21564) (#26477) (@vikasrao23)
• 2df5f75: feat: adds mTLS support in repo-server (#26715) (@ppapapetrou76)
• 4d02fc2: feat: expose Appset UI and fix pie chart summary (#26666) (@pjiang-dev)
• a889f46: feat: make appset proxy-url param a native flag (#27788) (@ppapapetrou76)
• ad310c2: feat: replace error message in webhook handler with metrics (#27215) (@alexmt)
• 01187d1: feat: support Azure AD groups claims overflow via Microsoft Graph API (#27397) (@gravufo)
• f71239c: feat: support destinationServiceAccounts in global projects (#23059) (@enneitex)
• f460a3c: feat: surface root cause in sync failure message and cache discovery errors (#27750) (@ppapapetrou76)
• 3eebbcb: feat: use impersonation for server operations (logs, delete, etc) #22996 (#26898) (@alexymantha)

Bug fixes

• b982144: Revert "fix: prevent automatic refreshes from informer resync and status updates" (#27562) (@agaudreault)
• c5d1c91: fix(UI): show RollingSync step clearly when labels match no step (#26877) (@aali309)
• c52bf66: fix(appcontroller): application controller in core mode fails to sync when server.secretkey is missing (#26793) (@anandf)
• e81969f: fix(applicationset): include repo URL in git file generator errors (#28075) (@morning-verlu)
• 45a84df: fix(ci): add .gitkeep to images dir (#26892) (@blakepettersson)
• 4c42071: fix(ci): openssf scorecard doesn't allow global vars (#27203) (@crenshaw-dev)
• 36f4ff7: fix(ci): pin goreman version used in ci-build.yaml (#27062) (#27061) (@dudinea)
• 25b3037: fix(ci): pnpm sbom generation (#27337) (#27339) (@crenshaw-dev)
• 99c51df: fix(ci): renovatebot action uses floating image tag (#27023) (#27024) (@dudinea)
• fb82b16: fix(ci): run yarn install with --frozen-lockfile (#27098) (#27099) (@dudinea)
• b403f5c: fix(cli): hide unsupported --tls-server-name kubectl REST flag (#27694) (#27711) (@SAY-5)
• 60b878d: fix(cli): hide unsupported kubectl REST flags (#25875) (#25977) (@HyejunKoo)
• 21fe1fb: fix(cli): honor --kube-context when creating core-mode REST config (#12883) (#27661) (@ystkfujii)
• 52f7b3b: fix(cli): print clear timeout message when argocd app wait times out (#28274) (@pncloud)
• f48091a: fix(cli): return immediately from 'app wait' when app is already in desired state (#12211) (#27503) (@jheyduk)
• 6256abf: fix(cli): uses DrySource revision for app diff/manifests with sourceHydrator (#23817) (#24670) (@adityaraj178)
• c3c12c1: fix(commitserver): Static analysis fixes (#27085) (@olivergondza)
• 5a20f9b: fix(controller): gracefully handle k8s resource size limit for applications (#27802) (@nitishfy)
• 32f23a4: fix(controller): reduce secret deepcopies and deserialization (#27049) (@rumstead)
• 4051511: fix(controller): replace removed kubectl PodRequestsAndLimits (#27895) (@mfacenet)
• 5ec0603: fix(controller): requeue source hydration on periodic refresh timeout (#27009) (@boostrack)
• e960635: fix(docs): Fix formatting and clarity about requestedScopes in Keycloak integration docs (#27019) (@todaywasawesome)
• d449294: fix(docs): Fix manifest path in Source Hydrator docs (#27123) (@olivergondza)
• 2f48cfb: fix(docs): revert bogus 3.3-3.4 upgrade guide changes in #26322 (@dudinea)
• c2044db: fix(health): PromotionStrategy stuck Progressing after no-op re-hydration (#28124) (#28125) (@crenshaw-dev)
• 9c67c89: fix(health): add missing HPA degraded states for metric failures (#26274) (@rickbrouwer)
• ae10c0c: fix(hook): Fixed hook code issues that caused stuck applications on "Deleting" state (Issues #18355 and #17191) (#26724) (@nikos445)
• 4d2b6fa: fix(hydrator): align dry source validation cache keys with hydrator (#27182) (@agaudreault)
• 8c29202: fix(hydrator): fix race condition in status update with hydrate annotation (#27183) (@agaudreault)
• f298f45: fix(hydrator): preserve all source type fields in GetDrySource() (#27189) (@agaudreault)
• f73e136: fix(lint): unnecessary nesting (#27815) (@crenshaw-dev)
• 6a0457a: fix(makefile): Run goals with bind mounts on SELinux enabled host (build-ui,build-docs,serve-docs) (#28003) (@olivergondza)
• 7fa7d82: fix(normalizers): include resource context in failed normalization log (#27769) (@rafaelmfried)
• d0810e3: fix(oidc_userinfo): allow userInfo URL to be customized (#27720) (@the-technat)
• 87d79f9: fix(performance): add cache support for ResolveRevision to reduce Git operations (#27193) (@agaudreault)
• 4f47dd0: fix(rbac): resolve RBAC regression for project-scoped resources in multi-namespace architecture (#25289) (#26573) (@tcfwbper)
• f397bf6: fix(server): Avoid error when attempting a second delete operation (#27495) (@thomastaylor312)
• 382c507: fix(server): Cache glob patterns to improve RBAC evaluation performance (#25759) (@Sinhyeok)
• 4259f46: fix(server): Ensure OIDC config is refreshed at server restart (#26913) (@OpenGuidou)
• 91d83d3: fix(server): fix find container logic for terminal (#26858) (@linghaoSu)
• d6b2be8: fix(server): make server.glob.cache.size optional (#28242) (#28243) (@crenshaw-dev)
• 1dd9075: fix(settings): only trigger reload for app.kubernetes.io/part-of=argocd secrets (#27213) (@EronWright)
• 212f51d: fix(sharding): fix log format verb and document intentional shard-0 fallback (#27222) (@nitishfy)
• 8feb146: fix(ssa): do not run auth reconcile with SSA (#26175) (#27601) (@agaudreault)
• 134b428: fix(ssd): regression causing diff to error on new objects (#27679) (#27703) (@agaudreault)
• 63a009e: fix(test): make fail message better for TestAuthReconcileWithMissingNamespace (#26856) (@cjcocokrisp)
• abf7311: fix(ui): Application Summary crashes on load for non-hydrator apps (#28112) (@agaudreault)
• b4af746: fix(ui): ApplicationSet detail view for non-default namespace (#27928) (#27931) (@AsifAd)
• 25df43d: fix(ui): Improve message on self-healing disabling panel (#26977) (#26978) (@bebosudo)
• 30efe53: fix(ui): OCI revision metadata never renders due to conflicting guard clause (#26948) (#27097) (@karimzakzouk)
• 30ab5b5: fix(ui): adapt new applicationset icon test to react-testing-library (@jwinters01)
• 993533a: fix(ui): add icon for view.promoter.argoproj.io API group (#28246) (#28247) (@crenshaw-dev)
• 1bd0d48: fix(ui): add truncation and tooltip for long sync status branch names (#27260) (@choejwoo)
• a5012a0: fix(ui): add url origin to return_url (#27733) (@Sumis34)
• f6ade14: fix(ui): app/appset size of ResourceIcon (#28141) (@agaudreault)
• 0c80d13: fix(ui): avoid mutating toolbar input in AddAuthToToolbar (@jwinters01)
• 8206eb9: fix(ui): contain settings textareas within panel width (#27943) (@choejwoo)
• d1d0e5d: fix(ui): don't prefetch errors (#27877) (#27925) (@blakepettersson)
• 4fbe92a: fix(ui): guard against undefined groupName in project role groups edit (@jwinters01)
• 8e2571f: fix(ui): handle 401 error in stream (#26917) (@linghaoSu)
• 2653f25: fix(ui): include Deleting and Terminated apps in Syncing operation filter (#27874) (@choejwoo)
