address code review

Signed-off-by: Remington Breeze <remington@breeze.software>
merge
2026-03-22 08:18:47 +01:00 · 2023-02-07 13:42:10 -08:00 · 2023-02-03 12:38:38 -08:00 · 2023-02-02 18:23:11 -08:00 · 2023-01-30 12:02:03 -08:00 · 2023-01-25 14:57:25 -08:00
204 changed files with 14073 additions and 6736 deletions
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -51,7 +51,7 @@ jobs:
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Restore go build cache
-        uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
+        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3.2.3
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -116,17 +116,13 @@ jobs:
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
      - name: Restore go build cache
-        uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
+        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3.2.3
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
      - name: Install all tools required for building & testing
        run: |
          make install-test-tools-local
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
      - name: Setup git username and email
        run: |
          git config --global user.name "John Doe"
@@ -183,17 +179,13 @@ jobs:
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
      - name: Restore go build cache
-        uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
+        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3.2.3
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
      - name: Install all tools required for building & testing
        run: |
          make install-test-tools-local
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
      - name: Setup git username and email
        run: |
          git config --global user.name "John Doe"
@@ -240,10 +232,6 @@ jobs:
          make install-codegen-tools-local
          make install-go-tools-local
        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
      - name: Run codegen
        run: |
          set -x
@@ -269,7 +257,7 @@ jobs:
          node-version: '12.18.4'
      - name: Restore node dependency cache
        id: cache-dependencies
-        uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
+        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3.2.3
        with:
          path: ui/node_modules
          key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -304,7 +292,7 @@ jobs:
          fetch-depth: 0
      - name: Restore node dependency cache
        id: cache-dependencies
-        uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
+        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3.2.3
        with:
          path: ui/node_modules
          key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -360,7 +348,7 @@ jobs:
    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        k3s-version: [v1.24.3, v1.23.3, v1.22.6]
+        k3s-version: [v1.26.0, v1.25.4, v1.24.3, v1.23.3]
    needs: 
      - build-go
    env:
@@ -398,7 +386,7 @@ jobs:
          sudo chown runner $HOME/.kube/config
          kubectl version
      - name: Restore go build cache
-        uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
+        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3.2.3
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -54,7 +54,7 @@ jobs:

      # build
      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
-      - uses: docker/setup-buildx-action@15c905b16b06416d2086efa066dd8e3a35cc7f98 # v2.4.0
+      - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
      - run: |
          IMAGE_PLATFORMS=linux/amd64
          if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-arm-image') }}" == "true" ]]
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -0,0 +1,41 @@
+name: "Lint PR"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+# IMPORTANT: No checkout actions, scripts, or builds should be added to this workflow. Permissions should always be used
+# with extreme caution.
+permissions:
+  contents: read
+
+# PR updates can happen in quick succession leading to this
+# workflow being trigger a number of times. This limits it
+# to one run per PR.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  main:
+    permissions:
+      pull-requests: read  # for amannn/action-semantic-pull-request to analyze PRs
+      statuses: write  # for amannn/action-semantic-pull-request to mark status of analyzed PR
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      # IMPORTANT: Carefully review changes when updating this action. Using the pull_request_target event requires caution.
+      - uses: amannn/action-semantic-pull-request@01d5fd8a8ebb9aafe902c40c53f0f4744f7381eb # v5.0.2
+        with:
+          types: |
+            feat
+            fix
+            docs
+            test
+            ci
+            chore
+            [Bot] docs
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -177,10 +177,6 @@ jobs:
        run: |
          set -ue
          make install-codegen-tools-local
-          
-          # We install kustomize in the dist directory
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
-          
          make manifests-local VERSION=${TARGET_VERSION}
          git diff
          git commit manifests/ -m "Bump version to ${TARGET_VERSION}"
@@ -205,7 +201,7 @@ jobs:
        if: ${{ env.DRY_RUN != 'true' }}

      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
-      - uses: docker/setup-buildx-action@15c905b16b06416d2086efa066dd8e3a35cc7f98 # v2.4.0
+      - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
      - name: Build and push Docker image for release
        run: |
          set -ue
--- a/.github/workflows/update-snyk.yaml
+++ b/.github/workflows/update-snyk.yaml
@@ -31,6 +31,6 @@ jobs:
          git config --global user.email 'ci@argoproj.com'
          git config --global user.name 'CI'
          git add docs/snyk
-          git commit -m "[Bot] Update Snyk reports" --signoff
+          git commit -m "[Bot] docs: Update Snyk reports" --signoff
          git push --set-upstream origin "$pr_branch"
          gh pr create -B master -H "$pr_branch" --title '[Bot] docs: Update Snyk report' --body ''
--- a/23
+++ b/23
@@ -64,13 +64,20 @@ else
 DOCKER_SRC_MOUNT="$(PWD):/go/src/github.com/argoproj/argo-cd$(VOLUME_MOUNT)"
 endif

+# User and group IDs to map to the test container
+CONTAINER_UID=$(shell id -u)
+CONTAINER_GID=$(shell id -g)
+
+# Set SUDO to sudo to run privileged commands with sudo
+SUDO?=
+
 # Runs any command in the argocd-test-utils container in server mode
 # Server mode container will start with uid 0 and drop privileges during runtime
 define run-in-test-server
-	docker run --rm -it \
+	$(SUDO) docker run --rm -it \
 		--name argocd-test-server \
-		-u $(shell id -u):$(shell id -g) \
-		-e USER_ID=$(shell id -u) \
+		-u $(CONTAINER_UID):$(CONTAINER_GID) \
+		-e USER_ID=$(CONTAINER_UID) \
 		-e HOME=/home/user \
 		-e GOPATH=/go \
 		-e GOCACHE=/tmp/go-build-cache \
@@ -98,9 +105,9 @@ endef

 # Runs any command in the argocd-test-utils container in client mode
 define run-in-test-client
-	docker run --rm -it \
+	$(SUDO) docker run --rm -it \
 	  --name argocd-test-client \
-		-u $(shell id -u):$(shell id -g) \
+		-u $(CONTAINER_UID):$(CONTAINER_GID) \
 		-e HOME=/home/user \
 		-e GOPATH=/go \
 		-e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) \
@@ -119,7 +126,7 @@ endef

 #
 define exec-in-test-server
-	docker exec -it -u $(shell id -u):$(shell id -g) -e ARGOCD_E2E_RECORD=$(ARGOCD_E2E_RECORD) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
+	$(SUDO) docker exec -it -u $(CONTAINER_UID):$(CONTAINER_GID) -e ARGOCD_E2E_RECORD=$(ARGOCD_E2E_RECORD) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
 endef

 PATH:=$(PATH):$(PWD)/hack
@@ -244,8 +251,8 @@ release-cli: clean-debug build-ui
 .PHONY: test-tools-image
 test-tools-image:
 ifndef SKIP_TEST_TOOLS_IMAGE
-	docker build --build-arg UID=$(shell id -u) -t $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) -f test/container/Dockerfile .
-	docker tag $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG)
+	$(SUDO) docker build --build-arg UID=$(CONTAINER_UID) -t $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) -f test/container/Dockerfile .
+	$(SUDO) docker tag $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG)
 endif

 .PHONY: manifests-local
--- a/README.md
+++ b/README.md
@@ -1,6 +1,17 @@
-[![Integration tests](https://github.com/argoproj/argo-cd/workflows/Integration%20tests/badge.svg?branch=master)](https://github.com/argoproj/argo-cd/actions?query=workflow%3A%22Integration+tests%22) [![slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack) [![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd) [![Release Version](https://img.shields.io/github/v/release/argoproj/argo-cd?label=argo-cd)](https://github.com/argoproj/argo-cd/releases/latest) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486) [![Twitter Follow](https://img.shields.io/twitter/follow/argoproj?style=social)](https://twitter.com/argoproj)
+**Releases:**
+[![Release Version](https://img.shields.io/github/v/release/argoproj/argo-cd?label=argo-cd)](https://github.com/argoproj/argo-cd/releases/latest)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo-cd)](https://artifacthub.io/packages/helm/argo/argo-cd)

+**Code:** 
+[![Integration tests](https://github.com/argoproj/argo-cd/workflows/Integration%20tests/badge.svg?branch=master)](https://github.com/argoproj/argo-cd/actions?query=workflow%3A%22Integration+tests%22)
+[![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd?ref=badge_shield)
+
+**Social:**
+[![Twitter Follow](https://img.shields.io/twitter/follow/argoproj?style=social)](https://twitter.com/argoproj)
+[![Slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack)
+
 # Argo CD - Declarative Continuous Delivery for Kubernetes

 ## What is Argo CD?
--- a/USERS.md
+++ b/USERS.md
@@ -31,6 +31,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [BigPanda](https://bigpanda.io)
 1. [BioBox Analytics](https://biobox.io)
 1. [BMW Group](https://www.bmwgroup.com/)
+1. [PT Boer Technology (Btech)](https://btech.id/)
 1. [Boozt](https://www.booztgroup.com/)
 1. [Boticario](https://www.boticario.com.br/)
 1. [Bulder Bank](https://bulderbank.no)
@@ -162,6 +163,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [openLooKeng](https://openlookeng.io)
 1. [OpenSaaS Studio](https://opensaas.studio)
 1. [Opensurvey](https://www.opensurvey.co.kr/)
+1. [OpsMx](https://opsmx.io)
 1. [OpsVerse](https://opsverse.io)
 1. [Optoro](https://www.optoro.com/)
 1. [Orbital Insight](https://orbitalinsight.com/)
--- a/2
+++ b/2
@@ -1 +1 @@
-2.6.2
+2.6.0
--- a/applicationset/controllers/applicationset_controller.go
+++ b/applicationset/controllers/applicationset_controller.go
@@ -71,7 +71,7 @@ type ApplicationSetReconciler struct {
 	utils.Policy
 	utils.Renderer

-	EnableProgressiveSyncs bool
+	EnableProgressiveRollouts bool
 }

 // +kubebuilder:rbac:groups=argoproj.io,resources=applicationsets,verbs=get;list;watch;create;update;patch;delete
@@ -142,7 +142,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	// appSyncMap tracks which apps will be synced during this reconciliation.
 	appSyncMap := map[string]bool{}

-	if r.EnableProgressiveSyncs && applicationSetInfo.Spec.Strategy != nil {
+	if r.EnableProgressiveRollouts && applicationSetInfo.Spec.Strategy != nil {
 		applications, err := r.getCurrentApplications(ctx, applicationSetInfo)
 		if err != nil {
 			return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err)
@@ -152,9 +152,9 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 			appMap[app.Name] = app
 		}

-		appSyncMap, err = r.performProgressiveSyncs(ctx, applicationSetInfo, applications, desiredApplications, appMap)
+		appSyncMap, err = r.performProgressiveRollouts(ctx, applicationSetInfo, applications, desiredApplications, appMap)
 		if err != nil {
-			return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err)
+			return ctrl.Result{}, fmt.Errorf("failed to perform progressive rollouts reconciliation for application set: %w", err)
 		}
 	}

@@ -186,9 +186,9 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		)
 	}

-	if r.EnableProgressiveSyncs {
+	if r.EnableProgressiveRollouts {
 		// trigger appropriate application syncs if RollingSync strategy is enabled
-		if progressiveSyncsStrategyEnabled(&applicationSetInfo, "RollingSync") {
+		if progressiveRolloutStrategyEnabled(&applicationSetInfo, "RollingSync") {
 			validApps, err = r.syncValidApplications(ctx, &applicationSetInfo, appSyncMap, appMap, validApps)

 			if err != nil {
@@ -775,21 +775,16 @@ func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx conte
 	return nil
 }

-func (r *ApplicationSetReconciler) performProgressiveSyncs(ctx context.Context, appset argov1alpha1.ApplicationSet, applications []argov1alpha1.Application, desiredApplications []argov1alpha1.Application, appMap map[string]argov1alpha1.Application) (map[string]bool, error) {
+func (r *ApplicationSetReconciler) performProgressiveRollouts(ctx context.Context, appset argov1alpha1.ApplicationSet, applications []argov1alpha1.Application, desiredApplications []argov1alpha1.Application, appMap map[string]argov1alpha1.Application) (map[string]bool, error) {

-	appDependencyList, appStepMap, err := r.buildAppDependencyList(ctx, appset, desiredApplications)
-	if err != nil {
-		return nil, fmt.Errorf("failed to build app dependency list: %w", err)
-	}
-
-	_, err = r.updateApplicationSetApplicationStatus(ctx, &appset, applications, appStepMap)
+	_, err := r.updateApplicationSetApplicationStatus(ctx, &appset, applications)
 	if err != nil {
 		return nil, fmt.Errorf("failed to update applicationset app status: %w", err)
 	}

-	log.Infof("ApplicationSet %v step list:", appset.Name)
-	for i, step := range appDependencyList {
-		log.Infof("step %v: %+v", i+1, step)
+	appDependencyList, appStepMap, err := r.buildAppDependencyList(ctx, appset, desiredApplications)
+	if err != nil {
+		return nil, fmt.Errorf("failed to build app dependency list: %w", err)
 	}

 	appSyncMap, err := r.buildAppSyncMap(ctx, appset, appDependencyList, appMap)
@@ -797,7 +792,7 @@ func (r *ApplicationSetReconciler) performProgressiveSyncs(ctx context.Context,
 		return nil, fmt.Errorf("failed to build app sync map: %w", err)
 	}

-	log.Infof("Application allowed to sync before maxUpdate?: %+v", appSyncMap)
+	log.Infof("appSyncMap: %+v", appSyncMap)

 	_, err = r.updateApplicationSetApplicationStatusProgress(ctx, &appset, appSyncMap, appStepMap, appMap)
 	if err != nil {
@@ -820,7 +815,7 @@ func (r *ApplicationSetReconciler) buildAppDependencyList(ctx context.Context, a
 	}

 	steps := []argov1alpha1.ApplicationSetRolloutStep{}
-	if progressiveSyncsStrategyEnabled(&applicationSet, "RollingSync") {
+	if progressiveRolloutStrategyEnabled(&applicationSet, "RollingSync") {
 		steps = applicationSet.Spec.Strategy.RollingSync.Steps
 	}

@@ -946,7 +941,7 @@ func (r *ApplicationSetReconciler) buildAppSyncMap(ctx context.Context, applicat

 func appSyncEnabledForNextStep(appset *argov1alpha1.ApplicationSet, app argov1alpha1.Application, appStatus argov1alpha1.ApplicationSetApplicationStatus) bool {

-	if progressiveSyncsStrategyEnabled(appset, "RollingSync") {
+	if progressiveRolloutStrategyEnabled(appset, "RollingSync") {
 		// we still need to complete the current step if the Application is not yet Healthy or there are still pending Application changes
 		return isApplicationHealthy(app) && appStatus.Status == "Healthy"
 	}
@@ -954,7 +949,7 @@ func appSyncEnabledForNextStep(appset *argov1alpha1.ApplicationSet, app argov1al
 	return true
 }

-func progressiveSyncsStrategyEnabled(appset *argov1alpha1.ApplicationSet, strategyType string) bool {
+func progressiveRolloutStrategyEnabled(appset *argov1alpha1.ApplicationSet, strategyType string) bool {
 	if appset.Spec.Strategy == nil || appset.Spec.Strategy.Type != strategyType {
 		return false
 	}
@@ -987,7 +982,7 @@ func statusStrings(app argov1alpha1.Application) (string, string, string) {
 }

 // check the status of each Application's status and promote Applications to the next status if needed
-func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet, applications []argov1alpha1.Application, appStepMap map[string]int) ([]argov1alpha1.ApplicationSetApplicationStatus, error) {
+func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet, applications []argov1alpha1.Application) ([]argov1alpha1.ApplicationSetApplicationStatus, error) {

 	now := metav1.Now()
 	appStatuses := make([]argov1alpha1.ApplicationSetApplicationStatus, 0, len(applications))
@@ -998,24 +993,22 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con

 		idx := findApplicationStatusIndex(applicationSet.Status.ApplicationStatus, app.Name)

-		currentAppStatus := argov1alpha1.ApplicationSetApplicationStatus{}
-
 		if idx == -1 {
 			// AppStatus not found, set default status of "Waiting"
-			currentAppStatus = argov1alpha1.ApplicationSetApplicationStatus{
+			appStatuses = append(appStatuses, argov1alpha1.ApplicationSetApplicationStatus{
 				Application:        app.Name,
 				LastTransitionTime: &now,
 				Message:            "No Application status found, defaulting status to Waiting.",
 				Status:             "Waiting",
-				Step:               fmt.Sprint(appStepMap[app.Name] + 1),
-			}
-		} else {
-			// we have an existing AppStatus
-			currentAppStatus = applicationSet.Status.ApplicationStatus[idx]
+			})
+			break
 		}

+		// we have an existing AppStatus
+		currentAppStatus := applicationSet.Status.ApplicationStatus[idx]
+
 		appOutdated := false
-		if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") {
+		if progressiveRolloutStrategyEnabled(applicationSet, "RollingSync") {
 			appOutdated = syncStatusString == "OutOfSync"
 		}

@@ -1024,22 +1017,14 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con
 			currentAppStatus.LastTransitionTime = &now
 			currentAppStatus.Status = "Waiting"
 			currentAppStatus.Message = "Application has pending changes, setting status to Waiting."
-			currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1)
 		}

 		if currentAppStatus.Status == "Pending" {
-			if operationPhaseString == "Succeeded" && app.Status.OperationState.StartedAt.After(currentAppStatus.LastTransitionTime.Time) {
-				log.Infof("Application %v has completed a sync successfully, updating its ApplicationSet status to Progressing", app.Name)
-				currentAppStatus.LastTransitionTime = &now
-				currentAppStatus.Status = "Progressing"
-				currentAppStatus.Message = "Application resource completed a sync successfully, updating status from Pending to Progressing."
-				currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1)
-			} else if operationPhaseString == "Running" || healthStatusString == "Progressing" {
+			if healthStatusString == "Progressing" || operationPhaseString == "Running" {
 				log.Infof("Application %v has entered Progressing status, updating its ApplicationSet status to Progressing", app.Name)
 				currentAppStatus.LastTransitionTime = &now
 				currentAppStatus.Status = "Progressing"
 				currentAppStatus.Message = "Application resource became Progressing, updating status from Pending to Progressing."
-				currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1)
 			}
 		}

@@ -1048,7 +1033,6 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con
 			currentAppStatus.LastTransitionTime = &now
 			currentAppStatus.Status = healthStatusString
 			currentAppStatus.Message = "Application resource is already Healthy, updating status from Waiting to Healthy."
-			currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1)
 		}

 		if currentAppStatus.Status == "Progressing" && isApplicationHealthy(app) {
@@ -1056,7 +1040,6 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con
 			currentAppStatus.LastTransitionTime = &now
 			currentAppStatus.Status = healthStatusString
 			currentAppStatus.Message = "Application resource became Healthy, updating status from Progressing to Healthy."
-			currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1)
 		}

 		appStatuses = append(appStatuses, currentAppStatus)
@@ -1082,7 +1065,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress
 		totalCountMap := []int{}

 		length := 0
-		if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") {
+		if progressiveRolloutStrategyEnabled(applicationSet, "RollingSync") {
 			length = len(applicationSet.Spec.Strategy.RollingSync.Steps)
 		}
 		for s := 0; s < length; s++ {
@@ -1094,7 +1077,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress
 		for _, appStatus := range applicationSet.Status.ApplicationStatus {
 			totalCountMap[appStepMap[appStatus.Application]] += 1

-			if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") {
+			if progressiveRolloutStrategyEnabled(applicationSet, "RollingSync") {
 				if appStatus.Status == "Pending" || appStatus.Status == "Progressing" {
 					updateCountMap[appStepMap[appStatus.Application]] += 1
 				}
@@ -1105,7 +1088,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress

 			maxUpdateAllowed := true
 			maxUpdate := &intstr.IntOrString{}
-			if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") {
+			if progressiveRolloutStrategyEnabled(applicationSet, "RollingSync") {
 				maxUpdate = applicationSet.Spec.Strategy.RollingSync.Steps[appStepMap[appStatus.Application]].MaxUpdate
 			}

@@ -1133,7 +1116,6 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress
 				appStatus.LastTransitionTime = &now
 				appStatus.Status = "Pending"
 				appStatus.Message = "Application moved to Pending status, watching for the Application resource to start Progressing."
-				appStatus.Step = fmt.Sprint(appStepMap[appStatus.Application] + 1)

 				updateCountMap[appStepMap[appStatus.Application]] += 1
 			}
@@ -1281,7 +1263,7 @@ func (r *ApplicationSetReconciler) syncValidApplications(ctx context.Context, ap
 	return rolloutApps, nil
 }

