sibling of fa54ce221e

.github/workflows/ci-build.yaml

@@ -31,7 +31,7 @@ jobs:
       docs: ${{ steps.filter.outputs.docs_any_changed }}
     steps:
       - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-      - uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c # v45.0.2
+      - uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45.0.1
         id: filter
         with:
           # Any file which is not under docs/, ui/ or is not a markdown file is counted as a backend file
@@ -303,7 +303,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
       - name: Setup NodeJS
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
         with:
           node-version: '21.6.1'
       - name: Restore node dependency cache

.github/workflows/codeql.yml

@@ -23,7 +23,7 @@ jobs:
       actions: read  # for github/codeql-action/init to get workflow details
       contents: read  # for actions/checkout to fetch code
       security-events: write  # for github/codeql-action/autobuild to send a status report
-    if: github.repository == 'argoproj/argo-cd' || vars.enable_codeql
+    if: github.repository == 'argoproj/argo-cd'
 
     # CodeQL runs on ubuntu-latest and windows-latest
     runs-on: ubuntu-22.04

.github/workflows/init-release.yaml

@@ -64,7 +64,7 @@ jobs:
           git stash pop
 
       - name: Create pull request
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f  # v7.0.5
+        uses: peter-evans/create-pull-request@d121e62763d8cc35b5fb1710e887d6e69a52d3a4  # v7.0.2
         with:
           commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
           title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"

.github/workflows/release.yaml

@@ -295,7 +295,7 @@ jobs:
         if: ${{ env.UPDATE_VERSION == 'true' }}
 
       - name: Create PR to update VERSION on master branch
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+        uses: peter-evans/create-pull-request@d121e62763d8cc35b5fb1710e887d6e69a52d3a4 # v7.0.2
         with:
           commit-message: Bump version in master
           title: "chore: Bump version in master"

Dockerfile

@@ -83,7 +83,7 @@ WORKDIR /home/argocd
 ####################################################################################################
 # Argo CD UI stage
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/node:22.9.0@sha256:cbe2d5f94110cea9817dd8c5809d05df49b4bd1aac5203f3594d88665ad37988 AS argocd-ui
+FROM --platform=$BUILDPLATFORM docker.io/library/node:22.8.0@sha256:bd00c03095f7586432805dbf7989be10361d27987f93de904b1fc003949a4794 AS argocd-ui
 
 WORKDIR /src
 COPY ["ui/package.json", "ui/yarn.lock", "./"]

Procfile

@@ -1,7 +1,7 @@
 controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1  FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'}"
 api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}"
 dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v2/cmd gendexcfg -o `pwd`/dist/dex.yaml && (test -f dist/dex.yaml || { echo 'Failed to generate dex configuration'; exit 1; }) && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml"
-redis: hack/start-redis-with-password.sh
+redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" = 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} docker.io/library/redis:$(grep "image: redis" manifests/base/redis/argocd-redis-deployment.yaml | cut -d':' -f3) --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi"
 repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/repo-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp}  ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}"
 cmp-server: [ "$ARGOCD_E2E_TEST" = 'true' ] && exit 0 || [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}"
 ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start'

README.md

@@ -8,6 +8,7 @@
 [![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://scorecard.dev/viewer/?uri=github.com/argoproj/argo-cd)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd?ref=badge_shield)
 
 **Social:**
 [![Twitter Follow](https://img.shields.io/twitter/follow/argoproj?style=social)](https://twitter.com/argoproj)
@@ -56,7 +57,7 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 ### Blogs and Presentations
 
 1. [Awesome-Argo: A Curated List of Awesome Projects and Resources Related to Argo](https://github.com/terrytangyuan/awesome-argo)
-1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://akuity.io/blog/secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argocd/)
+1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://akuity.io/blog/unveil-the-secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argocd-kubecon-china-2021/)
 1. [GitOps Without Pipelines With ArgoCD Image Updater](https://youtu.be/avPUQin9kzU)
 1. [Combining Argo CD (GitOps), Crossplane (Control Plane), And KubeVela (OAM)](https://youtu.be/eEcgn_gU3SM)
 1. [How to Apply GitOps to Everything - Combining Argo CD and Crossplane](https://youtu.be/yrj4lmScKHQ)

SECURITY-INSIGHTS.yml

@@ -3,9 +3,9 @@ header:
   expiration-date: '2024-10-31T00:00:00.000Z' # One year from initial release.
   last-updated: '2023-10-27'
   last-reviewed: '2023-10-27'
-  commit-hash: 74a367d10e7110209610ba3ec225539ebe5f7522
+  commit-hash: fe606708859574b9b6102a505e260fac5d3fb14e
   project-url: https://github.com/argoproj/argo-cd
-  project-release: v2.14.0
+  project-release: v2.13.0
   changelog: https://github.com/argoproj/argo-cd/releases
   license: https://github.com/argoproj/argo-cd/blob/master/LICENSE
 project-lifecycle:

USERS.md

@@ -41,6 +41,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Beez Innovation Labs](https://www.beezlabs.com/)
 1. [Bedag Informatik AG](https://www.bedag.ch/)
 1. [Beleza Na Web](https://www.belezanaweb.com.br/)
+1. [Believable Bots](https://believablebots.io)
 1. [BigPanda](https://bigpanda.io)
 1. [BioBox Analytics](https://biobox.io)
 1. [BMW Group](https://www.bmwgroup.com/)
@@ -306,7 +307,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Skyscanner](https://www.skyscanner.net/)
 1. [Smart Pension](https://www.smartpension.co.uk/)
 1. [Smilee.io](https://smilee.io)
-1. [Smilegate Stove](https://www.onstove.com/)
 1. [Smood.ch](https://www.smood.ch/)
 1. [Snapp](https://snapp.ir/)
 1. [Snyk](https://snyk.io/)

VERSION

@@ -1 +1 @@
-2.14.0
+2.13.0-rc3

applicationset/generators/pull_request.go

@@ -168,7 +168,7 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err)
 			}
-			return pullrequest.NewBitbucketServiceBearerToken(ctx, providerConfig.API, appToken, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts)
+			return pullrequest.NewBitbucketServiceBearerToken(ctx, appToken, providerConfig.API, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts)
 		} else if providerConfig.BasicAuth != nil {
 			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
 			if err != nil {

applicationset/services/pull_request/azure_devops.go

@@ -82,7 +82,6 @@ func (a *AzureDevOpsService) List(ctx context.Context) ([]*PullRequest, error) {
 			pr.Repository.Name == nil ||
 			pr.PullRequestId == nil ||
 			pr.SourceRefName == nil ||
-			pr.TargetRefName == nil ||
 			pr.LastMergeSourceCommit == nil ||
 			pr.LastMergeSourceCommit.CommitId == nil {
 			continue
@@ -95,13 +94,12 @@ func (a *AzureDevOpsService) List(ctx context.Context) ([]*PullRequest, error) {
 
 		if *pr.Repository.Name == a.repo {
 			pullRequests = append(pullRequests, &PullRequest{
-				Number:       *pr.PullRequestId,
-				Title:        *pr.Title,
-				Branch:       strings.Replace(*pr.SourceRefName, "refs/heads/", "", 1),
-				TargetBranch: strings.Replace(*pr.TargetRefName, "refs/heads/", "", 1),
-				HeadSHA:      *pr.LastMergeSourceCommit.CommitId,
-				Labels:       azureDevOpsLabels,
-				Author:       strings.Split(*pr.CreatedBy.UniqueName, "@")[0], // Get the part before the @ in the email-address
+				Number:  *pr.PullRequestId,
+				Title:   *pr.Title,
+				Branch:  strings.Replace(*pr.SourceRefName, "refs/heads/", "", 1),
+				HeadSHA: *pr.LastMergeSourceCommit.CommitId,
+				Labels:  azureDevOpsLabels,
+				Author:  strings.Split(*pr.CreatedBy.UniqueName, "@")[0], // Get the part before the @ in the email-address
 			})
 		}
 	}

applicationset/services/pull_request/azure_devops_test.go

@@ -72,7 +72,6 @@ func TestListPullRequest(t *testing.T) {
 			PullRequestId: createIntPtr(pr_id),
 			Title:         createStringPtr(pr_title),
 			SourceRefName: createStringPtr("refs/heads/feature-branch"),
-			TargetRefName: createStringPtr("refs/heads/main"),
 			LastMergeSourceCommit: &git.GitCommitRef{
 				CommitId: createStringPtr(pr_head_sha),
 			},
@@ -107,7 +106,6 @@ func TestListPullRequest(t *testing.T) {
 	require.NoError(t, err)
 	assert.Len(t, list, 1)
 	assert.Equal(t, "feature-branch", list[0].Branch)
-	assert.Equal(t, "main", list[0].TargetBranch)
 	assert.Equal(t, pr_head_sha, list[0].HeadSHA)
 	assert.Equal(t, "feat(123)", list[0].Title)
 	assert.Equal(t, pr_id, list[0].Number)

assets/swagger.json

@@ -6084,7 +6084,7 @@
       "properties": {
         "defaultServiceAccount": {
           "type": "string",
-          "title": "ServiceAccountName to be used for impersonation during the sync operation"
+          "title": "DefaultServiceAccount to be used for impersonation during the sync operation"
         },
         "namespace": {
           "description": "Namespace specifies the target namespace for the application's resources.",

cmd/argocd-application-controller/commands/argocd_application_controller.go

@@ -24,7 +24,6 @@ import (
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
 	"github.com/argoproj/argo-cd/v2/pkg/ratelimiter"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
-	"github.com/argoproj/argo-cd/v2/util/argo"
 	"github.com/argoproj/argo-cd/v2/util/argo/normalizers"
 	cacheutil "github.com/argoproj/argo-cd/v2/util/cache"
 	appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate"
@@ -79,9 +78,6 @@ func NewCommand() *cobra.Command {
 		enableDynamicClusterDistribution bool
 		serverSideDiff                   bool
 		ignoreNormalizerOpts             normalizers.IgnoreNormalizerOpts
-
-		// argocd k8s event logging flag
-		enableK8sEvent []string
 	)
 	command := cobra.Command{
 		Use:               cliName,
@@ -181,7 +177,6 @@ func NewCommand() *cobra.Command {
 				serverSideDiff,
 				enableDynamicClusterDistribution,
 				ignoreNormalizerOpts,
-				enableK8sEvent,
 			)
 			errors.CheckError(err)
 			cacheutil.CollectMetrics(redisClient, appController.GetMetricsServer())
@@ -256,9 +251,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().BoolVar(&enableDynamicClusterDistribution, "dynamic-cluster-distribution-enabled", env.ParseBoolFromEnv(common.EnvEnableDynamicClusterDistribution, false), "Enables dynamic cluster distribution.")
 	command.Flags().BoolVar(&serverSideDiff, "server-side-diff-enabled", env.ParseBoolFromEnv(common.EnvServerSideDiff, false), "Feature flag to enable ServerSide diff. Default (\"false\")")
 	command.Flags().DurationVar(&ignoreNormalizerOpts.JQExecutionTimeout, "ignore-normalizer-jq-execution-timeout-seconds", env.ParseDurationFromEnv("ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT", 0*time.Second, 0, math.MaxInt64), "Set ignore normalizer JQ execution timeout")
-	// argocd k8s event logging flag
-	command.Flags().StringSliceVar(&enableK8sEvent, "enable-k8s-event", env.StringsFromEnv("ARGOCD_ENABLE_K8S_EVENT", argo.DefaultEnableEventList(), ","), "Enable ArgoCD to use k8s event. For disabling all events, set the value as `none`. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated)")
-
 	cacheSource = appstatecache.AddCacheFlagsToCmd(&command, cacheutil.Options{
 		OnClientCreated: func(client *redis.Client) {
 			redisClient = client

cmd/argocd-repo-server/commands/argocd_repo_server.go

@@ -75,7 +75,6 @@ func NewCommand() *cobra.Command {
 		helmRegistryMaxIndexSize          string
 		disableManifestMaxExtractedSize   bool
 		includeHiddenDirectories          bool
-		cmpUseManifestGeneratePaths       bool
 	)
 	command := cobra.Command{
 		Use:               cliName,
@@ -137,7 +136,6 @@ func NewCommand() *cobra.Command {
 				HelmManifestMaxExtractedSize:                 helmManifestMaxExtractedSizeQuantity.ToDec().Value(),
 				HelmRegistryMaxIndexSize:                     helmRegistryMaxIndexSizeQuantity.ToDec().Value(),
 				IncludeHiddenDirectories:                     includeHiddenDirectories,
-				CMPUseManifestGeneratePaths:                  cmpUseManifestGeneratePaths,
 			}, askPassServer)
 			errors.CheckError(err)
 
@@ -243,7 +241,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&helmRegistryMaxIndexSize, "helm-registry-max-index-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_INDEX_SIZE", "1G"), "Maximum size of registry index file")
 	command.Flags().BoolVar(&disableManifestMaxExtractedSize, "disable-helm-manifest-max-extracted-size", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE", false), "Disable maximum size of helm manifest archives when extracted")
 	command.Flags().BoolVar(&includeHiddenDirectories, "include-hidden-directories", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES", false), "Include hidden directories from Git")
-	command.Flags().BoolVar(&cmpUseManifestGeneratePaths, "plugin-use-manifest-generate-paths", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS", false), "Pass the resources described in argocd.argoproj.io/manifest-generate-paths value to the cmpserver to generate the application manifests.")
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(&command)
 	cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, cacheutil.Options{
 		OnClientCreated: func(client *redis.Client) {

cmd/argocd-server/commands/argocd_server.go

@@ -27,7 +27,6 @@ import (
 	reposervercache "github.com/argoproj/argo-cd/v2/reposerver/cache"
 	"github.com/argoproj/argo-cd/v2/server"
 	servercache "github.com/argoproj/argo-cd/v2/server/cache"
-	"github.com/argoproj/argo-cd/v2/util/argo"
 	cacheutil "github.com/argoproj/argo-cd/v2/util/cache"
 	"github.com/argoproj/argo-cd/v2/util/cli"
 	"github.com/argoproj/argo-cd/v2/util/dex"
@@ -92,9 +91,6 @@ func NewCommand() *cobra.Command {
 		scmRootCAPath            string
 		allowedScmProviders      []string
 		enableScmProviders       bool
-
-		// argocd k8s event logging flag
-		enableK8sEvent []string
 	)
 	command := &cobra.Command{
 		Use:               cliName,
@@ -233,7 +229,6 @@ func NewCommand() *cobra.Command {
 				ApplicationNamespaces:   applicationNamespaces,
 				EnableProxyExtension:    enableProxyExtension,
 				WebhookParallelism:      webhookParallelism,
-				EnableK8sEvent:          enableK8sEvent,
 			}
 
 			appsetOpts := server.ApplicationSetOpts{
@@ -308,7 +303,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces where application resources can be managed in")
 	command.Flags().BoolVar(&enableProxyExtension, "enable-proxy-extension", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_PROXY_EXTENSION", false), "Enable Proxy Extension feature")
 	command.Flags().IntVar(&webhookParallelism, "webhook-parallelism-limit", env.ParseNumFromEnv("ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT", 50, 1, 1000), "Number of webhook requests processed concurrently")
-	command.Flags().StringSliceVar(&enableK8sEvent, "enable-k8s-event", env.StringsFromEnv("ARGOCD_ENABLE_K8S_EVENT", argo.DefaultEnableEventList(), ","), "Enable ArgoCD to use k8s event. For disabling all events, set the value as `none`. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated)")
 
 	// Flags related to the applicationSet component.
 	command.Flags().StringVar(&scmRootCAPath, "appset-scm-root-ca-path", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH", ""), "Provide Root CA Path for self-signed TLS Certificates")

cmd/argocd/commands/app.go

@@ -585,8 +585,8 @@ func printAppSummaryTable(app *argoappv1.Application, appURL string, windows *ar
 	var status string
 	var allow, deny, inactiveAllows bool
 	if windows.HasWindows() {
-		active := windows.Active()
-		if active.HasWindows() {
+		active, err := windows.Active()
+		if err == nil && active.HasWindows() {
 			for _, w := range *active {
 				if w.Kind == "deny" {
 					deny = true
@@ -595,13 +595,14 @@ func printAppSummaryTable(app *argoappv1.Application, appURL string, windows *ar
 				}
 			}
 		}
-		if windows.InactiveAllows().HasWindows() {
+		inactiveAllowWindows, err := windows.InactiveAllows()
+		if err == nil && inactiveAllowWindows.HasWindows() {
 			inactiveAllows = true
 		}
 