• 4b4bbc8: fix(ui): include _-prefixed dirs in embedded assets (#26589) (@choejwoo)
• 9a05e0e: fix(ui): placate sonar with adding compare function for repo path sort autocomplete (#26906) (@reggie-k)
• 5453172: fix(ui): prevent pod logs viewer crash on stale container index (#27553) (@youhonglian)
• b6a715c: fix(ui): prevent wide gaps in grouped resource tree (#25747) (@choejwoo)
• 566c622: fix(ui): reduce loaded application data on list operation (Relates [#15509]) (#25451) (@aveuiller)
• 3c889f4: fix(ui): regenerate pnpm-lock.yaml against public npm registry (@jwinters01)
• a39953d: fix(ui): remove auto-sync toggle from app top bar (#27868) (@shiiyan)
• b1db1b1: fix(ui): restore public registry tarball URLs in pnpm-lock.yaml (@jwinters01)
• fc821b8: fix(ui): restore token diff highlighting in resource diff view (@jwinters01)
• 26621ad: fix(ui): return full source for non-hydrator apps in Parameters tab (#26946) (@himeshp)
• 45b926d: fix(ui): show clear-all button for annotation-only filters (#26937) (@choejwoo)
• 9fb0c8c: fix(ui): wrap component in AppContextReact.Provider (#28131) (@blakepettersson)
• 3e01594: fix(ui):ArgoCD UI Displays Layouts Before Login Page (#25463) (@aali309)
• 68cbd05: fix: Add X-Frame-Options and CSP headers to Swagger UI endpoints (#26521) (@rohansood10)
• 0aa8c41: fix: ApplicationSet DuckType Generator panics on non-string values in Clus… (#27265) (@xiangjingli)
• d011b7b: fix: Bitbucket webhook diffstat does not work with upper case repo slug (#26594) (@Mangaal)
• 4535a1f: fix: Don't mark CRD degraded while 'Installing' (#26126) (@kbweave)
• c70acd5: fix: GetRefSources populates refSources for multi source app with a single source (#27787) (@reggie-k)
• cd2255a: fix: GnuPG keys listed with unicode characters mangled (#27591) (@olivergondza)
• 269e0b8: fix: Hook resources not created at PostSync when configured with PreDelete PostDelete hooks (#26996) (@reggie-k)
• 422ef23: fix: Revert "fix: avoid calling UpdateRevisionForPaths unnecessary (#25151)" (#27241) (@alexmt)
• 69e6f94: fix: Subscription health check when installplanapproval is set to manual (#25923) (@mbaldessari)
• 3cbae65: fix: Update checkPermissions to not exit the namespace loop after the first namespace regardless (#23855) (#24735) (@andrii-korotkov)
• 62670d6: fix: address SSD applier nil pointer in error cases (#27126) (@leoluz)
• ab27dd3: fix: address nil pointer when SSD returns error (@leoluz)
• 8569aad: fix: arch less ui build (#28180) (@blakepettersson)
• 92c3ef2: fix: avoid scanning symlinks in whole repo on each app manifest operation (#26718) (@alexmt)
• 21615be: fix: avoid stale informer cache in RevisionMetadata handler (#27392) (@gdsoumya)
• c3b498c: fix: cancel log stream goroutines on client disconnect (#27243) (@alexmt)
• e684b7e: fix: clean up orphaned temp packfiles left by an interrupted git fetch (#18831) (#28083) (@lexfrei)
• 8981a5b: fix: controller incorrectly detecting diff during app normalization (#27002) (@alexmt)
• aa3269e: fix: correct grammar and capitalization in CLI help text (#27637) (@Rishmish94)
• e0e827d: fix: downgrade DiffFromCache log level for cache-miss errors (#26185) (@cp319391)
• 6bb2027: fix: exclude live status from normalization (#28201) (@blakepettersson)
• 3ede508: fix: fixes a regression of wif for google cloud repos (#27883) (@ppapapetrou76)
• 985f6f5: fix: fixes parsing of dex passwords with dollar sign (#28027) (@ppapapetrou76)
• 1042e12: fix: force attempt http2 with custom tls config (#26975) (#26976) (@maxverbeek)
• facb1a1: fix: honor repo depth setting in gitSourceHasChanges and fetch functions (#27838) (@alexandresavicki)
• 6ba0727: fix: improve error message when hydrateTo sync path does not exist yet (#27336) (@nitishfy)
• 2bbf91c: fix: improve perf: switch parentUIDToChildren to map of sets, remove cache rebuild (#26863) (#26864) (@jcogilvie)
• 759e746: fix: invalid URL or protocol not validated consistently by server and UI (#27052) (@aali309)
• 85a5abb: fix: isolate UI extension loading failures to prevent cascade errors (#27513) (@jwinters01)
• 4b5a098: fix: missing import (#27491) (@crenshaw-dev)
• 748abaf: fix: nil-check (#28039) (@blakepettersson)
• 393152d: fix: pass repo.insecure flag to helm dependency build (#27078) (@blakepettersson)
• 86778eb: fix: post-merge fixes for pnpm + React 19 reconciliation (@jwinters01)
• 9ccee2b: fix: prevent InvalidSpecError race in application controller startup (#27672) (@mbaldessari)
• 57dfe55: fix: prevent automatic refreshes from informer resync and status updates (#25290) (@aali309)
• d559876: fix: prevent nil-pointer panic for unknown repo types (#27993) (@nitishfy)
• 442aed4: fix: prevent panic on nil APIResource in permission validator (#26610) (@loafoe)
• 7c582df: fix: put/get ocimetadata to/from redis cache (#27521) (#27589) (@blakepettersson)
• a912a3e: fix: race fix in setdefaultrole (#28044) (@blakepettersson)
• b74c08e: fix: remove resourceVersion from ssd (#27406) (@pjiang-dev)
• a34dbb7: fix: resolve HPA v2/v1 conversion error in structured merge diff (#27809) (@Bisman-Singh)
• a6c855e: fix: resolve cross-generator Values templates in RenderGeneratorParams (#27827) (#27830) (@ppapapetrou76)
• 8fbb72d: fix: revert autosync event message format change (#27387) (@gdsoumya)
• 93ce9c9: fix: runs git lfs install --system that writes the following to /etc/gitconfig (#27961) (@ppapapetrou76)
• 67db597: fix: stack overflow when processing circular ownerrefs in resource graph (#26783) (#26790) (@jcogilvie)
• 7a58d4d: fix: stop hydrator retry loop after recent failed hydration (#28051) (#28052) (@crenshaw-dev)
• fe30b2c: fix: trigger app sync on app-set spec change (#26811) (@ppapapetrou76)
• f8707f8: fix: truncate labels for deletion hook resources (#27542) (@choejwoo)
• 4aabf52: fix: typo in error message for multi-source apps (#26936) (@honarkhah)
• 0a292b9: fix: update USERS.md to add OpenChoreo to the correct place in the list (#28297) (@kavishkafernando)
• 786e185: fix: update package imports to v2 for time and sync utilities (#27490) (@mmorel-35)
• 45a32a5: fix: use unique names for initial commits (#27171) (@seankhliao)
• dee497e: fix: wrap lines toggle causes log lines to overflow container - Fixes [Issue #27586] (#27627) (@Knickkennedy)
• f97e2d2: fix: wrong installation id returned from cache (#26969) (@zachaller)

Documentation

• 7fc39fd: docs: update progressive syncs beta since version (#27622) (@DorBreger)
• 08e959d: docs(hydrator): promote Source Hydrator from alpha to beta (#28229) (@crenshaw-dev)
• 631e8e7: docs(hydrator): updates and clarifications (#28142) (@crenshaw-dev)
• 3c233cc: docs(impersonation): promote feature to beta (#27576) (@agaudreault)
• cde9db8: docs: Add Car & Classic to USERS.md (#27297) (@bram-pkg)
• 6d2eda5: docs: Add FRAYT to USERS.md (#28230) (@ianstanton)
• 0f00440: docs: Added "revert" to PR message (#27632) (@Kevinjoeharris)
• 77732d8: docs: Formatting and style for source-hydrator.md (#26949) (@olivergondza)