-// used by the RollingSync Progressive Sync strategy to trigger a sync of a particular Application resource
+// used by the RollingSync Progressive Rollout strategy to trigger a sync of a particular Application resource
 func syncApplication(application argov1alpha1.Application, prune bool) (argov1alpha1.Application, error) {

 	operation := argov1alpha1.Operation{
--- a/applicationset/controllers/applicationset_controller_test.go
+++ b/applicationset/controllers/applicationset_controller_test.go
@@ -3548,7 +3548,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 		name              string
 		appSet            argov1alpha1.ApplicationSet
 		apps              []argov1alpha1.Application
-		appStepMap        map[string]int
 		expectedAppStatus []argov1alpha1.ApplicationSetApplicationStatus
 	}{
 		{
@@ -3603,9 +3602,8 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 			expectedAppStatus: []argov1alpha1.ApplicationSetApplicationStatus{
 				{
 					Application: "app1",
-					Message:     "Application resource is already Healthy, updating status from Waiting to Healthy.",
-					Status:      "Healthy",
-					Step:        "1",
+					Message:     "No Application status found, defaulting status to Waiting.",
+					Status:      "Waiting",
 				},
 			},
 		},
@@ -3645,9 +3643,8 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 			expectedAppStatus: []argov1alpha1.ApplicationSetApplicationStatus{
 				{
 					Application: "app1",
-					Message:     "Application resource is already Healthy, updating status from Waiting to Healthy.",
-					Status:      "Healthy",
-					Step:        "1",
+					Message:     "No Application status found, defaulting status to Waiting.",
+					Status:      "Waiting",
 				},
 			},
 		},
@@ -3670,7 +3667,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 							Application: "app1",
 							Message:     "",
 							Status:      "Healthy",
-							Step:        "1",
 						},
 					},
 				},
@@ -3692,7 +3688,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 					Application: "app1",
 					Message:     "Application has pending changes, setting status to Waiting.",
 					Status:      "Waiting",
-					Step:        "1",
 				},
 			},
 		},
@@ -3715,7 +3710,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 							Application: "app1",
 							Message:     "",
 							Status:      "Pending",
-							Step:        "1",
 						},
 					},
 				},
@@ -3737,7 +3731,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 					Application: "app1",
 					Message:     "Application resource became Progressing, updating status from Pending to Progressing.",
 					Status:      "Progressing",
-					Step:        "1",
 				},
 			},
 		},
@@ -3760,7 +3753,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 							Application: "app1",
 							Message:     "",
 							Status:      "Pending",
-							Step:        "1",
 						},
 					},
 				},
@@ -3788,7 +3780,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 					Application: "app1",
 					Message:     "Application resource became Progressing, updating status from Pending to Progressing.",
 					Status:      "Progressing",
-					Step:        "1",
 				},
 			},
 		},
@@ -3811,7 +3802,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 							Application: "app1",
 							Message:     "",
 							Status:      "Progressing",
-							Step:        "1",
 						},
 					},
 				},
@@ -3839,7 +3829,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 					Application: "app1",
 					Message:     "Application resource became Healthy, updating status from Progressing to Healthy.",
 					Status:      "Healthy",
-					Step:        "1",
 				},
 			},
 		},
@@ -3862,7 +3851,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 							Application: "app1",
 							Message:     "",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 					},
 				},
@@ -3890,166 +3878,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 					Application: "app1",
 					Message:     "Application resource is already Healthy, updating status from Waiting to Healthy.",
 					Status:      "Healthy",
-					Step:        "1",
-				},
-			},
-		},
-		{
-			name: "progresses a new outofsync application in a later step to waiting",
-			appSet: argov1alpha1.ApplicationSet{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "name",
-					Namespace: "argocd",
-				},
-				Spec: argov1alpha1.ApplicationSetSpec{
-					Strategy: &argov1alpha1.ApplicationSetStrategy{
-						Type:        "RollingSync",
-						RollingSync: &argov1alpha1.ApplicationSetRolloutStrategy{},
-					},
-				},
-			},
-			apps: []argov1alpha1.Application{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name: "app1",
-					},
-					Status: argov1alpha1.ApplicationStatus{
-						Health: argov1alpha1.HealthStatus{
-							Status: health.HealthStatusHealthy,
-						},
-						OperationState: &argov1alpha1.OperationState{
-							Phase: common.OperationSucceeded,
-						},
-						Sync: argov1alpha1.SyncStatus{
-							Status: argov1alpha1.SyncStatusCodeOutOfSync,
-						},
-					},
-				},
-			},
-			appStepMap: map[string]int{
-				"app1": 1,
-				"app2": 0,
-			},
-			expectedAppStatus: []argov1alpha1.ApplicationSetApplicationStatus{
-				{
-					Application: "app1",
-					Message:     "No Application status found, defaulting status to Waiting.",
-					Status:      "Waiting",
-					Step:        "2",
-				},
-			},
-		},
-		{
-			name: "progresses a pending application with a successful sync to progressing",
-			appSet: argov1alpha1.ApplicationSet{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "name",
-					Namespace: "argocd",
-				},
-				Spec: argov1alpha1.ApplicationSetSpec{
-					Strategy: &argov1alpha1.ApplicationSetStrategy{
-						Type:        "RollingSync",
-						RollingSync: &argov1alpha1.ApplicationSetRolloutStrategy{},
-					},
-				},
-				Status: argov1alpha1.ApplicationSetStatus{
-					ApplicationStatus: []argov1alpha1.ApplicationSetApplicationStatus{
-						{
-							Application: "app1",
-							LastTransitionTime: &metav1.Time{
-								Time: time.Now().Add(time.Duration(-1) * time.Minute),
-							},
-							Message: "",
-							Status:  "Pending",
-							Step:    "1",
-						},
-					},
-				},
-			},
-			apps: []argov1alpha1.Application{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name: "app1",
-					},
-					Status: argov1alpha1.ApplicationStatus{
-						Health: argov1alpha1.HealthStatus{
-							Status: health.HealthStatusDegraded,
-						},
-						OperationState: &argov1alpha1.OperationState{
-							Phase: common.OperationSucceeded,
-							StartedAt: metav1.Time{
-								Time: time.Now(),
-							},
-						},
-						Sync: argov1alpha1.SyncStatus{
-							Status: argov1alpha1.SyncStatusCodeSynced,
-						},
-					},
-				},
-			},
-			expectedAppStatus: []argov1alpha1.ApplicationSetApplicationStatus{
-				{
-					Application: "app1",
-					Message:     "Application resource completed a sync successfully, updating status from Pending to Progressing.",
-					Status:      "Progressing",
-					Step:        "1",
-				},
-			},
-		},
-		{
-			name: "does not progresses a pending application with an old successful sync to progressing",
-			appSet: argov1alpha1.ApplicationSet{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "name",
-					Namespace: "argocd",
-				},
-				Spec: argov1alpha1.ApplicationSetSpec{
-					Strategy: &argov1alpha1.ApplicationSetStrategy{
-						Type:        "RollingSync",
-						RollingSync: &argov1alpha1.ApplicationSetRolloutStrategy{},
-					},
-				},
-				Status: argov1alpha1.ApplicationSetStatus{
-					ApplicationStatus: []argov1alpha1.ApplicationSetApplicationStatus{
-						{
-							Application: "app1",
-							LastTransitionTime: &metav1.Time{
-								Time: time.Now().Add(time.Duration(-1) * time.Minute),
-							},
-							Message: "Application moved to Pending status, watching for the Application resource to start Progressing.",
-							Status:  "Pending",
-							Step:    "1",
-						},
-					},
-				},
-			},
-			apps: []argov1alpha1.Application{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name: "app1",
-					},
-					Status: argov1alpha1.ApplicationStatus{
-						Health: argov1alpha1.HealthStatus{
-							Status: health.HealthStatusDegraded,
-						},
-						OperationState: &argov1alpha1.OperationState{
-							Phase: common.OperationSucceeded,
-							StartedAt: metav1.Time{
-								Time: time.Now().Add(time.Duration(-2) * time.Minute),
-							},
-						},
-						Sync: argov1alpha1.SyncStatus{
-							Status: argov1alpha1.SyncStatusCodeSynced,
-						},
-					},
-				},
-			},
-			expectedAppStatus: []argov1alpha1.ApplicationSetApplicationStatus{
-				{
-					Application: "app1",
-					Message:     "Application moved to Pending status, watching for the Application resource to start Progressing.",
-					Status:      "Pending",
-					Step:        "1",
 				},
 			},
 		},
@@ -4073,7 +3901,7 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) {
 				KubeClientset:    kubeclientset,
 			}

-			appStatuses, err := r.updateApplicationSetApplicationStatus(context.TODO(), &cc.appSet, cc.apps, cc.appStepMap)
+			appStatuses, err := r.updateApplicationSetApplicationStatus(context.TODO(), &cc.appSet, cc.apps)

 			// opt out of testing the LastTransitionTime is accurate
 			for i := range appStatuses {
@@ -4232,7 +4060,6 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 					LastTransitionTime: nil,
 					Message:            "Application moved to Pending status, watching for the Application resource to start Progressing.",
 					Status:             "Pending",
-					Step:               "1",
 				},
 			},
 		},
@@ -4264,7 +4091,6 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 							Application: "app1",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 					},
 				},
@@ -4281,7 +4107,6 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 					LastTransitionTime: nil,
 					Message:            "Application is out of date with the current AppSet generation, setting status to Waiting.",
 					Status:             "Waiting",
-					Step:               "1",
 				},
 			},
 		},
@@ -4313,7 +4138,6 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 							Application: "app1",
 							Message:     "Application Pending status timed out while waiting to become Progressing, reset status to Healthy.",
 							Status:      "Healthy",
-							Step:        "1",
 						},
 					},
 				},
@@ -4330,7 +4154,6 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 					LastTransitionTime: nil,
 					Message:            "Application Pending status timed out while waiting to become Progressing, reset status to Healthy.",
 					Status:             "Healthy",
-					Step:               "1",
 				},
 			},
 		},
@@ -4366,25 +4189,21 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 							Application: "app1",
 							Message:     "Application resource became Progressing, updating status from Pending to Progressing.",
 							Status:      "Progressing",
-							Step:        "1",
 						},
 						{
 							Application: "app2",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 						{
 							Application: "app3",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 						{
 							Application: "app4",
 							Message:     "Application moved to Pending status, watching for the Application resource to start Progressing.",
 							Status:      "Pending",
-							Step:        "1",
 						},
 					},
 				},
@@ -4449,28 +4268,24 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 					LastTransitionTime: nil,
 					Message:            "Application resource became Progressing, updating status from Pending to Progressing.",
 					Status:             "Progressing",
-					Step:               "1",
 				},
 				{
 					Application:        "app2",
 					LastTransitionTime: nil,
 					Message:            "Application moved to Pending status, watching for the Application resource to start Progressing.",
 					Status:             "Pending",
-					Step:               "1",
 				},
 				{
 					Application:        "app3",
 					LastTransitionTime: nil,
 					Message:            "Application is out of date with the current AppSet generation, setting status to Waiting.",
 					Status:             "Waiting",
-					Step:               "1",
 				},
 				{
 					Application:        "app4",
 					LastTransitionTime: nil,
 					Message:            "Application moved to Pending status, watching for the Application resource to start Progressing.",
 					Status:             "Pending",
-					Step:               "1",
 				},
 			},
 		},
@@ -4506,19 +4321,16 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 							Application: "app1",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 						{
 							Application: "app2",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 						{
 							Application: "app3",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 					},
 				},
@@ -4539,21 +4351,18 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 					LastTransitionTime: nil,
 					Message:            "Application moved to Pending status, watching for the Application resource to start Progressing.",
 					Status:             "Pending",
-					Step:               "1",
 				},
 				{
 					Application:        "app2",
 					LastTransitionTime: nil,
 					Message:            "Application is out of date with the current AppSet generation, setting status to Waiting.",
 					Status:             "Waiting",
-					Step:               "1",
 				},
 				{
 					Application:        "app3",
 					LastTransitionTime: nil,
 					Message:            "Application is out of date with the current AppSet generation, setting status to Waiting.",
 					Status:             "Waiting",
-					Step:               "1",
 				},
 			},
 		},
@@ -4589,19 +4398,16 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 							Application: "app1",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 						{
 							Application: "app2",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 						{
 							Application: "app3",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 					},
 				},
@@ -4622,21 +4428,18 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 					LastTransitionTime: nil,
 					Message:            "Application is out of date with the current AppSet generation, setting status to Waiting.",
 					Status:             "Waiting",
-					Step:               "1",
 				},
 				{
 					Application:        "app2",
 					LastTransitionTime: nil,
 					Message:            "Application is out of date with the current AppSet generation, setting status to Waiting.",
 					Status:             "Waiting",
-					Step:               "1",
 				},
 				{
 					Application:        "app3",
 					LastTransitionTime: nil,
 					Message:            "Application is out of date with the current AppSet generation, setting status to Waiting.",
 					Status:             "Waiting",
-					Step:               "1",
 				},
 			},
 		},
@@ -4672,19 +4475,16 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 							Application: "app1",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 						{
 							Application: "app2",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 						{
 							Application: "app3",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 					},
 				},
@@ -4705,21 +4505,18 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 					LastTransitionTime: nil,
 					Message:            "Application moved to Pending status, watching for the Application resource to start Progressing.",
 					Status:             "Pending",
-					Step:               "1",
 				},
 				{
 					Application:        "app2",
 					LastTransitionTime: nil,
 					Message:            "Application moved to Pending status, watching for the Application resource to start Progressing.",
 					Status:             "Pending",
-					Step:               "1",
 				},
 				{
 					Application:        "app3",
 					LastTransitionTime: nil,
 					Message:            "Application moved to Pending status, watching for the Application resource to start Progressing.",
 					Status:             "Pending",
-					Step:               "1",
 				},
 			},
 		},
@@ -4755,19 +4552,16 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 							Application: "app1",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 						{
 							Application: "app2",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 						{
 							Application: "app3",
 							Message:     "Application is out of date with the current AppSet generation, setting status to Waiting.",
 							Status:      "Waiting",
-							Step:        "1",
 						},
 					},
 				},
@@ -4788,21 +4582,18 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 					LastTransitionTime: nil,
 					Message:            "Application moved to Pending status, watching for the Application resource to start Progressing.",
 					Status:             "Pending",
-					Step:               "1",
 				},
 				{
 					Application:        "app2",
 					LastTransitionTime: nil,
 					Message:            "Application is out of date with the current AppSet generation, setting status to Waiting.",
 					Status:             "Waiting",
-					Step:               "1",
 				},
 				{
 					Application:        "app3",
 					LastTransitionTime: nil,
 					Message:            "Application is out of date with the current AppSet generation, setting status to Waiting.",
 					Status:             "Waiting",
-					Step:               "1",
 				},
 			},
 		},
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -3430,12 +3430,6 @@
            "description": "Google Cloud Platform service account key.",
            "name": "gcpServiceAccountKey",
            "in": "query"
-          },
-          {
-            "type": "boolean",
-            "description": "Whether to force HTTP basic auth.",
-            "name": "forceHttpBasicAuth",
-            "in": "query"
          }
        ],
        "responses": {
@@ -3594,29 +3588,6 @@
        }
      }
    },
-    "/api/v1/settings/plugins": {
-      "get": {
-        "tags": [
-          "SettingsService"
-        ],
-        "summary": "Get returns Argo CD plugins",
-        "operationId": "SettingsService_GetPlugins",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/clusterSettingsPluginsResponse"
-            }
-          },
-          "default": {
-            "description": "An unexpected error response.",
-            "schema": {
-              "$ref": "#/definitions/runtimeError"
-            }
-          }
-        }
-      }
-    },
    "/api/v1/stream/applications": {
      "get": {
        "tags": [
@@ -4371,17 +4342,6 @@
        }
      }
    },
-    "clusterSettingsPluginsResponse": {
-      "type": "object",
-      "properties": {
-        "plugins": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/clusterPlugin"
-          }
-        }
-      }
-    },
    "gpgkeyGnuPGPublicKeyCreateResponse": {
      "type": "object",
      "title": "Response to a public key creation request",
@@ -5708,10 +5668,6 @@
        "status": {
          "type": "string",
          "title": "Status contains the AppSet's perceived status of the managed Application resource: (Waiting, Pending, Progressing, Healthy)"
-        },
-        "step": {
-          "type": "string",
-          "title": "Step tracks which step this Application should be updated in"
        }
      }
    },
@@ -7348,10 +7304,6 @@
          "type": "boolean",
          "title": "EnableOCI specifies whether helm-oci support should be enabled for this repo"
        },
-        "forceHttpBasicAuth": {
-          "type": "boolean",
-          "title": "ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections"
-        },
        "gcpServiceAccountKey": {
          "type": "string",
          "title": "GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos"
@@ -7438,10 +7390,6 @@
          "type": "boolean",
          "title": "EnableOCI specifies whether helm-oci support should be enabled for this repo"
        },
-        "forceHttpBasicAuth": {
-          "type": "boolean",
-          "title": "ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections"
-        },
        "gcpServiceAccountKey": {
          "type": "string",
          "title": "GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos"
--- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go
+++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go
@@ -46,17 +46,17 @@ func getSubmoduleEnabled() bool {

 func NewCommand() *cobra.Command {
 	var (
-		clientConfig           clientcmd.ClientConfig
-		metricsAddr            string
-		probeBindAddr          string
-		webhookAddr            string
-		enableLeaderElection   bool
-		namespace              string
-		argocdRepoServer       string
-		policy                 string
-		debugLog               bool
-		dryRun                 bool
-		enableProgressiveSyncs bool
+		clientConfig              clientcmd.ClientConfig
+		metricsAddr               string
+		probeBindAddr             string
+		webhookAddr               string
+		enableLeaderElection      bool
+		namespace                 string
+		argocdRepoServer          string
+		policy                    string
+		debugLog                  bool
+		dryRun                    bool
+		enableProgressiveRollouts bool
 	)
 	scheme := runtime.NewScheme()
 	_ = clientgoscheme.AddToScheme(scheme)
@@ -169,16 +169,16 @@ func NewCommand() *cobra.Command {

 			go func() { errors.CheckError(askPassServer.Run(askpass.SocketPath)) }()
 			if err = (&controllers.ApplicationSetReconciler{
-				Generators:             topLevelGenerators,
-				Client:                 mgr.GetClient(),
-				Scheme:                 mgr.GetScheme(),
-				Recorder:               mgr.GetEventRecorderFor("applicationset-controller"),
-				Renderer:               &utils.Render{},
-				Policy:                 policyObj,
-				ArgoAppClientset:       appSetConfig,
-				KubeClientset:          k8sClient,
-				ArgoDB:                 argoCDDB,
-				EnableProgressiveSyncs: enableProgressiveSyncs,
+				Generators:                topLevelGenerators,
+				Client:                    mgr.GetClient(),
+				Scheme:                    mgr.GetScheme(),
+				Recorder:                  mgr.GetEventRecorderFor("applicationset-controller"),
+				Renderer:                  &utils.Render{},
+				Policy:                    policyObj,
+				ArgoAppClientset:          appSetConfig,
+				KubeClientset:             k8sClient,
+				ArgoDB:                    argoCDDB,
+				EnableProgressiveRollouts: enableProgressiveRollouts,
 			}).SetupWithManager(mgr); err != nil {
 				log.Error(err, "unable to create controller", "controller", "ApplicationSet")
 				os.Exit(1)
@@ -207,7 +207,7 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
 	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().BoolVar(&dryRun, "dry-run", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN", false), "Enable dry run mode")
-	command.Flags().BoolVar(&enableProgressiveSyncs, "enable-progressive-syncs", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS", false), "Enable use of the experimental progressive syncs feature.")
+	command.Flags().BoolVar(&enableProgressiveRollouts, "enable-progressive-rollouts", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS", false), "Enable use of the experimental progressive rollouts feature.")
 	return &command
 }

--- a/cmd/argocd-notification/commands/controller.go
+++ b/cmd/argocd-notification/commands/controller.go
@@ -156,7 +156,7 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&logLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().StringVar(&logFormat, "logformat", "text", "Set the logging format. One of: text|json")
 	command.Flags().IntVar(&metricsPort, "metrics-port", defaultMetricsPort, "Metrics port")
-	command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", "argocd-repo-server:8081", "Argo CD repo server address")
+	command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", common.DefaultRepoServerAddr, "Argo CD repo server address")
 	command.Flags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server")
 	command.Flags().BoolVar(&argocdRepoServerStrictTLS, "argocd-repo-server-strict-tls", false, "Perform strict validation of TLS certificates when connecting to repo server")
 	command.Flags().StringVar(&configMapName, "config-map-name", "argocd-notifications-cm", "Set notifications ConfigMap name")
--- a/cmd/argocd/commands/admin/cluster.go
+++ b/cmd/argocd/commands/admin/cluster.go
@@ -265,9 +265,7 @@ func runClusterNamespacesCommand(ctx context.Context, clientConfig clientcmd.Cli
 					}
 				}
 			} else {
-				if app.Spec.Destination.Server == cluster.Server {
-					nsSet[app.Spec.Destination.Namespace] = true
-				}
+				nsSet[app.Spec.Destination.Namespace] = true
 			}
 		}
 		var namespaces []string
--- a/cmd/argocd/commands/admin/notifications.go
+++ b/cmd/argocd/commands/admin/notifications.go
@@ -64,7 +64,7 @@ func NewNotificationsCommand() *cobra.Command {
 				log.Fatalf("Failed to initialize Argo CD service: %v", err)
 			}
 		})
-	toolsCommand.PersistentFlags().StringVar(&argocdRepoServer, "argocd-repo-server", "argocd-repo-server:8081", "Argo CD repo server address")
+	toolsCommand.PersistentFlags().StringVar(&argocdRepoServer, "argocd-repo-server", common.DefaultRepoServerAddr, "Argo CD repo server address")
 	toolsCommand.PersistentFlags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server")
 	toolsCommand.PersistentFlags().BoolVar(&argocdRepoServerStrictTLS, "argocd-repo-server-strict-tls", false, "Perform strict validation of TLS certificates when connecting to repo server")
 	return toolsCommand
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -33,6 +33,7 @@ import (