-		s := windows.CanSync(true)
 		if deny || !deny && !allow && inactiveAllows {
-			if s {
+			s, err := windows.CanSync(true)
+			if err == nil && s {
 				status = "Manual Allowed"
 			} else {
 				status = "Sync Denied"
@@ -1080,18 +1081,17 @@ func getLocalObjectsString(ctx context.Context, app *argoappv1.Application, proj
 ) []string {
 	source := app.Spec.GetSource()
 	res, err := repository.GenerateManifests(ctx, local, localRepoRoot, source.TargetRevision, &repoapiclient.ManifestRequest{
-		Repo:                            &argoappv1.Repository{Repo: source.RepoURL},
-		AppLabelKey:                     appLabelKey,
-		AppName:                         app.Name,
-		Namespace:                       app.Spec.Destination.Namespace,
-		ApplicationSource:               &source,
-		KustomizeOptions:                kustomizeOptions,
-		KubeVersion:                     kubeVersion,
-		ApiVersions:                     apiVersions,
-		TrackingMethod:                  trackingMethod,
-		ProjectName:                     proj.Name,
-		ProjectSourceRepos:              proj.Spec.SourceRepos,
-		AnnotationManifestGeneratePaths: app.GetAnnotation(argoappv1.AnnotationKeyManifestGeneratePaths),
+		Repo:               &argoappv1.Repository{Repo: source.RepoURL},
+		AppLabelKey:        appLabelKey,
+		AppName:            app.Name,
+		Namespace:          app.Spec.Destination.Namespace,
+		ApplicationSource:  &source,
+		KustomizeOptions:   kustomizeOptions,
+		KubeVersion:        kubeVersion,
+		ApiVersions:        apiVersions,
+		TrackingMethod:     trackingMethod,
+		ProjectName:        proj.Name,
+		ProjectSourceRepos: proj.Spec.SourceRepos,
 	}, true, &git.NoopCredsStore{}, resource.MustParse("0"), nil)
 	errors.CheckError(err)
 

cmd/argocd/commands/projectwindows.go

@@ -352,9 +352,10 @@ func printSyncWindows(proj *v1alpha1.AppProject) {
 	fmt.Fprintf(w, fmtStr, headers...)
 	if proj.Spec.SyncWindows.HasWindows() {
 		for i, window := range proj.Spec.SyncWindows {
+			isActive, _ := window.Active()
 			vals := []interface{}{
 				strconv.Itoa(i),
-				formatBoolOutput(window.Active()),
+				formatBoolOutput(isActive),
 				window.Kind,
 				window.Schedule,
 				window.Duration,

cmd/argocd/commands/root.go

@@ -70,7 +70,7 @@ func NewCommand() *cobra.Command {
 	command.PersistentFlags().StringVar(&clientOpts.CertFile, "server-crt", config.GetFlag("server-crt", ""), "Server certificate file")
 	command.PersistentFlags().StringVar(&clientOpts.ClientCertFile, "client-crt", config.GetFlag("client-crt", ""), "Client certificate file")
 	command.PersistentFlags().StringVar(&clientOpts.ClientCertKeyFile, "client-crt-key", config.GetFlag("client-crt-key", ""), "Client certificate key file")
-	command.PersistentFlags().StringVar(&clientOpts.AuthToken, "auth-token", config.GetFlag("auth-token", env.StringFromEnv(common.EnvAuthToken, "")), fmt.Sprintf("Authentication token; set this or the %s environment variable", common.EnvAuthToken))
+	command.PersistentFlags().StringVar(&clientOpts.AuthToken, "auth-token", config.GetFlag("auth-token", ""), "Authentication token")
 	command.PersistentFlags().BoolVar(&clientOpts.GRPCWeb, "grpc-web", config.GetBoolFlag("grpc-web"), "Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.")
 	command.PersistentFlags().StringVar(&clientOpts.GRPCWebRootPath, "grpc-web-root-path", config.GetFlag("grpc-web-root-path", ""), "Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.")
 	command.PersistentFlags().StringVar(&cmdutil.LogFormat, "logformat", config.GetFlag("logformat", "text"), "Set the logging format. One of: text|json")

cmd/util/project.go

@@ -48,6 +48,8 @@ func AddProjFlags(command *cobra.Command, opts *ProjectOpts) {
 	command.Flags().StringArrayVar(&opts.allowedNamespacedResources, "allow-namespaced-resource", []string{}, "List of allowed namespaced resources")
 	command.Flags().StringArrayVar(&opts.deniedNamespacedResources, "deny-namespaced-resource", []string{}, "List of denied namespaced resources")
 	command.Flags().StringSliceVar(&opts.SourceNamespaces, "source-namespaces", []string{}, "List of source namespaces for applications")
+	command.Flags().StringArrayVar(&opts.destinationServiceAccounts, "dest-service-accounts", []string{},
+		"Destination server, namespace and target service account (e.g. https://192.168.99.100:8443,default,default-sa)")
 }
 
 func getGroupKindList(values []string) []v1.GroupKind {
@@ -98,8 +100,8 @@ func (opts *ProjectOpts) GetDestinationServiceAccounts() []v1alpha1.ApplicationD
 	destinationServiceAccounts := make([]v1alpha1.ApplicationDestinationServiceAccount, 0)
 	for _, destStr := range opts.destinationServiceAccounts {
 		parts := strings.Split(destStr, ",")
-		if len(parts) != 2 {
-			log.Fatalf("Expected destination of the form: server,namespace. Received: %s", destStr)
+		if len(parts) != 3 {
+			log.Fatalf("Expected destination service account of the form: server,namespace, defaultServiceAccount. Received: %s", destStr)
 		} else {
 			destinationServiceAccounts = append(destinationServiceAccounts, v1alpha1.ApplicationDestinationServiceAccount{
 				Server:                parts[0],

cmd/util/project_test.go

@@ -5,6 +5,8 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )
 
 func TestProjectOpts_ResourceLists(t *testing.T) {
@@ -22,3 +24,27 @@ func TestProjectOpts_ResourceLists(t *testing.T) {
 		[]v1.GroupKind{{Group: "rbac.authorization.k8s.io", Kind: "ClusterRole"}}, opts.GetDeniedClusterResources(),
 	)
 }
+
+func TestProjectOpts_GetDestinationServiceAccounts(t *testing.T) {
+	opts := ProjectOpts{
+		destinationServiceAccounts: []string{
+			"https://192.168.99.100:8443,test-ns,test-sa",
+			"https://kubernetes.default.svc.local:6443,guestbook,guestbook-sa",
+		},
+	}
+
+	assert.ElementsMatch(t,
+		[]v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://192.168.99.100:8443",
+				Namespace:             "test-ns",
+				DefaultServiceAccount: "test-sa",
+			},
+			{
+				Server:                "https://kubernetes.default.svc.local:6443",
+				Namespace:             "guestbook",
+				DefaultServiceAccount: "guestbook-sa",
+			},
+		}, opts.GetDestinationServiceAccounts(),
+	)
+}

common/common.go

@@ -254,8 +254,6 @@ const (
 	EnvHelmIndexCacheDuration = "ARGOCD_HELM_INDEX_CACHE_DURATION"
 	// EnvAppConfigPath allows to override the configuration path for repo server
 	EnvAppConfigPath = "ARGOCD_APP_CONF_PATH"
-	// EnvAuthToken is the environment variable name for the auth token used by the CLI
-	EnvAuthToken = "ARGOCD_AUTH_TOKEN"
 	// EnvLogFormat log format that is defined by `--logformat` option
 	EnvLogFormat = "ARGOCD_LOG_FORMAT"
 	// EnvLogLevel log level that is defined by `--loglevel` option

controller/appcontroller.go

@@ -173,7 +173,6 @@ func NewApplicationController(
 	serverSideDiff bool,
 	dynamicClusterDistributionEnabled bool,
 	ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts,
-	enableK8sEvent []string,
 ) (*ApplicationController, error) {
 	log.Infof("appResyncPeriod=%v, appHardResyncPeriod=%v, appResyncJitter=%v", appResyncPeriod, appHardResyncPeriod, appResyncJitter)
 	db := db.NewDB(namespace, settingsMgr, kubeClientset)
@@ -198,7 +197,7 @@ func NewApplicationController(
 		statusRefreshJitter:               appResyncJitter,
 		refreshRequestedApps:              make(map[string]CompareWith),
 		refreshRequestedAppsMutex:         &sync.Mutex{},
-		auditLogger:                       argo.NewAuditLogger(namespace, kubeClientset, common.ApplicationController, enableK8sEvent),
+		auditLogger:                       argo.NewAuditLogger(namespace, kubeClientset, common.ApplicationController),
 		settingsMgr:                       settingsMgr,
 		selfHealTimeout:                   selfHealTimeout,
 		clusterSharding:                   clusterSharding,
@@ -1691,7 +1690,8 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 		app.Status.Summary = tree.GetSummary(app)
 	}
 
-	if project.Spec.SyncWindows.Matches(app).CanSync(false) {
+	canSync, _ := project.Spec.SyncWindows.Matches(app).CanSync(false)
+	if canSync {
 		syncErrCond, opMS := ctrl.autoSync(app, compareResult.syncStatus, compareResult.resources, compareResult.revisionUpdated)
 		setOpMs = opMS
 		if syncErrCond != nil {

controller/appcontroller_test.go

@@ -43,15 +43,12 @@ import (
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	mockrepoclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks"
 	"github.com/argoproj/argo-cd/v2/test"
-	"github.com/argoproj/argo-cd/v2/util/argo"
 	"github.com/argoproj/argo-cd/v2/util/argo/normalizers"
 	cacheutil "github.com/argoproj/argo-cd/v2/util/cache"
 	appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate"
 	"github.com/argoproj/argo-cd/v2/util/settings"
 )
 
-var testEnableEventList []string = argo.DefaultEnableEventList()
-
 type namespacedResource struct {
 	v1alpha1.ResourceNode
 	AppName string
@@ -67,6 +64,7 @@ type fakeData struct {
 	metricsCacheExpiration         time.Duration
 	applicationNamespaces          []string
 	updateRevisionForPathsResponse *apiclient.UpdateRevisionForPathsResponse
+	additionalObjs                 []runtime.Object
 }
 
 type MockKubectl struct {
@@ -136,7 +134,9 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController {
 		},
 		Data: data.configMapData,
 	}
-	kubeClient := fake.NewSimpleClientset(&clust, &cm, &secret)
+	runtimeObjs := []runtime.Object{&clust, &secret, &cm}
+	runtimeObjs = append(runtimeObjs, data.additionalObjs...)
+	kubeClient := fake.NewSimpleClientset(runtimeObjs...)
 	settingsMgr := settings.NewSettingsManager(context.Background(), kubeClient, test.FakeArgoCDNamespace)
 	kubectl := &MockKubectl{Kubectl: &kubetest.MockKubectlCmd{}}
 	ctrl, err := NewApplicationController(
@@ -167,7 +167,6 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController {
 		false,
 		false,
 		normalizers.IgnoreNormalizerOpts{},
-		testEnableEventList,
 	)
 	db := &dbmocks.ArgoDB{}
 	db.On("GetApplicationControllerReplicas").Return(1)

controller/state.go

@@ -249,28 +249,27 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 
 		log.Debugf("Generating Manifest for source %s revision %s", source, revision)
 		manifestInfo, err := repoClient.GenerateManifest(context.Background(), &apiclient.ManifestRequest{
-			Repo:                            repo,
-			Repos:                           permittedHelmRepos,
-			Revision:                        revision,
-			NoCache:                         noCache,
-			NoRevisionCache:                 noRevisionCache,
-			AppLabelKey:                     appLabelKey,
-			AppName:                         app.InstanceName(m.namespace),
-			Namespace:                       app.Spec.Destination.Namespace,
-			ApplicationSource:               &source,
-			KustomizeOptions:                kustomizeOptions,
-			KubeVersion:                     serverVersion,
-			ApiVersions:                     argo.APIResourcesToStrings(apiResources, true),
-			VerifySignature:                 verifySignature,
-			HelmRepoCreds:                   permittedHelmCredentials,
-			TrackingMethod:                  string(argo.GetTrackingMethod(m.settingsMgr)),
-			EnabledSourceTypes:              enabledSourceTypes,
-			HelmOptions:                     helmOptions,
-			HasMultipleSources:              app.Spec.HasMultipleSources(),
-			RefSources:                      refSources,
-			ProjectName:                     proj.Name,
-			ProjectSourceRepos:              proj.Spec.SourceRepos,
-			AnnotationManifestGeneratePaths: app.GetAnnotation(v1alpha1.AnnotationKeyManifestGeneratePaths),
+			Repo:               repo,
+			Repos:              permittedHelmRepos,
+			Revision:           revision,
+			NoCache:            noCache,
+			NoRevisionCache:    noRevisionCache,
+			AppLabelKey:        appLabelKey,
+			AppName:            app.InstanceName(m.namespace),
+			Namespace:          app.Spec.Destination.Namespace,
+			ApplicationSource:  &source,
+			KustomizeOptions:   kustomizeOptions,
+			KubeVersion:        serverVersion,
+			ApiVersions:        argo.APIResourcesToStrings(apiResources, true),
+			VerifySignature:    verifySignature,
+			HelmRepoCreds:      permittedHelmCredentials,
+			TrackingMethod:     string(argo.GetTrackingMethod(m.settingsMgr)),
+			EnabledSourceTypes: enabledSourceTypes,
+			HelmOptions:        helmOptions,
+			HasMultipleSources: app.Spec.HasMultipleSources(),
+			RefSources:         refSources,
+			ProjectName:        proj.Name,
+			ProjectSourceRepos: proj.Spec.SourceRepos,
 		})
 		if err != nil {
 			return nil, nil, false, fmt.Errorf("failed to generate manifest for source %d of %d: %w", i+1, len(sources), err)

controller/sync.go

@@ -44,6 +44,10 @@ const (
 	// EnvVarSyncWaveDelay is an environment variable which controls the delay in seconds between
 	// each sync-wave
 	EnvVarSyncWaveDelay = "ARGOCD_SYNC_WAVE_DELAY"
+
+	// serviceAccountDisallowedCharSet contains the characters that are not allowed to be present
+	// in a DefaultServiceAccount configured for a DestinationServiceAccount
+	serviceAccountDisallowedCharSet = "!*[]{}\\/"
 )
 
 func (m *appStateManager) getOpenAPISchema(server string) (openapi.Resources, error) {
@@ -170,12 +174,18 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		state.Phase = common.OperationError
 		state.Message = fmt.Sprintf("Failed to load application project: %v", err)
 		return
-	} else if syncWindowPreventsSync(app, proj) {
-		// If the operation is currently running, simply let the user know the sync is blocked by a current sync window
-		if state.Phase == common.OperationRunning {
-			state.Message = "Sync operation blocked by sync window"
+	} else {
+		isBlocked, err := syncWindowPreventsSync(app, proj)
+		if isBlocked {
+			// If the operation is currently running, simply let the user know the sync is blocked by a current sync window
+			if state.Phase == common.OperationRunning {
+				state.Message = "Sync operation blocked by sync window"
+				if err != nil {
+					state.Message = fmt.Sprintf("%s: %v", state.Message, err)
+				}
+			}
+			return
 		}
-		return
 	}
 
 	if !isMultiSourceRevision {
@@ -287,8 +297,13 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	}
 	trackingMethod := argo.GetTrackingMethod(m.settingsMgr)
 
-	if m.settingsMgr.IsImpersonationEnabled() {
-		serviceAccountToImpersonate, err := deriveServiceAccountName(proj, app)
+	impersonationEnabled, err := m.settingsMgr.IsImpersonationEnabled()
+	if err != nil {
+		log.Errorf("could not get impersonation feature flag: %v", err)
+		return
+	}
+	if impersonationEnabled {
+		serviceAccountToImpersonate, err := deriveServiceAccountToImpersonate(proj, app)
 		if err != nil {
 			state.Phase = common.OperationError
 			state.Message = fmt.Sprintf("failed to find a matching service account to impersonate: %v", err)
@@ -548,18 +563,23 @@ func delayBetweenSyncWaves(phase common.SyncPhase, wave int, finalWave bool) err
 	return nil
 }
 