• 62422a9: docs: Improve wording in contributing guide (#27295) (@allexistence)
• 5103112: docs: Promote ApplicationSet in any namespace to stable (#27417) (@Mangaal)
• 39b9bf4: docs: Reverse release dates table and clarify about Helm, Kustomize and Go upgrades (#27892) (@reggie-k)
• 21b826e: docs: Revise vulnerability reporting and remove bounty details (#27212) (@crenshaw-dev)
• 1da9473: docs: Update Keycloak PKCE setting name and fix redirect URL (#24369) (@gpchelkin)
• d92a55b: docs: Update OpenUnison integration docs and screenshots for 28138 (#28139) (@mlbiam)
• 321153a: docs: Update releasing.md with handling a failed release (#26049) (@reggie-k)
• 04fa70c: docs: Update the status of the feature, appset in any namespace, from beta to stable (#27353) (@Mangaal)
• 1a0f5d4: docs: add AGENTS.md file to the repository (#27315) (#27316) (@dudinea)
• a1af401: docs: add Circle to USERS.md (#27349) (@seanl-circle)
• 266b604: docs: add Eskimi to USERS.md (#28222) (@nedasjan)
• c509bc4: docs: add Etherflow to USERS.md (#27702) (@vinzank)
• f189f66: docs: add GenAI policy references to docs site (#27761) (@Kevinjoeharris)
• 21df1cb: docs: add Mac Intel (x86_64) CLI installation instructions (#25144) (@shashax42)
• cc3165f: docs: add OpenChoreo to the USERS.md list (#28283) (@kavishkafernando)
• 634e76f: docs: add React 19 upgrade guide for UI extensions (@jwinters01)
• 670c08f: docs: add Stone Payments to USERS.md (#27834) (@gadsilva)
• f4b00c9: docs: add docs for Appset UI (#27910) (@pjiang-dev)
• 47e9a6c: docs: add drawbacks/alternatives to server-side pagination proposal (#27524) (@crenshaw-dev)
• 8bf5676: docs: add memory tuning with GOMEMLIMIT (#27914) (@Julian-Chu)
• fb1b240: docs: add missing content for Automatic Retry with a limit section (#27092) (@nitishfy)
• 998aac6: docs: add more guidelines to writing custom health checks (#28013) (@reggie-k)
• 9ad1c81: docs: add note of linkage between shallow clones and MGP (#28151) (@verokarhu)
• 5ceb835: docs: add orphaned resources FAQ entry (#26833) (@kovan)
• c3af425: docs: add revert prefix to PR title documentation (#27439) (@choejwoo)
• c0966d8: docs: add scraping guidance for HA application controller metrics (#27901) (#28132) (@choejwoo)
• 4070b6f: docs: add warning in orphan resource doc (#26874) (@agaudreault)
• b8da88a: docs: clarify Helm hook delete-policy semantics (#26828) (@Vedant-Mhatre)
• bfc332d: docs: clarify prune ordering for sync waves (#27352) (@revitalbarletz)
• 4bc5d38: docs: clarify selective sync and ApplyOutOfSyncOnly (#27393) (@agaudreault)
• b532528: docs: fix README GitHub branding in community section (#27050) (@pratik268)
• 67de02b: docs: fix enumeration line breaks (#27333) (@Miroka96)
• d543380: docs: fix globalProjects valid operators (#27944) (@anubhav06)
• 539c35b: docs: fix incorrect wording for ApplicationSets in other namespaces (#26893) (@ekam-walia)
• d19e2a4: docs: fix minor typos in Istio ingress documentation (#28108) (@allexistence)
• 83a4cc7: docs: fix minor typos in running-locally.md (#28298) (@allexistence)
• cdcef45: docs: fix progressive sync since version to reflect beta promotion in v3.3.0 (#27608) (@choejwoo)
• aadabc6: docs: fix reference to tokenref.strict.mode key in TokenRef restrictions doc (#28110) (@nmirasch)
• 44f087f: docs: fix some typos and grammatical errors in Notifications section of Operator Manual (#28169) (#28187) (@vivshaw)
• 490f021: docs: fix submit-your-pr rebase target to upstream/master (#27144) (@seitarof)
• 3570031: docs: fix typo in metrics (#26951) (@dancer1325)
• 4220edd: docs: fix typos (#27254) (@EoinTrial)
• 8eafcc6: docs: formating markdown so generated HTML is more readable (#27938) (@arthurzenika)
• a0a81be: docs: link React 19 UI extensions upgrade guide from 3.4-3.5 notes (@jwinters01)
• 482fec8: docs: move notification timezone docs to functions page (#14670) (#27662) (@ystkfujii)
• 13cd517: docs: move releases to Tuesdays (#26859) (@reggie-k)
• 8f9f036: docs: numbering fix (#28231) (@crenshaw-dev)
• 9ad336d: docs: redirect previous-version banner to stable page instead of homepage (#26857) (#27428) (@firasmosbehi)
• e00345b: docs: replace resource_hooks links with sync-waves (#26187) (@choejwoo)
• b39f613: docs: specify ApplicationSet can be installed in any namespace (#27579) (@dancer1325)
• 1afb154: docs: update MAINTAINERS.md (#28093) (@choejwoo)
• 94d8ba9: docs: update cosign install and docs links (#27042) (@cjcocokrisp)
• 94942ad: docs: update release issue template with tools bump section (#27776) (@reggie-k)

Dependency updates

• 6b267cb: chore(deprecated): delete dockerfile for gitops-engine not used (#27647) (@manute)
• 559da44: chore(deps): bump Helm to 3.20.1 (#26896) (@crenshaw-dev)
• 7933370: chore(deps): bump Helm to 4.2.1 (#28273) (@crenshaw-dev)
• 5fa0045: chore(deps): bump SonarSource/sonarqube-scan-action from 7.0.0 to 7.1.0 (#27116) (@dependabot[bot])
• bc3b04a: chore(deps): bump SonarSource/sonarqube-scan-action from 7.1.0 to 7.2.0 (#27584) (@dependabot[bot])
• 22bf69c: chore(deps): bump SonarSource/sonarqube-scan-action from 7.2.0 to 8.0.0 (#27602) (@dependabot[bot])
• f2fbb04: chore(deps): bump SonarSource/sonarqube-scan-action from 8.0.0 to 8.1.0 (#27922) (@dependabot[bot])
• 7e7972f: chore(deps): bump SonarSource/sonarqube-scan-action from 8.1.0 to 8.2.0 (#28209) (@dependabot[bot])
• 9281612: chore(deps): bump Ubuntu base to 26.04 (#26630) (#28181) (@crenshaw-dev)
• 148c86a: chore(deps): bump actions/cache from 5.0.3 to 5.0.4 (#26901) (@dependabot[bot])
• dd8ba4f: chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#28118) (@dependabot[bot])
• 71da5f6: chore(deps): bump actions/create-github-app-token from 1.12.0 to 2.1.1 (#24360) (@dependabot[bot])
• c4f3e38: chore(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (#27313) (@dependabot[bot])
• 9fd0ab1: chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (#27825) (@dependabot[bot])
• da7a61b: chore(deps): bump actions/setup-go from 6.3.0 to 6.4.0 (#27066) (@dependabot[bot])
• b2a8bc9: chore(deps): bump actions/setup-node from 4.4.0 to 6.3.0 (#27244) (@dependabot[bot])
• 26f71b3: chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#27452) (@dependabot[bot])
• f7ea5bc: chore(deps): bump actions/stale from 10.2.0 to 10.3.0 (#27952) (@dependabot[bot])
• d65af14: chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#27310) (@dependabot[bot])
• 14854f5: chore(deps): bump code.gitea.io/sdk/gitea from 0.23.2 to 0.25.1 (#27824) (@dependabot[bot])
• 30db355: chore(deps): bump codecov/codecov-action from 5.5.2 to 5.5.3 (#26900) (@dependabot[bot])
• 303e001: chore(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 (#27030) (@dependabot[bot])
• 5331d66: chore(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 (#27921) (@dependabot[bot])
• 1ef9645: chore(deps): bump deepmerge from 3.3.0 to 4.3.1 in /ui (#27410) (@dependabot[bot])
• 579fbab: chore(deps): bump docker/build-push-action from 7.0.0 to 7.1.0 (#27312) (@dependabot[bot])