 	"github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless"
 	cmdutil "github.com/argoproj/argo-cd/v2/cmd/util"
+	argocommon "github.com/argoproj/argo-cd/v2/common"
 	"github.com/argoproj/argo-cd/v2/controller"
 	argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/application"
@@ -149,6 +150,9 @@ func NewApplicationCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.
 					c.HelpFunc()(c, args)
 					os.Exit(1)
 				}
+				if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+					log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+				}
 				if appNamespace != "" {
 					app.Namespace = appNamespace
 				}
@@ -290,6 +294,10 @@ func NewApplicationGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com
 			})
 			errors.CheckError(err)

+			if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+				log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+			}
+
 			pConn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie()
 			defer argoio.Close(pConn)
 			proj, err := projIf.Get(ctx, &projectpkg.ProjectQuery{Name: app.Spec.Project})
@@ -617,6 +625,10 @@ func NewApplicationSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com
 			app, err := appIf.Get(ctx, &applicationpkg.ApplicationQuery{Name: &appName, AppNamespace: &appNs})
 			errors.CheckError(err)

+			if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+				log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+			}
+
 			visited := cmdutil.SetAppSpecOptions(c.Flags(), &app.Spec, &appOpts)
 			if visited == 0 {
 				log.Error("Please set at least one option to update")
@@ -681,6 +693,10 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C
 			app, err := appIf.Get(ctx, &applicationpkg.ApplicationQuery{Name: &appName, AppNamespace: &appNs})
 			errors.CheckError(err)

+			if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+				log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+			}
+
 			source := app.Spec.GetSource()
 			updated, nothingToUnset := unset(&source, opts)
 			if nothingToUnset {
@@ -917,6 +933,10 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 			})
 			errors.CheckError(err)

+			if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+				log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+			}
+
 			resources, err := appIf.ManagedResources(ctx, &applicationpkg.ResourcesQuery{ApplicationName: &appName, AppNamespace: &appNs})
 			errors.CheckError(err)
 			conn, settingsIf := clientset.NewSettingsClientOrDie()
@@ -947,7 +967,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co

 					diffOption.serversideRes = res
 				} else {
-					fmt.Fprintf(os.Stderr, "Warning: local diff without --server-side-generate is deprecated and does not work with plugins. Server-side generation will be the default in v2.7.")
+					fmt.Fprintf(os.Stderr, "Warning: local diff without --server-side-generate is deprecated and does not work with plugins. Server-side generation will be the default in v2.6.")
 					conn, clusterIf := clientset.NewClusterClientOrDie()
 					defer argoio.Close(conn)
 					cluster, err := clusterIf.Get(ctx, &clusterpkg.ClusterQuery{Name: app.Spec.Destination.Name, Server: app.Spec.Destination.Server})
@@ -1281,6 +1301,17 @@ func NewApplicationListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 			if cluster != "" {
 				appList = argo.FilterByCluster(appList, cluster)
 			}
+			var appsWithDeprecatedPlugins []string
+			for _, app := range appList {
+				if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+					appsWithDeprecatedPlugins = append(appsWithDeprecatedPlugins, app.Name)
+				}
+			}
+
+			if len(appsWithDeprecatedPlugins) > 0 {
+				log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+				log.Warnf("The following Applications use deprecated plugins: %s", strings.Join(appsWithDeprecatedPlugins, ", "))
+			}

 			switch output {
 			case "yaml", "json":
@@ -1345,6 +1376,7 @@ const (
 	resourceFieldCount                  = 3
 	resourceFieldNamespaceDelimiter     = "/"
 	resourceFieldNameWithNamespaceCount = 2
+	resourceExcludeIndicator            = "!"
 )

 // resource is GROUP:KIND:NAMESPACE/NAME or GROUP:KIND:NAME
@@ -1369,6 +1401,12 @@ func parseSelectedResources(resources []string) ([]*argoappv1.SyncOperationResou
 	}

 	for _, resource := range resources {
+		isExcluded := false
+		// check if the resource flag starts with a '!'
+		if strings.HasPrefix(resource, resourceExcludeIndicator) {
+			resource = strings.TrimPrefix(resource, resourceExcludeIndicator)
+			isExcluded = true
+		}
 		fields := strings.Split(resource, resourceFieldDelimiter)
 		if len(fields) != resourceFieldCount {
 			return nil, fmt.Errorf("Resource should have GROUP%sKIND%sNAME, but instead got: %s", resourceFieldDelimiter, resourceFieldDelimiter, resource)
@@ -1382,6 +1420,7 @@ func parseSelectedResources(resources []string) ([]*argoappv1.SyncOperationResou
 			Kind:      fields[1],
 			Name:      name,
 			Namespace: namespace,
+			Exclude:   isExcluded,
 		})
 	}
 	return selectedResources, nil
@@ -1416,6 +1455,16 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
  # Wait for multiple apps
  argocd app wait my-app other-app

+  # Wait for apps by resource
+  # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME.
+  argocd app wait my-app --resource :Service:my-service
+  argocd app wait my-app --resource argoproj.io:Rollout:my-rollout
+  argocd app wait my-app --resource '!apps:Deployment:my-service'
+  argocd app wait my-app --resource apps:Deployment:my-service --resource :Service:my-service
+  argocd app wait my-app --resource '!*:Service:*'
+  # Specify namespace if the application has resources with the same name in different namespaces
+  argocd app wait my-app --resource argoproj.io:Rollout:my-namespace/my-rollout
+
  # Wait for apps by label, in this example we waiting for apps that are children of another app (aka app-of-apps)
  argocd app wait -l app.kubernetes.io/instance=my-app
  argocd app wait -l app.kubernetes.io/instance!=my-app
@@ -1454,7 +1503,7 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 	command.Flags().BoolVar(&watch.suspended, "suspended", false, "Wait for suspended")
 	command.Flags().BoolVar(&watch.degraded, "degraded", false, "Wait for degraded")
 	command.Flags().StringVarP(&selector, "selector", "l", "", "Wait for apps by label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints.")
-	command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%sKIND%sNAME. Fields may be blank. This option may be specified repeatedly", resourceFieldDelimiter, resourceFieldDelimiter))
+	command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%[1]sKIND%[1]sNAME or %[2]sGROUP%[1]sKIND%[1]sNAME. Fields may be blank and '*' can be used. This option may be specified repeatedly", resourceFieldDelimiter, resourceExcludeIndicator))
 	command.Flags().BoolVar(&watch.operation, "operation", false, "Wait for pending operations")
 	command.Flags().UintVar(&timeout, "timeout", defaultCheckTimeoutSeconds, "Time out after this many seconds")
 	return command
@@ -1514,6 +1563,9 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
  # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME
  argocd app sync my-app --resource :Service:my-service
  argocd app sync my-app --resource argoproj.io:Rollout:my-rollout
+  argocd app sync my-app --resource '!apps:Deployment:my-service'
+  argocd app sync my-app --resource apps:Deployment:my-service --resource :Service:my-service
+  argocd app sync my-app --resource '!*:Service:*'
  # Specify namespace if the application has resources with the same name in different namespaces
  argocd app sync my-app --resource argoproj.io:Rollout:my-namespace/my-rollout`,
 		Run: func(c *cobra.Command, args []string) {
@@ -1609,7 +1661,19 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 					return
 				}

+				// filters out only those resources that needs to be synced
+				filteredResources := filterAppResources(app, selectedResources)
+
+				// if resources are provided and no app resources match, then return error
+				if len(resources) > 0 && len(filteredResources) == 0 {
+					log.Fatalf("No matching app resources found for resource filter: %v", strings.Join(resources, ", "))
+				}
+
 				if local != "" {
+					if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+						log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+					}
+
 					if app.Spec.SyncPolicy != nil && app.Spec.SyncPolicy.Automated != nil && !dryRun {
 						log.Fatal("Cannot use local sync when Automatic Sync Policy is enabled except with --dry-run")
 					}
@@ -1655,7 +1719,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 					AppNamespace: &appNs,
 					DryRun:       &dryRun,
 					Revision:     &revision,
-					Resources:    selectedResources,
+					Resources:    filteredResources,
 					Prune:        &prune,
 					Manifests:    localObjsStrings,
 					Infos:        getInfos(infos),
@@ -1683,6 +1747,10 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 					}
 				}
 				if diffChanges {
+					if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+						log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+					}
+
 					resources, err := appIf.ManagedResources(ctx, &applicationpkg.ResourcesQuery{
 						ApplicationName: &appName,
 						AppNamespace:    &appNs,
@@ -1731,7 +1799,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 	command.Flags().BoolVar(&dryRun, "dry-run", false, "Preview apply without affecting cluster")
 	command.Flags().BoolVar(&prune, "prune", false, "Allow deleting unexpected resources")
 	command.Flags().StringVar(&revision, "revision", "", "Sync to a specific revision. Preserves parameter overrides")
-	command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%sKIND%sNAME. Fields may be blank. This option may be specified repeatedly", resourceFieldDelimiter, resourceFieldDelimiter))
+	command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%[1]sKIND%[1]sNAME or %[2]sGROUP%[1]sKIND%[1]sNAME. Fields may be blank and '*' can be used. This option may be specified repeatedly", resourceFieldDelimiter, resourceExcludeIndicator))
 	command.Flags().StringVarP(&selector, "selector", "l", "", "Sync apps that match this label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints.")
 	command.Flags().StringArrayVar(&labels, "label", []string{}, "Sync only specific resources with a label. This option may be specified repeatedly.")
 	command.Flags().UintVar(&timeout, "timeout", defaultCheckTimeoutSeconds, "Time out after this many seconds")
@@ -1856,15 +1924,9 @@ func getResourceStates(app *argoappv1.Application, selectedResources []*argoappv
 	}
 	// filter out not selected resources
 	if len(selectedResources) > 0 {
-		r := []argoappv1.SyncOperationResource{}
-		for _, res := range selectedResources {
-			if res != nil {
-				r = append(r, *res)
-			}
-		}
 		for i := len(states) - 1; i >= 0; i-- {
 			res := states[i]
-			if !argo.ContainsSyncResource(res.Name, res.Namespace, schema.GroupVersionKind{Group: res.Group, Kind: res.Kind}, r) {
+			if !argo.IncludeResource(res.Name, res.Namespace, schema.GroupVersionKind{Group: res.Group, Kind: res.Kind}, selectedResources) {
 				states = append(states[:i], states[i+1:]...)
 			}
 		}
@@ -1872,6 +1934,26 @@ func getResourceStates(app *argoappv1.Application, selectedResources []*argoappv
 	return states
 }

+// filterAppResources selects the app resources that match atleast one of the resource filters.
+func filterAppResources(app *argoappv1.Application, selectedResources []*argoappv1.SyncOperationResource) []*argoappv1.SyncOperationResource {
+	var filteredResources []*argoappv1.SyncOperationResource
+	if app != nil && len(selectedResources) > 0 {
+		for i := range app.Status.Resources {
+			appResource := app.Status.Resources[i]
+			if (argo.IncludeResource(appResource.Name, appResource.Namespace,
+				schema.GroupVersionKind{Group: appResource.Group, Kind: appResource.Kind}, selectedResources)) {
+				filteredResources = append(filteredResources, &argoappv1.SyncOperationResource{
+					Group:     appResource.Group,
+					Kind:      appResource.Kind,
+					Name:      appResource.Name,
+					Namespace: appResource.Namespace,
+				})
+			}
+		}
+	}
+	return filteredResources
+}
+
 func groupResourceStates(app *argoappv1.Application, selectedResources []*argoappv1.SyncOperationResource) map[string]*resourceState {
 	resStates := make(map[string]*resourceState)
 	for _, result := range getResourceStates(app, selectedResources) {
@@ -2126,6 +2208,10 @@ func NewApplicationHistoryCommand(clientOpts *argocdclient.ClientOptions) *cobra
 			})
 			errors.CheckError(err)

+			if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+				log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+			}
+
 			if output == "id" {
 				printApplicationHistoryIds(app.Status.History)
 			} else {
@@ -2186,6 +2272,10 @@ func NewApplicationRollbackCommand(clientOpts *argocdclient.ClientOptions) *cobr
 			})
 			errors.CheckError(err)

+			if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+				log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+			}
+
 			depInfo, err := findRevisionHistory(app, int64(depID))
 			errors.CheckError(err)

@@ -2269,6 +2359,10 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob
 					app, err := appIf.Get(context.Background(), &applicationpkg.ApplicationQuery{Name: &appName})
 					errors.CheckError(err)

+					if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+						log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+					}
+
 					settingsConn, settingsIf := clientset.NewSettingsClientOrDie()
 					defer argoio.Close(settingsConn)
 					argoSettings, err := settingsIf.Get(context.Background(), &settingspkg.SettingsQuery{})
@@ -2368,6 +2462,10 @@ func NewApplicationEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 			})
 			errors.CheckError(err)

+			if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" {
+				log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
+			}
+
 			appData, err := json.Marshal(app.Spec)
 			errors.CheckError(err)
 			appData, err = yaml.JSONToYAML(appData)
--- a/cmd/argocd/commands/app_test.go
+++ b/cmd/argocd/commands/app_test.go
@@ -904,11 +904,220 @@ func Test_unset_nothingToUnset(t *testing.T) {
 	}
 }

+func TestFilterAppResources(t *testing.T) {
+	// App resources
+	var (
+		appReplicaSet1 = v1alpha1.ResourceStatus{
+			Group:     "apps",
+			Kind:      "ReplicaSet",
+			Namespace: "default",
+			Name:      "replicaSet-name1",
+		}
+		appReplicaSet2 = v1alpha1.ResourceStatus{
+			Group:     "apps",
+			Kind:      "ReplicaSet",
+			Namespace: "default",
+			Name:      "replicaSet-name2",
+		}
+		appJob = v1alpha1.ResourceStatus{
+			Group:     "batch",
+			Kind:      "Job",
+			Namespace: "default",
+			Name:      "job-name",
+		}
+		appService1 = v1alpha1.ResourceStatus{
+			Group:     "",
+			Kind:      "Service",
+			Namespace: "default",
+			Name:      "service-name1",
+		}
+		appService2 = v1alpha1.ResourceStatus{
+			Group:     "",
+			Kind:      "Service",
+			Namespace: "default",
+			Name:      "service-name2",
+		}
+		appDeployment = v1alpha1.ResourceStatus{
+			Group:     "apps",
+			Kind:      "Deployment",
+			Namespace: "default",
+			Name:      "deployment-name",
+		}
+	)
+	app := v1alpha1.Application{
+		Status: v1alpha1.ApplicationStatus{
+			Resources: []v1alpha1.ResourceStatus{
+				appReplicaSet1, appReplicaSet2, appJob, appService1, appService2, appDeployment},
+		},
+	}
+	// Resource filters
+	var (
+		blankValues = argoappv1.SyncOperationResource{
+			Group:     "",
+			Kind:      "",
+			Name:      "",
+			Namespace: "",
+			Exclude:   false}
+		// *:*:*
+		includeAllResources = argoappv1.SyncOperationResource{
+			Group:     "*",
+			Kind:      "*",
+			Name:      "*",
+			Namespace: "",
+			Exclude:   false}
+		// !*:*:*
+		excludeAllResources = argoappv1.SyncOperationResource{
+			Group:     "*",
+			Kind:      "*",
+			Name:      "*",
+			Namespace: "",
+			Exclude:   true}
+		// *:Service:*
+		includeAllServiceResources = argoappv1.SyncOperationResource{
+			Group:     "*",
+			Kind:      "Service",
+			Name:      "*",
+			Namespace: "",
+			Exclude:   false}
+		// !*:Service:*
+		excludeAllServiceResources = argoappv1.SyncOperationResource{
+			Group:     "*",
+			Kind:      "Service",
+			Name:      "*",
+			Namespace: "",
+			Exclude:   true}
+		// apps:ReplicaSet:replicaSet-name1
+		includeReplicaSet1Resource = argoappv1.SyncOperationResource{
+			Group:     "apps",
+			Kind:      "ReplicaSet",
+			Name:      "replicaSet-name1",
+			Namespace: "",
+			Exclude:   false}
+		// !apps:ReplicaSet:replicaSet-name2
+		excludeReplicaSet2Resource = argoappv1.SyncOperationResource{
+			Group:     "apps",
+			Kind:      "ReplicaSet",
+			Name:      "replicaSet-name2",
+			Namespace: "",
+			Exclude:   true}
+	)
+
+	// Filtered resources
+	var (
+		replicaSet1 = v1alpha1.SyncOperationResource{
+			Group:     "apps",
+			Kind:      "ReplicaSet",
+			Namespace: "default",
+			Name:      "replicaSet-name1",
+		}
+		replicaSet2 = v1alpha1.SyncOperationResource{
+			Group:     "apps",
+			Kind:      "ReplicaSet",
+			Namespace: "default",
+			Name:      "replicaSet-name2",
+		}
+		job = v1alpha1.SyncOperationResource{
+			Group:     "batch",
+			Kind:      "Job",
+			Namespace: "default",
+			Name:      "job-name",
+		}
+		service1 = v1alpha1.SyncOperationResource{
+			Group:     "",
+			Kind:      "Service",
+			Namespace: "default",
+			Name:      "service-name1",
+		}
+		service2 = v1alpha1.SyncOperationResource{
+			Group:     "",
+			Kind:      "Service",
+			Namespace: "default",
+			Name:      "service-name2",
+		}
+		deployment = v1alpha1.SyncOperationResource{
+			Group:     "apps",
+			Kind:      "Deployment",
+			Namespace: "default",
+			Name:      "deployment-name",
+		}
+	)
+	tests := []struct {
+		testName          string
+		selectedResources []*argoappv1.SyncOperationResource
+		expectedResult    []*argoappv1.SyncOperationResource
+	}{
+		//--resource apps:ReplicaSet:replicaSet-name1 --resource *:Service:*
+		{testName: "Include ReplicaSet replicaSet-name1 resouce and all service resources",
+			selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSet1Resource},
+			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &service1, &service2},
+		},
+		//--resource apps:ReplicaSet:replicaSet-name1 --resource !*:Service:*
+		{testName: "Include ReplicaSet replicaSet-name1 resouce and exclude all service resources",
+			selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSet1Resource},
+			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment},
+		},
+		// --resource !apps:ReplicaSet:replicaSet-name2 --resource !*:Service:*
+		{testName: "Exclude ReplicaSet replicaSet-name2 resouce and all service resources",
+			selectedResources: []*argoappv1.SyncOperationResource{&excludeReplicaSet2Resource, &excludeAllServiceResources},
+			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment},
+		},
+		// --resource !apps:ReplicaSet:replicaSet-name2
+		{testName: "Exclude ReplicaSet replicaSet-name2 resouce",
+			selectedResources: []*argoappv1.SyncOperationResource{&excludeReplicaSet2Resource},
+			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &job, &service1, &service2, &deployment},
+		},
+		// --resource apps:ReplicaSet:replicaSet-name1
+		{testName: "Include ReplicaSet replicaSet-name1 resouce",
+			selectedResources: []*argoappv1.SyncOperationResource{&includeReplicaSet1Resource},
+			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1},
+		},
+		// --resource !*:Service:*
+		{testName: "Exclude Service resouces",
+			selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources},
+			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment},
+		},
+		// --resource *:Service:*
+		{testName: "Include Service resouces",
+			selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources},
+			expectedResult:    []*argoappv1.SyncOperationResource{&service1, &service2},
+		},
+		// --resource !*:*:*
+		{testName: "Exclude all resouces",
+			selectedResources: []*argoappv1.SyncOperationResource{&excludeAllResources},
+			expectedResult:    nil,
+		},
+		// --resource *:*:*
+		{testName: "Include all resouces",
+			selectedResources: []*argoappv1.SyncOperationResource{&includeAllResources},
+			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment},
+		},
+		{testName: "No Filters",
+			selectedResources: []*argoappv1.SyncOperationResource{&blankValues},
+			expectedResult:    nil,
+		},
+		{testName: "Empty Filter",
+			selectedResources: []*argoappv1.SyncOperationResource{},
+			expectedResult:    nil,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.testName, func(t *testing.T) {
+			filteredResources := filterAppResources(&app, test.selectedResources)
+			assert.Equal(t, test.expectedResult, filteredResources)
+		})
+	}
+}
+
 func TestParseSelectedResources(t *testing.T) {
-	resources := []string{"v1alpha:Application:test", "v1alpha:Application:namespace/test"}
+	resources := []string{"v1alpha:Application:test",
+		"v1alpha:Application:namespace/test",
+		"!v1alpha:Application:test",
+		"apps:Deployment:default/test",
+		"!*:*:*"}
 	operationResources, err := parseSelectedResources(resources)
 	assert.NoError(t, err)
-	assert.Len(t, operationResources, 2)
+	assert.Len(t, operationResources, 5)
 	assert.Equal(t, *operationResources[0], v1alpha1.SyncOperationResource{
 		Namespace: "",
 		Name:      "test",
@@ -921,6 +1130,27 @@ func TestParseSelectedResources(t *testing.T) {
 		Kind:      "Application",
 		Group:     "v1alpha",
 	})
+	assert.Equal(t, *operationResources[2], v1alpha1.SyncOperationResource{
+		Namespace: "",
+		Name:      "test",
+		Kind:      "Application",
+		Group:     "v1alpha",
+		Exclude:   true,
+	})
+	assert.Equal(t, *operationResources[3], v1alpha1.SyncOperationResource{
+		Namespace: "default",
+		Name:      "test",
+		Kind:      "Deployment",
+		Group:     "apps",
+		Exclude:   false,
+	})
+	assert.Equal(t, *operationResources[4], v1alpha1.SyncOperationResource{
+		Namespace: "",
+		Name:      "*",
+		Kind:      "*",
+		Group:     "*",
+		Exclude:   true,
+	})
 }

 func TestParseSelectedResourcesIncorrect(t *testing.T) {
--- a/cmd/argocd/commands/cluster.go
+++ b/cmd/argocd/commands/cluster.go
@@ -27,6 +27,17 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/text/label"
 )