-func syncWindowPreventsSync(app *v1alpha1.Application, proj *v1alpha1.AppProject) bool {
+func syncWindowPreventsSync(app *v1alpha1.Application, proj *v1alpha1.AppProject) (bool, error) {
 	window := proj.Spec.SyncWindows.Matches(app)
 	isManual := false
 	if app.Status.OperationState != nil {
 		isManual = !app.Status.OperationState.Operation.InitiatedBy.Automated
 	}
-	return !window.CanSync(isManual)
+	canSync, err := window.CanSync(isManual)
+	if err != nil {
+		// prevents sync because sync window has an error
+		return true, err
+	}
+	return !canSync, nil
 }
 
-// deriveServiceAccountName determines the service account to be used for impersonation for the sync operation.
+// deriveServiceAccountToImpersonate determines the service account to be used for impersonation for the sync operation.
 // The returned service account will be fully qualified including namespace and the service account name in the format system:serviceaccount:<namespace>:<service_account>
-func deriveServiceAccountName(project *v1alpha1.AppProject, application *v1alpha1.Application) (string, error) {
+func deriveServiceAccountToImpersonate(project *v1alpha1.AppProject, application *v1alpha1.Application) (string, error) {
 	// spec.Destination.Namespace is optional. If not specified, use the Application's
 	// namespace
 	serviceAccountNamespace := application.Spec.Destination.Namespace
@@ -569,10 +589,18 @@ func deriveServiceAccountName(project *v1alpha1.AppProject, application *v1alpha
 	// Loop through the destinationServiceAccounts and see if there is any destination that is a candidate.
 	// if so, return the service account specified for that destination.
 	for _, item := range project.Spec.DestinationServiceAccounts {
-		dstServerMatched := glob.Match(item.Server, application.Spec.Destination.Server)
-		dstNamespaceMatched := glob.Match(item.Namespace, application.Spec.Destination.Namespace)
+		dstServerMatched, err := glob.MatchWithError(item.Server, application.Spec.Destination.Server)
+		if err != nil {
+			return "", fmt.Errorf("invalid glob pattern for destination server: %w", err)
+		}
+		dstNamespaceMatched, err := glob.MatchWithError(item.Namespace, application.Spec.Destination.Namespace)
+		if err != nil {
+			return "", fmt.Errorf("invalid glob pattern for destination namespace: %w", err)
+		}
 		if dstServerMatched && dstNamespaceMatched {
-			if strings.Contains(item.DefaultServiceAccount, ":") {
+			if strings.Trim(item.DefaultServiceAccount, " ") == "" || strings.ContainsAny(item.DefaultServiceAccount, serviceAccountDisallowedCharSet) {
+				return "", fmt.Errorf("default service account contains invalid chars '%s'", item.DefaultServiceAccount)
+			} else if strings.Contains(item.DefaultServiceAccount, ":") {
 				// service account is specified along with its namespace.
 				return fmt.Sprintf("system:serviceaccount:%s", item.DefaultServiceAccount), nil
 			} else {

controller/sync_test.go

@@ -2,6 +2,7 @@ package controller
 
 import (
 	"context"
+	"strconv"
 	"testing"
 
 	"github.com/argoproj/gitops-engine/pkg/sync"
@@ -9,6 +10,7 @@ import (
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -644,6 +646,771 @@ func TestNormalizeTargetResourcesWithList(t *testing.T) {
 	})
 }
 
+func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
+	type fixture struct {
+		project     *v1alpha1.AppProject
+		application *v1alpha1.Application
+	}
+
+	setup := func(destinationServiceAccounts []v1alpha1.ApplicationDestinationServiceAccount, destinationNamespace, destinationServerURL, applicationNamespace string) *fixture {
+		project := &v1alpha1.AppProject{
+			ObjectMeta: v1.ObjectMeta{
+				Namespace: "argocd-ns",
+				Name:      "testProj",
+			},
+			Spec: v1alpha1.AppProjectSpec{
+				DestinationServiceAccounts: destinationServiceAccounts,
+			},
+		}
+		app := &v1alpha1.Application{
+			ObjectMeta: v1.ObjectMeta{
+				Namespace: applicationNamespace,
+				Name:      "testApp",
+			},
+			Spec: v1alpha1.ApplicationSpec{
+				Project: "testProj",
+				Destination: v1alpha1.ApplicationDestination{
+					Server:    destinationServerURL,
+					Namespace: destinationNamespace,
+				},
+			},
+		}
+		return &fixture{
+			project:     project,
+			application: app,
+		}
+	}
+
+	t.Run("empty destination service accounts", func(t *testing.T) {
+		// given an application referring a project with no destination service accounts
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := ""
+		expectedErrMsg := "no matching service account found for destination server https://kubernetes.svc.local and namespace testns"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		assert.Equal(t, expectedSA, sa)
+
+		// then, there should be an error saying no valid match was found
+		assert.EqualError(t, err, expectedErrMsg)
+	})
+
+	t.Run("exact match of destination namespace", func(t *testing.T) {
+		// given an application referring a project with exactly one destination service account that matches the application destination,
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should be no error and should use the right service account for impersonation
+		require.NoError(t, err)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("exact one match with multiple destination service accounts", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts having one exact match for application destination
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "guestbook",
+				DefaultServiceAccount: "guestbook-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "guestbook-test",
+				DefaultServiceAccount: "guestbook-test-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "default",
+				DefaultServiceAccount: "default-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should be no error and should use the right service account for impersonation
+		require.NoError(t, err)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("first match to be used when multiple matches are available", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts having multiple match for application destination
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa-2",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa-3",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "guestbook",
+				DefaultServiceAccount: "guestbook-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should be no error and it should use the first matching service account for impersonation
+		require.NoError(t, err)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("first match to be used when glob pattern is used", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts with glob patterns matching the application destination
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "test*",
+				DefaultServiceAccount: "test-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa-2",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "default",
+				DefaultServiceAccount: "default-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should not be any error and should use the first matching glob pattern service account for impersonation
+		require.NoError(t, err)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("no match among a valid list", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts with no matches for application destination
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "test1",
+				DefaultServiceAccount: "test-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "test2",
+				DefaultServiceAccount: "test-sa-2",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "default",
+				DefaultServiceAccount: "default-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := ""
+		expectedErrMsg := "no matching service account found for destination server https://kubernetes.svc.local and namespace testns"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should be an error saying no match was found
+		require.EqualError(t, err, expectedErrMsg)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("app destination namespace is empty", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts with empty application destination namespace
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				DefaultServiceAccount: "test-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "*",
+				DefaultServiceAccount: "test-sa-2",
+			},
+		}
+		destinationNamespace := ""
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:argocd-ns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should not be any error and the service account configured for with empty namespace should be used.
+		require.NoError(t, err)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("match done via catch all glob pattern", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts having a catch all glob pattern
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns1",
+				DefaultServiceAccount: "test-sa-2",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "default",
+				DefaultServiceAccount: "default-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "*",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should not be any error and the catch all service account should be returned
+		require.NoError(t, err)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("match done via invalid glob pattern", func(t *testing.T) {
+		// given an application referring a project with a destination service account having an invalid glob pattern for namespace
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "e[[a*",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := ""
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there must be an error as the glob pattern is invalid.
+		require.ErrorContains(t, err, "invalid glob pattern for destination namespace")
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("sa specified with a namespace", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts having a matching service account specified with its namespace
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "myns:test-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "default",
+				DefaultServiceAccount: "default-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "*",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:myns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		assert.Equal(t, expectedSA, sa)
+
+		// then, there should not be any error and the service account with its namespace should be returned.
+		require.NoError(t, err)
+	})
+}
+
+func TestDeriveServiceAccountMatchingServers(t *testing.T) {
+	type fixture struct {
+		project     *v1alpha1.AppProject
+		application *v1alpha1.Application
+	}
+
+	setup := func(destinationServiceAccounts []v1alpha1.ApplicationDestinationServiceAccount, destinationNamespace, destinationServerURL, applicationNamespace string) *fixture {
+		project := &v1alpha1.AppProject{
+			ObjectMeta: v1.ObjectMeta{
+				Namespace: "argocd-ns",
+				Name:      "testProj",
+			},
+			Spec: v1alpha1.AppProjectSpec{
+				DestinationServiceAccounts: destinationServiceAccounts,
+			},
+		}
+		app := &v1alpha1.Application{
+			ObjectMeta: v1.ObjectMeta{
+				Namespace: applicationNamespace,
+				Name:      "testApp",
+			},
+			Spec: v1alpha1.ApplicationSpec{
+				Project: "testProj",
+				Destination: v1alpha1.ApplicationDestination{
+					Server:    destinationServerURL,
+					Namespace: destinationNamespace,
+				},
+			},
+		}
+		return &fixture{
+			project:     project,
+			application: app,
+		}
+	}
+
+	t.Run("exact one match with multiple destination service accounts", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts and one exact match for application destination
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "guestbook",
+				DefaultServiceAccount: "guestbook-sa",
+			},
+			{
+				Server:                "https://abc.svc.local",
+				Namespace:             "guestbook",
+				DefaultServiceAccount: "guestbook-test-sa",
+			},
+			{
+				Server:                "https://cde.svc.local",
+				Namespace:             "guestbook",
+				DefaultServiceAccount: "default-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should not be any error and the right service account must be returned.
+		require.NoError(t, err)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("first match to be used when multiple matches are available", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts and multiple matches for application destination
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa-2",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "default",
+				DefaultServiceAccount: "default-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "guestbook",
+				DefaultServiceAccount: "guestbook-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should not be any error and first matching service account should be used
+		require.NoError(t, err)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("first match to be used when glob pattern is used", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts with a matching glob pattern and exact match
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "test*",
+				DefaultServiceAccount: "test-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa-2",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "default",
+				DefaultServiceAccount: "default-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		assert.Equal(t, expectedSA, sa)
+
+		// then, there should not be any error and the service account of the glob pattern, being the first match should be returned.
+		require.NoError(t, err)
+	})
+
+	t.Run("no match among a valid list", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts with no match
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa",
+			},
+			{
+				Server:                "https://abc.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "test-sa-2",
+			},
+			{
+				Server:                "https://cde.svc.local",
+				Namespace:             "default",
+				DefaultServiceAccount: "default-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://xyz.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := ""
+		expectedErr := "no matching service account found for destination server https://xyz.svc.local and namespace testns"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there an error with appropriate message must be returned
+		require.EqualError(t, err, expectedErr)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("match done via catch all glob pattern", func(t *testing.T) {
+		// given an application referring a project with multiple destination service accounts with matching catch all glob pattern
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "testns1",
+				DefaultServiceAccount: "test-sa-2",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "default",
+				DefaultServiceAccount: "default-sa",
+			},
+			{
+				Server:                "*",
+				Namespace:             "*",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://localhost:6443"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should not be any error and the service account of the glob pattern match must be returned.
+		require.NoError(t, err)
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("match done via invalid glob pattern", func(t *testing.T) {
+		// given an application referring a project with a destination service account having an invalid glob pattern for server
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "e[[a*",
+				Namespace:             "test-ns",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := ""
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there must be an error as the glob pattern is invalid.
+		require.ErrorContains(t, err, "invalid glob pattern for destination server")
+		assert.Equal(t, expectedSA, sa)
+	})
+
+	t.Run("sa specified with a namespace", func(t *testing.T) {
+		// given app sync impersonation feature is enabled and matching service account is prefixed with a namespace
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://abc.svc.local",
+				Namespace:             "testns",
+				DefaultServiceAccount: "myns:test-sa",
+			},
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "default",
+				DefaultServiceAccount: "default-sa",
+			},
+			{
+				Server:                "*",
+				Namespace:             "*",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://abc.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:myns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+
+		// then, there should not be any error and the service account with the given namespace prefix must be returned.
+		require.NoError(t, err)
+		assert.Equal(t, expectedSA, sa)
+	})
+}
+
+func TestSyncWithImpersonate(t *testing.T) {
+	type fixture struct {
+		project     *v1alpha1.AppProject
+		application *v1alpha1.Application
+		controller  *ApplicationController
+	}
+
+	setup := func(impersonationEnabled bool, destinationNamespace, serviceAccountName string) *fixture {
+		app := newFakeApp()
+		app.Status.OperationState = nil
+		app.Status.History = nil
+		project := &v1alpha1.AppProject{
+			ObjectMeta: v1.ObjectMeta{
+				Namespace: test.FakeArgoCDNamespace,
+				Name:      "default",
+			},
+			Spec: v1alpha1.AppProjectSpec{
+				DestinationServiceAccounts: []v1alpha1.
+					ApplicationDestinationServiceAccount{
+					{
+						Server:                "https://localhost:6443",
+						Namespace:             destinationNamespace,
+						DefaultServiceAccount: serviceAccountName,
+					},
+				},
+			},
+		}
+		additionalObjs := []runtime.Object{}
+		if serviceAccountName != "" {
+			syncServiceAccount := &corev1.ServiceAccount{
+				ObjectMeta: v1.ObjectMeta{
+					Name:      serviceAccountName,
+					Namespace: test.FakeDestNamespace,
+				},
+			}
+			additionalObjs = append(additionalObjs, syncServiceAccount)
+		}
+		data := fakeData{
+			apps: []runtime.Object{app, project},
+			manifestResponse: &apiclient.ManifestResponse{
+				Manifests: []string{},
+				Namespace: test.FakeDestNamespace,
+				Server:    "https://localhost:6443",
+				Revision:  "abc123",
+			},
+			managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{},
+			configMapData: map[string]string{
+				"application.sync.impersonation.enabled": strconv.FormatBool(impersonationEnabled),
+			},
+			additionalObjs: additionalObjs,
+		}
+		ctrl := newFakeController(&data, nil)
+		return &fixture{
+			project:     project,
+			application: app,
+			controller:  ctrl,
+		}
+	}
+
+	t.Run("sync with impersonation and no matching service account", func(t *testing.T) {
+		// given app sync impersonation feature is enabled with an application referring a project no matching service account
+		f := setup(true, test.FakeArgoCDNamespace, "")
+		opMessage := "failed to find a matching service account to impersonate: no matching service account found for destination server https://localhost:6443 and namespace fake-dest-ns"
+
+		opState := &v1alpha1.OperationState{
+			Operation: v1alpha1.Operation{
+				Sync: &v1alpha1.SyncOperation{
+					Source: &v1alpha1.ApplicationSource{},
+				},
+			},
+			Phase: common.OperationRunning,
+		}
+		// when
+		f.controller.appStateManager.SyncAppState(f.application, opState)
+
+		// then, app sync should fail with expected error message in operation state
+		assert.Equal(t, common.OperationError, opState.Phase)
+		assert.Contains(t, opState.Message, opMessage)
+	})
+
+	t.Run("sync with impersonation and empty service account match", func(t *testing.T) {
+		// given app sync impersonation feature is enabled with an application referring a project matching service account that is an empty string
+		f := setup(true, test.FakeDestNamespace, "")
+		opMessage := "failed to find a matching service account to impersonate: default service account contains invalid chars ''"
+
+		opState := &v1alpha1.OperationState{
+			Operation: v1alpha1.Operation{
+				Sync: &v1alpha1.SyncOperation{
+					Source: &v1alpha1.ApplicationSource{},
+				},
+			},
+			Phase: common.OperationRunning,
+		}
+		// when
+		f.controller.appStateManager.SyncAppState(f.application, opState)
+
+		// then app sync should fail with expected error message in operation state
+		assert.Equal(t, common.OperationError, opState.Phase)
+		assert.Contains(t, opState.Message, opMessage)
+	})
+
+	t.Run("sync with impersonation and matching sa", func(t *testing.T) {
+		// given app sync impersonation feature is enabled with an application referring a project matching service account
+		f := setup(true, test.FakeDestNamespace, "test-sa")
+		opMessage := "successfully synced (no more tasks)"
+
+		opState := &v1alpha1.OperationState{
+			Operation: v1alpha1.Operation{
+				Sync: &v1alpha1.SyncOperation{
+					Source: &v1alpha1.ApplicationSource{},
+				},
+			},
+			Phase: common.OperationRunning,
+		}
+		// when
+		f.controller.appStateManager.SyncAppState(f.application, opState)
+
+		// then app sync should not fail
+		assert.Equal(t, common.OperationSucceeded, opState.Phase)
+		assert.Contains(t, opState.Message, opMessage)
+	})
+
+	t.Run("sync without impersonation", func(t *testing.T) {
+		// given app sync impersonation feature is disabled with an application referring a project matching service account
+		f := setup(false, test.FakeDestNamespace, "")
+		opMessage := "successfully synced (no more tasks)"
+
+		opState := &v1alpha1.OperationState{
+			Operation: v1alpha1.Operation{
+				Sync: &v1alpha1.SyncOperation{
+					Source: &v1alpha1.ApplicationSource{},
+				},
+			},
+			Phase: common.OperationRunning,
+		}
+		// when
+		f.controller.appStateManager.SyncAppState(f.application, opState)
+
+		// then application sync should pass using the control plane service account
+		assert.Equal(t, common.OperationSucceeded, opState.Phase)
+		assert.Contains(t, opState.Message, opMessage)
+	})
+}
+
 func dig[T any](obj interface{}, path []interface{}) T {
 	i := obj
 

docs/assets/versions.js

@@ -32,23 +32,41 @@ function initializeVersionDropdown() {
   window[callbackName] = function(response) {
     const div = document.createElement('div');
     div.innerHTML = response.html;
-    document.querySelector(".md-header__inner > .md-header__title").appendChild(div);
+    const headerTitle = document.querySelector(".md-header__inner > .md-header__title");
+    if (headerTitle) {
+      headerTitle.appendChild(div);
+    }
+
     const container = div.querySelector('.rst-versions');
+    if (!container) return; // Exit if container not found
+
+    // Add caret icon
     var caret = document.createElement('div');
     caret.innerHTML = "<i class='fa fa-caret-down dropdown-caret'></i>";
     caret.classList.add('dropdown-caret');
-    div.querySelector('.rst-current-version').appendChild(caret);
+    const currentVersionElem = div.querySelector('.rst-current-version');
+    if (currentVersionElem) {
+      currentVersionElem.appendChild(caret);
+    }
 