• 795549a: chore(deps): bump docker/build-push-action from 7.1.0 to 7.2.0 (#27969) (@dependabot[bot])
• 719ac07: chore(deps): bump docker/login-action from 4.0.0 to 4.1.0 (#27138) (@dependabot[bot])
• efdb2e7: chore(deps): bump docker/login-action from 4.1.0 to 4.2.0 (#27986) (@dependabot[bot])
• 1608532: chore(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0 (#27985) (@dependabot[bot])
• 87315e0: chore(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0 (#28035) (@dependabot[bot])
• 04e4e08: chore(deps): bump flatted from 3.3.1 to 3.4.2 in /ui (#26928) (@dependabot[bot])
• 35bd575: chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.21.0 to 1.21.1 (#27413) (@dependabot[bot])
• 3c6645f: chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.21.1 to 1.22.0 (#28144) (@dependabot[bot])
• 877cdf6: chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.13.1 to 1.14.0 (#28295) (@dependabot[bot])
• 38a3826: chore(deps): bump github.com/Azure/kubelogin from 0.2.16 to 0.2.17 (#27269) (@dependabot[bot])
• e2d1388: chore(deps): bump github.com/Azure/kubelogin from 0.2.17 to 0.2.18 (#28079) (@dependabot[bot])
• 682de3e: chore(deps): bump github.com/alicebob/miniredis/v2 from 2.37.0 to 2.38.0 (#27801) (@dependabot[bot])
• 0191c16: chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.11 to 1.32.12 (#26844) (@dependabot[bot])
• f3b803f: chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.14 to 1.32.15 in the aws-sdk-v2 group (#27412) (@dependabot[bot])
• 59aea04: chore(deps): bump github.com/aws/aws-sdk-go-v2/credentials from 1.19.11 to 1.19.12 (#26840) (@dependabot[bot])
• a892317: chore(deps): bump github.com/aws/aws-sdk-go-v2/credentials from 1.19.12 to 1.19.13 (#27032) (@dependabot[bot])
• 6a22728: chore(deps): bump github.com/aws/aws-sdk-go-v2/service/codecommit from 1.33.11 to 1.33.12 (#27035) (@dependabot[bot])
• 648e9d2: chore(deps): bump github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi from 1.31.12 to 1.32.0 in the aws-sdk-v2 group (#28019) (@dependabot[bot])
• 0c02de7: chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.41.9 to 1.41.10 (#27037) (@dependabot[bot])
• 5c03a8b: chore(deps): bump github.com/aws/smithy-go from 1.24.2 to 1.24.3 (#27141) (@dependabot[bot])
• a216fdb: chore(deps): bump github.com/aws/smithy-go from 1.24.3 to 1.25.0 (#27369) (@dependabot[bot])
• d654515: chore(deps): bump github.com/aws/smithy-go from 1.25.0 to 1.25.1 (#27531) (@dependabot[bot])
• cbce5bf: chore(deps): bump github.com/aws/smithy-go from 1.25.1 to 1.26.0 (#28036) (@dependabot[bot])
• 83d812f: chore(deps): bump github.com/aws/smithy-go from 1.26.0 to 1.27.0 (#28120) (@dependabot[bot])
• 02607a6: chore(deps): bump github.com/aws/smithy-go from 1.27.0 to 1.27.1 (#28146) (@dependabot[bot])
• df2b0b2: chore(deps): bump github.com/aws/smithy-go from 1.27.1 to 1.27.2 (#28170) (@dependabot[bot])
• 028f5e1: chore(deps): bump github.com/bradleyfalzon/ghinstallation/v2 from 2.18.0 to 2.19.0 (#28261) (@dependabot[bot])
• f86cd07: chore(deps): bump github.com/coreos/go-oidc/v3 from 3.17.0 to 3.18.0 (#27247) (@dependabot[bot])
• 9c8ae9a: chore(deps): bump github.com/dlclark/regexp2 from 1.11.5 to 1.12.0 (#27456) (@dependabot[bot])
• 38095fc: chore(deps): bump github.com/felixge/httpsnoop from 1.0.4 to 1.1.0 (#28263) (@dependabot[bot])
• 4fc98c0: chore(deps): bump github.com/fsnotify/fsnotify from 1.10.0 to 1.10.1 (#27688) (@dependabot[bot])
• 03cbfbf: chore(deps): bump github.com/fsnotify/fsnotify from 1.9.0 to 1.10.0 (#27605) (@dependabot[bot])
• b004246: chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.2 to 5.9.0 (#27847) (@dependabot[bot])
• 8866392: chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.5 (#27142) (@dependabot[bot])
• a5073f1: chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#27101) (@dependabot[bot])
• 8c673b9: chore(deps): bump github.com/go-openapi/loads from 0.23.3 to 0.23.4 (#28121) (@dependabot[bot])
• 7b7e3a7: chore(deps): bump github.com/go-openapi/loads from 0.23.4 to 0.24.0 (#28171) (@dependabot[bot])
• f54cc0b: chore(deps): bump github.com/go-openapi/runtime from 0.29.3 to 0.29.4 (#27457) (@dependabot[bot])
• 6c79944: chore(deps): bump github.com/go-openapi/runtime from 0.29.4 to 0.29.5 (#27689) (@dependabot[bot])
• d91cef6: chore(deps): bump github.com/go-openapi/runtime from 0.29.5 to 0.32.2 (#28037) (@dependabot[bot])
• ebfe9c6: chore(deps): bump github.com/go-openapi/runtime/server-middleware from 0.30.0 to 0.32.2 (#28059) (@dependabot[bot])
• a53d82e: chore(deps): bump github.com/go-openapi/runtime/server-middleware from 0.32.2 to 0.32.3 (#28122) (@dependabot[bot])
• bb66ffe: chore(deps): bump github.com/google/go-jsonnet from 0.21.0 to 0.22.0 (#26992) (@dependabot[bot])
• 0e4f7c8: chore(deps): bump github.com/itchyny/gojq from 0.12.18 to 0.12.19 (#27118) (@dependabot[bot])
• c201994: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.100 to 0.10.0 (#27989) (@dependabot[bot])
• 721a7e7: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.94 to 0.9.95 (#27175) (@dependabot[bot])
• 77d559c: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.95 to 0.9.96 (#27547) (@dependabot[bot])
• 7cf7955: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.96 to 0.9.98 (#27604) (@dependabot[bot])
• cc13e46: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.98 to 0.9.100 (#27630) (@dependabot[bot])
• 9cfbeb7: chore(deps): bump github.com/mattn/go-isatty from 0.0.20 to 0.0.21 (#27245) (@dependabot[bot])
• 4a51ec4: chore(deps): bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22 (#27566) (@dependabot[bot])
• d017512: chore(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 (#27401) (@dependabot[bot])
• 1b2f784: chore(deps): bump github.com/redis/go-redis/v9 from 9.18.0 to 9.19.0 (#27582) (@dependabot[bot])
• 3185b39: chore(deps): bump github.com/redis/go-redis/v9 from 9.19.0 to 9.20.0 (#28060) (@dependabot[bot])
• 3336cf6: chore(deps): bump github.com/redis/go-redis/v9 from 9.20.0 to 9.20.1 (#28262) (@dependabot[bot])
• 4090619: chore(deps): bump github.com/skeema/knownhosts from 1.3.1 to 1.3.2 (#27988) (@dependabot[bot])
• bd1cccf: chore(deps): bump github.com/yuin/gopher-lua from 1.1.1 to 1.1.2 (#27100) (@dependabot[bot])
• 7af68d2: chore(deps): bump github/codeql-action bundle to v4.35.1 (#27068) (@Kevinjoeharris)
• 576002f: chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#27372) (@dependabot[bot])
• e5a2a00: chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#27651) (@dependabot[bot])
• f7a4c09: chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#27745) (@dependabot[bot])
• daf567f: chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#27897) (@dependabot[bot])
• 967e6d8: chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 (#27984) (@dependabot[bot])
• f35fe84: chore(deps): bump github/codeql-action from 4.36.0 to 4.36.1 (#28115) (@dependabot[bot])