+const (
+	// type of the cluster ID is 'name'
+	clusterIdTypeName = "name"
+	// cluster field is 'name'
+	clusterFieldName = "name"
+	// cluster field is 'namespaces'
+	clusterFieldNamespaces = "namespaces"
+	// indicates managing all namespaces
+	allNamespaces = "*"
+)
+
 // NewClusterCommand returns a new instance of an `argocd cluster` command
 func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientcmd.PathOptions) *cobra.Command {
 	var command = &cobra.Command{
@@ -47,7 +58,10 @@ func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientc

  # Remove a target cluster context from ArgoCD
  argocd cluster rm example-cluster
-`,
+
+  # Set a target cluster context from ArgoCD
+  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace '*'
+  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace namespace-one --namespace namespace-two`,
 	}

 	command.AddCommand(NewClusterAddCommand(clientOpts, pathOpts))
@@ -55,6 +69,7 @@ func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientc
 	command.AddCommand(NewClusterListCommand(clientOpts))
 	command.AddCommand(NewClusterRemoveCommand(clientOpts, pathOpts))
 	command.AddCommand(NewClusterRotateAuthCommand(clientOpts))
+	command.AddCommand(NewClusterSetCommand(clientOpts))
 	return command
 }

@@ -185,6 +200,72 @@ func getRestConfig(pathOpts *clientcmd.PathOptions, ctxName string) (*rest.Confi
 	return conf, nil
 }

+// NewClusterSetCommand returns a new instance of an `argocd cluster set` command
+func NewClusterSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
+	var (
+		clusterOptions cmdutil.ClusterOptions
+		clusterName    string
+	)
+	var command = &cobra.Command{
+		Use:   "set NAME",
+		Short: "Set cluster information",
+		Example: `  # Set cluster information
+  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace '*'
+  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace namespace-one --namespace namespace-two`,
+		Run: func(c *cobra.Command, args []string) {
+			ctx := c.Context()
+			if len(args) != 1 {
+				c.HelpFunc()(c, args)
+				os.Exit(1)
+			}
+			// name of the cluster whose fields have to be updated.
+			clusterName = args[0]
+			conn, clusterIf := headless.NewClientOrDie(clientOpts, c).NewClusterClientOrDie()
+			defer io.Close(conn)
+			// checks the fields that needs to be updated
+			updatedFields := checkFieldsToUpdate(clusterOptions)
+			namespaces := clusterOptions.Namespaces
+			// check if all namespaces have to be considered
+			if len(namespaces) == 1 && strings.EqualFold(namespaces[0], allNamespaces) {
+				namespaces[0] = ""
+			}
+			if updatedFields != nil {
+				clusterUpdateRequest := clusterpkg.ClusterUpdateRequest{
+					Cluster: &argoappv1.Cluster{
+						Name:       clusterOptions.Name,
+						Namespaces: namespaces,
+					},
+					UpdatedFields: updatedFields,
+					Id: &clusterpkg.ClusterID{
+						Type:  clusterIdTypeName,
+						Value: clusterName,
+					},
+				}
+				_, err := clusterIf.Update(ctx, &clusterUpdateRequest)
+				errors.CheckError(err)
+				fmt.Printf("Cluster '%s' updated.\n", clusterName)
+			} else {
+				fmt.Print("Specify the cluster field to be updated.\n")
+			}
+		},
+	}
+	command.Flags().StringVar(&clusterOptions.Name, "name", "", "Overwrite the cluster name")
+	command.Flags().StringArrayVar(&clusterOptions.Namespaces, "namespace", nil, "List of namespaces which are allowed to manage. Specify '*' to manage all namespaces")
+	return command
+}
+
+// checkFieldsToUpdate returns the fields that needs to be updated
+func checkFieldsToUpdate(clusterOptions cmdutil.ClusterOptions) []string {
+	var updatedFields []string
+	if clusterOptions.Name != "" {
+		updatedFields = append(updatedFields, clusterFieldName)
+	}
+	if clusterOptions.Namespaces != nil {
+		updatedFields = append(updatedFields, clusterFieldNamespaces)
+	}
+	return updatedFields
+}
+
 // NewClusterGetCommand returns a new instance of an `argocd cluster get` command
 func NewClusterGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (
--- a/cmd/argocd/commands/completion.go
+++ b/cmd/argocd/commands/completion.go
@@ -146,6 +146,7 @@ __argocd_custom_func() {
 			;;
 		argocd_cluster_get | \
 		argocd_cluster_rm | \
+		argocd_cluster_set | \
 		argocd_login | \
 		argocd_cluster_add)
 			__argocd_list_servers
--- a/cmd/argocd/commands/login.go
+++ b/cmd/argocd/commands/login.go
@@ -12,7 +12,7 @@ import (
 	"strings"
 	"time"

-	"github.com/coreos/go-oidc"
+	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/golang-jwt/jwt/v4"
 	log "github.com/sirupsen/logrus"
 	"github.com/skratchdot/open-golang/open"
--- a/cmd/argocd/commands/relogin.go
+++ b/cmd/argocd/commands/relogin.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"os"

-	"github.com/coreos/go-oidc"
+	"github.com/coreos/go-oidc/v3/oidc"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"

--- a/cmd/argocd/commands/repo.go
+++ b/cmd/argocd/commands/repo.go
@@ -160,7 +160,6 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			repoOpts.Repo.GithubAppInstallationId = repoOpts.GithubAppInstallationId
 			repoOpts.Repo.GitHubAppEnterpriseBaseURL = repoOpts.GitHubAppEnterpriseBaseURL
 			repoOpts.Repo.Proxy = repoOpts.Proxy
-			repoOpts.Repo.ForceHttpBasicAuth = repoOpts.ForceHttpBasicAuth

 			if repoOpts.Repo.Type == "helm" && repoOpts.Repo.Name == "" {
 				errors.CheckError(fmt.Errorf("Must specify --name for repos of type 'helm'"))
@@ -200,7 +199,6 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 				Proxy:                      repoOpts.Proxy,
 				Project:                    repoOpts.Repo.Project,
 				GcpServiceAccountKey:       repoOpts.Repo.GCPServiceAccountKey,
-				ForceHttpBasicAuth:         repoOpts.Repo.ForceHttpBasicAuth,
 			}
 			_, err := repoIf.ValidateAccess(ctx, &repoAccessReq)
 			errors.CheckError(err)
--- a/cmd/argocd/commands/repocreds.go
+++ b/cmd/argocd/commands/repocreds.go
@@ -175,7 +175,6 @@ func NewRepoCredsAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comma
 	command.Flags().BoolVar(&repo.EnableOCI, "enable-oci", false, "Specifies whether helm-oci support should be enabled for this repo")
 	command.Flags().StringVar(&repo.Type, "type", common.DefaultRepoType, "type of the repository, \"git\" or \"helm\"")
 	command.Flags().StringVar(&gcpServiceAccountKeyPath, "gcp-service-account-key-path", "", "service account key for the Google Cloud Platform")
-	command.Flags().BoolVar(&repo.ForceHttpBasicAuth, "force-http-basic-auth", false, "whether to force basic auth when connecting via HTTP")
 	return command
 }

--- a/cmd/util/applicationset.go
+++ b/cmd/util/applicationset.go
@@ -61,6 +61,6 @@ func readAppset(yml []byte, appsets *[]*argoprojiov1alpha1.ApplicationSet) error
 		*appsets = append(*appsets, &appset)

 	}
-	// we reach here if there is no error found while reading the Application Set
-	return nil
+
+	return fmt.Errorf("error reading app set: %w", err)
 }
--- a/cmd/util/repo.go
+++ b/cmd/util/repo.go
@@ -23,7 +23,6 @@ type RepoOptions struct {
 	GitHubAppEnterpriseBaseURL     string
 	Proxy                          string
 	GCPServiceAccountKeyPath       string
-	ForceHttpBasicAuth             bool
 }

 func AddRepoFlags(command *cobra.Command, opts *RepoOptions) {
@@ -45,5 +44,4 @@ func AddRepoFlags(command *cobra.Command, opts *RepoOptions) {
 	command.Flags().StringVar(&opts.GitHubAppEnterpriseBaseURL, "github-app-enterprise-base-url", "", "base url to use when using GitHub Enterprise (e.g. https://ghe.example.com/api/v3")
 	command.Flags().StringVar(&opts.Proxy, "proxy", "", "use proxy to access repository")
 	command.Flags().StringVar(&opts.GCPServiceAccountKeyPath, "gcp-service-account-key-path", "", "service account key for the Google Cloud Platform")
-	command.Flags().BoolVar(&opts.ForceHttpBasicAuth, "force-http-basic-auth", false, "whether to force use of basic auth when connecting repository via HTTP")
 }
--- a/cmpserver/apiclient/plugin.pb.go
+++ b/cmpserver/apiclient/plugin.pb.go
@@ -318,7 +318,6 @@ func (m *ManifestResponse) GetSourceType() string {

 type RepositoryResponse struct {
 	IsSupported          bool     `protobuf:"varint,1,opt,name=isSupported,proto3" json:"isSupported,omitempty"`
-	IsDiscoveryEnabled   bool     `protobuf:"varint,2,opt,name=isDiscoveryEnabled,proto3" json:"isDiscoveryEnabled,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -364,13 +363,6 @@ func (m *RepositoryResponse) GetIsSupported() bool {
 	return false
 }

-func (m *RepositoryResponse) GetIsDiscoveryEnabled() bool {
-	if m != nil {
-		return m.IsDiscoveryEnabled
-	}
-	return false
-}
-
 // ParametersAnnouncementResponse contains a list of announcements. This list represents all the parameters which a CMP
 // is able to accept.
 type ParametersAnnouncementResponse struct {
@@ -480,43 +472,42 @@ func init() {
 func init() { proto.RegisterFile("cmpserver/plugin/plugin.proto", fileDescriptor_b21875a7079a06ed) }

 var fileDescriptor_b21875a7079a06ed = []byte{
-	// 576 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x94, 0xdd, 0x6e, 0x12, 0x4f,
-	0x14, 0xc0, 0xbb, 0x85, 0xb6, 0x70, 0x68, 0xf2, 0x27, 0x93, 0x7f, 0x74, 0x25, 0x2d, 0xe2, 0x5e,
-	0x18, 0x6e, 0x84, 0x04, 0xbd, 0x35, 0xb1, 0x55, 0x6c, 0xa3, 0xc1, 0x90, 0xa9, 0x37, 0x7a, 0x37,
-	0x1d, 0x0e, 0x30, 0x76, 0x77, 0x66, 0x9c, 0x99, 0xdd, 0x04, 0xbd, 0xf1, 0x3d, 0x7c, 0x00, 0x5f,
-	0xc5, 0x4b, 0x1f, 0xc1, 0xf4, 0x49, 0x0c, 0xb3, 0xbb, 0x40, 0x6c, 0x8b, 0x57, 0x7b, 0x3e, 0x7f,
-	0x7b, 0xbe, 0x32, 0x70, 0xcc, 0x13, 0x6d, 0xd1, 0x64, 0x68, 0xfa, 0x3a, 0x4e, 0x67, 0x42, 0x16,
-	0x9f, 0x9e, 0x36, 0xca, 0x29, 0xb2, 0x9f, 0x6b, 0xad, 0xe1, 0x4c, 0xb8, 0x79, 0x7a, 0xd9, 0xe3,
-	0x2a, 0xe9, 0x33, 0x33, 0x53, 0xda, 0xa8, 0x4f, 0x5e, 0x78, 0xc2, 0x27, 0xfd, 0x6c, 0xd0, 0x37,
-	0xa8, 0x55, 0x81, 0xf1, 0xa2, 0x70, 0xca, 0x2c, 0x36, 0xc4, 0x1c, 0x17, 0x7d, 0x0b, 0xa0, 0x79,
-	0xa2, 0xf5, 0x85, 0x33, 0xc8, 0x12, 0x8a, 0x9f, 0x53, 0xb4, 0x8e, 0x3c, 0x87, 0x5a, 0x82, 0x8e,
-	0x4d, 0x98, 0x63, 0x61, 0xd0, 0x09, 0xba, 0x8d, 0xc1, 0xc3, 0x5e, 0x51, 0xc4, 0x88, 0x49, 0x31,
-	0x45, 0xeb, 0x8a, 0xd0, 0x51, 0x11, 0x76, 0xbe, 0x43, 0x57, 0x29, 0x24, 0x82, 0xea, 0x54, 0xc4,
-	0x18, 0xee, 0xfa, 0xd4, 0xc3, 0x32, 0xf5, 0xb5, 0x88, 0xf1, 0x7c, 0x87, 0x7a, 0xdf, 0x69, 0x1d,
-	0x0e, 0x4c, 0x8e, 0x88, 0x7e, 0x04, 0x70, 0xff, 0x0e, 0x2c, 0x09, 0xe1, 0x80, 0x69, 0xfd, 0x8e,
-	0x25, 0xe8, 0x0b, 0xa9, 0xd3, 0x52, 0x25, 0x6d, 0x00, 0xa6, 0x35, 0xc5, 0x78, 0xcc, 0xdc, 0xdc,
-	0xff, 0xaa, 0x4e, 0x37, 0x2c, 0xa4, 0x05, 0x35, 0x3e, 0x47, 0x7e, 0x65, 0xd3, 0x24, 0xac, 0x78,
-	0xef, 0x4a, 0x27, 0x04, 0xaa, 0x56, 0x7c, 0xc1, 0xb0, 0xda, 0x09, 0xba, 0x15, 0xea, 0x65, 0x12,
-	0x41, 0x05, 0x65, 0x16, 0xee, 0x75, 0x2a, 0xdd, 0xc6, 0xa0, 0x59, 0xd6, 0x3c, 0x94, 0xd9, 0x50,
-	0x3a, 0xb3, 0xa0, 0x4b, 0x67, 0xf4, 0x0c, 0x6a, 0xa5, 0x61, 0xc9, 0x90, 0xeb, 0xb2, 0xbc, 0x4c,
-	0xfe, 0x87, 0xbd, 0x8c, 0xc5, 0x29, 0x16, 0xe5, 0xe4, 0x4a, 0x34, 0x86, 0xe6, 0xba, 0x3d, 0xab,
-	0x95, 0xb4, 0x48, 0x8e, 0xa0, 0x9e, 0x14, 0x36, 0x1b, 0x06, 0x9d, 0x4a, 0xb7, 0x4e, 0xd7, 0x86,
-	0x65, 0x6f, 0x56, 0xa5, 0x86, 0xe3, 0xfb, 0x85, 0x2e, 0x61, 0x1b, 0x96, 0x68, 0x0a, 0x84, 0xae,
-	0x16, 0xb9, 0x62, 0x76, 0xa0, 0x21, 0xec, 0x45, 0xaa, 0xb5, 0x32, 0x0e, 0x27, 0xbe, 0xb0, 0x1a,
-	0xdd, 0x34, 0x91, 0x1e, 0x10, 0x61, 0x5f, 0x09, 0xcb, 0x55, 0x86, 0x66, 0x31, 0x94, 0xec, 0x32,
-	0xc6, 0x89, 0xe7, 0xd7, 0xe8, 0x2d, 0x9e, 0xe8, 0x2b, 0xb4, 0xc7, 0xcc, 0xb0, 0x04, 0x1d, 0x1a,
-	0x7b, 0x22, 0xa5, 0x4a, 0x25, 0xc7, 0x04, 0xe5, 0xba, 0x8f, 0x0f, 0x70, 0x4f, 0x97, 0x11, 0x9b,
-	0x01, 0x79, 0x53, 0x8d, 0xc1, 0xa3, 0xde, 0xc6, 0xc5, 0x8d, 0x6f, 0x8b, 0xa4, 0x77, 0x00, 0xa2,
-	0x23, 0xa8, 0x2e, 0x2f, 0x66, 0x39, 0x54, 0x3e, 0x4f, 0xe5, 0x95, 0x6f, 0xe8, 0x90, 0xe6, 0xca,
-	0xe0, 0xfb, 0x2e, 0x1c, 0xbf, 0x54, 0x72, 0x2a, 0x66, 0x23, 0x26, 0xd9, 0xcc, 0xe7, 0x8c, 0xfd,
-	0xce, 0x2e, 0xd0, 0x64, 0x82, 0x23, 0x79, 0x03, 0xcd, 0x33, 0x94, 0x68, 0x98, 0xc3, 0x72, 0xfc,
-	0x24, 0x2c, 0xf7, 0xfa, 0xf7, 0xc9, 0xb7, 0xc2, 0x9b, 0x07, 0x9e, 0xb7, 0x18, 0xed, 0x74, 0x03,
-	0xf2, 0x16, 0xfe, 0x1b, 0x31, 0xc7, 0xe7, 0xeb, 0xa9, 0x6f, 0x41, 0xb5, 0x4a, 0xcf, 0xcd, 0x1d,
-	0x79, 0x18, 0x83, 0x07, 0x67, 0xe8, 0x6e, 0x1f, 0xec, 0x16, 0xec, 0xe3, 0xd2, 0xb3, 0x7d, 0x25,
-	0xcb, 0x5f, 0x9c, 0xbe, 0xf8, 0x79, 0xdd, 0x0e, 0x7e, 0x5d, 0xb7, 0x83, 0xdf, 0xd7, 0xed, 0xe0,
-	0xe3, 0xe0, 0x1f, 0x4f, 0xc5, 0xfa, 0xc1, 0x61, 0x5a, 0xf0, 0x58, 0xa0, 0x74, 0x97, 0xfb, 0xfe,
-	0x79, 0x78, 0xfa, 0x27, 0x00, 0x00, 0xff, 0xff, 0x23, 0x88, 0x8e, 0xd3, 0x8e, 0x04, 0x00, 0x00,
+	// 558 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0xc1, 0x6e, 0xd3, 0x4c,
+	0x10, 0xae, 0x9b, 0xb4, 0x4d, 0x26, 0x95, 0xfe, 0x68, 0xf5, 0x0b, 0x4c, 0xd4, 0x86, 0xe0, 0x03,
+	0xca, 0x85, 0x44, 0x32, 0x88, 0x1b, 0x12, 0x2d, 0x2a, 0xad, 0x40, 0x41, 0xd1, 0x96, 0x0b, 0xdc,
+	0xb6, 0xce, 0x24, 0x59, 0x6a, 0xef, 0x2e, 0xeb, 0xb5, 0xa5, 0xc0, 0x85, 0xf7, 0xe0, 0x01, 0x78,
+	0x15, 0x8e, 0x3c, 0x02, 0xca, 0x93, 0x20, 0xaf, 0xed, 0xd8, 0xa2, 0x6d, 0x38, 0x79, 0xe6, 0x9b,
+	0x99, 0x6f, 0xbf, 0x9d, 0x99, 0x35, 0x1c, 0x07, 0x91, 0x8a, 0x51, 0xa7, 0xa8, 0xc7, 0x2a, 0x4c,
+	0x16, 0x5c, 0x14, 0x9f, 0x91, 0xd2, 0xd2, 0x48, 0xb2, 0x9f, 0x7b, 0xbd, 0xb3, 0x05, 0x37, 0xcb,
+	0xe4, 0x6a, 0x14, 0xc8, 0x68, 0xcc, 0xf4, 0x42, 0x2a, 0x2d, 0x3f, 0x59, 0xe3, 0x49, 0x30, 0x1b,
+	0xa7, 0xfe, 0x58, 0xa3, 0x92, 0x05, 0x8d, 0x35, 0xb9, 0x91, 0x7a, 0x55, 0x33, 0x73, 0x3a, 0xef,
+	0x9b, 0x03, 0xdd, 0x13, 0xa5, 0x2e, 0x8d, 0x46, 0x16, 0x51, 0xfc, 0x9c, 0x60, 0x6c, 0xc8, 0x0b,
+	0x68, 0x45, 0x68, 0xd8, 0x8c, 0x19, 0xe6, 0x3a, 0x03, 0x67, 0xd8, 0xf1, 0x1f, 0x8e, 0x0a, 0x11,
+	0x13, 0x26, 0xf8, 0x1c, 0x63, 0x53, 0xa4, 0x4e, 0x8a, 0xb4, 0x8b, 0x1d, 0xba, 0x29, 0x21, 0x1e,
+	0x34, 0xe7, 0x3c, 0x44, 0x77, 0xd7, 0x96, 0x1e, 0x96, 0xa5, 0xaf, 0x79, 0x88, 0x17, 0x3b, 0xd4,
+	0xc6, 0x4e, 0xdb, 0x70, 0xa0, 0x73, 0x0a, 0xef, 0x87, 0x03, 0xf7, 0xef, 0xa0, 0x25, 0x2e, 0x1c,
+	0x30, 0xa5, 0xde, 0xb1, 0x08, 0xad, 0x90, 0x36, 0x2d, 0x5d, 0xd2, 0x07, 0x60, 0x4a, 0x51, 0x0c,
+	0xa7, 0xcc, 0x2c, 0xed, 0x51, 0x6d, 0x5a, 0x43, 0x48, 0x0f, 0x5a, 0xc1, 0x12, 0x83, 0xeb, 0x38,
+	0x89, 0xdc, 0x86, 0x8d, 0x6e, 0x7c, 0x42, 0xa0, 0x19, 0xf3, 0x2f, 0xe8, 0x36, 0x07, 0xce, 0xb0,
+	0x41, 0xad, 0x4d, 0x3c, 0x68, 0xa0, 0x48, 0xdd, 0xbd, 0x41, 0x63, 0xd8, 0xf1, 0xbb, 0xa5, 0xe6,
+	0x33, 0x91, 0x9e, 0x09, 0xa3, 0x57, 0x34, 0x0b, 0x7a, 0xcf, 0xa0, 0x55, 0x02, 0x19, 0x87, 0xa8,
+	0x64, 0x59, 0x9b, 0xfc, 0x0f, 0x7b, 0x29, 0x0b, 0x13, 0x2c, 0xe4, 0xe4, 0x8e, 0x37, 0x85, 0x6e,
+	0x75, 0xbd, 0x58, 0x49, 0x11, 0x23, 0x39, 0x82, 0x76, 0x54, 0x60, 0xb1, 0xeb, 0x0c, 0x1a, 0xc3,
+	0x36, 0xad, 0x80, 0xec, 0x6e, 0xb1, 0x4c, 0x74, 0x80, 0xef, 0x57, 0xaa, 0x24, 0xab, 0x21, 0xde,
+	0x73, 0x20, 0x74, 0x33, 0xc8, 0x0d, 0xe7, 0x00, 0x3a, 0x3c, 0xbe, 0x4c, 0x94, 0x92, 0xda, 0xe0,
+	0xcc, 0x0a, 0x6b, 0xd1, 0x3a, 0xe4, 0x7d, 0x85, 0xfe, 0x94, 0x69, 0x16, 0xa1, 0x41, 0x1d, 0x9f,
+	0x08, 0x21, 0x13, 0x11, 0x60, 0x84, 0xa2, 0xd2, 0xf5, 0x01, 0xee, 0xa9, 0x32, 0xa3, 0x9e, 0x90,
+	0x8b, 0xec, 0xf8, 0x8f, 0x46, 0xb5, 0x0d, 0x9a, 0xde, 0x96, 0x49, 0xef, 0x20, 0xf0, 0x8e, 0xa0,
+	0x99, 0x6d, 0x40, 0xd6, 0xa4, 0x60, 0x99, 0x88, 0x6b, 0x2b, 0xf0, 0x90, 0xe6, 0x8e, 0xff, 0x7d,
+	0x17, 0x8e, 0x5f, 0x49, 0x31, 0xe7, 0x8b, 0x09, 0x13, 0x6c, 0x61, 0x6b, 0xa6, 0x76, 0x06, 0x97,
+	0xa8, 0x53, 0x1e, 0x20, 0x79, 0x03, 0xdd, 0x73, 0x14, 0xa8, 0x99, 0xc1, 0xb2, 0x9d, 0xc4, 0x2d,
+	0xe7, 0xf4, 0xf7, 0x0a, 0xf7, 0xdc, 0x9b, 0x0b, 0x9b, 0x5f, 0xd1, 0xdb, 0x19, 0x3a, 0xe4, 0x2d,
+	0xfc, 0x37, 0x61, 0x26, 0x58, 0x56, 0x5d, 0xdc, 0x42, 0xd5, 0x2b, 0x23, 0x37, 0x7b, 0x6e, 0xc9,
+	0x18, 0x3c, 0x38, 0x47, 0x73, 0x7b, 0x63, 0xb7, 0xd0, 0x3e, 0x2e, 0x23, 0xdb, 0x47, 0x92, 0x1d,
+	0x71, 0xfa, 0xf2, 0xe7, 0xba, 0xef, 0xfc, 0x5a, 0xf7, 0x9d, 0xdf, 0xeb, 0xbe, 0xf3, 0xd1, 0xff,
+	0xc7, 0xd3, 0xaf, 0x7e, 0x20, 0x4c, 0xf1, 0x20, 0xe4, 0x28, 0xcc, 0xd5, 0xbe, 0x7d, 0xee, 0x4f,
+	0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0x33, 0x34, 0xb3, 0x95, 0x5e, 0x04, 0x00, 0x00,
 }