-    div.querySelector('.rst-current-version').addEventListener('click', function() {
-      container.classList.toggle('shift-up');
-    });
+    // Add click listener to toggle dropdown
+    if (currentVersionElem && container) {
+      currentVersionElem.addEventListener('click', function() {
+        container.classList.toggle('shift-up');
+      });
+    }
+
+    // Sorting Logic
+    sortVersionLinks(container);
   };
 
+  // Load CSS
   var CSSLink = document.createElement('link');
   CSSLink.rel = 'stylesheet';
   CSSLink.href = '/assets/versions.css';
   document.getElementsByTagName('head')[0].appendChild(CSSLink);
 
+  // Load JSONP Script
   var script = document.createElement('script');
   const currentVersion = getCurrentVersion();
   script.src = 'https://argo-cd.readthedocs.io/_/api/v2/footer_html/?' +
@@ -56,6 +74,58 @@ function initializeVersionDropdown() {
   document.getElementsByTagName('head')[0].appendChild(script);
 }
 
+// Function to sort version links
+function sortVersionLinks(container) {
+  // Find all <dl> elements within the container
+  const dlElements = container.querySelectorAll('dl');
+
+  dlElements.forEach(dl => {
+    const dt = dl.querySelector('dt');
+    if (dt && dt.textContent.trim().toLowerCase() === 'versions') {
+      // Found the Versions <dl>
+      const ddElements = Array.from(dl.querySelectorAll('dd'));
+
+      // Define sorting criteria
+      ddElements.sort((a, b) => {
+        const aText = a.textContent.trim().toLowerCase();
+        const bText = b.textContent.trim().toLowerCase();
+
+        // Prioritize 'latest' and 'stable'
+        if (aText === 'latest') return -1;
+        if (bText === 'latest') return 1;
+        if (aText === 'stable') return -1;
+        if (bText === 'stable') return 1;
+
+        // Extract version numbers (e.g., release-2.9)
+        const aVersionMatch = aText.match(/release-(\d+(\.\d+)*)/);
+        const bVersionMatch = bText.match(/release-(\d+(\.\d+)*)/);
+
+        if (aVersionMatch && bVersionMatch) {
+          const aVersion = aVersionMatch[1].split('.').map(Number);
+          const bVersion = bVersionMatch[1].split('.').map(Number);
+          
+          for (let i = 0; i < Math.max(aVersion.length, bVersion.length); i++) {
+            const aNum = aVersion[i] || 0;
+            const bNum = bVersion[i] || 0;
+            if (aNum > bNum) return -1;
+            if (aNum < bNum) return 1;
+          }
+          return 0;
+        }
+
+        // Fallback to alphabetical order
+        return aText.localeCompare(bText);
+      });
+
+      // Remove existing <dd> elements
+      ddElements.forEach(dd => dl.removeChild(dd));
+
+      // Append sorted <dd> elements
+      ddElements.forEach(dd => dl.appendChild(dd));
+    }
+  });
+}
+
 // VERSION WARNINGS
 window.addEventListener("DOMContentLoaded", function() {
   var margin = 30;

docs/operator-manual/app-sync-using-impersonation.md

@@ -1,7 +1,7 @@
 # Application Sync using impersonation
 
 !!! warning "Alpha Feature"
-    This is an experimental, alpha-quality feature that allows you to control the service account used for the sync operation. The configured service account, could have lesser privileges required for creating resources compared to the highly privileged access required for the control plane operations.
+    This is an experimental, alpha-quality feature that allows you to control the service account used for the sync operation. The configured service account could have lesser privileges required for creating resources compared to the highly privileged access required for the control plane operations.
 
 !!! warning
     Please read this documentation carefully before you enable this feature. Misconfiguration could lead to potential security issues.
@@ -94,7 +94,7 @@ spec:
   sourceRepos:
     - '*'
   destinations:
-    - *
+    - '*'
   destinationServiceAccounts:
     - server: https://kubernetes.default.svc
       namespace: guestbook

docs/operator-manual/argocd-cm.yaml

@@ -329,14 +329,14 @@ data:
   # spread out the refreshes and give time to the repo-server to catch up. The jitter is the maximum duration that can be
   # added to the sync timeout. So, if the sync timeout is 3 minutes and the jitter is 1 minute, then the actual timeout will
   # be between 3 and 4 minutes. Disabled when the value is 0, defaults to 0.
-  timeout.reconciliation.jitter: 0
+  timeout.reconciliation.jitter: "0"
 
   # cluster.inClusterEnabled indicates whether to allow in-cluster server address. This is enabled by default.
   cluster.inClusterEnabled: "true"
 
   # The maximum number of pod logs to render in UI. If the application has more than this number of pods, the logs will not be rendered.
   # This is to prevent the UI from becoming unresponsive when rendering a large number of logs. Default is 10.
-  server.maxPodLogsToRender: 10
+  server.maxPodLogsToRender: "10"
 
   # Application pod logs RBAC enforcement enables control over who can and who can't view application pod logs.
   # When you enable the switch, pod logs will be visible only to admin role by default. Other roles/users will not be able to view them via cli and UI.
@@ -425,7 +425,7 @@ data:
                 name: some-cluster
                 server: https://some-cluster
   # The maximum size of the payload that can be sent to the webhook server.
-  webhook.maxPayloadSizeMB: 1024
+  webhook.maxPayloadSizeMB: "1024"
 
-  # application.sync.impersonation.enabled indicates whether the application sync can be decoupled from control plane service account using impersonation.
+  # application.sync.impersonation.enabled enables application sync to use a custom service account, via impersonation. This allows decoupling sync from control-plane service account.
   application.sync.impersonation.enabled: "false"

docs/operator-manual/argocd-cmd-params-cm.yaml

@@ -171,8 +171,6 @@ data:
   reposerver.max.combined.directory.manifests.size: '10M'
   # Paths to be excluded from the tarball streamed to plugins. Separate with ;
   reposerver.plugin.tar.exclusions: ""
-  # Enable the repo server to use the 'argocd.argoproj.io/manifest-generate-paths' annotation to guide manifest generation.
-  reposerver.plugin.use.manifest.generate.paths: "false"
   # Allow repositories to contain symlinks that leave the boundaries of the repository.
   # Changing this to "true" will not allow _all_ out-of-bounds symlinks. Those will still be blocked for things like values
   # files in Helm charts. But symlinks which are not explicitly blocked by other checks will be allowed.

docs/operator-manual/argocd-repositories.yaml

@@ -12,7 +12,6 @@ stringData:
   url: https://github.com/argoproj/argocd-example-apps
   password: my-password
   username: my-username
-  project: my-project
   insecure: "true" # Ignore validity of server's TLS certificate. Defaults to "false"
   forceHttpBasicAuth: "true" # Skip auth method negotiation and force usage of HTTP basic auth. Defaults to "false"
   enableLfs: "true" # Enable git-lfs for this repository. Defaults to "false"
@@ -43,7 +42,6 @@ metadata:
 stringData:
   url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
   name: istio.io
-  project: my-project
   type: helm
 ---
 apiVersion: v1

docs/operator-manual/config-management-plugins.md

@@ -359,16 +359,6 @@ You can set it one of three ways:
 For option 1, the flag can be repeated multiple times. For option 2 and 3, you can specify multiple globs by separating
 them with semicolons.
 
-## Application manifests generation using argocd.argoproj.io/manifest-generate-paths
-
-To enhance the application manifests generation process, you can enable the use of the `argocd.argoproj.io/manifest-generate-paths` annotation. When this flag is enabled, the resources specified by this annotation will be passed to the CMP server for generating application manifests, rather than sending the entire repository. This can be particularly useful for monorepos.
-
-You can set it one of three ways:
-
-1. The `--plugin-use-manifest-generate-paths` argument on the repo server.
-2. The `reposerver.plugin.use.manifest.generate.paths` key if you are using `argocd-cmd-params-cm`
-3. Directly setting `ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS` environment variable on the repo server to `true`.
-
 ## Migrating from argocd-cm plugins
 
 Installing plugins by modifying the argocd-cm ConfigMap is deprecated as of v2.4 and has been completely removed starting in v2.8.

docs/operator-manual/declarative-setup.md

@@ -30,7 +30,7 @@ For each specific kind of ConfigMap and Secret resource, there is only a single
 |------------------------------------------------------------------|-------------|--------------------------|
 | [`application.yaml`](../user-guide/application-specification.md) | Application | Example application spec |
 | [`project.yaml`](./project-specification.md)                     | AppProject  | Example project spec     |
-| [`argocd-repositories.yaml`](./argocd-repositories-yaml.md)                                                                | Secret      | Repository credentials   |
+| -                                                                | Secret      | Repository credentials   |
 
 For `Application` and `AppProject` resources, the name of the resource equals the name of the application or project within Argo CD. This also means that application and project names are unique within a given Argo CD installation - you cannot have the same application name for two different applications.
 
@@ -176,7 +176,6 @@ spec:
 Repository details are stored in secrets. To configure a repo, create a secret which contains repository details.
 Consider using [bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) to store an encrypted secret definition as a Kubernetes manifest.
 Each repository must have a `url` field and, depending on whether you connect using HTTPS, SSH, or GitHub App, `username` and `password` (for HTTPS), `sshPrivateKey` (for SSH), or `githubAppPrivateKey` (for GitHub App).
-Credentials can be scoped to a project using the optional `project` field. When omitted, the credential will be used as the default for all projects without a scoped credential.
 
 !!!warning
     When using [bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) the labels will be removed and have to be readded as described here: https://github.com/bitnami-labs/sealed-secrets#sealedsecrets-as-templates-for-secrets
@@ -196,7 +195,6 @@ stringData:
   url: https://github.com/argoproj/private-repo
   password: my-password
   username: my-username
-  project: my-project
 ```
 
 Example for SSH:
@@ -787,7 +785,7 @@ the role can be appended to the `args` section like so:
 
 ```yaml
 ...
-    "args": ["aws", "--cluster-name", "my-eks-cluster", "--role-arn", "arn:aws:iam::<AWS_ACCOUNT_ID>:role/<IAM_ROLE_NAME>"],
+    "args": ["aws", "--cluster-name", "my-eks-cluster", "--roleARN", "arn:aws:iam::<AWS_ACCOUNT_ID>:role/<IAM_ROLE_NAME>"],
 ...
 ```
 This construct can be used in conjunction with something like the External Secrets Operator to avoid storing the keys in
@@ -1046,7 +1044,7 @@ stringData:
 
 ## Resource Exclusion/Inclusion
 
-Resources can be excluded from discovery and sync so that Argo CD is unaware of them. For example, the apiGroup/kind `events.k8s.io/*`, `metrics.k8s.io/*` and `coordination.k8s.io/Lease` are always excluded. Use cases:
+Resources can be excluded from discovery and sync so that Argo CD is unaware of them. For example, the apiGroup/kind `events.k8s.io/*`, `metrics.k8s.io/*`, `coordination.k8s.io/Lease`, and `""/Endpoints` are always excluded. Use cases:
 
 * You have temporal issues and you want to exclude problematic resources.
 * There are many of a kind of resources that impacts Argo CD's performance.

docs/operator-manual/health.md

@@ -98,20 +98,27 @@ data:
     return hs
 ```
 
-In order to prevent duplication of the custom health check for potentially multiple resources, it is also possible to specify a wildcard in the resource kind, and anywhere in the resource group, like this:
+In order to prevent duplication of custom health checks for potentially multiple resources, it is also possible to
+specify a wildcard in the resource kind, and anywhere in the resource group, like this:
 
 ```yaml
-  resource.customizations.health.ec2.aws.crossplane.io_*: |
-    ...
+  resource.customizations: |
+    ec2.aws.crossplane.io/*:
+      health.lua: |
+        ...
 ```
 
 ```yaml
-  resource.customizations.health.*.aws.crossplane.io_*: |
-    ...
+  # If a key _begins_ with a wildcard, please ensure that the GVK key is quoted.
+  resource.customizations: |
+    "*.aws.crossplane.io/*":
+      health.lua: |
+        ...
 ```
 
 !!!important
-    Please, note that there can be ambiguous resolution of wildcards, see [#16905](https://github.com/argoproj/argo-cd/issues/16905)
+    Please, note that wildcards are only supported when using the `resource.customizations` key, the `resource.customizations.health.<group>_<kind>`
+style keys do not work since wildcards (`*`) are not supported in Kubernetes configmap keys.
 
 The `obj` is a global variable which contains the resource. The script must return an object with status and optional message field.
 The custom health check might return one of the following health statuses:
@@ -121,7 +128,7 @@ The custom health check might return one of the following health statuses:
   * `Degraded` - the resource is degraded
   * `Suspended` - the resource is suspended and waiting for some external event to resume (e.g. suspended CronJob or paused Deployment)
 
-By default health typically returns `Progressing` status.
+By default, health typically returns a `Progressing` status.
 
 NOTE: As a security measure, access to the standard Lua libraries will be disabled by default. Admins can control access by
 setting `resource.customizations.useOpenLibs.<group>_<kind>`. In the following example, standard libraries are enabled for health check of `cert-manager.io/Certificate`.

docs/operator-manual/high_availability.md

@@ -277,9 +277,6 @@ spec:
 # ...
 ```
 
-!!! note
-    If application manifest generation using the `argocd.argoproj.io/manifest-generate-paths` annotation feature is enabled, only the resources specified by this annotation will be sent to the CMP server for manifest generation, rather than the entire repository. To determine the appropriate resources, a common root path is calculated based on the paths provided in the annotation. The application path serves as the deepest path that can be selected as the root.
-
 ### Application Sync Timeout & Jitter
 
 Argo CD has a timeout for application syncs. It will trigger a refresh for each application periodically when the timeout expires.

docs/operator-manual/ingress.md

@@ -471,7 +471,7 @@ Once we create this service, we can configure the Ingress to conditionally route
 ```
 
 ## [Istio](https://www.istio.io)
-You can put Argo CD behind Istio using following configurations. Here we will achieve both serving Argo CD behind istio and using subpath on Istio
+You can put Argo CD behind Istio using following configurations. Here we will achive both serving Argo CD behind istio and using subpath on Istio
 
 First we need to make sure that we can run Argo CD with subpath (ie /argocd). For this we have used install.yaml from argocd project as is
 

docs/operator-manual/notifications/troubleshooting-errors.md

@@ -40,27 +40,6 @@ You need to check your argocd-notifications controller version. For instance, th
 
 You have not defined `xxxx` in `argocd-notifications-cm` or to fail to parse settings.
 