• 0e2e476: chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2 (#28145) (@dependabot[bot])
• 2f58395: chore(deps): bump go-client to v0.36.1, controller-runtime to v0.24.1 (#27804) (#27955) (@dudinea)
• c90b922: chore(deps): bump golang.org/x/crypto from 0.49.0 to 0.50.0 (#27268) (@dependabot[bot])
• f40bc68: chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 (#27783) (@dependabot[bot])
• 0a7e0ef: chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 (#27967) (@dependabot[bot])
• 47059fa: chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0 (#28190) (@dependabot[bot])
• 25e0c38: chore(deps): bump golang.org/x/net from 0.52.0 to 0.53.0 (#27272) (@dependabot[bot])
• a9d087e: chore(deps): bump golang.org/x/net from 0.53.0 to 0.54.0 (#27782) (@dependabot[bot])
• 087f4e6: chore(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 (#27966) (@dependabot[bot])
• b535b52: chore(deps): bump golang.org/x/net from 0.55.0 to 0.56.0 (#28237) (@dependabot[bot])
• 99306c7: chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0 (#28192) (@dependabot[bot])
• 5dc9599: chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#27970) (@dependabot[bot])
• 2043990: chore(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 (#26886) (@dependabot[bot])
• ba4d2a2: chore(deps): bump google.golang.org/grpc from 1.79.3 to 1.80.0 (#27119) (@dependabot[bot])
• 14b9d68: chore(deps): bump google.golang.org/grpc from 1.80.0 to 1.81.0 (#27687) (@dependabot[bot])
• 438ba7c: chore(deps): bump google.golang.org/grpc from 1.81.0 to 1.81.1 (#27869) (@dependabot[bot])
• 68505a8: chore(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.1.0 (#27454) (@dependabot[bot])
• 6755bf1: chore(deps): bump goreleaser/goreleaser-action from 7.1.0 to 7.2.1 (#27548) (@dependabot[bot])
• af6997b: chore(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 (#27920) (@dependabot[bot])
• 191b4e3: chore(deps): bump helm to 3.20.2 (#27774) (@reggie-k)
• 5471c94: chore(deps): bump helm to 3.21.0 (#27855) (@nitishfy)
• 06fad73: chore(deps): bump js-yaml from 3.14.1 to 4.2.0 in /ui (#28133) (@dependabot[bot])
• 9d8abf4: chore(deps): bump library/busybox from 1487d0a to fd8d9aa in /test/e2e/multiarch-container (#27981) (@dependabot[bot])
• 4e3904a: chore(deps): bump library/busybox from b3255e7 to 1487d0a in /test/e2e/multiarch-container (#26990) (@dependabot[bot])
• 9e80e05: chore(deps): bump library/golang from 1.26.1 to 1.26.2 in /test/container (#27248) (@dependabot[bot])
• 86fcb14: chore(deps): bump library/golang from 1.26.1 to 1.26.2 in /test/remote (#27216) (@dependabot[bot])
• a73a4cd: chore(deps): bump library/golang from 1.26.2 to 1.26.3 in /test/container (#27748) (@dependabot[bot])
• b7666e9: chore(deps): bump library/golang from 1.26.2 to 1.26.3 in /test/remote (#27744) (@dependabot[bot])
• 7358cb7: chore(deps): bump library/golang from 1.26.3 to 1.26.4 in /test/container (#28116) (@dependabot[bot])
• 15fd01e: chore(deps): bump library/golang from 1.26.3 to 1.26.4 in /test/remote (#28114) (@dependabot[bot])
• 526eeab: chore(deps): bump library/golang from 11fd8f7 to 87a41d2 in /test/container (#28260) (@dependabot[bot])
• cc65c2c: chore(deps): bump library/golang from 11fd8f7 to 87a41d2 in /test/remote (#28258) (@dependabot[bot])
• 1c19810: chore(deps): bump library/golang from 1e598ea to b54cbf5 in /test/container (#27549) (@dependabot[bot])
• 6d29bd8: chore(deps): bump library/golang from 1e598ea to b54cbf5 in /test/remote (#27545) (@dependabot[bot])
• 662302f: chore(deps): bump library/golang from 2981696 to 633d23b in /test/container (#27826) (@dependabot[bot])
• 70be033: chore(deps): bump library/golang from 2981696 to 633d23b in /test/remote (#27822) (@dependabot[bot])
• 0dd5e08: chore(deps): bump library/golang from 2a2b4b5 to fcdb3e4 in /test/container (#27309) (@dependabot[bot])
• 0737418: chore(deps): bump library/golang from 2a2b4b5 to fcdb3e4 in /test/remote (#27307) (@dependabot[bot])
• b25ef71: chore(deps): bump library/golang from 313faae to 8530a4f in /test/container (#27940) (@dependabot[bot])
• 7019a8e: chore(deps): bump library/golang from 313faae to 8530a4f in /test/remote (#27939) (@dependabot[bot])
• adcf8c4: chore(deps): bump library/golang from 5f3787b to 1e598ea in /test/container (#27518) (@dependabot[bot])
• 04c64b7: chore(deps): bump library/golang from 5f3787b to 1e598ea in /test/remote (#27517) (@dependabot[bot])
• 9241546: chore(deps): bump library/golang from 633d23b to 313faae in /test/container (#27853) (@dependabot[bot])
• 4d17143: chore(deps): bump library/golang from 633d23b to 313faae in /test/remote (#27850) (@dependabot[bot])
• 5b1b1fb: chore(deps): bump library/golang from 68cb6d6 to 11fd8f7 in /test/container (#28211) (@dependabot[bot])
• da21a42: chore(deps): bump library/golang from 68cb6d6 to 11fd8f7 in /test/remote (#28208) (@dependabot[bot])
• 2117aa8: chore(deps): bump library/golang from 6df14f4 to 2d6c802 in /test/container (#27983) (@dependabot[bot])
• 980158e: chore(deps): bump library/golang from 6df14f4 to 2d6c802 in /test/remote (#27982) (@dependabot[bot])
• b6c3584: chore(deps): bump library/golang from 8530a4f to 6df14f4 in /test/container (#27951) (@dependabot[bot])
• 412c96f: chore(deps): bump library/golang from 8530a4f to 6df14f4 in /test/remote (#27950) (@dependabot[bot])
• b51828c: chore(deps): bump library/golang from 87a41d2 to 792443b in /test/container (#28296) (@dependabot[bot])
• 96a97b2: chore(deps): bump library/golang from 87a41d2 to 792443b in /test/remote (#28293) (@dependabot[bot])
• 6b35246: chore(deps): bump library/golang from c7e98cc to 595c784 in /test/container (#26960) (@dependabot[bot])
• c86e6b6: chore(deps): bump library/golang from efaccb5 to 2981696 in /test/container (#27785) (@dependabot[bot])
• 8ed29d1: chore(deps): bump library/golang from efaccb5 to 2981696 in /test/remote (#27779) (@dependabot[bot])
• 0a0cd0b: chore(deps): bump library/golang from fcdb3e4 to 5f3787b in /test/container (#27347) (@dependabot[bot])
• ea3dae6: chore(deps): bump library/golang from fcdb3e4 to 5f3787b in /test/remote (#27346) (@dependabot[bot])
• d4ec328: chore(deps): bump library/redis from 8.6.1 to 8.6.2 in /test/container (#26991) (@dependabot[bot])
• b3eda0f: chore(deps): bump library/redis from 8.6.2 to 8.6.3 in /test/container (#27704) (@dependabot[bot])
• de52992: chore(deps): bump library/redis from 8.6.3 to 8.8.0 in /test/container (#28020) (@dependabot[bot])
• 12b241a: chore(deps): bump library/redis from 009cc37 to 970b561 in /test/container (#27218) (@dependabot[bot])
• 10b6c45: chore(deps): bump library/redis from 0c34149 to e628485 in /test/container (#27941) (@dependabot[bot])
• 8142920: chore(deps): bump library/redis from 1c054d5 to a019c00 in /test/container (#26865) (@dependabot[bot])
• ac3ef59: chore(deps): bump library/redis from 1f07381 to 83619e7 in /test/container (#27493) (@dependabot[bot])
• 5bbf557: chore(deps): bump library/redis from 25dbb04 to 7ead790 in /test/container (#27747) (@dependabot[bot])