 // Reference imports to suppress errors if they are not otherwise used.
@@ -1034,16 +1025,6 @@ func (m *RepositoryResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if m.IsDiscoveryEnabled {
-		i--
-		if m.IsDiscoveryEnabled {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i--
-		dAtA[i] = 0x10
-	}
 	if m.IsSupported {
 		i--
 		if m.IsSupported {
@@ -1266,9 +1247,6 @@ func (m *RepositoryResponse) Size() (n int) {
 	if m.IsSupported {
 		n += 2
 	}
-	if m.IsDiscoveryEnabled {
-		n += 2
-	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
@@ -1915,26 +1893,6 @@ func (m *RepositoryResponse) Unmarshal(dAtA []byte) error {
 				}
 			}
 			m.IsSupported = bool(v != 0)
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IsDiscoveryEnabled", wireType)
-			}
-			var v int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowPlugin
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			m.IsDiscoveryEnabled = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipPlugin(dAtA[iNdEx:])
--- a/cmpserver/plugin/config.go
+++ b/cmpserver/plugin/config.go
@@ -22,11 +22,11 @@ type PluginConfig struct {
 }

 type PluginConfigSpec struct {
-	Version    string     `json:"version"`
-	Init       Command    `json:"init,omitempty"`
-	Generate   Command    `json:"generate"`
-	Discover   Discover   `json:"discover"`
-	Parameters Parameters `yaml:"parameters"`
+	Version          string     `json:"version"`
+	Init             Command    `json:"init,omitempty"`
+	Generate         Command    `json:"generate"`
+	Discover         Discover   `json:"discover"`
+	Parameters       Parameters `yaml:"parameters"`
 }

 //Discover holds find and fileName
@@ -84,7 +84,9 @@ func ValidatePluginConfig(config PluginConfig) error {
 	if len(config.Spec.Generate.Command) == 0 {
 		return fmt.Errorf("invalid plugin configuration file. spec.generate command should be non-empty")
 	}
-	// discovery field is optional as apps can now specify plugin names directly
+	if config.Spec.Discover.Find.Glob == "" && len(config.Spec.Discover.Find.Command.Command) == 0 && config.Spec.Discover.FileName == "" {
+		return fmt.Errorf("invalid plugin configuration file. atleast one of discover.find.command or discover.find.glob or discover.fineName should be non-empty")
+	}
 	return nil
 }

--- a/cmpserver/plugin/plugin.go
+++ b/cmpserver/plugin/plugin.go
@@ -273,11 +273,11 @@ func (s *Service) matchRepositoryGeneric(stream MatchRepositoryStream) error {
 		return fmt.Errorf("match repository error receiving stream: %w", err)
 	}

-	isSupported, isDiscoveryEnabled, err := s.matchRepository(bufferedCtx, workDir, metadata.GetEnv())
+	isSupported, err := s.matchRepository(bufferedCtx, workDir, metadata.GetEnv())
 	if err != nil {
 		return fmt.Errorf("match repository error: %w", err)
 	}
-	repoResponse := &apiclient.RepositoryResponse{IsSupported: isSupported, IsDiscoveryEnabled: isDiscoveryEnabled}
+	repoResponse := &apiclient.RepositoryResponse{IsSupported: isSupported}

 	err = stream.SendAndClose(repoResponse)
 	if err != nil {
@@ -286,9 +286,8 @@ func (s *Service) matchRepositoryGeneric(stream MatchRepositoryStream) error {
 	return nil
 }

-func (s *Service) matchRepository(ctx context.Context, workdir string, envEntries []*apiclient.EnvEntry) (isSupported bool, isDiscoveryEnabled bool, err error) {
+func (s *Service) matchRepository(ctx context.Context, workdir string, envEntries []*apiclient.EnvEntry) (bool, error) {
 	config := s.initConstants.PluginConfig
-
 	if config.Spec.Discover.FileName != "" {
 		log.Debugf("config.Spec.Discover.FileName is provided")
 		pattern := filepath.Join(workdir, config.Spec.Discover.FileName)
@@ -296,9 +295,9 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie
 		if err != nil {
 			e := fmt.Errorf("error finding filename match for pattern %q: %w", pattern, err)
 			log.Debug(e)
-			return false, true, e
+			return false, e
 		}
-		return len(matches) > 0, true, nil
+		return len(matches) > 0, nil
 	}

 	if config.Spec.Discover.Find.Glob != "" {
@@ -310,23 +309,27 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie
 		if err != nil {
 			e := fmt.Errorf("error finding glob match for pattern %q: %w", pattern, err)
 			log.Debug(e)
-			return false, true, e
+			return false, e
 		}

-		return len(matches) > 0, true, nil
-	}
-
-	if len(config.Spec.Discover.Find.Command.Command) > 0 {
-		log.Debugf("Going to try runCommand.")
-		env := append(os.Environ(), environ(envEntries)...)
-		find, err := runCommand(ctx, config.Spec.Discover.Find.Command, workdir, env)
-		if err != nil {
-			return false, true, fmt.Errorf("error running find command: %w", err)
+		if len(matches) > 0 {
+			return true, nil
 		}
-		return find != "", true, nil
+		return false, nil
 	}

-	return false, false, nil
+	log.Debugf("Going to try runCommand.")
+	env := append(os.Environ(), environ(envEntries)...)
+
+	find, err := runCommand(ctx, config.Spec.Discover.Find.Command, workdir, env)
+	if err != nil {
+		return false, fmt.Errorf("error running find command: %w", err)
+	}
+
+	if find != "" {
+		return true, nil
+	}
+	return false, nil
 }

 // ParametersAnnouncementStream defines an interface able to send/receive a stream of parameter announcements.
--- a/cmpserver/plugin/plugin.proto
+++ b/cmpserver/plugin/plugin.proto
@@ -44,7 +44,6 @@ message ManifestResponse {

 message RepositoryResponse {
    bool isSupported = 1;
-    bool isDiscoveryEnabled = 2;
 }

 // ParametersAnnouncementResponse contains a list of announcements. This list represents all the parameters which a CMP
--- a/cmpserver/plugin/plugin_test.go
+++ b/cmpserver/plugin/plugin_test.go
@@ -99,12 +99,11 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		match, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
 		assert.True(t, match)
-		assert.True(t, discovery)
 	})
 	t.Run("will not match plugin by filename if file not found", func(t *testing.T) {
 		// given
@@ -114,12 +113,11 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		match, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
 		assert.False(t, match)
-		assert.True(t, discovery)
 	})
 	t.Run("will not match a pattern with a syntax error", func(t *testing.T) {
 		// given
@@ -129,7 +127,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		_, _, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		_, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.ErrorContains(t, err, "syntax error")
@@ -144,12 +142,11 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		match, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
 		assert.True(t, match)
-		assert.True(t, discovery)
 	})
 	t.Run("will not match plugin by glob if not found", func(t *testing.T) {
 		// given
@@ -161,12 +158,11 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		match, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
 		assert.False(t, match)
-		assert.True(t, discovery)
 	})
 	t.Run("will throw an error for a bad pattern", func(t *testing.T) {
 		// given
@@ -178,7 +174,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		_, _, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		_, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.ErrorContains(t, err, "error finding glob match for pattern")
@@ -195,12 +191,11 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		match, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
 		assert.True(t, match)
-		assert.True(t, discovery)
 	})
 	t.Run("will not match plugin by command when returns no output", func(t *testing.T) {
 		// given
@@ -214,11 +209,11 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		match, err := f.service.matchRepository(context.Background(), f.path, f.env)
+
 		// then
 		assert.NoError(t, err)
 		assert.False(t, match)
-		assert.True(t, discovery)
 	})
 	t.Run("will match plugin because env var defined", func(t *testing.T) {
 		// given
@@ -232,12 +227,11 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		match, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
 		assert.True(t, match)
-		assert.True(t, discovery)
 	})
 	t.Run("will not match plugin because no env var defined", func(t *testing.T) {
 		// given
@@ -252,12 +246,11 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		match, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
 		assert.False(t, match)
-		assert.True(t, discovery)
 	})
 	t.Run("will not match plugin by command when command fails", func(t *testing.T) {
 		// given
@@ -271,25 +264,11 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
+		match, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.Error(t, err)
 		assert.False(t, match)
-		assert.True(t, discovery)
-	})
-	t.Run("will not match plugin as discovery is not set", func(t *testing.T) {
-		// given
-		d := Discover{}
-		f := setup(t, withDiscover(d))
-
-		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
-
-		// then
-		assert.NoError(t, err)
-		assert.False(t, match)
-		assert.False(t, discovery)
 	})
 }

--- a/common/common.go
+++ b/common/common.go
@@ -8,8 +8,6 @@ import (
 	"time"

 	"github.com/sirupsen/logrus"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 )

 // Default service addresses and URLS of Argo CD internal services
@@ -225,7 +223,13 @@ const (
 	// DefaultCMPWorkDirName defines the work directory name used by the cmp-server
 	DefaultCMPWorkDirName = "_cmp_server"

-	ConfigMapPluginDeprecationWarning = "argocd-cm plugins are deprecated, and support will be removed in v2.7. Upgrade your plugin to be installed via sidecar. https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/"
+	ConfigMapPluginDeprecationWarning = "argocd-cm plugins are deprecated, and support will be removed in v2.6. Upgrade your plugin to be installed via sidecar. https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/"
+
+	ConfigMapPluginCLIDeprecationWarning = "spec.plugin.name is set, which means this Application uses a plugin installed in the " +
+		"argocd-cm ConfigMap. Installing plugins via that ConfigMap is deprecated in Argo CD v2.5. " +
+		"Starting in Argo CD v2.6, this Application will fail to sync. Contact your Argo CD admin " +
+		"to make sure an upgrade plan is in place. More info: " +
+		"https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.4-2.5/"
 )

 const (
@@ -318,5 +322,3 @@ const (
 const TokenVerificationError = "failed to verify the token"

 var TokenVerificationErr = errors.New(TokenVerificationError)
-
-var PermissionDeniedAPIError = status.Error(codes.PermissionDenied, "permission denied")
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -417,7 +417,7 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 	nodes := make([]appv1.ResourceNode, 0)
 	proj, err := ctrl.getAppProj(a)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to get project: %w", err)
 	}

 	orphanedNodesMap := make(map[kube.ResourceKey]appv1.ResourceNode)
@@ -425,7 +425,7 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 	if proj.Spec.OrphanedResources != nil {
 		orphanedNodesMap, err = ctrl.stateCache.GetNamespaceTopLevelResources(a.Spec.Destination.Server, a.Spec.Destination.Namespace)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("failed to get namespace top-level resources: %w", err)
 		}
 		warnOrphaned = proj.Spec.OrphanedResources.IsWarn()
 	}
@@ -435,12 +435,12 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 		var live = &unstructured.Unstructured{}
 		err := json.Unmarshal([]byte(managedResource.LiveState), &live)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("failed to unmarshal live state of managed resources: %w", err)
 		}
 		var target = &unstructured.Unstructured{}
 		err = json.Unmarshal([]byte(managedResource.TargetState), &target)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("failed to unmarshal target state of managed resources: %w", err)
 		}

 		if live == nil {
@@ -456,7 +456,11 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 		} else {
 			err := ctrl.stateCache.IterateHierarchy(a.Spec.Destination.Server, kube.GetResourceKey(live), func(child appv1.ResourceNode, appName string) bool {
 				permitted, _ := proj.IsResourcePermitted(schema.GroupKind{Group: child.ResourceRef.Group, Kind: child.ResourceRef.Kind}, child.Namespace, a.Spec.Destination, func(project string) ([]*appv1.Cluster, error) {
-					return ctrl.db.GetProjectClusters(context.TODO(), project)
+					clusters, err := ctrl.db.GetProjectClusters(context.TODO(), project)
+					if err != nil {
+						return nil, fmt.Errorf("failed to get project clusters: %w", err)
+					}
+					return clusters, nil
 				})
 				if !permitted {
 					return false
@@ -465,7 +469,7 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 				return true
 			})
 			if err != nil {
-				return nil, err
+				return nil, fmt.Errorf("failed to iterate resource hierarchy: %w", err)
 			}
 		}
 	}
@@ -514,7 +518,7 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed

 	hosts, err := ctrl.getAppHosts(a, nodes)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to get app hosts: %w", err)
 	}
 	return &appv1.ApplicationTree{Nodes: nodes, OrphanedNodes: orphanedNodes, Hosts: hosts}, nil
 }
@@ -1356,7 +1360,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 		} else {
 			var tree *appv1.ApplicationTree
 			if tree, err = ctrl.getResourceTree(app, managedResources); err == nil {
-				app.Status.Summary = tree.GetSummary()
+				app.Status.Summary = tree.GetSummary(app)
 				if err := ctrl.cache.SetAppResourcesTree(app.InstanceName(ctrl.namespace), tree); err != nil {
 					logCtx.Errorf("Failed to cache resources tree: %v", err)
 					return
@@ -1430,7 +1434,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 	if err != nil {
 		logCtx.Errorf("Failed to cache app resources: %v", err)
 	} else {
-		app.Status.Summary = tree.GetSummary()
+		app.Status.Summary = tree.GetSummary(app)
 	}

 	if project.Spec.SyncWindows.Matches(app).CanSync(false) {
--- a/controller/cache/cache.go
+++ b/controller/cache/cache.go
@@ -220,10 +220,10 @@ func asResourceNode(r *clustercache.Resource) appv1.ResourceNode {
 		gv = schema.GroupVersion{}
 	}
 	parentRefs := make([]appv1.ResourceRef, len(r.OwnerRefs))
-	for _, ownerRef := range r.OwnerRefs {
+	for i, ownerRef := range r.OwnerRefs {
 		ownerGvk := schema.FromAPIVersionAndKind(ownerRef.APIVersion, ownerRef.Kind)
 		ownerKey := kube.NewResourceKey(ownerGvk.Group, ownerRef.Kind, r.Ref.Namespace, ownerRef.Name)
-		parentRefs[0] = appv1.ResourceRef{Name: ownerRef.Name, Kind: ownerKey.Kind, Namespace: r.Ref.Namespace, Group: ownerKey.Group, UID: string(ownerRef.UID)}
+		parentRefs[i] = appv1.ResourceRef{Name: ownerRef.Name, Kind: ownerKey.Kind, Namespace: r.Ref.Namespace, Group: ownerKey.Group, UID: string(ownerRef.UID)}
 	}
 	var resHealth *appv1.HealthStatus
 	resourceInfo := resInfo(r)
--- a/controller/cache/cache_test.go
+++ b/controller/cache/cache_test.go
@@ -6,10 +6,11 @@ import (
 	"net/url"
 	"testing"

-	apierr "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-
 	"github.com/stretchr/testify/assert"
+	"k8s.io/api/core/v1"
+	apierr "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"

 	"github.com/argoproj/gitops-engine/pkg/cache"
 	"github.com/argoproj/gitops-engine/pkg/cache/mocks"
@@ -153,3 +154,51 @@ func TestIsRetryableError(t *testing.T) {
 		assert.True(t, isRetryableError(connectionReset))
 	})
 }
+
+func Test_asResourceNode_owner_refs(t *testing.T) {
+	resNode := asResourceNode(&cache.Resource{
+		ResourceVersion: "",
+		Ref: v1.ObjectReference{
+			APIVersion: "v1",
+		},
+		OwnerRefs: []metav1.OwnerReference{
+			{
+				APIVersion: "v1",
+				Kind:       "ConfigMap",
+				Name:       "cm-1",
+			},
+			{
+				APIVersion: "v1",
+				Kind:       "ConfigMap",
+				Name:       "cm-2",
+			},
+		},
+		CreationTimestamp: nil,
+		Info:              nil,
+		Resource:          nil,
+	})
+	expected := appv1.ResourceNode{
+		ResourceRef: appv1.ResourceRef{
+			Version: "v1",
+		},
+		ParentRefs: []appv1.ResourceRef{
+			{
+				Group: "",
+				Kind:  "ConfigMap",
+				Name:  "cm-1",
+			},
+			{
+				Group: "",
+				Kind:  "ConfigMap",
+				Name:  "cm-2",
+			},
+		},
+		Info:            nil,
+		NetworkingInfo:  nil,
+		ResourceVersion: "",
+		Images:          nil,
+		Health:          nil,
+		CreatedAt:       nil,
+	}
+	assert.Equal(t, expected, resNode)
+}
--- a/docs/cli_installation.md
+++ b/docs/cli_installation.md
@@ -39,6 +39,31 @@ rm argocd-linux-amd64

 You should now be able to run `argocd` commands.