-### GitHub.repoURL (\u003cno value\u003e) does not have a / using the configuration
-
-You probably have an Application with [multiple sources](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/):
-
-```yaml
-spec:
-  sources:  # <- multiple sources
-  - repoURL: https://github.com/exampleOrg/first.git
-    path: sources/example
-  - repoURL: https://github.com/exampleOrg/second.git
-    targetRevision: "{{branch}}"
-```
-
-So standard notification template won't work (`{{.app.spec.source.repoURL}}`). You should choose a single source instead:
-
-```yaml
-template.example: |
-  github:
-    repoURLPath: "{{ (index .app.spec.sources 0).repoURL }}"
-```
-
 ## config referenced xxx, but key does not exist in secret
 
 - If you are using a custom secret, check that the secret is in the same namespace

docs/operator-manual/reconcile.md

@@ -110,7 +110,7 @@ data:
     jqPathExpressions:
     # Ignore lastTransitionTime for conditions; helpful when SharedResourceWarnings are being regularly updated but not
     # actually changing in content.
-    - .status?.conditions[]?.lastTransitionTime
+    - .status.conditions[].lastTransitionTime
 ```
 
 ## Ignoring updates for untracked resources

docs/operator-manual/server-commands/argocd-application-controller.md

@@ -31,7 +31,6 @@ argocd-application-controller [flags]
       --default-cache-expiration duration                         Cache expiration default (default 24h0m0s)
       --disable-compression                                       If true, opt-out of response compression for all requests to the server
       --dynamic-cluster-distribution-enabled                      Enables dynamic cluster distribution.
-      --enable-k8s-event none                                     Enable ArgoCD to use k8s event. For disabling all events, set the value as none. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated) (default [all])
       --gloglevel int                                             Set the glog logging level
   -h, --help                                                      help for argocd-application-controller
       --ignore-normalizer-jq-execution-timeout-seconds duration   Set ignore normalizer JQ execution timeout

docs/operator-manual/server-commands/argocd-repo-server.md

@@ -35,7 +35,6 @@ argocd-repo-server [flags]
       --otlp-insecure                                  OpenTelemetry collector insecure mode (default true)
       --parallelismlimit int                           Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.
       --plugin-tar-exclude stringArray                 Globs to filter when sending tarballs to plugins.
-      --plugin-use-manifest-generate-paths             Pass the resources described in argocd.argoproj.io/manifest-generate-paths value to the cmpserver to generate the application manifests.
       --port int                                       Listen on given port for incoming connections (default 8081)
       --redis string                                   Redis server hostname and port (e.g. argocd-redis:6379). 
       --redis-ca-certificate string                    Path to Redis server CA certificate (e.g. /etc/certs/redis/ca.crt). If not specified, system trusted CAs will be used for server certificate validation.

docs/operator-manual/server-commands/argocd-server.md

@@ -51,7 +51,6 @@ argocd-server [flags]
       --disable-auth                                    Disable client authentication
       --disable-compression                             If true, opt-out of response compression for all requests to the server
       --enable-gzip                                     Enable GZIP compression (default true)
-      --enable-k8s-event none                           Enable ArgoCD to use k8s event. For disabling all events, set the value as none. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated) (default [all])
       --enable-proxy-extension                          Enable Proxy Extension feature
       --gloglevel int                                   Set the glog logging level
   -h, --help                                            help for argocd-server

docs/operator-manual/tested-kubernetes-versions.md

@@ -1,2 +1,5 @@
-This page is populated for released Argo CD versions. Use the version selector to view this table for a specific 
-version. 
+| Argo CD version | Kubernetes versions |
+|-----------------|---------------------|
+| 2.13 |  |
+| 2.12 |  |
+| 2.11 | v1.29, v1.28, v1.27, v1.26, v1.25 |

docs/operator-manual/upgrading/2.12-2.13.md

@@ -70,4 +70,4 @@ The default extension for log files generated by Argo CD when using the "Downloa
 If you have any custom scripts or tools that depend on the `.txt` extension, please update them accordingly.
 ## Added proxy to kustomize
 
-Proxy config set on repository credentials / repository templates is now passed down to the `kustomize build` command. 
+Proxy config set on repository credentials / repository templates is now passed down to the `kustomie build` command. 

docs/operator-manual/user-management/okta.md

@@ -135,7 +135,7 @@ First, create the OIDC integration:
     ![Okta OIDC app dialogue](../../assets/okta-create-oidc-app.png)
 1. Update the following:
     1. `App Integration name` and `Logo` - set these to suit your needs; they'll be displayed in the Okta catalogue.
-    1. `Sign-in redirect URLs`: Add `https://argocd.example.com/auth/callback`; replacing `argocd.example.com` with your ArgoCD web interface URL.
+    1. `Sign-in redirect URLs`: Add `https://argocd.example.com/auth/callback`; replacing `argocd.example.com` with your ArgoCD web interface URL. Also add `http://localhost:8085/auth/callback` if you would like to be able to login with the CLI.
     1. `Sign-out redirect URIs`: Add `https://argocd.example.com`; substituting the correct domain name as above. 
     1. Either assign groups, or choose to skip this step for now.
     1. Leave the rest of the options as-is, and save the integration.
@@ -170,25 +170,6 @@ Next, create a custom Authorization server:
     ![Default rule](../../assets/okta-auth-rule.png)
 1. Finally, click `Back to Authorization Servers`, and copy the `Issuer URI`. You will need this later.
 
-### CLI login
-
-In order to login with the CLI `argocd login https://argocd.example.com --sso`, Okta requires a separate dedicated App Integration:
-
-1. Create a new `Create App Integration`, and choose `OIDC`, and then `Single-Page Application`.
-1. Update the following:
-    1. `App Integration name` and `Logo` - set these to suit your needs; they'll be displayed in the Okta catalogue.
-    1. `Sign-in redirect URLs`: Add `http://localhost:8085/auth/callback`.
-    1. `Sign-out redirect URIs`: Add `http://localhost:8085`.
-    1. Either assign groups, or choose to skip this step for now.
-    1. Leave the rest of the options as-is, and save the integration.
-    1. Copy the `Client ID` from the newly created app; `cliClientID: <Client ID>` will be used in your `argocd-cm` ConfigMap.
-1. Edit your Authorization Server `Access Policies`:
-    1. Navigate to the Okta API Management at `Security > API`.
-    1. Choose your existing `Authorization Server` that was created previously.
-    1. Click `Access Policies` > `Edit Policy`.
-    1. Assign your newly created `App Integration` by filling in the text box and clicking `Update Policy`.
-    ![Edit Policy](../../assets/okta-auth-policy-edit.png)
-
 If you haven't yet created Okta groups, and assigned them to the application integration, you should do that now:
 
 1. Go to `Directory > Groups`
@@ -209,7 +190,6 @@ oidc.config: |
   # this is the authorization server URI
   issuer: https://example.okta.com/oauth2/aus9abcdefgABCDEFGd7
   clientID: 0oa9abcdefgh123AB5d7
-  cliClientID: gfedcba0987654321GEFDCBA # Optional if using the CLI for SSO
   clientSecret: ABCDEFG1234567890abcdefg
   requestedScopes: ["openid", "profile", "email", "groups"]
   requestedIDTokenClaims: {"groups": {"essential": true}}

docs/proposals/decouple-application-sync-user-using-impersonation.md

@@ -68,9 +68,9 @@ This proposal would allow ArgoCD administrators to manage the cluster permission
 
 ### Goals
 - Applications may only impersonate ServiceAccounts that live in the same namespace as the destination namespace configured in the application.If the service account is created in a different namespace, then the user can provide the service account name in the format `<namespace>:<service_account_name>` . ServiceAccount to be used for syncing each application is determined by the target destination configured in the `AppProject` associated with the `Application`.
-- If impersonation feature is enabled, and no service account name is provided in the associated `AppProject`, then the sync operation would fail with an appropriate error message. Users can configure a catch all service account matching all destinations to avoid such sync errors.
+- If impersonation feature is enabled, and no service account name is provided in the associated `AppProject`, then the default service account of the destination namespace of the `Application` should be used.
 - Access restrictions implemented through properties in AppProject (if done) must have the existing behavior. From a security standpoint, any restrictions that were available before switching to a service account based approach should continue to exist even when the impersonation feature is enabled.
-- The feature can be enabled/disabled only at the system level. Once enabled/disabled, it is applicable to all ArgoCD `Applications`.
+- The feature can be enabled/disabled only at the system level. Once enabled/disabled, it is applicable to all Argo CD `Applications`.
 
 ### Non-Goals
 
@@ -82,7 +82,7 @@ As part of this proposal, it would be possible for an ArgoCD Admin to specify a
 
 When applications gets synced, based on its destination (target cluster and namespace combination), the `defaultServiceAccount` configured in the `AppProject` will be selected and used for impersonation when executing the kubectl commands for the sync operation.
 
-We would be introducing a new element `destinationServiceAccounts` in `AppProject.spec`. This element is used for the sole purpose of specifying the impersonation configuration. The `defaultServiceAccount` configured for the `AppProject` would be used for the sync operation for a particular destination cluster and namespace. If impersonation feature is enabled and no specific service account is provided in the `AppProject` CR, then the sync operation will fail with an error. Users can configure a catch all service account matching all destinations to avoid such sync errors.
+We would be introducing a new element `destinationServiceAccounts` in `AppProject.spec`. This element is used for the sole purpose of specifying the impersonation configuration. The `defaultServiceAccount` configured for the `AppProject` would be used for the sync operation for a particular destination cluster and namespace. If impersonation feature is enabled and no specific service account is provided in the `AppProject` CR, then the `default` service account in the destination namespace would be used for impersonation.
 