• 7bde118: chore(deps): bump library/redis from 25e102b to aa049e6 in /test/container (#28056) (@dependabot[bot])
• 0fb522b: chore(deps): bump library/redis from 4c7ecf5 to 0a97239 in /test/container (#28282) (@dependabot[bot])
• 5b6561e: chore(deps): bump library/redis from 7ead790 to 0c34149 in /test/container (#27781) (@dependabot[bot])
• 170b89f: chore(deps): bump library/redis from 970b561 to 1f07381 in /test/container (#27273) (@dependabot[bot])
• aabe852: chore(deps): bump library/redis from a019c00 to 315270d in /test/container (#26902) (@dependabot[bot])
• fb107e4: chore(deps): bump library/redis from aa049e6 to f792aaa in /test/container (#28235) (@dependabot[bot])
• 0850e97: chore(deps): bump library/redis from d372cf7 to 832d778 in /test/container (#27532) (@dependabot[bot])
• 122e6e7: chore(deps): bump library/redis from e628485 to 4d25e2f in /test/container (#27965) (@dependabot[bot])
• 2aaa40b: chore(deps): bump library/redis from f792aaa to 4c7ecf5 in /test/container (#28259) (@dependabot[bot])
• 884ba71: chore(deps): bump library/registry from 3.0 to 3.1 in /test/container (#27201) (@dependabot[bot])
• 3eb5104: chore(deps): bump library/registry from afcd13f to b0f3668 in /test/container (#27374) (@dependabot[bot])
• 24c3abd: chore(deps): bump library/ubuntu from 5798086 to 91832dc in /test/container (#26930) (@dependabot[bot])
• b6f8429: chore(deps): bump library/ubuntu from 5e27572 to f3d2860 in /test/container (#27690) (@dependabot[bot])
• b018313: chore(deps): bump library/ubuntu from 730382b to a072b64 in /test/container (#27137) (@dependabot[bot])
• 44e0863: chore(deps): bump library/ubuntu from 91832dc to 730382b in /test/container (#27117) (@dependabot[bot])
• 1a195cc: chore(deps): bump library/ubuntu from cc925e5 to 5e27572 in /test/container (#27373) (@dependabot[bot])
• d80a122: chore(deps): bump library/ubuntu from fed6ddb to 5798086 in /test/container (#26887) (@dependabot[bot])
• 86a245c: chore(deps): bump lodash from 4.17.23 to 4.18.1 in /ui (#27135) (@dependabot[bot])
• 3c47518: chore(deps): bump lodash-es from 4.17.23 to 4.18.1 in /ui (#27120) (@dependabot[bot])
• 0c4946f: chore(deps): bump minimatch from 3.1.3 to 3.1.4 in /ui (#26641) (@dependabot[bot])
• 4f8f4d2: chore(deps): bump node from 20 to 24 (#23466) (@dependabot[bot])
• 1ff6a41: chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1 (#28193) (@dependabot[bot])
• e21d471: chore(deps): bump picomatch from 2.3.1 to 2.3.2 in /ui (#27017) (@dependabot[bot])
• a98eba2: chore(deps): bump pnpm/action-setup from 4.1.0 to 5.0.0 (#27246) (@dependabot[bot])
• 460c5bc: chore(deps): bump pnpm/action-setup from 5.0.0 to 6.0.8 (#28002) (@dependabot[bot])
• 82c53c0: chore(deps): bump pnpm/action-setup from 6.0.8 to 6.0.9 (#28294) (@dependabot[bot])
• 211cbf4: chore(deps): bump pymdown-extensions from 10.17.1 to 10.21.3 in /docs (#27935) (@dependabot[bot])
• d6391e4: chore(deps): bump redoc/dompurify to v3.4.0 in /ui for fixing CVE-2026-41240 (#27751) (@alkakumari016)
• 48ed12e: chore(deps): bump renovatebot/github-action from 46.1.10 to 46.1.11 (#27546) (@dependabot[bot])
• 8465672: chore(deps): bump renovatebot/github-action from 46.1.11 to 46.1.12 (#27583) (@dependabot[bot])
• 9a0c75c: chore(deps): bump renovatebot/github-action from 46.1.12 to 46.1.13 (#27665) (@dependabot[bot])
• 0022282: chore(deps): bump renovatebot/github-action from 46.1.13 to 46.1.14 (#27784) (@dependabot[bot])
• 2c9f570: chore(deps): bump renovatebot/github-action from 46.1.14 to 46.1.15 (#28188) (@dependabot[bot])
• bd7b16c: chore(deps): bump renovatebot/github-action from 46.1.5 to 46.1.6 (#26961) (@dependabot[bot])
• ab00709: chore(deps): bump renovatebot/github-action from 46.1.6 to 46.1.7 (#27065) (@dependabot[bot])
• bb2cfd9: chore(deps): bump renovatebot/github-action from 46.1.7 to 46.1.8 (#27176) (@dependabot[bot])
• 0c01fc8: chore(deps): bump renovatebot/github-action from 46.1.8 to 46.1.9 (#27332) (@dependabot[bot])
• 99b10b5: chore(deps): bump renovatebot/github-action from 46.1.9 to 46.1.10 (#27453) (@dependabot[bot])
• e6aa905: chore(deps): bump sigs.k8s.io/structured-merge-diff/v6 from 6.3.2 to 6.4.0 (#27371) (@dependabot[bot])
• d75a6b1: chore(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 (#27031) (@dependabot[bot])
• 00d51b3: chore(deps): bump sigstore/cosign-installer from 4.1.1 to 4.1.2 (#27728) (@dependabot[bot])
• f409135: chore(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 (#26838) (@dependabot[bot])
• c9b2e4b: chore(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 (#27311) (@dependabot[bot])
• 7262e61: chore(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1 (#27202) (@dependabot[bot])
• cd8a25c: chore(deps): bump step-security/harden-runner from 2.16.1 to 2.17.0 (#27271) (@dependabot[bot])
• 9cfce1d: chore(deps): bump step-security/harden-runner from 2.17.0 to 2.18.0 (#27370) (@dependabot[bot])
• a7853eb: chore(deps): bump step-security/harden-runner from 2.18.0 to 2.19.0 (#27471) (@dependabot[bot])
• 6618734: chore(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 (#27666) (@dependabot[bot])
• aaecdb6: chore(deps): bump step-security/harden-runner from 2.19.1 to 2.19.2 (#27852) (@dependabot[bot])
• c01aa31: chore(deps): bump step-security/harden-runner from 2.19.2 to 2.19.3 (#27870) (@dependabot[bot])
• e771b75: chore(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 (#27968) (@dependabot[bot])
• d4acd0b: chore(deps): bump the aws-sdk-v2 group across 1 directory with 6 updates (#28119) (@dependabot[bot])
• 95e0696: chore(deps): bump the aws-sdk-v2 group with 2 updates (#27987) (@dependabot[bot])
• 666fbf8: chore(deps): bump the aws-sdk-v2 group with 2 updates (#28236) (@dependabot[bot])
• 54f9cf0: chore(deps): bump the aws-sdk-v2 group with 3 updates (#27186) (@dependabot[bot])
• 5a4a551: chore(deps): bump the aws-sdk-v2 group with 6 updates (#27455) (@dependabot[bot])
• 42498e6: chore(deps): bump the aws-sdk-v2 group with 6 updates (#27603) (@dependabot[bot])
• 1ad5a69: chore(deps): bump the aws-sdk-v2 group with 6 updates (#28057) (@dependabot[bot])
• 8229c2d: chore(deps): bump the aws-sdk-v2 group with 6 updates (#28078) (@dependabot[bot])
• c2664ed: chore(deps): bump the aws-sdk-v2 group with 6 updates (#28189) (@dependabot[bot])
• 7396255: chore(deps): bump the otel group across 1 directory with 2 updates (#27217) (@dependabot[bot])
• 9f72339: chore(deps): bump the otel group across 1 directory with 4 updates (#27174) (@dependabot[bot])
• d0cf7ca: chore(deps): bump the otel group with 2 updates (#28058) (@dependabot[bot])
• b10ba77: chore(deps): bump the otel group with 4 updates (#28034) (@dependabot[bot])
• b01aa18: chore(deps): bump tj-actions/changed-files from 47.0.5 to 47.0.6 (#27470) (@dependabot[bot])
• e972bfc: chore(deps): bump yaml from 1.10.2 to 1.10.3 in /ui (#27015) (@dependabot[bot])
• 5101db5: chore(deps): migrate to go.yaml.in/yaml/v3 (#27063) (@thevilledev)