+
+## Mac (M1)
+
+### Download With Curl
+
+You can view the latest version of Argo CD at the link above or run the following command to grab the version:
+
+```bash
+VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
+```
+
+Replace `VERSION` in the command below with the version of Argo CD you would like to download:
+
+```bash
+curl -sSL -o argocd-darwin-arm64 https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-darwin-arm64
+```
+
+Install the Argo CD CLI binary:
+
+```bash
+sudo install -m 555 argocd-darwin-arm64 /usr/local/bin/argocd
+rm argocd-darwin-arm64
+```
+
+
 ## Mac

 ### Homebrew
--- a/docs/developer-guide/release-process-and-cadence.md
+++ b/docs/developer-guide/release-process-and-cadence.md
@@ -10,7 +10,7 @@ These are the upcoming releases dates:
 |---------|--------------------------|-----------------------|----------------------|-------------------------------------------------------|---------------------------------------------------------------|
 | v2.6    | Monday, Dec. 12, 2022    | Monday, Dec. 19, 2022 | Monday, Feb. 6, 2023 | [William Tam](https://github.com/wtam2018)            | [checklist](https://github.com/argoproj/argo-cd/issues/11563) |
 | v2.7    | Monday, Mar. 6, 2023     | Monday, Mar. 20, 2023 | Monday, May. 1, 2023 | [Pavel Kostohrys](https://github.com/pasha-codefresh) |
-| v2.8    | Monday, Jun. 5, 2023     | Monday, Jun. 19, 2023 | Monday, Aug. 7, 2023 | [Keith Chong](https://github.keithchong)
+| v2.8    | Monday, Jun. 5, 2023     | Monday, Jun. 19, 2023 | Monday, Aug. 7, 2023 |
 | v2.9    | Monday, Sep. 4, 2023     | Monday, Sep. 18, 2023 | Monday, Nov. 6, 2023 |

 Actual release dates might differ from the plan by a few days.
--- a/docs/developer-guide/toolchain-guide.md
+++ b/docs/developer-guide/toolchain-guide.md
@@ -117,6 +117,27 @@ The Docker container for the virtualized toolchain will use the following local

 The following steps are required no matter whether you chose to use a virtualized or a local toolchain.

+!!!note "Docker privileges"
+    If you opt in to use the virtualized toolchain, you will need to have the
+    appropriate privileges to interact with the Docker daemon. It is not
+    recommended to work as the root user, and if your user does not have the
+    permissions to talk to the Docker user, but you have `sudo` setup on your
+    system, you can set the environment variable `SUDO` to `sudo` in order to
+    have the build scripts make any calls to the `docker` CLI using sudo,
+    without affecting the other parts of the build scripts (which should be
+    executed with your normal user privileges).
+
+    You can either set this before calling `make`, like so for example:
+
+    ```
+    SUDO=sudo make sometarget
+    ```
+
+    Or you can opt to export this permanently to your environment, for example
+    ```
+    export SUDO=sudo
+    ```
+
 ### Clone the Argo CD repository from your personal fork on GitHub

 * `mkdir -p ~/go/src/github.com/argoproj`
--- a/docs/operator-manual/application.yaml
+++ b/docs/operator-manual/application.yaml
@@ -142,10 +142,7 @@ spec:

  # Destination cluster and namespace to deploy the application
  destination:
-    # cluster API URL
    server: https://kubernetes.default.svc
-    # or cluster name
-    # name: in-cluster
    # The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
    namespace: guestbook

--- a/docs/operator-manual/applicationset.yaml
+++ b/docs/operator-manual/applicationset.yaml
@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: test-hello-world-appset
+  namespace: argocd
+spec:
+  # See docs for available generators and their specs.
+  generators:
+  - list:
+      elements:
+      - cluster: https://kubernetes.default.svc
+  # Determines whether go templating will be used in the `template` field below.
+  goTemplate: false
+  # These fields are identical to the Application spec.
+  template:
+    metadata:
+      name: test-hello-world-app
+    spec:
+      project: my-project
+  # This sync policy pertains to the ApplicationSet, not to the Applications it creates.
+  syncPolicy:
+    # Determines whether the controller will delete Applications when an ApplicationSet is deleted.
+    preserveResourcesOnDeletion: false
+  # Alpha feature to determine the order in which ApplicationSet applies changes.
+  strategy:
--- a/docs/operator-manual/applicationset/Progressive-Rollouts.md
+++ b/docs/operator-manual/applicationset/Progressive-Rollouts.md
@@ -1,21 +1,21 @@
-# Progressive Syncs
+# Progressive Rollouts

 !!! warning "Alpha Feature"
    This is an experimental, alpha-quality feature that allows you to control the order in which the ApplicationSet controller will create or update the Applications owned by an ApplicationSet resource. It may be removed in future releases or modified in backwards-incompatible ways.

 ## Use Cases
-The Progressive Syncs feature set is intended to be light and flexible. The feature only interacts with the health of managed Applications. It is not intended to support direct integrations with other Rollout controllers (such as the native ReplicaSet controller or Argo Rollouts).
+The Progressive Rollouts feature set is intended to be light and flexible. The feature only interacts with the health of managed Applications. It is not intended to support direct integrations with other Rollout controllers (such as the native ReplicaSet controller or Argo Rollouts).

-* Progressive Syncs watch for the managed Application resources to become "Healthy" before proceeding to the next stage.
+* Progressive Rollouts watch for the managed Application resources to become "Healthy" before proceeding to the next stage.
 * Deployments, DaemonSets, StatefulSets, and [Argo Rollouts](https://argoproj.github.io/argo-rollouts/) are all supported, because the Application enters a "Progressing" state while pods are being rolled out. In fact, any resource with a health check that can report a "Progressing" status is supported.
 * [Argo CD Resource Hooks](../../user-guide/resource_hooks.md) are supported. We recommend this approach for users that need advanced functionality when an Argo Rollout cannot be used, such as smoke testing after a DaemonSet change.

-## Enabling Progressive Syncs
-As an experimental feature, progressive syncs must be explicitly enabled, in one of these ways.
+## Enabling Progressive Rollouts
+As an experimental feature, progressive rollouts must be explicitly enabled, in one of these ways.

-1. Pass `--enable-progressive-syncs` to the ApplicationSet controller args.
-1. Set `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS=true` in the ApplicationSet controller environment variables.
-1. Set `applicationsetcontroller.enable.progressive.syncs: true` in the Argo CD ConfigMap.
+1. Pass `--enable-progressive-rollouts` to the ApplicationSet controller args.
+1. Set `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS=true` in the ApplicationSet controller environment variables.
+1. Set `applicationsetcontroller.enable.progressive.rollouts: true` in the ArgoCD ConfigMap.

 ## Strategies

@@ -31,7 +31,7 @@ All Applications managed by the ApplicationSet resource are updated simultaneous
 This update strategy allows you to group Applications by labels present on the generated Application resources.
 When the ApplicationSet changes, the changes will be applied to each group of Application resources sequentially.

-* Application groups are selected using their labels and `matchExpressions`.
+* Application groups are selected by `matchExpressions`.
 * All `matchExpressions` must be true for an Application to be selected (multiple expressions match with AND behavior).
 * The `In` and `NotIn` operators must match at least one value to be considered true (OR behavior).
 * The `NotIn` operatorn has priority in the event that both a `NotIn` and `In` operator produce a match.
@@ -44,7 +44,7 @@ When the ApplicationSet changes, the changes will be applied to each group of Ap
 * If an Application is considered "Pending" for `applicationsetcontroller.default.application.progressing.timeout` seconds, the Application is automatically moved to Healthy status (default 300).

 #### Example
-The following example illustrates how to stage a progressive sync over Applications with explicitly configured environment labels.
+The following example illustrates how to stage a progressive rollout over Applications with explicitly configured environment labels.

 Once a change is pushed, the following will happen in order.

@@ -76,19 +76,19 @@ spec:
    rollingSync:
      steps:
        - matchExpressions:
-            - key: envLabel
+            - key: env
              operator: In
              values:
                - env-dev
          #maxUpdate: 100%  # if undefined, all applications matched are updated together (default is 100%)
        - matchExpressions:
-            - key: envLabel
+            - key: env
              operator: In
              values:
                - env-qa
          maxUpdate: 0      # if 0, no matched applications will be updated
        - matchExpressions:
-            - key: envLabel
+            - key: env
              operator: In
              values:
                - env-prod
@@ -98,7 +98,7 @@ spec:
    metadata:
      name: '{{.cluster}}-guestbook'
      labels:
-        envLabel: '{{.env}}'
+        env: '{{.env}}'
    spec:
      project: my-project
      source:
--- a/docs/operator-manual/argocd-cmd-params-cm.yaml
+++ b/docs/operator-manual/argocd-cmd-params-cm.yaml
@@ -164,5 +164,5 @@ data:
  applicationsetcontroller.dryrun: "false"
  # Enable git submodule support
  applicationsetcontroller.enable.git.submodule: "true"
-  # Enables use of the Progressive Syncs capability
-  applicationsetcontroller.enable.progressive.syncs: "false"
+  # Enables use of the Progressive Rollouts capability
+  applicationsetcontroller.enable.progressive.rollouts: "false"
--- a/docs/operator-manual/argocd-repositories.yaml
+++ b/docs/operator-manual/argocd-repositories.yaml
@@ -4,33 +4,18 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: my-private-https-repo
+  name: my-private-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
 stringData:
-  url: https://github.com/argoproj/argocd-example-apps
+  url: https://github.com/argoproj/my-private-repository
  password: my-password
  username: my-username
-  insecure: "true" # Ignore validity of server's TLS certificate. Defaults to "false"
-  forceHttpBasicAuth: "true" # Skip auth method negotiation and force usage of HTTP basic auth. Defaults to "false"
-  enableLfs: "true" # Enable git-lfs for this repository. Defaults to "false"
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: my-private-ssh-repo
-  namespace: argocd
-  labels:
-    argocd.argoproj.io/secret-type: repository
-stringData:
-  url: ssh://git@github.com/argoproj/argocd-example-apps
  sshPrivateKey: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    ...
    -----END OPENSSH PRIVATE KEY-----
-  insecure: "true" # Do not perform a host key check for the server. Defaults to "false"
-  enableLfs: "true" # Enable git-lfs for this repository. Defaults to "false"
 ---
 apiVersion: v1
 kind: Secret
--- a/docs/operator-manual/config-management-plugins.md
+++ b/docs/operator-manual/config-management-plugins.md
@@ -20,21 +20,51 @@ The following sections will describe how to create, install, and use plugins. Ch

 There are two ways to install a Config Management Plugin:

- * **Sidecar plugin**
-   
-    This is a good option for a more complex plugin that would clutter the Argo CD ConfigMap. A copy of the repository is
-    sent to the sidecar container as a tarball and processed individually per application.
+1. Add the plugin config to the Argo CD ConfigMap (**this method is deprecated and will be removed in a future 
+   version**). The repo-server container will run your plugin's commands. This is a good option for a simple plugin that
+   requires only a few lines of code that fit nicely in the Argo CD ConfigMap.
+2. Add the plugin as a sidecar to the repo-server Pod.
+   This is a good option for a more complex plugin that would clutter the Argo CD ConfigMap. A copy of the repository is 
+   sent to the sidecar container as a tarball and processed individually per application, which makes it a good option 
+   for [concurrent processing of monorepos](high_availability.md#enable-concurrent-processing).

- * **ConfigMap plugin** (**this method is deprecated and will be removed in a future 
-   version**)
-   
-    The repo-server container will run your plugin's commands.
+### Option 1: Configure plugins via Argo CD configmap (deprecated)

-### Sidecar plugin
+The following changes are required to configure a new plugin:
+
+1. Make sure required binaries are available in `argocd-repo-server` pod. The binaries can be added via volume mounts or 
+   using a custom image (see [custom_tools](custom_tools.md) for examples of both).
+2. Register a new plugin in `argocd-cm` ConfigMap:
+
+        :::yaml
+        data:
+          configManagementPlugins: |
+            - name: pluginName
+              init:                          # Optional command to initialize application source directory
+                command: ["sample command"]
+                args: ["sample args"]
+              generate:                      # Command to generate manifests YAML
+                command: ["sample command"]
+                args: ["sample args"]
+              lockRepo: true                 # Defaults to false. See below.
+    
+    The `generate` command must print a valid YAML or JSON stream to stdout. Both `init` and `generate` commands are executed inside the application source directory or in `path` when specified for the app.
+
+3. [Create an Application which uses your new CMP](#using-a-cmp).
+
+More CMP examples are available in [argocd-example-apps](https://github.com/argoproj/argocd-example-apps/tree/master/plugins).
+
+!!!note "Repository locking"
+    If your plugin makes use of `git` (e.g. `git crypt`), it is advised to set
+    `lockRepo` to `true` so that your plugin will have exclusive access to the
+    repository at the time it is executed. Otherwise, two applications synced
+    at the same time may result in a race condition and sync failure.
+
+### Option 2: Configure plugin via sidecar

 An operator can configure a plugin tool via a sidecar to repo-server. The following changes are required to configure a new plugin:

-#### Write the plugin configuration file
+#### 1. Write the plugin configuration file

 Plugins will be configured via a ConfigManagementPlugin manifest located inside the plugin container.

@@ -62,8 +92,7 @@ spec:
      - |
        echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
  # The discovery config is applied to a repository. If every configured discovery tool matches, then the plugin may be
-  # used to generate manifests for Applications using the repository. If the discovery config is omitted then the plugin 
-  # will not match any application but can still be invoked explicitly by specifying the plugin name in the app spec. 
+  # used to generate manifests for Applications using the repository. 
  # Only one of fileName, find.glob, or find.command should be specified. If multiple are specified then only the 
  # first (in that order) is evaluated.
  discover:
@@ -138,7 +167,7 @@ If `discover.fileName` is not provided, the `discover.find.command` is executed
 application repository is supported by the plugin or not. The `find` command should return a non-error exit code
 and produce output to stdout when the application source type is supported.

-#### Place the plugin configuration file in the sidecar
+#### 2. Place the plugin configuration file in the sidecar

 Argo CD expects the plugin configuration file to be located at `/home/argocd/cmp-server/config/plugin.yaml` in the sidecar.

@@ -173,7 +202,7 @@ data:
        fileName: "./subdir/s*.yaml"
 ```

-#### Register the plugin sidecar
+#### 3. Register the plugin sidecar

 To install a plugin, patch argocd-repo-server to run the plugin container as a sidecar, with argocd-cmp-server as its 
 entrypoint. You can use either off-the-shelf or custom-built plugin image as sidecar image. For example:
@@ -212,40 +241,6 @@ volumes:
    2. Make sure that sidecar container is running as user 999.
    3. Make sure that plugin configuration file is present at `/home/argocd/cmp-server/config/plugin.yaml`. It can either be volume mapped via configmap or baked into image.

-### ConfigMap plugin
-
-!!! warning "Deprecated"
-    ConfigMap plugins are deprecated and will no longer be supported in 2.7.
-
-The following changes are required to configure a new plugin:
-
-1. Make sure required binaries are available in `argocd-repo-server` pod. The binaries can be added via volume mounts or
-   using a custom image (see [custom_tools](../operator-manual/custom_tools.md) for examples of both).
-2. Register a new plugin in `argocd-cm` ConfigMap:
-
-        data:
-          configManagementPlugins: |
-            - name: pluginName
-              init:                          # Optional command to initialize application source directory
-                command: ["sample command"]
-                args: ["sample args"]
-              generate:                      # Command to generate manifests YAML
-                command: ["sample command"]
-                args: ["sample args"]
-              lockRepo: true                 # Defaults to false. See below.
-   
-    The `generate` command must print a valid YAML or JSON stream to stdout. Both `init` and `generate` commands are executed inside the application source directory or in `path` when specified for the app.
-
-3. [Create an Application which uses your new CMP](#using-a-cmp).
-
-More CMP examples are available in [argocd-example-apps](https://github.com/argoproj/argocd-example-apps/tree/master/plugins).
-
-!!!note "Repository locking"
-    If your plugin makes use of `git` (e.g. `git crypt`), it is advised to set
-    `lockRepo` to `true` so that your plugin will have exclusive access to the
-    repository at the time it is executed. Otherwise, two applications synced
-    at the same time may result in a race condition and sync failure.
-
 ### Using environment variables in your plugin

 Plugin commands have access to
@@ -254,73 +249,82 @@ Plugin commands have access to
 2. [Standard build environment variables](../user-guide/build-environment.md)
 3. Variables in the Application spec (References to system and build variables will get interpolated in the variables' values):

-        apiVersion: argoproj.io/v1alpha1
-        kind: Application
-        spec:
-          source:
-            plugin:
-              env:
-                - name: FOO
-                  value: bar
-                - name: REV
-                  value: test-$ARGOCD_APP_REVISION
-   
-    !!! note
-        The `discover.find.command` command only has access to the above environment starting with v2.4.
-    
-    Before reaching the `init.command`, `generate.command`, and `discover.find.command` commands, Argo CD prefixes all 
-    user-supplied environment variables (#3 above) with `ARGOCD_ENV_`. This prevents users from directly setting 
-    potentially-sensitive environment variables.
-    
-    If your plugin was written before 2.4 and depends on user-supplied environment variables, then you will need to update
-    your plugin's behavior to work with 2.4. If you use a third-party plugin, make sure they explicitly advertise support
-    for 2.4.
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+spec:
+  source:
+    plugin:
+      env:
+        - name: FOO
+          value: bar
+        - name: REV
+          value: test-$ARGOCD_APP_REVISION
+```

-4. (Starting in v2.6) Parameters in the Application spec:
+!!! note
+    The `discover.command` command only has access to the above environment starting with v2.4.

-        apiVersion: argoproj.io/v1alpha1
-        kind: Application
-        spec:
-         source:
-           plugin:
-             parameters:
-               - name: values-files
-                 array: [values-dev.yaml]
-               - name: helm-parameters
-                 map:
-                   image.tag: v1.2.3
+Before reaching the `init.command`, `generate.command`, and `discover.command` commands, Argo CD prefixes all 
+user-supplied environment variables (#3 above) with `ARGOCD_ENV_`. This prevents users from directly setting 
+potentially-sensitive environment variables.
+
+If your plugin was written before 2.4 and depends on user-supplied environment variables, then you will need to update
+your plugin's behavior to work with 2.4. If you use a third-party plugin, make sure they explicitly advertise support
+for 2.4.
+
+4. (Starting in v2.4) Parameters in the Application spec:
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+spec:
+ source:
+   plugin:
+     parameters:
+       - name: values-files
+         array: [values-dev.yaml]
+       - name: helm-parameters
+         map:
+           image.tag: v1.2.3
+```
+
+The parameters are available as JSON in the `ARGOCD_APP_PARAMETERS` environment variable. The example above would
+produce this JSON:
+
+```json
+[{"name": "values-files", "array": ["values-dev.yaml"]}, {"name": "helm-parameters", "map": {"image.tag": "v1.2.3"}}]
+```
+
+!!! note
+    Parameter announcements, even if they specify defaults, are _not_ sent to the plugin in `ARGOCD_APP_PARAMETERS`.
+    Only parameters explicitly set in the Application spec are sent to the plugin. It is up to the plugin to apply
+    the same defaults as the ones announced to the UI.
+
+The same parameters are also available as individual environment variables. The names of the environment variables
+follows this convention:
+
+```yaml
+   - name: some-string-param
+     string: some-string-value
+   # PARAM_SOME_STRING_PARAM=some-string-value
   
-    The parameters are available as JSON in the `ARGOCD_APP_PARAMETERS` environment variable. The example above would
-    produce this JSON:
+   - name: some-array-param
+     value: [item1, item2]
+   # PARAM_SOME_ARRAY_PARAM_0=item1
+   # PARAM_SOME_ARRAY_PARAM_1=item2
   
-        [{"name": "values-files", "array": ["values-dev.yaml"]}, {"name": "helm-parameters", "map": {"image.tag": "v1.2.3"}}]
-   
-    !!! note
-        Parameter announcements, even if they specify defaults, are _not_ sent to the plugin in `ARGOCD_APP_PARAMETERS`.
-        Only parameters explicitly set in the Application spec are sent to the plugin. It is up to the plugin to apply
-        the same defaults as the ones announced to the UI.
-   
-    The same parameters are also available as individual environment variables. The names of the environment variables
-    follows this convention:
-   
-           - name: some-string-param
-             string: some-string-value
-           # PARAM_SOME_STRING_PARAM=some-string-value
-           
-           - name: some-array-param
-             value: [item1, item2]
-           # PARAM_SOME_ARRAY_PARAM_0=item1
-           # PARAM_SOME_ARRAY_PARAM_1=item2
-           
-           - name: some-map-param
-             map:
-               image.tag: v1.2.3
-           # PARAM_SOME_MAP_PARAM_IMAGE_TAG=v1.2.3
-   
-!!! warning "Sanitize/escape user input" 
-    As part of Argo CD's manifest generation system, config management plugins are treated with a level of trust. Be
+   - name: some-map-param
+     map:
+       image.tag: v1.2.3
+   # PARAM_SOME_MAP_PARAM_IMAGE_TAG=v1.2.3
+```
+
+!!! warning 
+    Sanitize/escape user input. As part of Argo CD's manifest generation system, config management plugins are treated with a level of trust. Be
    sure to escape user input in your plugin to prevent malicious input from causing unwanted behavior.

+
 ## Using a config management plugin with an Application

 If your CMP is defined in the `argocd-cm` ConfigMap, you can create a new Application using the CLI. Replace 
@@ -333,7 +337,7 @@ argocd app create <appName> --config-management-plugin <pluginName>
 If your CMP is defined as a sidecar, you must manually define the Application manifest. You may leave the `name` field
 empty in the `plugin` section for the plugin to be automatically matched with the Application based on its discovery rules. If you do mention the name make sure 
 it is either `<metadata.name>-<spec.version>` if version is mentioned in the `ConfigManagementPlugin` spec or else just `<metadata.name>`. When name is explicitly 
-specified only that particular plugin will be used iff its discovery pattern/command matches the provided application repo.
+specified only that particular plugin will be used iff it's discovery pattern/command matches the provided application repo.