 ```yaml
 apiVersion: argoproj.io/v1alpha1
@@ -109,7 +109,7 @@ spec:
     - server: https://kubernetes.default.svc
       namespace: guestbook-stage
       defaultServiceAccount: guestbook-stage-deployer
-    - server: '*
+    - server: '*'
       namespace: '*'
       defaultServiceAccount: default # catch all service account to be used when all other matches fail.
 ```
@@ -161,7 +161,10 @@ So that, I can use a generic convention of naming service accounts and avoid ass
 
 #### Component: ArgoCD Application Controller
 
-- Provide a configuration in `argocd-cm`  which can be modified to enable the Impersonation feature. Set `application.sync.impersonation.enabled: "true"` in the Argo CD ConfigMap. Default value of `application.sync.impersonation.enabled` would be `"false"` and user has to explicitly override it to use this feature.
+- Provide a configuration in `argocd-cm`  which can be modified to enable the Impersonation feature. Set `applicationcontroller.enable.impersonation: true` in the Argo CD ConfigMap. Default value of `applicationcontroller.enable.impersonation` would be `false` and user has to explicitly override it to use this feature.
+- Provide an option to override the Impersonation feature using environment variables.
+Set `ARGOCD_APPLICATION_CONTROLLER_ENABLE_IMPERSONATION=true` in the Application controller environment variables. Default value of the environment variable must be `false` and user has to explicitly set it to `true` to use this feature.
+- Provide an option to enable this feature using a command line flag `--enable-impersonation`. This new argument option needs to be added to the Application controller args.
 - Fix Application Controller `sync.go` to set the Impersonate configuration from the AppProject CR to the `SyncContext` Object (rawConfig and restConfig field, need to understand which config is used for the actual sync and if both configs need to be impersonated.)
 
 #### Component: ArgoCD UI

docs/snyk/index.md

@@ -18,61 +18,47 @@ recent minor releases.
 | [dex:v2.41.1](master/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 0 | 0 | 1 |
 | [haproxy:2.6.17-alpine](master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 3 |
 | [redis:7.0.15-alpine](master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 8 |
+| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 6 | 8 |
 | [redis:7.0.15-alpine](master/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 |
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v2.13.0-rc2
-
-|    | Critical | High | Medium | Low |
-|---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.13.0-rc2/argocd-test.html) | 0 | 0 | 1 | 0 |
-| [ui/yarn.lock](v2.13.0-rc2/argocd-test.html) | 0 | 0 | 1 | 0 |
-| [dex:v2.41.1](v2.13.0-rc2/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 0 | 0 | 1 |
-| [haproxy:2.6.17-alpine](v2.13.0-rc2/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 3 |
-| [redis:7.0.15-alpine](v2.13.0-rc2/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v2.13.0-rc2](v2.13.0-rc2/quay.io_argoproj_argocd_v2.13.0-rc2.html) | 0 | 0 | 3 | 8 |
-| [redis:7.0.15-alpine](v2.13.0-rc2/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.13.0-rc2/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.13.0-rc2/argocd-iac-namespace-install.html) | - | - | - | - |
-
 ### v2.12.3
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
 | [go.mod](v2.12.3/argocd-test.html) | 0 | 0 | 2 | 0 |
-| [ui/yarn.lock](v2.12.3/argocd-test.html) | 0 | 1 | 2 | 0 |
+| [ui/yarn.lock](v2.12.3/argocd-test.html) | 0 | 0 | 1 | 0 |
 | [dex:v2.38.0](v2.12.3/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 6 |
 | [haproxy:2.6.17-alpine](v2.12.3/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 3 |
 | [redis:7.0.15-alpine](v2.12.3/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v2.12.3](v2.12.3/quay.io_argoproj_argocd_v2.12.3.html) | 0 | 0 | 8 | 8 |
+| [argocd:v2.12.3](v2.12.3/quay.io_argoproj_argocd_v2.12.3.html) | 0 | 0 | 7 | 8 |
 | [redis:7.0.15-alpine](v2.12.3/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 |
 | [install.yaml](v2.12.3/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v2.12.3/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v2.11.8
+### v2.11.7
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.11.8/argocd-test.html) | 0 | 1 | 3 | 0 |
-| [ui/yarn.lock](v2.11.8/argocd-test.html) | 0 | 1 | 2 | 0 |
-| [dex:v2.38.0](v2.11.8/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 6 |
-| [haproxy:2.6.14-alpine](v2.11.8/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 6 |
-| [argocd:v2.11.8](v2.11.8/quay.io_argoproj_argocd_v2.11.8.html) | 0 | 0 | 8 | 16 |
-| [redis:7.0.15-alpine](v2.11.8/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.11.8/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.11.8/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.11.7/argocd-test.html) | 0 | 1 | 3 | 0 |
+| [ui/yarn.lock](v2.11.7/argocd-test.html) | 0 | 0 | 1 | 0 |
+| [dex:v2.38.0](v2.11.7/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 6 |
+| [haproxy:2.6.14-alpine](v2.11.7/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 6 |
+| [argocd:v2.11.7](v2.11.7/quay.io_argoproj_argocd_v2.11.7.html) | 0 | 0 | 10 | 20 |
+| [redis:7.0.15-alpine](v2.11.7/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v2.11.7/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.11.7/argocd-iac-namespace-install.html) | - | - | - | - |
 
 ### v2.10.16
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
 | [go.mod](v2.10.16/argocd-test.html) | 0 | 1 | 4 | 0 |
-| [ui/yarn.lock](v2.10.16/argocd-test.html) | 0 | 1 | 2 | 0 |
+| [ui/yarn.lock](v2.10.16/argocd-test.html) | 0 | 0 | 1 | 0 |
 | [dex:v2.37.0](v2.10.16/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 10 | 6 |
 | [haproxy:2.6.14-alpine](v2.10.16/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 6 |
-| [argocd:v2.10.16](v2.10.16/quay.io_argoproj_argocd_v2.10.16.html) | 0 | 0 | 12 | 20 |
+| [argocd:v2.10.16](v2.10.16/quay.io_argoproj_argocd_v2.10.16.html) | 0 | 0 | 10 | 20 |
 | [redis:7.0.15-alpine](v2.10.16/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 |
 | [install.yaml](v2.10.16/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v2.10.16/argocd-iac-namespace-install.html) | - | - | - | - |

docs/snyk/master/argocd-iac-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:21:06 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:20:48 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/master/argocd-iac-namespace-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:21:16 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:20:58 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/master/argocd-test.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="2 known vulnerabilities found in 4 vulnerable dependency paths.">
+  <meta name="description" content="2 known vulnerabilities found in 2 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:18:54 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:18:34 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -468,7 +468,7 @@
     
               <div class="meta-counts">
                 <div class="meta-count"><span>2</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>4 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2132</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -477,175 +477,6 @@
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            path-to-regexp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, react-router@4.3.1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when including multiple regular expression parameters in a single segment, which will produce the regular expression <code>/^\/([^\/]+?)-([^\/]+?)\/?$/</code>, if two parameters within a single segment are separated by a character other than a <code>/</code> or <code>.</code>. Poor performance will block the event loop and can lead to a DoS.</p>
-        <p><strong>Note:</strong>
-        While the 8.0.0 release has completely eliminated the vulnerable functionality, prior versions that have received the patch to mitigate backtracking may still be vulnerable if custom regular expressions are used. So it is strongly recommended for regular expression input to be controlled to avoid malicious performance degradation in those versions. This behavior is enforced as of version 7.1.0 via the <code>strict</code> option, which returns an error if a dangerous regular expression is detected.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by using a custom regular expression for parameters after the first in a segment, which excludes <code>-</code> and <code>/</code>.</p>
-        <h2 id="poc">PoC</h2>
-        <pre><code class="language-js">/a${&#39;-a&#39;.repeat(8_000)}/a
-        </code></pre>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
-        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
-        <p>Let’s take the following regular expression as an example:</p>
-        <pre><code class="language-js">regex = /A(B|C+)+D/
-        </code></pre>
-        <p>This regular expression accomplishes the following:</p>
-        <ul>
-        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
-        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
-        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
-        </ul>
-        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
-        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
-        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
-        1.79s user 0.02s system 99% cpu 1.812 total
-        </code></pre>
-        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
-        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
-        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
-        <ol>
-        <li>CCC</li>
-        <li>CC+C</li>
-        <li>C+CC</li>
-        <li>C+C+C.</li>
-        </ol>
-        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
-        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
-        <table>
-        <thead>
-        <tr>
-        <th>String</th>
-        <th align="right">Number of C&#39;s</th>
-        <th align="right">Number of steps</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td>ACCCX</td>
-        <td align="right">3</td>
-        <td align="right">38</td>
-        </tr>
-        <tr>
-        <td>ACCCCX</td>
-        <td align="right">4</td>
-        <td align="right">71</td>
-        </tr>
-        <tr>
-        <td>ACCCCCX</td>
-        <td align="right">5</td>
-        <td align="right">136</td>
-        </tr>
-        <tr>
-        <td>ACCCCCCCCCCCCCCX</td>
-        <td align="right">14</td>
-        <td align="right">65,553</td>
-        </tr>
-        </tbody></table>
-        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>path-to-regexp</code> to version 0.1.10, 1.9.0, 3.3.0, 6.3.0, 8.0.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/f73ec6c86b06f544b977119c2b62a16de480a6a9">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/releases/tag/v7.1.0">Strict Mode Release Note</a></li>
-        <li><a href="https://blakeembrey.com/posts/2024-09-web-redos/">Vulnerability Write-up</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Concurrent Execution using Shared Resource with Improper Synchronization (&#x27;Race Condition&#x27;)</h2>
             <div class="card__section">
@@ -737,6 +568,81 @@
             </div>
         
         </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Template Injection</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            dompurify
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        redoc@2.0.0-rc.64
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dompurify@2.3.6
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://github.com/cure53/DOMPurify">dompurify</a> is a DOM-only XSS sanitizer for HTML, MathML and SVG.</p>
+        <p>Affected versions of this package are vulnerable to Template Injection in <code>purify.js</code>, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML <code>CDATA</code> blocks.</p>
+        <h2 id="poc">PoC</h2>
+        <pre><code>&lt;![CDATA[ &gt;&lt;img src onerror=alert(1)&gt; ]]&gt;
+        </code></pre>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>dompurify</code> to version 2.4.9, 3.0.11 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/cure53/DOMPurify/commit/0940755eacc86e48fd57ee90e9238964034c49b7">GitHub Commit</a></li>
+        <li><a href="https://github.com/cure53/DOMPurify/commit/c60a4dfdabc50fe67b758f1efff8c03d2b8c5472">GitHub Commit</a></li>
+        <li><a href="https://flatt.tech/research/posts/bypassing-dompurify-with-good-old-xml/">Vulnerability Report</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-DOMPURIFY-6474511">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
       </div><!-- cards -->
     </div>
   </main><!-- .layout-stacked__content -->

docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:19:01 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:18:44 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:19:15 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:18:52 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>

docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:19:21 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:18:59 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/master/quay.io_argoproj_argocd_latest.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="11 known vulnerabilities found in 65 vulnerable dependency paths.">
+  <meta name="description" content="14 known vulnerabilities found in 68 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:19:38 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:19:18 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -470,8 +470,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>11</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>65 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>14</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>68 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2355</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -588,7 +588,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libssh/libssh-4@0.10.6-2build2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -603,7 +603,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -620,7 +620,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8
                                          <span class="list-paths__item__arrow">›</span> 
@@ -883,7 +883,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -898,7 +898,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -915,7 +915,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -930,7 +930,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -947,7 +947,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -966,7 +966,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -992,7 +992,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                         
@@ -1005,7 +1005,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libssh/libssh-4@0.10.6-2build2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1048,6 +1048,225 @@
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-KRB5-6693037">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Integer Overflow or Wraparound</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            expat/libexpat1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        expat/libexpat1@2.6.1-2build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>expat</code> package and not the <code>expat</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>expat</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45491">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45491</a></li>
+        <li><a href="https://github.com/libexpat/libexpat/issues/888">https://github.com/libexpat/libexpat/issues/888</a></li>
+        <li><a href="https://github.com/libexpat/libexpat/pull/891">https://github.com/libexpat/libexpat/pull/891</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-EXPAT-7885392">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">XML External Entity (XXE) Injection</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            expat/libexpat1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        expat/libexpat1@2.6.1-2build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>expat</code> package and not the <code>expat</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>expat</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45490">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45490</a></li>
+        <li><a href="https://github.com/libexpat/libexpat/issues/887">https://github.com/libexpat/libexpat/issues/887</a></li>
+        <li><a href="https://github.com/libexpat/libexpat/pull/890">https://github.com/libexpat/libexpat/pull/890</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-EXPAT-7885502">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Integer Overflow or Wraparound</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            expat/libexpat1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        expat/libexpat1@2.6.1-2build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>expat</code> package and not the <code>expat</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>expat</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45492">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45492</a></li>
+        <li><a href="https://github.com/libexpat/libexpat/issues/889">https://github.com/libexpat/libexpat/issues/889</a></li>
+        <li><a href="https://github.com/libexpat/libexpat/pull/892">https://github.com/libexpat/libexpat/pull/892</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-EXPAT-7885595">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
             <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
@@ -1236,7 +1455,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1251,7 +1470,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1268,7 +1487,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1283,7 +1502,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1300,7 +1519,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1319,7 +1538,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1345,7 +1564,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                         
@@ -1358,7 +1577,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libssh/libssh-4@0.10.6-2build2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1444,7 +1663,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1459,7 +1678,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1476,7 +1695,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1491,7 +1710,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1508,7 +1727,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1527,7 +1746,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1553,7 +1772,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1
                                         
@@ -1566,7 +1785,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libssh/libssh-4@0.10.6-2build2
                                          <span class="list-paths__item__arrow">›</span> 

docs/snyk/master/redis_7.0.15-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:19:42 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:19:22 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.10.16/argocd-iac-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:30:18 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:28:10 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.10.16/argocd-iac-namespace-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:30:27 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:28:21 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.10.16/argocd-test.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="8 known vulnerabilities found in 164 vulnerable dependency paths.">
+  <meta name="description" content="6 known vulnerabilities found in 160 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:28:24 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:26:11 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -467,8 +467,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>164 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>6</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>160 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2042</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -3139,329 +3139,6 @@
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Prototype Pollution</h2>
-            <div class="card__section">
-        
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            dompurify
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        redoc@2.0.0-rc.64
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        dompurify@2.3.6
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://github.com/cure53/DOMPurify">dompurify</a> is a DOM-only XSS sanitizer for HTML, MathML and SVG.</p>
-        <p>Affected versions of this package are vulnerable to Prototype Pollution due to improper user input sanitization through the depth-checking mechanism, an attacker can exploit this vulnerability by using special nesting techniques to create a malicious HTML file.</p>
-        <h2 id="details">Details</h2>
-        <p>Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as <code>__proto__</code>, <code>constructor</code> and <code>prototype</code>. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values.  Properties on the <code>Object.prototype</code> are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.</p>
-        <p>There are two main ways in which the pollution of prototypes occurs:</p>
-        <ul>
-        <li><p>Unsafe <code>Object</code> recursive merge</p>
-        </li>
-        <li><p>Property definition by path</p>
-        </li>
-        </ul>
-        <h3 id="unsafe-object-recursive-merge">Unsafe Object recursive merge</h3>
-        <p>The logic of a vulnerable recursive merge function follows the following high-level model:</p>
-        <pre><code>merge (target, source)
-        
-          foreach property of source
-        
-            if property exists and is an object on both the target and the source
-        
-              merge(target[property], source[property])
-        
-            else
-        
-              target[property] = source[property]
-        </code></pre>
-        <br>  
-        
-        <p>When the source object contains a property named <code>__proto__</code> defined with <code>Object.defineProperty()</code> , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of <code>Object</code> and the source of <code>Object</code> as defined by the attacker. Properties are then copied on the <code>Object</code> prototype.</p>
-        <p>Clone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: <code>merge({},source)</code>.</p>
-        <p><code>lodash</code> and <code>Hoek</code> are examples of libraries susceptible to recursive merge attacks.</p>
-        <h3 id="property-definition-by-path">Property definition by path</h3>
-        <p>There are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: <code>theFunction(object, path, value)</code></p>
-        <p>If the attacker can control the value of “path”, they can set this value to <code>__proto__.myValue</code>. <code>myValue</code> is then assigned to the prototype of the class of the object.</p>
-        <h2 id="types-of-attacks">Types of attacks</h2>
-        <p>There are a few methods by which Prototype Pollution can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Short description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Denial of service (DoS)</strong></td>
-        <td>Client</td>
-        <td>This is the most likely attack. <br>DoS occurs when <code>Object</code> holds generic functions that are implicitly called for various operations (for example, <code>toString</code> and <code>valueOf</code>). <br> The attacker pollutes <code>Object.prototype.someattr</code> and alters its state to an unexpected value such as <code>Int</code> or <code>Object</code>. In this case, the code fails and is likely to cause a denial of service.  <br><strong>For example:</strong> if an attacker pollutes <code>Object.prototype.toString</code> by defining it as an integer, if the codebase at any point was reliant on <code>someobject.toString()</code> it would fail.</td>
-        </tr>
-        <tr>
-        <td><strong>Remote Code Execution</strong></td>
-        <td>Client</td>
-        <td>Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.<br><strong>For example:</strong> <code>eval(someobject.someattr)</code>. In this case, if the attacker pollutes <code>Object.prototype.someattr</code> they are likely to be able to leverage this in order to execute code.</td>
-        </tr>
-        <tr>
-        <td><strong>Property Injection</strong></td>
-        <td>Client</td>
-        <td>The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.<br>  <strong>For example:</strong> if a codebase checks privileges for <code>someuser.isAdmin</code>, then when the attacker pollutes <code>Object.prototype.isAdmin</code> and sets it to equal <code>true</code>, they can then achieve admin privileges.</td>
-        </tr>
-        </tbody></table>
-        <h2 id="affected-environments">Affected environments</h2>
-        <p>The following environments are susceptible to a Prototype Pollution attack:</p>
-        <ul>
-        <li><p>Application server</p>
-        </li>
-        <li><p>Web server</p>
-        </li>
-        <li><p>Web browser</p>
-        </li>
-        </ul>
-        <h2 id="how-to-prevent">How to prevent</h2>
-        <ol>
-        <li><p>Freeze the prototype— use <code>Object.freeze (Object.prototype)</code>.</p>
-        </li>
-        <li><p>Require schema validation of JSON input.</p>
-        </li>
-        <li><p>Avoid using unsafe recursive merge functions.</p>
-        </li>
-        <li><p>Consider using objects without prototypes (for example, <code>Object.create(null)</code>), breaking the prototype chain and preventing pollution.</p>
-        </li>
-        <li><p>As a best practice use <code>Map</code> instead of <code>Object</code>.</p>
-        </li>
-        </ol>
-        <h3 id="for-more-information-on-this-vulnerability-type">For more information on this vulnerability type:</h3>
-        <p><a href="https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf">Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018</a></p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>dompurify</code> to version 2.5.4, 3.1.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21">GitHub Commit</a></li>