• 7308ed9: chore(deps): update actions/cache action to v5.0.5 (#27334) (@renovate[bot])
• 9ceaf0e: chore(deps): update actions/create-github-app-token action to v2.2.2 (#27034) (@renovate[bot])
• 8e0b6e6: chore(deps): update codecov/codecov-action action to v5.5.4 (#27038) (@renovate[bot])
• 7accd34: chore(deps): update dependency eslint-config-prettier to v9.1.2 (#27323) (@renovate[bot])
• 1fde0d0: chore(deps): update dependency formidable to v2.1.3 [security] (#27233) (@renovate[bot])
• 3a2e2f6: chore(deps): update dependency golang to v1.26.3 (#27737) (@argoproj-renovate[bot])
• 8a80c5a: chore(deps): update dependency markdown to v3.10.2 (#27559) (@renovate[bot])
• db8f3f7: chore(deps): update dependency pygments to v2.20.0 [security] (#27999) (@argoproj-renovate[bot])
• fccd69a: chore(deps): update dependency pymdown-extensions to v10.21.3 [security] (#27934) (@argoproj-renovate[bot])
• 84553d3: chore(deps): update docker.io/library/golang docker tag to v1.26.3 (#27742) (@argoproj-renovate[bot])
• 6d3e641: chore(deps): update docker.io/library/golang:1.26.1 docker digest to 42ebbf7 (#27205) (@argoproj-renovate[bot])
• 047c0ae: chore(deps): update docker.io/library/golang:1.26.1 docker digest to 5e69504 (#27211) (@argoproj-renovate[bot])
• d3b06f1: chore(deps): update docker.io/library/golang:1.26.1 docker digest to cd78d88 (#27214) (@argoproj-renovate[bot])
• 880433f: chore(deps): update docker.io/library/golang:1.26.1 docker digest to cd78d88 (#27231) (@renovate[bot])
• ecc178f: chore(deps): update docker.io/library/golang:1.26.2 docker digest to 5f3787b (#27343) (@argoproj-renovate[bot])
• 5083a21: chore(deps): update docker.io/library/golang:1.26.2 docker digest to b54cbf5 (#27557) (@renovate[bot])
• 538d426: chore(deps): update docker.io/library/golang:1.26.2 docker digest to f715906 (#27498) (@argoproj-renovate[bot])
• 85913f7: chore(deps): update docker.io/library/golang:1.26.2 docker digest to fcdb3e4 (#27296) (@argoproj-renovate[bot])
• 9a95da5: chore(deps): update docker.io/library/golang:1.26.3 docker digest to 13605db (#27763) (@argoproj-renovate[bot])
• 9375dc1: chore(deps): update docker.io/library/golang:1.26.3 docker digest to 2981696 (#27793) (@argoproj-renovate[bot])
• 68d7fcc: chore(deps): update docker.io/library/golang:1.26.3 docker digest to 2d6c802 (#27980) (@argoproj-renovate[bot])
• 4be6c4e: chore(deps): update docker.io/library/golang:1.26.3 docker digest to 313faae (#27842) (@argoproj-renovate[bot])
• 55bea32: chore(deps): update docker.io/library/golang:1.26.3 docker digest to 633d23b (#27821) (@argoproj-renovate[bot])
• 0dc4f57: chore(deps): update docker.io/library/golang:1.26.3 docker digest to 6df14f4 (#27945) (@argoproj-renovate[bot])
• ef2a67a: chore(deps): update docker.io/library/golang:1.26.3 docker digest to cc9a5d7 (#27937) (@argoproj-renovate[bot])
• 8727851: chore(deps): update docker.io/library/golang:1.26.4 docker digest to 11fd8f7 (#28206) (@argoproj-renovate[bot])
• 6186eb7: chore(deps): update docker.io/library/golang:1.26.4 docker digest to 68cb6d6 (#28111) (@argoproj-renovate[bot])
• 67c8618: chore(deps): update docker.io/library/golang:1.26.4 docker digest to 792443b (#28292) (@argoproj-renovate[bot])
• 7d028d4: chore(deps): update docker.io/library/golang:1.26.4 docker digest to 87a41d2 (#28245) (@argoproj-renovate[bot])
• 0af18dc: chore(deps): update docker.io/library/golang:1.26.4 docker digest to d184d9b (#28240) (@argoproj-renovate[bot])
• 27fa900: chore(deps): update docker.io/library/golang:1.26.4 docker digest to d47ca13 (#28238) (@argoproj-renovate[bot])
• 04d41af: chore(deps): update docker.io/library/registry:3.1 docker digest to 85347ed (#27685) (@renovate[bot])
• 37e10db: chore(deps): update docker.io/library/registry:3.1 docker digest to 8a7c1aa (#27405) (@renovate[bot])
• 1998312: chore(deps): update docker.io/library/ubuntu:26.04 docker digest to cc925e5 (#27232) (@renovate[bot])
• 34b3842: chore(deps): update group golang to v1.26.2 (#27224) (@argoproj-renovate[bot])
• 4e99f75: chore(deps): update group golang to v1.26.4 (#28104) (@argoproj-renovate[bot])
• 19219e0: chore(deps): update group node to v24 (major) (#25096) (@argoproj-renovate[bot])
• e1bb509: chore(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.4 (#26957) (@argoproj-renovate[bot])
• d08fec4: chore(deps): update module github.com/vektra/mockery/v3 to v3.7.1 (#28270) (@argoproj-renovate[bot])
• 67c6d19: chore(deps-dev): bump @babel/core from 7.29.0 to 7.29.6 in /ui (#28300) (@dependabot[bot])
• 7b5b6a8: chore(deps-dev): bump @types/dagre from 0.7.42 to 0.7.54 in /ui (#27184) (@dependabot[bot])
• 82f7140: chore(deps-dev): bump postcss from 8.5.6 to 8.5.10 in /ui (#27537) (@dependabot[bot])
• eb752a4: chore(deps-dev): bump prettier from 3.8.3 to 3.8.4 in /ui (#28212) (@dependabot[bot])
• 0a7f9f5: chore(deps-dev): bump sass from 1.99.0 to 1.100.0 in /ui (#28210) (@dependabot[bot])
• fc03869: chore(deps-dev): bump webpack from 5.94.0 to 5.105.4 in /ui (#27185) (@dependabot[bot])
• bbe9acf: chore(deps-dev): webpack 5 (#27404) (@blakepettersson)

Other work

• 9d5b5df: Fix UI extension event listener loop and expose ReactJSXRuntime global (@jwinters01)
• 5151f6f: Fix react-diff-view (@jwinters01)
• 84442e0: Honor stderrthreshold when logtostderr is enabled (@pierluigilenoci)
• eef7506: Integrate react-testing-library (@jwinters01)
• d8bd9e9: Merge branch 'master' into react-19 (@jwinters01)
• f3fe628: Merge branch 'react-19' of ssh://github.com/jwinters01/argo-cd into react-19 (@jwinters01)
• 5b87aa8: Merge commit from fork (@alexmt)
• dcda17a: Merge commit from fork (@pjiang-dev)
• cb1c112: Merge commit from fork (@blakepettersson)
• 4aeca2f: Merge pull request #27001 from leoluz/fix-ssd-npe (@alexmt)
• 8705f69: Merge pull request #27029 from pierluigilenoci/fix/honor-stderrthreshold (@alexmt)
• ca353a7: Merge pull request #27091 from jwinters01/react-19 (@jwinters01)
• 8546e61: Merge pull request #28038 from argoproj/argocd-fix-docs-for-eventlist-changes (@dudinea)
• 19d99f5: Merge pull request #28053 from crenshaw-dev/ui-drysource-repourl (@jwinters01)
• d24ba5b: Merge pull request #28159 from argoproj/fix-codecov-public-key-problem (@dudinea)
• 2b7a9e0: Merge remote-tracking branch 'upstream/master' into react-19 (@jwinters01)
• 17bfd97: Merge remote-tracking branch 'upstream/master' into react-19 (@jwinters01)
• 620c174: Merge remote-tracking branch 'upstream/master' into react-19 (@jwinters01)
• 447abc8: Merge remote-tracking branch 'upstream/master' into react-19 (@jwinters01)
• 4e2bd67: NODE_ENV=test only for jest tests (@jwinters01)
• 099dbd7: chore(CODEOWNERS): expand @argoproj/argocd-approvers-ci role ownership (#27721) (@dudinea)
• 364bd00: chore(ci): add Step Security Harden Runner to workflows in audit mode (#27168) (@dudinea)
• 3a6083c: chore(ci): Enable harden runner blocking mode for workflows - part 1 (#27163) (#27256) (@dudinea)