 ```yaml
 apiVersion: argoproj.io/v1alpha1
@@ -409,7 +413,7 @@ a future release.

 The following will show how to convert an argocd-cm plugin to a sidecar plugin.

-### Convert the ConfigMap entry into a config file
+### 1. Convert the ConfigMap entry into a config file

 First, copy the plugin's configuration into its own YAML file. Take for example the following ConfigMap entry:

@@ -446,17 +450,17 @@ spec:
    The `lockRepo` key is not relevant for sidecar plugins, because sidecar plugins do not share a single source repo
    directory when generating manifests.

-### Write discovery rules for your plugin
+### 2. Write discovery rules for your plugin

-Sidecar plugins can use either discovery rules or a plugin name to match Applications to plugins. If the discovery rule is omitted 
-then you have to explicitly specify the plugin by name in the app spec or else that particular plugin will not match any app.
+Sidecar plugins use discovery rules instead of a plugin name to match Applications to plugins.

-If you want to use discovery instead of the plugin name to match applications to your plugin, write rules applicable to 
-your plugin [using the instructions above](#1-write-the-plugin-configuration-file) and add them to your configuration 
-file.
+Write rules applicable to your plugin [using the instructions above](#1-write-the-plugin-configuration-file) and add
+them to your configuration file.

-To use the name instead of discovery, update the name in your application manifest to `<metadata.name>-<spec.version>` 
-if version was mentioned in the `ConfigManagementPlugin` spec or else just use `<metadata.name>`. For example:
+!!! note
+    After installing your sidecar plugin, you may remove the `name` field from the plugin config in your
+    Application specs for auto-discovery or update the name to `<metadata.name>-<spec.version>`
+    if version was mentioned in the `ConfigManagementPlugin` spec or else just use `<metadata.name>`. For example:

 ```yaml
 apiVersion: argoproj.io/v1alpha1
@@ -469,7 +473,7 @@ spec:
      name: pluginName  # Delete this for auto-discovery (and set `plugin: {}` if `name` was the only value) or use proper sidecar plugin name
 ```

-### Make sure the plugin has access to the tools it needs
+### 3. Make sure the plugin has access to the tools it needs

 Plugins configured with argocd-cm ran on the Argo CD image. This gave it access to all the tools installed on that
 image by default (see the [Dockerfile](https://github.com/argoproj/argo-cd/blob/master/Dockerfile) for base image and
@@ -478,7 +482,7 @@ installed tools).
 You can either use a stock image (like busybox) or design your own base image with the tools your plugin needs. For
 security, avoid using image with more binaries installed than what your plugin actually needs.

-### Test the plugin
+### 4. Test the plugin

 After installing the plugin as a sidecar [according to the directions above](#installing-a-config-management-plugin),
 test it out on a few Applications before migrating all of them to the sidecar plugin.
--- a/docs/operator-manual/custom_tools.md
+++ b/docs/operator-manual/custom_tools.md
@@ -69,5 +69,5 @@ RUN apt-get update && \
    chmod +x /usr/local/bin/sops

 # Switch back to non-root user
-USER 999
+USER $ARGOCD_USER_ID
 ```
--- a/docs/operator-manual/high_availability.md
+++ b/docs/operator-manual/high_availability.md
@@ -24,50 +24,46 @@ The `--parallelismlimit` flag controls how many manifests generations are runnin
 or custom plugin. As a result Git repositories with multiple applications might be affect repository server performance.
 Read [Monorepo Scaling Considerations](#monorepo-scaling-considerations) for more information.

-* `argocd-repo-server` clones repository into `/tmp` ( of path specified in `TMPDIR` env variable ). Pod might run out of disk space if have too many repository
-or repositories has a lot of files. To avoid this problem mount persistent volume.
+* `argocd-repo-server` clones the repository into `/tmp` (or the path specified in the `TMPDIR` env variable). The Pod might run out of disk space if it has too many repositories
+or if the repositories have a lot of files. To avoid this problem mount a persistent volume.

-* `argocd-repo-server` `git ls-remote` to resolve ambiguous revision such as `HEAD`, branch or tag name. This operation is happening pretty frequently
-and might fail. To avoid failed syncs use `ARGOCD_GIT_ATTEMPTS_COUNT` environment variable to retry failed requests.
+* `argocd-repo-server` uses `git ls-remote` to resolve ambiguous revisions such as `HEAD`, a branch or a tag name. This operation happens frequently
+and might fail. To avoid failed syncs use the `ARGOCD_GIT_ATTEMPTS_COUNT` environment variable to retry failed requests.

 * `argocd-repo-server` Every 3m (by default) Argo CD checks for changes to the app manifests. Argo CD assumes by default that manifests only change when the repo changes, so it caches generated manifests (for 24h by default). With Kustomize remote bases, or Helm patch releases, the manifests can change even though the repo has not changed. By reducing the cache time, you can get the changes without waiting for 24h. Use `--repo-cache-expiration duration`, and we'd suggest in low volume environments you try '1h'. Bear in mind this will negate the benefit of caching if set too low. 

-* `argocd-repo-server` fork exec config management tools such as `helm` or `kustomize` and enforces 90 seconds timeout. The timeout can be increased using `ARGOCD_EXEC_TIMEOUT` env variable. The value should be in Go time duration string format, for example, `2m30s`.
+* `argocd-repo-server` executes config management tools such as `helm` or `kustomize` and enforces a 90 second timeout. This timeout can be changed by using the `ARGOCD_EXEC_TIMEOUT` env variable. The value should be in the Go time duration string format, for example, `2m30s`.

 **metrics:**

-* `argocd_git_request_total` - Number of git requests. The metric provides two tags: `repo` - Git repo URL; `request_type` - `ls-remote` or `fetch`.
+* `argocd_git_request_total` - Number of git requests. This metric provides two tags: `repo` - Git repo URL; `request_type` - `ls-remote` or `fetch`.

-* `ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM` - environment variable that enables collecting RPC performance metrics. Enable it if you need to troubleshoot performance issue. Note: metric is expensive to both query and store!
+* `ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM` - Is an environment variable that enables collecting RPC performance metrics. Enable it if you need to troubleshoot performance issues. Note: This metric is expensive to both query and store!

 ### argocd-application-controller

 **settings:**

-The `argocd-application-controller` uses `argocd-repo-server` to get generated manifests and Kubernetes API server to get actual cluster state.
+The `argocd-application-controller` uses `argocd-repo-server` to get generated manifests and Kubernetes API server to get the actual cluster state.

-* each controller replica uses two separate queues to process application reconciliation (milliseconds) and app syncing (seconds). Number of queue processors for each queue is controlled by
-`--status-processors` (20 by default) and `--operation-processors` (10 by default) flags. Increase number of processors if your Argo CD instance manages too many applications.
+* each controller replica uses two separate queues to process application reconciliation (milliseconds) and app syncing (seconds). The number of queue processors for each queue is controlled by
+`--status-processors` (20 by default) and `--operation-processors` (10 by default) flags. Increase the number of processors if your Argo CD instance manages too many applications.
 For 1000 application we use 50 for `--status-processors` and 25 for `--operation-processors`

-* The manifest generation typically takes the most time during reconciliation. The duration of manifest generation is limited to make sure controller refresh queue does not overflow.
-The app reconciliation fails with `Context deadline exceeded` error if manifest generating taking too much time. As workaround increase value of `--repo-server-timeout-seconds` and
-consider scaling up `argocd-repo-server` deployment.
+* The manifest generation typically takes the most time during reconciliation. The duration of manifest generation is limited to make sure the controller refresh queue does not overflow.
+The app reconciliation fails with `Context deadline exceeded` error if the manifest generation is taking too much time. As a workaround increase the value of `--repo-server-timeout-seconds` and
+consider scaling up the `argocd-repo-server` deployment.

-* The controller uses `kubectl` fork/exec to push changes into the cluster and to convert resource from preferred version into user specified version
-(e.g. Deployment `apps/v1` into `extensions/v1beta1`). Same as config management tool `kubectl` fork/exec might cause pod OOM kill. Use `--kubectl-parallelism-limit` flag to limit
-number of allowed concurrent kubectl fork/execs.
+* The controller uses Kubernetes watch APIs to maintain a lightweight Kubernetes cluster cache. This allows avoiding querying Kubernetes during app reconciliation and significantly improves
+performance. For performance reasons the controller monitors and caches only the preferred versions of a resource. During reconciliation, the controller might have to convert cached resources from the
+preferred version into a version of the resource stored in Git. If `kubectl convert` fails because the conversion is not supported then the controller falls back to Kubernetes API query which slows down
+reconciliation. In this case, we advise to use the preferred resource version in Git.

-* The controller uses Kubernetes watch APIs to maintain lightweight Kubernetes cluster cache. This allows to avoid querying Kubernetes during app reconciliation and significantly improve
-performance. For performance reasons controller monitors and caches only preferred the version of a resource. During reconciliation, the controller might have to convert cached resource from
-preferred version into a version of the resource stored in Git. If `kubectl convert` fails because conversion is not supported then controller falls back to Kubernetes API query which slows down
-reconciliation. In this case, we advise you to use the preferred resource version in Git.
-
-* The controller polls Git every 3m by default. You can increase this duration using `timeout.reconciliation` setting in the `argocd-cm` ConfigMap. The value of `timeout.reconciliation` is a duration string e.g `60s`, `1m`, `1h` or `1d`.
+* The controller polls Git every 3m by default. You can change this duration using the `timeout.reconciliation` setting in the `argocd-cm` ConfigMap. The value of `timeout.reconciliation` is a duration string e.g `60s`, `1m`, `1h` or `1d`.

 * If the controller is managing too many clusters and uses too much memory then you can shard clusters across multiple
 controller replicas. To enable sharding increase the number of replicas in `argocd-application-controller` `StatefulSet`
-and repeat number of replicas in `ARGOCD_CONTROLLER_REPLICAS` environment variable. The strategic merge patch below
+and repeat the number of replicas in the `ARGOCD_CONTROLLER_REPLICAS` environment variable. The strategic merge patch below
 demonstrates changes required to configure two controller replicas.