-        <li><a href="https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2312631">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            path-to-regexp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, react-router@4.3.1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when including multiple regular expression parameters in a single segment, which will produce the regular expression <code>/^\/([^\/]+?)-([^\/]+?)\/?$/</code>, if two parameters within a single segment are separated by a character other than a <code>/</code> or <code>.</code>. Poor performance will block the event loop and can lead to a DoS.</p>
-        <p><strong>Note:</strong>
-        While the 8.0.0 release has completely eliminated the vulnerable functionality, prior versions that have received the patch to mitigate backtracking may still be vulnerable if custom regular expressions are used. So it is strongly recommended for regular expression input to be controlled to avoid malicious performance degradation in those versions. This behavior is enforced as of version 7.1.0 via the <code>strict</code> option, which returns an error if a dangerous regular expression is detected.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by using a custom regular expression for parameters after the first in a segment, which excludes <code>-</code> and <code>/</code>.</p>
-        <h2 id="poc">PoC</h2>
-        <pre><code class="language-js">/a${&#39;-a&#39;.repeat(8_000)}/a
-        </code></pre>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
-        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
-        <p>Let’s take the following regular expression as an example:</p>
-        <pre><code class="language-js">regex = /A(B|C+)+D/
-        </code></pre>
-        <p>This regular expression accomplishes the following:</p>
-        <ul>
-        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
-        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
-        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
-        </ul>
-        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
-        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
-        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
-        1.79s user 0.02s system 99% cpu 1.812 total
-        </code></pre>
-        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
-        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
-        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
-        <ol>
-        <li>CCC</li>
-        <li>CC+C</li>
-        <li>C+CC</li>
-        <li>C+C+C.</li>
-        </ol>
-        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
-        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
-        <table>
-        <thead>
-        <tr>
-        <th>String</th>
-        <th align="right">Number of C&#39;s</th>
-        <th align="right">Number of steps</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td>ACCCX</td>
-        <td align="right">3</td>
-        <td align="right">38</td>
-        </tr>
-        <tr>
-        <td>ACCCCX</td>
-        <td align="right">4</td>
-        <td align="right">71</td>
-        </tr>
-        <tr>
-        <td>ACCCCCX</td>
-        <td align="right">5</td>
-        <td align="right">136</td>
-        </tr>
-        <tr>
-        <td>ACCCCCCCCCCCCCCX</td>
-        <td align="right">14</td>
-        <td align="right">65,553</td>
-        </tr>
-        </tbody></table>
-        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>path-to-regexp</code> to version 0.1.10, 1.9.0, 3.3.0, 6.3.0, 8.0.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/f73ec6c86b06f544b977119c2b62a16de480a6a9">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/releases/tag/v7.1.0">Strict Mode Release Note</a></li>
-        <li><a href="https://blakeembrey.com/posts/2024-09-web-redos/">Vulnerability Write-up</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>

docs/snyk/v2.10.16/ghcr.io_dexidp_dex_v2.37.0.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:28:32 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:26:21 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.10.16/haproxy_2.6.14-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:28:38 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:26:26 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>

docs/snyk/v2.10.16/quay.io_argoproj_argocd_v2.10.16.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="35 known vulnerabilities found in 241 vulnerable dependency paths.">
+  <meta name="description" content="33 known vulnerabilities found in 235 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:28:55 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:26:46 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -470,8 +470,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>35</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>241 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>33</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>235 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2278</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -1985,131 +1985,6 @@
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHASHICORPGORETRYABLEHTTP-7362036">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2023-4039</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.10.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:22.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gcc-12/libstdc++6
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.10.16 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.10.16
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.10.16
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.4.12
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.10.16
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.4.12
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0@2.4.12
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.10.16
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.10.16
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gcc-12</code> package and not the <code>gcc-12</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
-        <p><strong>DISPUTED</strong>A failure in the -fstack-protector feature in GCC-based toolchains 
-        that target AArch64 allows an attacker to exploit an existing buffer 
-        overflow in dynamically-sized local variables in your application 
-        without this being detected. This stack-protector failure only applies 
-        to C99-style dynamically-sized local variables or those created using 
-        alloca(). The stack-protector operates as intended for statically-sized 
-        local variables.</p>
-        <p>The default behavior when the stack-protector 
-        detects an overflow is to terminate your application, resulting in 
-        controlled loss of availability. An attacker who can exploit a buffer 
-        overflow without triggering the stack-protector might be able to change 
-        program flow control to cause an uncontrolled loss of availability or to
-         go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>gcc-12</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-4039">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-4039</a></li>
-        <li><a href="https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64">https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64</a></li>
-        <li><a href="https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf">https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-GCC12-5893601">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Integer Overflow or Wraparound</h2>
@@ -2169,7 +2044,7 @@
         <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
         <p>An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:22.04</code> <code>expat</code> to version 2.4.7-1ubuntu0.4 or higher.</p>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>expat</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45491">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45491</a></li>
@@ -2242,7 +2117,7 @@
         <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
         <p>An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:22.04</code> <code>expat</code> to version 2.4.7-1ubuntu0.4 or higher.</p>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>expat</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45490">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45490</a></li>
@@ -2315,7 +2190,7 @@
         <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
         <p>An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:22.04</code> <code>expat</code> to version 2.4.7-1ubuntu0.4 or higher.</p>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>expat</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45492">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45492</a></li>
@@ -2411,80 +2286,6 @@
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-CURL-7575743">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2024-8096</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.10.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:22.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            curl/libcurl3-gnutls
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.10.16, git@1:2.34.1-1ubuntu1.11 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.10.16
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.34.1-1ubuntu1.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.16
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>curl</code> package and not the <code>curl</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
-        <p>When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine.  If the returned status reports another error than &#39;revoked&#39; (like for example &#39;unauthorized&#39;) it is not treated as a bad certficate.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:22.04</code> <code>curl</code> to version 7.81.0-1ubuntu1.18 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-8096">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-8096</a></li>
-        <li><a href="https://curl.se/docs/CVE-2024-8096.html">https://curl.se/docs/CVE-2024-8096.html</a></li>
-        <li><a href="https://curl.se/docs/CVE-2024-8096.json">https://curl.se/docs/CVE-2024-8096.json</a></li>
-        <li><a href="https://hackerone.com/reports/2669852">https://hackerone.com/reports/2669852</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-CURL-7931918">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
             <h2 class="card__title">CVE-2023-7008</h2>

docs/snyk/v2.10.16/redis_7.0.15-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:28:59 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:26:51 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.11.7/argocd-iac-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:28:02 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:25:50 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.11.7/argocd-iac-namespace-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:28:10 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:26:00 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.11.7/argocd-test.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="7 known vulnerabilities found in 158 vulnerable dependency paths.">
+  <meta name="description" content="5 known vulnerabilities found in 154 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:26:11 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:23:52 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -467,8 +467,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>7</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>158 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>5</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>154 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2041</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -3139,329 +3139,6 @@
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Prototype Pollution</h2>
-            <div class="card__section">
-        
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            dompurify
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        redoc@2.0.0-rc.64
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        dompurify@2.3.6
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://github.com/cure53/DOMPurify">dompurify</a> is a DOM-only XSS sanitizer for HTML, MathML and SVG.</p>
-        <p>Affected versions of this package are vulnerable to Prototype Pollution due to improper user input sanitization through the depth-checking mechanism, an attacker can exploit this vulnerability by using special nesting techniques to create a malicious HTML file.</p>
-        <h2 id="details">Details</h2>
-        <p>Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as <code>__proto__</code>, <code>constructor</code> and <code>prototype</code>. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values.  Properties on the <code>Object.prototype</code> are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.</p>
-        <p>There are two main ways in which the pollution of prototypes occurs:</p>
-        <ul>
-        <li><p>Unsafe <code>Object</code> recursive merge</p>
-        </li>
-        <li><p>Property definition by path</p>
-        </li>
-        </ul>
-        <h3 id="unsafe-object-recursive-merge">Unsafe Object recursive merge</h3>
-        <p>The logic of a vulnerable recursive merge function follows the following high-level model:</p>
-        <pre><code>merge (target, source)
-        
-          foreach property of source
-        
-            if property exists and is an object on both the target and the source
-        
-              merge(target[property], source[property])
-        
-            else
-        
-              target[property] = source[property]
-        </code></pre>
-        <br>  
-        
-        <p>When the source object contains a property named <code>__proto__</code> defined with <code>Object.defineProperty()</code> , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of <code>Object</code> and the source of <code>Object</code> as defined by the attacker. Properties are then copied on the <code>Object</code> prototype.</p>
-        <p>Clone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: <code>merge({},source)</code>.</p>
-        <p><code>lodash</code> and <code>Hoek</code> are examples of libraries susceptible to recursive merge attacks.</p>
-        <h3 id="property-definition-by-path">Property definition by path</h3>
-        <p>There are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: <code>theFunction(object, path, value)</code></p>
-        <p>If the attacker can control the value of “path”, they can set this value to <code>__proto__.myValue</code>. <code>myValue</code> is then assigned to the prototype of the class of the object.</p>
-        <h2 id="types-of-attacks">Types of attacks</h2>
-        <p>There are a few methods by which Prototype Pollution can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Short description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Denial of service (DoS)</strong></td>
-        <td>Client</td>
-        <td>This is the most likely attack. <br>DoS occurs when <code>Object</code> holds generic functions that are implicitly called for various operations (for example, <code>toString</code> and <code>valueOf</code>). <br> The attacker pollutes <code>Object.prototype.someattr</code> and alters its state to an unexpected value such as <code>Int</code> or <code>Object</code>. In this case, the code fails and is likely to cause a denial of service.  <br><strong>For example:</strong> if an attacker pollutes <code>Object.prototype.toString</code> by defining it as an integer, if the codebase at any point was reliant on <code>someobject.toString()</code> it would fail.</td>
-        </tr>
-        <tr>
-        <td><strong>Remote Code Execution</strong></td>
-        <td>Client</td>
-        <td>Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.<br><strong>For example:</strong> <code>eval(someobject.someattr)</code>. In this case, if the attacker pollutes <code>Object.prototype.someattr</code> they are likely to be able to leverage this in order to execute code.</td>
-        </tr>
-        <tr>
-        <td><strong>Property Injection</strong></td>
-        <td>Client</td>
-        <td>The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.<br>  <strong>For example:</strong> if a codebase checks privileges for <code>someuser.isAdmin</code>, then when the attacker pollutes <code>Object.prototype.isAdmin</code> and sets it to equal <code>true</code>, they can then achieve admin privileges.</td>
-        </tr>
-        </tbody></table>
-        <h2 id="affected-environments">Affected environments</h2>
-        <p>The following environments are susceptible to a Prototype Pollution attack:</p>
-        <ul>
-        <li><p>Application server</p>
-        </li>
-        <li><p>Web server</p>
-        </li>
-        <li><p>Web browser</p>
-        </li>
-        </ul>
-        <h2 id="how-to-prevent">How to prevent</h2>
-        <ol>
-        <li><p>Freeze the prototype— use <code>Object.freeze (Object.prototype)</code>.</p>
-        </li>
-        <li><p>Require schema validation of JSON input.</p>
-        </li>
-        <li><p>Avoid using unsafe recursive merge functions.</p>
-        </li>
-        <li><p>Consider using objects without prototypes (for example, <code>Object.create(null)</code>), breaking the prototype chain and preventing pollution.</p>
-        </li>
-        <li><p>As a best practice use <code>Map</code> instead of <code>Object</code>.</p>
-        </li>
-        </ol>
-        <h3 id="for-more-information-on-this-vulnerability-type">For more information on this vulnerability type:</h3>
-        <p><a href="https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf">Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018</a></p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>dompurify</code> to version 2.5.4, 3.1.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21">GitHub Commit</a></li>
-        <li><a href="https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2312631">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            path-to-regexp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, react-router@4.3.1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when including multiple regular expression parameters in a single segment, which will produce the regular expression <code>/^\/([^\/]+?)-([^\/]+?)\/?$/</code>, if two parameters within a single segment are separated by a character other than a <code>/</code> or <code>.</code>. Poor performance will block the event loop and can lead to a DoS.</p>
-        <p><strong>Note:</strong>
-        While the 8.0.0 release has completely eliminated the vulnerable functionality, prior versions that have received the patch to mitigate backtracking may still be vulnerable if custom regular expressions are used. So it is strongly recommended for regular expression input to be controlled to avoid malicious performance degradation in those versions. This behavior is enforced as of version 7.1.0 via the <code>strict</code> option, which returns an error if a dangerous regular expression is detected.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by using a custom regular expression for parameters after the first in a segment, which excludes <code>-</code> and <code>/</code>.</p>
-        <h2 id="poc">PoC</h2>
-        <pre><code class="language-js">/a${&#39;-a&#39;.repeat(8_000)}/a
-        </code></pre>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
-        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
-        <p>Let’s take the following regular expression as an example:</p>
-        <pre><code class="language-js">regex = /A(B|C+)+D/
-        </code></pre>
-        <p>This regular expression accomplishes the following:</p>
-        <ul>
-        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
-        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
-        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
-        </ul>
-        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
-        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
-        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
-        1.79s user 0.02s system 99% cpu 1.812 total
-        </code></pre>
-        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
-        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
-        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
-        <ol>
-        <li>CCC</li>
-        <li>CC+C</li>
-        <li>C+CC</li>
-        <li>C+C+C.</li>
-        </ol>
-        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
-        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
-        <table>
-        <thead>
-        <tr>
-        <th>String</th>
-        <th align="right">Number of C&#39;s</th>
-        <th align="right">Number of steps</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td>ACCCX</td>
-        <td align="right">3</td>
-        <td align="right">38</td>
-        </tr>
-        <tr>
-        <td>ACCCCX</td>
-        <td align="right">4</td>
-        <td align="right">71</td>
-        </tr>
-        <tr>
-        <td>ACCCCCX</td>
-        <td align="right">5</td>
-        <td align="right">136</td>
-        </tr>
-        <tr>
-        <td>ACCCCCCCCCCCCCCX</td>
-        <td align="right">14</td>
-        <td align="right">65,553</td>
-        </tr>
-        </tbody></table>
-        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>path-to-regexp</code> to version 0.1.10, 1.9.0, 3.3.0, 6.3.0, 8.0.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/f73ec6c86b06f544b977119c2b62a16de480a6a9">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/releases/tag/v7.1.0">Strict Mode Release Note</a></li>
-        <li><a href="https://blakeembrey.com/posts/2024-09-web-redos/">Vulnerability Write-up</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Denial of Service (DoS)</h2>

docs/snyk/v2.11.7/ghcr.io_dexidp_dex_v2.38.0.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:26:16 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:23:58 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.11.7/haproxy_2.6.14-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:26:22 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:24:05 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>

docs/snyk/v2.11.7/redis_7.0.15-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:26:43 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:24:29 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.12.3/argocd-iac-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:25:50 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:23:27 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.12.3/argocd-iac-namespace-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:25:59 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:23:37 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.12.3/argocd-test.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="5 known vulnerabilities found in 7 vulnerable dependency paths.">
+  <meta name="description" content="3 known vulnerabilities found in 3 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:23:57 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:21:25 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -467,8 +467,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>5</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>7 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>3 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2061</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -477,329 +477,6 @@
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Prototype Pollution</h2>
-            <div class="card__section">
-        
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            dompurify
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        redoc@2.0.0-rc.64
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        dompurify@2.3.6
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://github.com/cure53/DOMPurify">dompurify</a> is a DOM-only XSS sanitizer for HTML, MathML and SVG.</p>
-        <p>Affected versions of this package are vulnerable to Prototype Pollution due to improper user input sanitization through the depth-checking mechanism, an attacker can exploit this vulnerability by using special nesting techniques to create a malicious HTML file.</p>
-        <h2 id="details">Details</h2>
-        <p>Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as <code>__proto__</code>, <code>constructor</code> and <code>prototype</code>. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values.  Properties on the <code>Object.prototype</code> are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.</p>
-        <p>There are two main ways in which the pollution of prototypes occurs:</p>
-        <ul>
-        <li><p>Unsafe <code>Object</code> recursive merge</p>
-        </li>
-        <li><p>Property definition by path</p>
-        </li>
-        </ul>
-        <h3 id="unsafe-object-recursive-merge">Unsafe Object recursive merge</h3>
-        <p>The logic of a vulnerable recursive merge function follows the following high-level model:</p>
-        <pre><code>merge (target, source)
-        
-          foreach property of source
-        
-            if property exists and is an object on both the target and the source
-        
-              merge(target[property], source[property])
-        
-            else
-        
-              target[property] = source[property]
-        </code></pre>
-        <br>  
-        
-        <p>When the source object contains a property named <code>__proto__</code> defined with <code>Object.defineProperty()</code> , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of <code>Object</code> and the source of <code>Object</code> as defined by the attacker. Properties are then copied on the <code>Object</code> prototype.</p>
-        <p>Clone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: <code>merge({},source)</code>.</p>
-        <p><code>lodash</code> and <code>Hoek</code> are examples of libraries susceptible to recursive merge attacks.</p>
-        <h3 id="property-definition-by-path">Property definition by path</h3>
-        <p>There are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: <code>theFunction(object, path, value)</code></p>
-        <p>If the attacker can control the value of “path”, they can set this value to <code>__proto__.myValue</code>. <code>myValue</code> is then assigned to the prototype of the class of the object.</p>
-        <h2 id="types-of-attacks">Types of attacks</h2>