• 7f3ecfc: chore(ci): add revert to title checker config (#27424) (@ranakan19)
• a87aab1: chore(ci): attempt to make test less flaky (#26890) (@blakepettersson)
• 17daff3: chore(ci): bump codecov action to 7.0.0 to fix the GPG issue (@dudinea)
• 67e3ba5: chore(ci): fix gitops-engine/hack/update_static_schema.sh work on Linux (#28126) (#28127) (@dudinea)
• 87ccebc: chore(ci): remove cherry-pick branch if already present (#26881) (@blakepettersson)
• eaa4bf6: chore(dev): change default appset webhook port in goreman (#28015) (@blakepettersson)
• 2ccc2ea: chore(docs): Fix godoc in util/db/certificate.go (#27380) (@olivergondza)
• db493ac: chore(gitops-engine): drop dead autoscaling/v2beta1 and v2beta2 references (#27887) (@mfacenet)
• 3dcc91c: chore(gitops-engine): migrate to mockery (#27696) (@blakepettersson)
• 596f6c0: chore(makefile): disable compiler optimization for DEV_IMAGE build (#28167) (#28168) (@dudinea)
• e75b8e0: chore(refactor): separate progressive sync into its own package (#27701) (@ranakan19)
• 789b9dd: chore(release): adds Eugene as release champion for 3.6 (#27717) (@dudinea)
• 47a0746: chore(renovate): group aws-sdk-v2-updates (#26848) (@blakepettersson)
• 21ea32e: chore(ui): add change origin (#27947) (@blakepettersson)
• 930a362: chore(ui): bump argo-ui to c089d1d2d84df87f3712ae661273a5ab0d1ef3b0 (@jwinters01)
• 2107c9c: chore(ui): bump typescript-eslint (#28129) (@blakepettersson)
• ee5c132: chore(ui): pin argo-ui to upstream React 19 merge commit (@jwinters01)
• 97e31db: chore: Configure Renovate (#27739) (@argoproj-renovate[bot])
• b37d389: chore: Lint change, Prevent class components from being created (#27420) (@alexrecuenco)
• bfe5cfb: chore: New gif for docs (#27081) (@Kevinjoeharris)
• 99438e5: chore: Refactor manifest caching to prevent function arg bloating (#28025) (@olivergondza)
• 46ffedc: chore: Update go.mod with comments on version management (#27508) (@crenshaw-dev)
• d34e83f: chore: add Mollie to USERS.md (#26895) (@andrea-matera)
• f1b9227: chore: add Techcom Securities to USERS.md (#26889) (@hdt12a1)
• 0c6427e: chore: add UI approver scope (#27946) (@crenshaw-dev)
• 873f63a: chore: align Go version to 1.26.1 across repository (#27112) (@thev1ndu)
• 2b64898: chore: allow multiple signoff lines (#26875) (@blakepettersson)
• 1bed88f: chore: bump go-git (#26513) (@blakepettersson)
• 6743cdf: chore: don't read current user git configs in tests (#27172) (@seankhliao)
• dce3f6e: chore: enable unnecessary-format rule from revive (#26958) (@mmorel-35)
• be6cab0: chore: extract common layout components for apps and appset (#27864) (@pjiang-dev)
• 3f15cc6: chore: fix bad indentation (#26989) (@emirot)
• 43d94f2: chore: group aws sdk v2 prs (#27179) (@blakepettersson)
• f138867: chore: migrate to cluster informer (#27206) (@blakepettersson)
• f5f3bf8: chore: migrate to pnpm (#23937) (@blakepettersson)
• f246c73: chore: move mockgen in codegen-local (#27648) a (@blakepettersson)
• e5f1ada: chore: remove obsolete buster-backports apt source from builder stages (#28250) (@crenshaw-dev)
• 7c6bc9e: chore: remove ui-test (#27635) (@blakepettersson)
• 9b7685a: chore: remove unused parameter (#27510) (@crenshaw-dev)
• 12ab91a: chore: stop renovate from creating gitops-engine PRs (#27641) (@rumstead)
• 3132b0d: chore: update Maintainers.md and move Pasha Kostohrys to octopus deploy org (#27450) (@pasha-codefresh)
• 1f7f12c: chore: wrap errors in util/db/gpgkeys.go to improve observability (#1… (#27849) (@IanEff)
• 187ff13: chore: wrap errors in util/rbac to improve observability (#10592) (#27840) (@IanEff)
• 79922c0: ci: Improve Go build timing with effective caching (#26628) (@Kevinjoeharris)
• 76c6b59: ci: bump goreleaser (#28033) (@blakepettersson)
• 7445f7e: ci: harden-runner: whitelist get.helm.sh and registry.npmjs.org for renovate workflow (#27163) (#27328) (@dudinea)
• 70e6d76: ci: pin codecov version and fix minor typos in comments (#27074) (@reggie-k)
• 5aa8373: ci: pin images of setup-qemu-action, setup-buildx-action and goreleaser CLI version (#27060) (@reggie-k)
• 9e86e9e: ci: replace goreleaser github api calls with git commands (#27706) (@reggie-k)
• 9c3a0fe: ci: support K8s 1.36.0 (#27775) (@reggie-k)
• d678193: ci: update-snyk action security hardening (#27163) (#27658) (@dudinea)
• f0d0613: ci: use github release notes in goreleaser (#28048) (@reggie-k)
• fbf28c0: docs(): fix wrong commentary to argocd proj command (#27515) (@dancer1325)
• da47064: docs(operator-manual): Add docs for F5 NGINX Ingress (#27225) (@josemaia)
• a6c1298: feat(source-integrity): Implement Source Integrity checking (#25371) (@olivergondza)
• 1245d88: fix error (@jwinters01)
• e8d21d0: fix imports (@jwinters01)
• 48d7cf1: fix linting (@jwinters01)
• f31a45b: fix react-form compatibility issues (@jwinters01)
• 3ce32a9: fix(#25983): update theme default to auto (#25985) (@eltondeboer)
• a7b70b5: fix(gitops-engine): apply HideSecretData to server-side diff results for Secrets (#27598) (@pjiang-dev)
• 9d8fcd6: fix(gitops-engine): fix nil pointer dereference error in removeWebookMutation() (#27749) (@peikk0)
• aeddcb9: fix(source-integrity): Prevent key id masking (#28196) (@olivergondza)
• 75bca0f: form reroute (@jwinters01)
• ee6991d: include branch for argo-ui (@jwinters01)
• 6952d02: include fallback for destructuring of data loader (@jwinters01)
• d21890d: include tests (@jwinters01)
• cc9758e: initial upgrade changes (@jwinters01)
• f831619: pin argo-ui to upgrade branch (@jwinters01)
• 7aedb44: pin to argo-ui branch (@jwinters01)
• e1ebfa3: re-introduce warning silencer (@jwinters01)
• 6a2b4cd: refactor(cli): extract and consolidate diff functions (#27338) (@agaudreault)
• 0acae9a: refactor(ssd): use same applier for ssd and ssa (#27624) (@agaudreault)
• 495abf1: refactor(webhook): create common interface (#27796) (@blakepettersson)
• 6bf97ec: refactor: Move NodeUpdateAnimation to functional from classes (#27382) (@alexrecuenco)
• 032d9e1: refactor: simplify UpdateRevisionForPaths logic and add early returns (#27190) (@agaudreault)
• 0eeaadb: refactor: upgrade nottification engine and docs (#27682) (@KyriosGN0)
• 82789b7: refactor: use new(expr) for pointer literals in Go 1.26 (#27143) (@seitarof)
• 69074e9: remove webpack config change (@jwinters01)
• ca4fe47: separate yarn build and yarn test (@jwinters01)
• 3e2c297: test(e2e): Add test for second Sync after initial for different resources/options (#28156) (#28155) (@dudinea)
• fabbbbe: test(e2e): add e2e tests for reverse deletionOrder when progressive sync enabled (#26673) (@ranakan19)
• bd9d14b: test(e2e): fix cleanup of CRDs for e2e tests (#28157) (#28158) (@dudinea)
• 0dc5b3f: test(sharding): add e2e test for sharding (#27466) (@cjcocokrisp)
• f7b5ef8: update snapshots (@jwinters01)
• 67d5a35: various typescript fixes (@jwinters01)
• d3d4957: working build (@jwinters01)
• 3e99bdd: working integration with argo-ui (@jwinters01)

Full Changelog: v3.4.3...v3.5.0-rc1