-        <p>There are a few methods by which Prototype Pollution can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Short description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Denial of service (DoS)</strong></td>
-        <td>Client</td>
-        <td>This is the most likely attack. <br>DoS occurs when <code>Object</code> holds generic functions that are implicitly called for various operations (for example, <code>toString</code> and <code>valueOf</code>). <br> The attacker pollutes <code>Object.prototype.someattr</code> and alters its state to an unexpected value such as <code>Int</code> or <code>Object</code>. In this case, the code fails and is likely to cause a denial of service.  <br><strong>For example:</strong> if an attacker pollutes <code>Object.prototype.toString</code> by defining it as an integer, if the codebase at any point was reliant on <code>someobject.toString()</code> it would fail.</td>
-        </tr>
-        <tr>
-        <td><strong>Remote Code Execution</strong></td>
-        <td>Client</td>
-        <td>Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.<br><strong>For example:</strong> <code>eval(someobject.someattr)</code>. In this case, if the attacker pollutes <code>Object.prototype.someattr</code> they are likely to be able to leverage this in order to execute code.</td>
-        </tr>
-        <tr>
-        <td><strong>Property Injection</strong></td>
-        <td>Client</td>
-        <td>The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.<br>  <strong>For example:</strong> if a codebase checks privileges for <code>someuser.isAdmin</code>, then when the attacker pollutes <code>Object.prototype.isAdmin</code> and sets it to equal <code>true</code>, they can then achieve admin privileges.</td>
-        </tr>
-        </tbody></table>
-        <h2 id="affected-environments">Affected environments</h2>
-        <p>The following environments are susceptible to a Prototype Pollution attack:</p>
-        <ul>
-        <li><p>Application server</p>
-        </li>
-        <li><p>Web server</p>
-        </li>
-        <li><p>Web browser</p>
-        </li>
-        </ul>
-        <h2 id="how-to-prevent">How to prevent</h2>
-        <ol>
-        <li><p>Freeze the prototype— use <code>Object.freeze (Object.prototype)</code>.</p>
-        </li>
-        <li><p>Require schema validation of JSON input.</p>
-        </li>
-        <li><p>Avoid using unsafe recursive merge functions.</p>
-        </li>
-        <li><p>Consider using objects without prototypes (for example, <code>Object.create(null)</code>), breaking the prototype chain and preventing pollution.</p>
-        </li>
-        <li><p>As a best practice use <code>Map</code> instead of <code>Object</code>.</p>
-        </li>
-        </ol>
-        <h3 id="for-more-information-on-this-vulnerability-type">For more information on this vulnerability type:</h3>
-        <p><a href="https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf">Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018</a></p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>dompurify</code> to version 2.5.4, 3.1.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21">GitHub Commit</a></li>
-        <li><a href="https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2312631">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            path-to-regexp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, react-router@4.3.1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when including multiple regular expression parameters in a single segment, which will produce the regular expression <code>/^\/([^\/]+?)-([^\/]+?)\/?$/</code>, if two parameters within a single segment are separated by a character other than a <code>/</code> or <code>.</code>. Poor performance will block the event loop and can lead to a DoS.</p>
-        <p><strong>Note:</strong>
-        While the 8.0.0 release has completely eliminated the vulnerable functionality, prior versions that have received the patch to mitigate backtracking may still be vulnerable if custom regular expressions are used. So it is strongly recommended for regular expression input to be controlled to avoid malicious performance degradation in those versions. This behavior is enforced as of version 7.1.0 via the <code>strict</code> option, which returns an error if a dangerous regular expression is detected.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by using a custom regular expression for parameters after the first in a segment, which excludes <code>-</code> and <code>/</code>.</p>
-        <h2 id="poc">PoC</h2>
-        <pre><code class="language-js">/a${&#39;-a&#39;.repeat(8_000)}/a
-        </code></pre>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
-        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
-        <p>Let’s take the following regular expression as an example:</p>
-        <pre><code class="language-js">regex = /A(B|C+)+D/
-        </code></pre>
-        <p>This regular expression accomplishes the following:</p>
-        <ul>
-        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
-        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
-        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
-        </ul>
-        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
-        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
-        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
-        1.79s user 0.02s system 99% cpu 1.812 total
-        </code></pre>
-        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
-        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
-        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
-        <ol>
-        <li>CCC</li>
-        <li>CC+C</li>
-        <li>C+CC</li>
-        <li>C+C+C.</li>
-        </ol>
-        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
-        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
-        <table>
-        <thead>
-        <tr>
-        <th>String</th>
-        <th align="right">Number of C&#39;s</th>
-        <th align="right">Number of steps</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td>ACCCX</td>
-        <td align="right">3</td>
-        <td align="right">38</td>
-        </tr>
-        <tr>
-        <td>ACCCCX</td>
-        <td align="right">4</td>
-        <td align="right">71</td>
-        </tr>
-        <tr>
-        <td>ACCCCCX</td>
-        <td align="right">5</td>
-        <td align="right">136</td>
-        </tr>
-        <tr>
-        <td>ACCCCCCCCCCCCCCX</td>
-        <td align="right">14</td>
-        <td align="right">65,553</td>
-        </tr>
-        </tbody></table>
-        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>path-to-regexp</code> to version 0.1.10, 1.9.0, 3.3.0, 6.3.0, 8.0.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/f73ec6c86b06f544b977119c2b62a16de480a6a9">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/releases/tag/v7.1.0">Strict Mode Release Note</a></li>
-        <li><a href="https://blakeembrey.com/posts/2024-09-web-redos/">Vulnerability Write-up</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Denial of Service (DoS)</h2>
             <div class="card__section">

docs/snyk/v2.12.3/ghcr.io_dexidp_dex_v2.38.0.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:24:06 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:21:34 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.12.3/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:24:09 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:21:39 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>

docs/snyk/v2.12.3/public.ecr.aws_docker_library_redis_7.0.15-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:24:12 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:21:44 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.12.3/quay.io_argoproj_argocd_v2.12.3.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="17 known vulnerabilities found in 81 vulnerable dependency paths.">
+  <meta name="description" content="16 known vulnerabilities found in 80 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:24:27 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:22:02 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -470,8 +470,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>17</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>81 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>16</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>80 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2292</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -1435,7 +1435,7 @@
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
         <p>An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>expat</code> to version 2.6.1-2ubuntu0.1 or higher.</p>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>expat</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45491">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45491</a></li>
@@ -1508,7 +1508,7 @@
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
         <p>An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>expat</code> to version 2.6.1-2ubuntu0.1 or higher.</p>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>expat</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45490">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45490</a></li>
@@ -1581,7 +1581,7 @@
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
         <p>An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>expat</code> to version 2.6.1-2ubuntu0.1 or higher.</p>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>expat</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45492">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45492</a></li>
@@ -1595,80 +1595,6 @@
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-EXPAT-7885595">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2024-8096</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.12.3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            curl/libcurl3t64-gnutls
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.12.3, git@1:2.43.0-1ubuntu7.1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.12.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>curl</code> package and not the <code>curl</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine.  If the returned status reports another error than &#39;revoked&#39; (like for example &#39;unauthorized&#39;) it is not treated as a bad certficate.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>curl</code> to version 8.5.0-2ubuntu10.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-8096">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-8096</a></li>
-        <li><a href="https://curl.se/docs/CVE-2024-8096.html">https://curl.se/docs/CVE-2024-8096.html</a></li>
-        <li><a href="https://curl.se/docs/CVE-2024-8096.json">https://curl.se/docs/CVE-2024-8096.json</a></li>
-        <li><a href="https://hackerone.com/reports/2669852">https://hackerone.com/reports/2669852</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-CURL-7931919">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
             <h2 class="card__title">Release of Invalid Pointer or Reference</h2>

docs/snyk/v2.12.3/redis_7.0.15-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">September 22nd 2024, 12:24:31 am (UTC+00:00)</p>
+                <p class="timestamp">September 8th 2024, 12:22:06 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.13.0-rc2/argocd-test.html

@@ -1,745 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="2 known vulnerabilities found in 4 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">September 22nd 2024, 12:21:26 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following paths:</span>
-                <ul>
-                  <li class="paths">/argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)</li>
-                  <li class="paths">/argo-cd/ui/yarn.lock (yarn)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>2</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>4 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2132</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-    <div class="layout-container" style="padding-top: 35px;">
-      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            path-to-regexp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, react-router@4.3.1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        path-to-regexp@1.8.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when including multiple regular expression parameters in a single segment, which will produce the regular expression <code>/^\/([^\/]+?)-([^\/]+?)\/?$/</code>, if two parameters within a single segment are separated by a character other than a <code>/</code> or <code>.</code>. Poor performance will block the event loop and can lead to a DoS.</p>
-        <p><strong>Note:</strong>
-        While the 8.0.0 release has completely eliminated the vulnerable functionality, prior versions that have received the patch to mitigate backtracking may still be vulnerable if custom regular expressions are used. So it is strongly recommended for regular expression input to be controlled to avoid malicious performance degradation in those versions. This behavior is enforced as of version 7.1.0 via the <code>strict</code> option, which returns an error if a dangerous regular expression is detected.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by using a custom regular expression for parameters after the first in a segment, which excludes <code>-</code> and <code>/</code>.</p>
-        <h2 id="poc">PoC</h2>
-        <pre><code class="language-js">/a${&#39;-a&#39;.repeat(8_000)}/a
-        </code></pre>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
-        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
-        <p>Let’s take the following regular expression as an example:</p>
-        <pre><code class="language-js">regex = /A(B|C+)+D/
-        </code></pre>
-        <p>This regular expression accomplishes the following:</p>
-        <ul>
-        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
-        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
-        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
-        </ul>
-        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
-        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
-        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
-        1.79s user 0.02s system 99% cpu 1.812 total
-        </code></pre>
-        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
-        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
-        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
-        <ol>
-        <li>CCC</li>
-        <li>CC+C</li>
-        <li>C+CC</li>
-        <li>C+C+C.</li>
-        </ol>
-        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
-        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
-        <table>
-        <thead>
-        <tr>
-        <th>String</th>
-        <th align="right">Number of C&#39;s</th>
-        <th align="right">Number of steps</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td>ACCCX</td>
-        <td align="right">3</td>
-        <td align="right">38</td>
-        </tr>
-        <tr>
-        <td>ACCCCX</td>
-        <td align="right">4</td>
-        <td align="right">71</td>
-        </tr>
-        <tr>
-        <td>ACCCCCX</td>
-        <td align="right">5</td>
-        <td align="right">136</td>
-        </tr>
-        <tr>
-        <td>ACCCCCCCCCCCCCCX</td>
-        <td align="right">14</td>
-        <td align="right">65,553</td>
-        </tr>
-        </tbody></table>
-        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>path-to-regexp</code> to version 0.1.10, 1.9.0, 3.3.0, 6.3.0, 8.0.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/commit/f73ec6c86b06f544b977119c2b62a16de480a6a9">GitHub Commit</a></li>
-        <li><a href="https://github.com/pillarjs/path-to-regexp/releases/tag/v7.1.0">Strict Mode Release Note</a></li>
-        <li><a href="https://blakeembrey.com/posts/2024-09-web-redos/">Vulnerability Write-up</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Concurrent Execution using Shared Resource with Improper Synchronization (&#x27;Race Condition&#x27;)</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/Azure/azure-sdk-for-go/sdk/azidentity
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/Azure/kubelogin/pkg/token@0.0.20
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity">github.com/Azure/azure-sdk-for-go/sdk/azidentity</a> is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.</p>
-        <p>Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.</p>
-        <p><strong>Notes:</strong></p>
-        <ol>
-        <li><p>An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;</p>
-        </li>
-        <li><p>An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;</p>
-        </li>
-        <li><p>The vulnerability exists in the following credential types: <code>DefaultAzureCredential</code> and <code>ManagedIdentityCredential</code>;</p>
-        </li>
-        <li><p>The vulnerability exists in the following credential types:</p>
-        </li>
-        </ol>
-        <p><code>ManagedIdentityApplication</code> (.NET)</p>
-        <p><code>ManagedIdentityApplication</code> (Java)</p>
-        <p><code>ManagedIdentityApplication</code> (Node.js)</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/Azure/azure-sdk-for-go/sdk/azidentity</code> to version 1.6.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/commit/fddb2c4011c79a7efda2df053ca05b87b8a1303c">GitHub Commit</a></li>
-        <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-java/commit/9a07472cedbde7a1013a6fc81da91f2a2c6d67a1">GitHub Commit</a></li>
-        <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/3ee9c68d1a80bf7652e41b58ae1bf87ff64a727e">GitHub Commit</a></li>
-        <li><a href="https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499">GitHub Commit</a></li>
-        <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492">GitHub Commit</a></li>
-        <li><a href="https://github.com/Azure/azure-sdk-for-net/commit/2db9a0f33668ae9cf0331613e1cd612bee105e1c">GitHub Commit</a></li>
-        <li><a href="https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178">GitHub Commit</a></li>
-        <li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255">Microsoft Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMAZUREAZURESDKFORGOSDKAZIDENTITY-7246767">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-      </div><!-- cards -->
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>

docs/snyk/v2.13.0-rc2/ghcr.io_dexidp_dex_v2.41.1.html

@@ -1,709 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="2 known vulnerabilities found in 8 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">September 22nd 2024, 12:21:32 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following paths:</span>
-                <ul>
-                  <li class="paths">ghcr.io/dexidp/dex:v2.41.1/dexidp/dex (apk)</li>
-                  <li class="paths">ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4//usr/local/bin/gomplate (gomodules)</li>
-                  <li class="paths">ghcr.io/dexidp/dex:v2.41.1/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)</li>
-                  <li class="paths">ghcr.io/dexidp/dex:v2.41.1/dexidp/dex//usr/local/bin/dex (gomodules)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>2</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>8 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>969</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-    <div class="layout-container" style="padding-top: 35px;">
-      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Insertion of Sensitive Information into Log File</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            google.golang.org/grpc/metadata
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and google.golang.org/grpc/metadata@v1.64.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/grpc/metadata@v1.64.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/github.com/grpc/grpc-go/metadata">google.golang.org/grpc/metadata</a> is a package that defines the structure of the metadata supported by the gRPC library</p>
-        <p>Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of gRPC metadata. If the metadata contains sensitive information an attacker can expose it.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>google.golang.org/grpc/metadata</code> to version 1.64.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb">GitHub Commit</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPCMETADATA-7430177">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-6119</h2>
-            <div class="card__section">
-        
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|ghcr.io/dexidp/dex@v2.41.1 and openssl/libcrypto3@3.3.1-r3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Applications performing certificate name checks (e.g., TLS
-        clients checking server certificates) may attempt to read an invalid memory
-        address resulting in abnormal termination of the application process.</p>
-        <p>Impact summary: Abnormal termination of an application can a cause a denial of
-        service.</p>
-        <p>Applications performing certificate name checks (e.g., TLS clients checking
-        server certificates) may attempt to read an invalid memory address when
-        comparing the expected name with an <code>otherName</code> subject alternative name of an
-        X.509 certificate. This may result in an exception that terminates the
-        application program.</p>
-        <p>Note that basic certificate chain validation (signatures, dates, ...) is not
-        affected, the denial of service can occur only when the application also
-        specifies an expected DNS name, Email address or IP address.</p>
-        <p>TLS servers rarely solicit client certificates, and even when they do, they
-        generally don&#39;t perform a name check against a reference identifier (expected
-        identity), but rather extract the presented identity after checking the
-        certificate chain.  So TLS servers are generally not affected and the severity
-        of the issue is Moderate.</p>
-        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f">https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6">https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2">https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0">https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20240903.txt">https://openssl-library.org/news/secadv/20240903.txt</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7895537">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-      </div><!-- cards -->
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>

docs/snyk/v2.13.0-rc2/public.ecr.aws_docker_library_redis_7.0.15-alpine.html

@@ -1,484 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">September 22nd 2024, 12:21:40 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following paths:</span>
-                <ul>
-                  <li class="paths">public.ecr.aws/docker/library/redis:7.0.15-alpine/docker/library/redis (apk)</li>
-                  <li class="paths">public.ecr.aws/docker/library/redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-    <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>

docs/snyk/v2.13.0-rc2/redis_7.0.15-alpine.html

@@ -1,484 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">September 22nd 2024, 12:22:00 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following paths:</span>
-                <ul>
-                  <li class="paths">redis:7.0.15-alpine (apk)</li>
-                  <li class="paths">redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-    <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>

docs/user-guide/build-environment.md

@@ -8,7 +8,6 @@
 | `ARGOCD_APP_NAMESPACE`              | The destination namespace of the application.                           |
 | `ARGOCD_APP_REVISION`               | The resolved revision, e.g. `f913b6cbf58aa5ae5ca1f8a2b149477aebcbd9d8`. |
 | `ARGOCD_APP_REVISION_SHORT`         | The resolved short revision, e.g. `f913b6c`.                            |
-| `ARGOCD_APP_REVISION_SHORT_8`       | The resolved short revision with length 8, e.g. `f913b6cb`.             |
 | `ARGOCD_APP_SOURCE_PATH`            | The path of the app within the source repo.                             |
 | `ARGOCD_APP_SOURCE_REPO_URL`        | The source repo URL.                                                    |
 | `ARGOCD_APP_SOURCE_TARGET_REVISION` | The target revision from the spec, e.g. `master`.                       |

docs/user-guide/commands/argocd.md

@@ -12,7 +12,7 @@ argocd [flags]
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_account.md

@@ -53,7 +53,7 @@ argocd account [flags]
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_account_bcrypt.md

@@ -26,7 +26,7 @@ argocd account bcrypt --password YOUR_PASSWORD
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_account_can-i.md

@@ -36,7 +36,7 @@ Resources: [clusters projects applications applicationsets repositories certific
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_account_delete-token.md

@@ -29,7 +29,7 @@ argocd account delete-token --account <account-name> ID
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_account_generate-token.md

@@ -31,7 +31,7 @@ argocd account generate-token --account <account-name>
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_account_get-user-info.md

@@ -29,7 +29,7 @@ argocd account get-user-info [flags]
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_account_get.md

@@ -30,7 +30,7 @@ argocd account get --account <account-name>
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_account_list.md

@@ -25,7 +25,7 @@ argocd account list
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_account_update-password.md

@@ -41,7 +41,7 @@ argocd account update-password [flags]
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_admin.md

@@ -31,7 +31,7 @@ $ argocd admin initial-password reset
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")

docs/user-guide/commands/argocd_admin_app.md

@@ -33,7 +33,7 @@ argocd admin app get-reconcile-results APPNAME
 
 ```
       --argocd-context string           The name of the Argo-CD server context to use
-      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --auth-token string               Authentication token
       --client-crt string               Client certificate file
       --client-crt-key string           Client certificate key file
       --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")