 ```yaml
@@ -86,22 +82,22 @@ spec:
          value: "2"
 ```

-* `ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM` - environment variable that enables collecting RPC performance metrics. Enable it if you need to troubleshoot performance issue. Note: metric is expensive to both query and store!
+* `ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM` - environment variable that enables collecting RPC performance metrics. Enable it if you need to troubleshoot performance issues. Note: This metric is expensive to both query and store!

 **metrics**

-* `argocd_app_reconcile` - reports application reconciliation duration. Can be used to build reconciliation duration heat map to get high-level reconciliation performance picture.
+* `argocd_app_reconcile` - reports application reconciliation duration. Can be used to build reconciliation duration heat map to get a high-level reconciliation performance picture.
 * `argocd_app_k8s_request_total` - number of k8s requests per application. The number of fallback Kubernetes API queries - useful to identify which application has a resource with
 non-preferred version and causes performance issues.

 ### argocd-server

-The `argocd-server` is stateless and probably least likely to cause issues. You might consider increasing number of replicas to 3 or more to ensure there is no downtime during upgrades.
+The `argocd-server` is stateless and probably least likely to cause issues. You might consider increasing the number of replicas to 3 or more to ensure there is no downtime during upgrades.

 **settings:**

 * The `ARGOCD_GRPC_MAX_SIZE_MB` environment variable allows specifying the max size of the server response message in megabytes.
-The default value is 200. You might need to increase for an Argo CD instance that manages 3000+ applications.    
+The default value is 200. You might need to increase this for an Argo CD instance that manages 3000+ applications.    

 ### argocd-dex-server, argocd-redis

@@ -109,17 +105,17 @@ The `argocd-dex-server` uses an in-memory database, and two or more instances wo

 ## Monorepo Scaling Considerations

-Argo CD repo server maintains one repository clone locally and use it for application manifest generation. If the manifest generation requires to change a file in the local repository clone then only one concurrent manifest generation per server instance is allowed. This limitation might significantly slowdown Argo CD if you have a mono repository with multiple applications (50+).
+Argo CD repo server maintains one repository clone locally and uses it for application manifest generation. If the manifest generation requires to change a file in the local repository clone then only one concurrent manifest generation per server instance is allowed. This limitation might significantly slowdown Argo CD if you have a mono repository with multiple applications (50+).

 ### Enable Concurrent Processing

-Argo CD determines if manifest generation might change local files in the local repository clone based on config management tool and application settings.
-If the manifest generation has no side effects then requests are processed in parallel without the performance penalty. Following are known cases that might cause slowness and workarounds:
+Argo CD determines if manifest generation might change local files in the local repository clone based on the config management tool and application settings.
+If the manifest generation has no side effects then requests are processed in parallel without a performance penalty. The following are known cases that might cause slowness and their workarounds:

-  * **Multiple Helm based applications pointing to the same directory in one Git repository:** ensure that your Helm chart don't have conditional
-[dependencies](https://helm.sh/docs/chart_best_practices/dependencies/#conditions-and-tags) and create `.argocd-allow-concurrency` file in chart directory.
+  * **Multiple Helm based applications pointing to the same directory in one Git repository:** ensure that your Helm chart doesn't have conditional
+[dependencies](https://helm.sh/docs/chart_best_practices/dependencies/#conditions-and-tags) and create `.argocd-allow-concurrency` file in the chart directory.

-  * **Multiple Custom plugin based applications:** avoid creating temporal files during manifest generation and create `.argocd-allow-concurrency` file in app directory, or use the sidecar plugin option, which processes each application using a temporary copy of the repository.
+  * **Multiple Custom plugin based applications:** avoid creating temporal files during manifest generation and create `.argocd-allow-concurrency` file in the app directory, or use the sidecar plugin option, which processes each application using a temporary copy of the repository.

  * **Multiple Kustomize applications in same repository with [parameter overrides](../user-guide/parameters.md):** sorry, no workaround for now.

--- a/docs/operator-manual/resource_actions.md
+++ b/docs/operator-manual/resource_actions.md
@@ -9,8 +9,9 @@ Operators can add actions to custom resources in form of a Lua script and expand

 Argo CD supports custom resource actions written in [Lua](https://www.lua.org/). This is useful if you:

-* Have a custom resource for which Argo CD does not provide any built-in actions.
-* Have a commonly performed manual task that might be error prone if executed by users via `kubectl`
+    * Have a custom resource for which Argo CD does not provide any built-in actions.
+    * Have a commonly performed manual task that might be error prone if executed by users via `kubectl`
+

 You can define your own custom resource actions in the `argocd-cm` ConfigMap.

--- a/docs/operator-manual/upgrading/1.8-2.0.md
+++ b/docs/operator-manual/upgrading/1.8-2.0.md
@@ -1,4 +1,4 @@
-# v1.8 to 2.0
+# v1.8 to v2.0

 ## Redis Upgraded to v6.2.1

--- a/docs/operator-manual/upgrading/2.4-2.5.md
+++ b/docs/operator-manual/upgrading/2.4-2.5.md
@@ -34,7 +34,7 @@ p, role:org-admin, exec,         create, *, allow
 ## argocd-cm plugins (CMPs) are deprecated

 Starting with Argo CD v2.5, installing config management plugins (CMPs) via the `argocd-cm` ConfigMap is deprecated.
-~~Support will be removed in v2.6.~~ Support will be removed in v2.7.
+Support will be removed in v2.6.

 You can continue to use the plugins by [installing them as sidecars](https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/)
 on the repo-server Deployment.
@@ -47,8 +47,6 @@ following message:

 > argocd-cm plugins are deprecated, and support will be removed in v2.6. Upgrade your plugin to be installed via sidecar. https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/

-**NOTE:** removal of argocd-cm plugin support was delayed to v2.7. Update your logs scan to use `v2.7` instead of `v2.6`.
-
 If you run `argocd app list` as admin, the list of Applications using deprecated plugins will be logged as a warning.

 ## Dex server TLS configuration
@@ -99,14 +97,14 @@ When using `argocd app diff --local`, code from the repo server is run on the us

 In order to support CMPs and reduce local requirements, we have implemented *server-side generation* of local manifests via the `--server-side-generate` argument. For example, `argocd app diff --local repoDir --server-side-generate` will upload the contents of `repoDir` to the repo server and run your manifest generation pipeline against it, the same as it would for a Git repo.

-In ~~v2.6~~ v2.7, the `--server-side-generate` argument will become the default, ~~and client-side generation will be removed~~ and client-side generation will be supported as an alternative.
+In v2.6, the `--server-side-generate` argument will become the default and client-side generation will be removed.

 !!! warning
    The semantics of *where* Argo will start generating manifests within a repo has changed between client-side and server-side generation. With client-side generation, the application's path (`spec.source.path`) was ignored and the value of `--local-repo-root` was effectively used (by default `/` relative to `--local`).
    
    For example, given an application that has an application path of `/manifests`, you would have had to run `argocd app diff --local yourRepo/manifests`. This behavior did not match the repo server's process of downloading the full repo/chart and then beginning generation in the path specified in the application manifest.

-    When switching to server-side generation, `--local` should point to the root of your repo *without* including your `spec.source.path`. This is especially important to keep in mind when `--server-side-generate` becomes the default in v2.7. Existing scripts utilizing `diff --local` may break in v2.7 if `spec.source.path` was not `/`.
+    When switching to server-side generation, `--local` should point to the root of your repo *without* including your `spec.source.path`. This is especially important to keep in mind when `--server-side-generate` becomes the default in v2.6. Existing scripts utilizing `diff --local` may break in v2.6 if `spec.source.path` was not `/`.
    
 ## Upgraded Kustomize Version

--- a/docs/operator-manual/upgrading/2.5-2.6.md
+++ b/docs/operator-manual/upgrading/2.5-2.6.md
@@ -10,22 +10,4 @@ Masterminds/semver v3 changed the behavior of the `^` prefix in semantic version
 ## Applications with suspended jobs now marked "Suspended" instead of "Progressing"
 Prior to Argo CD v2.6, an Application managing a suspended Job would be marked as "Progressing". This was confusing/unexpected behavior for many. Starting with v2.6, Argo CD will mark such Applications as "Suspended".

-If you have processes which rely on the previous behavior (for example, a CI job with an argocd app wait call), update those before upgrading to v2.6.
-
-## The API Server now requires tokens to include the `aud` claim by default
-
-Argo CD v2.6 now requires that the `aud` claim be present in the token used to authenticate to the API Server. This is a 
-security improvement, as it prevents tokens from being used against the API Server which were not intended for it.
-
-If you rely on an OIDC provider which does not provide a `aud` claim, you can disable this requirement by setting the 
-`skipAudienceCheckWhenTokenHasNoAudience` flag to `true` in your Argo CD OIDC configuration. (See the 
-[OIDC configuration documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#existing-oidc-provider)
-for an example.)
-
-## Removal of argocd-cm plugin support delayed until 2.7
-
-Support for argocd-cm plugins was previously scheduled for 2.6. At the time, sidecar plugins could not be specified by
-name. Argo CD v2.6 introduces support for specifying sidecar plugins by name. 
-
-Removal of argocd-cm plugin support has been delayed until 2.7 to provide a transition time for users who need to 
-specify plugins by name. 
+If you have processes which rely on the previous behavior (for example, a CI job with an argocd app wait call), update those before upgrading to v2.6.
--- a/docs/operator-manual/upgrading/overview.md
+++ b/docs/operator-manual/upgrading/overview.md
@@ -37,7 +37,6 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/<v

 <hr/>

-* [v2.5 to v2.6](./2.5-2.6.md)
 * [v2.4 to v2.5](./2.4-2.5.md)
 * [v2.3 to v2.4](./2.3-2.4.md)
 * [v2.2 to v2.3](./2.2-2.3.md)
--- a/docs/operator-manual/user-management/index.md
+++ b/docs/operator-manual/user-management/index.md
@@ -302,9 +302,8 @@ data:
    clientID: aaaabbbbccccddddeee
    clientSecret: $oidc.okta.clientSecret
    
-    # Optional list of allowed aud claims. If omitted or empty, defaults to the clientID value above (and the 
-    # cliCientID, if that is also specified). If you specify a list and want the clientID to be allowed, you must 
-    # explicitly include it in the list.
+    # Optional list of allowed aud claims. If omitted or empty, defaults to the clientID value above. If you specify a 
+    # list and want the clientD to be allowed, you must explicitly include it in the list.
    # Token verification will pass if any of the token's audiences matches any of the audiences in this list.
    allowedAudiences:
    - aaaabbbbccccddddeee
--- a/docs/snyk/index.md
+++ b/docs/snyk/index.md
@@ -13,51 +13,64 @@ recent minor releases.

 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](master/argocd-test.html) | 0 | 0 | 1 | 0 |
-| [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 3 | 0 |
+| [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 |
+| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 0 |
 | [dex:v2.35.3](master/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 |
 | [haproxy:2.6.2-alpine](master/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 2 | 13 |
-| [redis:7.0.5-alpine](master/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 2 | 14 |
+| [redis:7.0.7-alpine](master/redis_7.0.7-alpine.html) | 0 | 0 | 0 | 0 |
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |

-### v2.5.5
+### v2.6.0-rc4

 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.5.5/argocd-test.html) | 0 | 0 | 4 | 0 |
-| [ui/yarn.lock](v2.5.5/argocd-test.html) | 0 | 1 | 3 | 0 |
-| [dex:v2.35.3](v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 |
-| [haproxy:2.6.2-alpine](v2.5.5/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v2.5.5](v2.5.5/quay.io_argoproj_argocd_v2.5.5.html) | 0 | 0 | 2 | 13 |
-| [redis:7.0.5-alpine](v2.5.5/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.5.5/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.5.5/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.6.0-rc4/argocd-test.html) | 0 | 0 | 0 | 0 |
+| [ui/yarn.lock](v2.6.0-rc4/argocd-test.html) | 0 | 0 | 1 | 0 |
+| [dex:v2.35.3](v2.6.0-rc4/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 |
+| [haproxy:2.6.2-alpine](v2.6.0-rc4/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v2.6.0-rc4](v2.6.0-rc4/quay.io_argoproj_argocd_v2.6.0-rc4.html) | 0 | 0 | 2 | 14 |
+| [redis:7.0.7-alpine](v2.6.0-rc4/redis_7.0.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v2.6.0-rc4/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.6.0-rc4/argocd-iac-namespace-install.html) | - | - | - | - |

-### v2.4.18
+### v2.5.7

 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.4.18/argocd-test.html) | 0 | 1 | 4 | 0 |
-| [ui/yarn.lock](v2.4.18/argocd-test.html) | 0 | 1 | 3 | 0 |
-| [dex:v2.35.3](v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 |
-| [haproxy:2.0.29-alpine](v2.4.18/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v2.4.18](v2.4.18/quay.io_argoproj_argocd_v2.4.18.html) | 0 | 0 | 2 | 13 |
-| [redis:7.0.4-alpine](v2.4.18/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.4.18/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.4.18/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.5.7/argocd-test.html) | 0 | 0 | 4 | 0 |
+| [ui/yarn.lock](v2.5.7/argocd-test.html) | 0 | 0 | 4 | 0 |
+| [dex:v2.35.3](v2.5.7/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 |
+| [haproxy:2.6.2-alpine](v2.5.7/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v2.5.7](v2.5.7/quay.io_argoproj_argocd_v2.5.7.html) | 0 | 0 | 2 | 14 |
+| [redis:7.0.7-alpine](v2.5.7/redis_7.0.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v2.5.7/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.5.7/argocd-iac-namespace-install.html) | - | - | - | - |

-### v2.3.12
+### v2.4.19

 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.3.12/argocd-test.html) | 0 | 1 | 4 | 0 |
-| [ui/yarn.lock](v2.3.12/argocd-test.html) | 0 | 2 | 5 | 0 |
-| [dex:v2.35.3](v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 |
-| [haproxy:2.0.29-alpine](v2.3.12/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd-applicationset:v0.4.1](v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html) | 0 | 4 | 38 | 29 |
-| [argocd:v2.3.12](v2.3.12/quay.io_argoproj_argocd_v2.3.12.html) | 0 | 0 | 2 | 13 |
-| [redis:6.2.7-alpine](v2.3.12/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.3.12/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.3.12/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.4.19/argocd-test.html) | 0 | 0 | 4 | 0 |
+| [ui/yarn.lock](v2.4.19/argocd-test.html) | 0 | 0 | 4 | 0 |
+| [dex:v2.35.3](v2.4.19/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 |
+| [haproxy:2.0.29-alpine](v2.4.19/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v2.4.19](v2.4.19/quay.io_argoproj_argocd_v2.4.19.html) | 0 | 0 | 2 | 14 |
+| [redis:7.0.7-alpine](v2.4.19/redis_7.0.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v2.4.19/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.4.19/argocd-iac-namespace-install.html) | - | - | - | - |
+
+### v2.3.13
+
+|    | Critical | High | Medium | Low |
+|---:|:--------:|:----:|:------:|:---:|
+| [go.mod](v2.3.13/argocd-test.html) | 0 | 0 | 4 | 0 |
+| [ui/yarn.lock](v2.3.13/argocd-test.html) | 0 | 2 | 6 | 0 |
+| [dex:v2.35.3](v2.3.13/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 |
+| [haproxy:2.0.29-alpine](v2.3.13/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd-applicationset:v0.4.1](v2.3.13/quay.io_argoproj_argocd-applicationset_v0.4.1.html) | 0 | 4 | 38 | 29 |
+| [argocd:v2.3.13](v2.3.13/quay.io_argoproj_argocd_v2.3.13.html) | 0 | 0 | 2 | 14 |
+| [redis:6.2.8-alpine](v2.3.13/redis_6.2.8-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v2.3.13/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.3.13/argocd-iac-namespace-install.html) | - | - | - | - |
--- a/docs/snyk/master/argocd-iac-install.html
+++ b/docs/snyk/master/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:16:18 am</p>
+                <p class="timestamp">January 22nd 2023, 12:17:21 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
@@ -507,7 +507,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15180
+                              Line number: 15177
                          </li>
                      </ul>
              
@@ -553,7 +553,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15257
+                              Line number: 15254
                          </li>
                      </ul>
              
@@ -599,7 +599,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15285
+                              Line number: 15282
                          </li>
                      </ul>
              
@@ -645,7 +645,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15329
+                              Line number: 15326
                          </li>
                      </ul>
              
@@ -691,7 +691,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15311
+                              Line number: 15308
                          </li>
                      </ul>
              
@@ -737,7 +737,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15345
+                              Line number: 15342
                          </li>
                      </ul>
              
@@ -789,7 +789,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16343
+                              Line number: 16346
                          </li>
                      </ul>
              
@@ -847,7 +847,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15812
+                              Line number: 15809
                          </li>
                      </ul>
              
@@ -905,7 +905,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15979
+                              Line number: 15982
                          </li>
                      </ul>
              
@@ -963,7 +963,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15945
+                              Line number: 15948
                          </li>
                      </ul>
              
@@ -1021,7 +1021,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16035
+                              Line number: 16038
                          </li>
                      </ul>
              
@@ -1079,7 +1079,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16109
+                              Line number: 16112
                          </li>
                      </ul>
              
@@ -1137,7 +1137,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16343
+                              Line number: 16346
                          </li>
                      </ul>
              
@@ -1195,7 +1195,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16165
+                              Line number: 16168
                          </li>
                      </ul>
              
@@ -1253,7 +1253,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16428
+                              Line number: 16431
                          </li>
                      </ul>
              
@@ -1311,7 +1311,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16732
+                              Line number: 16735
                          </li>
                      </ul>
              
@@ -1363,7 +1363,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15959
+                              Line number: 15962
                          </li>
                      </ul>
              
@@ -1419,7 +1419,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16119
+                              Line number: 16122
                          </li>
                      </ul>
              
@@ -1471,7 +1471,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15812
+                              Line number: 15809
                          </li>
                      </ul>
              
@@ -1523,7 +1523,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15945
+                              Line number: 15948
                          </li>
                      </ul>
              
@@ -1575,7 +1575,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15979
+                              Line number: 15982
                          </li>
                      </ul>
              
@@ -1627,7 +1627,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16109
+                              Line number: 16112
                          </li>
                      </ul>
              
@@ -1679,7 +1679,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16343
+                              Line number: 16346
                          </li>
                      </ul>
              
@@ -1737,7 +1737,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15812
+                              Line number: 15809
                          </li>
                      </ul>
              
@@ -1795,7 +1795,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15945
+                              Line number: 15948
                          </li>
                      </ul>
              
@@ -1853,7 +1853,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 15979
+                              Line number: 15982
                          </li>
                      </ul>
              
@@ -1911,7 +1911,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16035
+                              Line number: 16038
                          </li>
                      </ul>
              
@@ -1969,7 +1969,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16109
+                              Line number: 16112
                          </li>
                      </ul>
              
@@ -2027,7 +2027,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16343
+                              Line number: 16346
                          </li>
                      </ul>
              
@@ -2085,7 +2085,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16165
+                              Line number: 16168
                          </li>
                      </ul>
              
@@ -2143,7 +2143,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16428
+                              Line number: 16431
                          </li>
                      </ul>
              
@@ -2201,7 +2201,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 16732
+                              Line number: 16735
                          </li>
                      </ul>
              
--- a/docs/snyk/master/argocd-iac-namespace-install.html
+++ b/docs/snyk/master/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:16:27 am</p>
+                <p class="timestamp">January 22nd 2023, 12:17:30 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
@@ -789,7 +789,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 1147
+                              Line number: 1153
                          </li>
                      </ul>
              
@@ -905,7 +905,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 783
+                              Line number: 789
                          </li>
                      </ul>
              
@@ -963,7 +963,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 749
+                              Line number: 755
                          </li>
                      </ul>
              
@@ -1021,7 +1021,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 839
+                              Line number: 845
                          </li>
                      </ul>
              
@@ -1079,7 +1079,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 913
+                              Line number: 919
                          </li>
                      </ul>
              
@@ -1137,7 +1137,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 1147
+                              Line number: 1153
                          </li>
                      </ul>
              
@@ -1195,7 +1195,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 969
+                              Line number: 975
                          </li>
                      </ul>
              
@@ -1253,7 +1253,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 1232
+                              Line number: 1238
                          </li>
                      </ul>
              
@@ -1311,7 +1311,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 1536
+                              Line number: 1542
                          </li>
                      </ul>
              
@@ -1363,7 +1363,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 763
+                              Line number: 769
                          </li>
                      </ul>
              
@@ -1419,7 +1419,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 923
+                              Line number: 929
                          </li>
                      </ul>
              
@@ -1523,7 +1523,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 749
+                              Line number: 755
                          </li>
                      </ul>
              
@@ -1575,7 +1575,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 783
+                              Line number: 789
                          </li>
                      </ul>
              
@@ -1627,7 +1627,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 913
+                              Line number: 919
                          </li>
                      </ul>
              
@@ -1679,7 +1679,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 1147
+                              Line number: 1153
                          </li>
                      </ul>
              
@@ -1795,7 +1795,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 749
+                              Line number: 755
                          </li>
                      </ul>
              
@@ -1853,7 +1853,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 783
+                              Line number: 789
                          </li>
                      </ul>
              
@@ -1911,7 +1911,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 839
+                              Line number: 845
                          </li>
                      </ul>
              
@@ -1969,7 +1969,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 913
+                              Line number: 919
                          </li>
                      </ul>
              
@@ -2027,7 +2027,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 1147
+                              Line number: 1153
                          </li>
                      </ul>
              
@@ -2085,7 +2085,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 969
+                              Line number: 975
                          </li>
                      </ul>
              
@@ -2143,7 +2143,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 1232
+                              Line number: 1238
                          </li>
                      </ul>
              
@@ -2201,7 +2201,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 1536
+                              Line number: 1542
                          </li>
                      </ul>
              
--- a/docs/snyk/master/argocd-test.html
+++ b/docs/snyk/master/argocd-test.html
--- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html
+++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:14:17 am</p>
+                <p class="timestamp">January 22nd 2023, 12:15:32 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/master/haproxy_2.6.2-alpine.html
+++ b/docs/snyk/master/haproxy_2.6.2-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:14:22 am</p>
+                <p class="timestamp">January 22nd 2023, 12:15:36 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html
+++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
@@ -7,7 +7,7 @@
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>Snyk test report</title>
-  <meta name="description" content="15 known vulnerabilities found in 91 vulnerable dependency paths.">
+  <meta name="description" content="16 known vulnerabilities found in 102 vulnerable dependency paths.">
  <base target="_blank">
  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
    sizes="194x194">
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:14:47 am</p>
+                <p class="timestamp">January 22nd 2023, 12:15:59 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
@@ -466,8 +466,8 @@
              </div>
    
              <div class="meta-counts">
-                <div class="meta-count"><span>15</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>91 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>16</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>102 vulnerable dependency paths</span></div>
                <div class="meta-count"><span>162</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
@@ -657,7 +657,7 @@
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2022-46908</h2>
+            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
@@ -666,6 +666,230 @@
        
                <hr/>
        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:22.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            krb5/libk5crypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libk5crypto3@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.118ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.8.1-2ubuntu2.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.4.0-11ubuntu2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libnsl/libnsl2@1.3.0-2build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libtirpc/libtirpc3@1.3.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libk5crypto3@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.118ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.8.1-2ubuntu2.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.4.0-11ubuntu2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libnsl/libnsl2@1.3.0-2build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libtirpc/libtirpc3@1.3.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.19.2-2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libk5crypto3@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.118ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.8.1-2ubuntu2.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.4.0-11ubuntu2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libnsl/libnsl2@1.3.0-2build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libtirpc/libtirpc3@1.3.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssh/openssh-client@1:8.9p1-3ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.34.1-1ubuntu1.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.34.1-1ubuntu1.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.9.6-2build1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.118ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.8.1-2ubuntu2.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.4.0-11ubuntu2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libnsl/libnsl2@1.3.0-2build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libtirpc/libtirpc3@1.3.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        meta-common-packages@meta
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5support0@1.19.2-2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>krb5</code> package.</em></p>
+        <p>PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has &#34;a similar bug.&#34;</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>krb5</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-42898">ADVISORY</a></li>
+        <li><a href="https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583">CONFIRM</a></li>
+        <li><a href="https://bugzilla.samba.org/show_bug.cgi?id=15203">MISC</a></li>
+        <li><a href="https://web.mit.edu/kerberos/advisories/">MISC</a></li>
+        <li><a href="https://www.samba.org/samba/security/CVE-2022-42898.html">CONFIRM</a></li>
+        <li><a href="https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c">CONFIRM</a></li>
+        <li><a href="https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt">CONFIRM</a></li>
+        <li><a href="https://web.mit.edu/kerberos/krb5-1.19/">CONFIRM</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-KRB5-3126899">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">CVE-2022-46908</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
@@ -990,7 +1214,7 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1
+                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl3@3.0.2-0ubuntu1.7
                                        
@@ -1012,7 +1236,7 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:8.9p1-3
+                                        openssh/openssh-client@1:8.9p1-3ubuntu0.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl3@3.0.2-0ubuntu1.7
                                        
@@ -1036,9 +1260,9 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.34.1-1ubuntu1.5
+                                        git@1:2.34.1-1ubuntu1.6
                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.6
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.7
                                         <span class="list-paths__item__arrow">›</span> 
                                        libssh/libssh-4@0.9.6-2build1
                                         <span class="list-paths__item__arrow">›</span> 
@@ -1137,7 +1361,7 @@
        
                    <li class="card__meta__item">Introduced through:
        
-                                docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3
+                                docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1
        
                    </li>
                </ul>
@@ -1152,7 +1376,7 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:8.9p1-3
+                                        openssh/openssh-client@1:8.9p1-3ubuntu0.1
                                        
                                </span>
        
@@ -1213,7 +1437,7 @@
        
                    <li class="card__meta__item">Introduced through:
        
-                                docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3
+                                docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1
        
                    </li>
                </ul>
@@ -1228,7 +1452,7 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:8.9p1-3
+                                        openssh/openssh-client@1:8.9p1-3ubuntu0.1
                                        
                                </span>
        
@@ -1654,7 +1878,7 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:8.9p1-3
+                                        openssh/openssh-client@1:8.9p1-3ubuntu0.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.19.2-2
                                        
@@ -1665,9 +1889,9 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.34.1-1ubuntu1.5
+                                        git@1:2.34.1-1ubuntu1.6
                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.6
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.7
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.19.2-2
                                        
@@ -1678,9 +1902,9 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.34.1-1ubuntu1.5
+                                        git@1:2.34.1-1ubuntu1.6
                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.6
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.7
                                         <span class="list-paths__item__arrow">›</span> 
                                        libssh/libssh-4@0.9.6-2build1
                                         <span class="list-paths__item__arrow">›</span> 
@@ -2216,7 +2440,7 @@
                    <li class="card__meta__item">Introduced through:
        
        
-                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.5 and others
+                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.6 and others
                    </li>
                </ul>
        
@@ -2230,9 +2454,9 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.34.1-1ubuntu1.5
+                                        git@1:2.34.1-1ubuntu1.6
                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.34.1-1ubuntu1.5
+                                        git/git-man@1:2.34.1-1ubuntu1.6
                                        
                                </span>
        
@@ -2241,7 +2465,7 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.34.1-1ubuntu1.5
+                                        git@1:2.34.1-1ubuntu1.6
                                        
                                </span>
        
@@ -2252,7 +2476,7 @@
                                         <span class="list-paths__item__arrow">›</span> 
                                        git-lfs@3.0.2-1
                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.34.1-1ubuntu1.5
+                                        git@1:2.34.1-1ubuntu1.6
                                        
                                </span>
        
@@ -2352,7 +2576,7 @@
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2022-3715</h2>
+            <h2 class="card__title">Out-of-bounds Write</h2>
            <div class="card__section">
        
                <div class="label label--low">
@@ -2400,12 +2624,14 @@
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>bash</code> package.</em></p>
+        <p>A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>bash</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3715">ADVISORY</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2126720">MISC</a></li>
        </ul>
        
              <hr/>
--- a/docs/snyk/master/redis_7.0.7-alpine.html
+++ b/docs/snyk/master/redis_7.0.7-alpine.html
@@ -456,12 +456,12 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:14:52 am</p>
+                <p class="timestamp">January 22nd 2023, 12:16:03 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
                <ul>
-                  <li class="paths">redis:7.0.5-alpine (apk)</li>
+                  <li class="paths">redis:7.0.7-alpine (apk)</li>
                </ul>
              </div>
    
@@ -477,7 +477,7 @@
          <table class="metatable">
              <tbody>
              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.5-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.7-alpine</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
              
              </tbody>
--- a/docs/snyk/v2.3.13/argocd-iac-install.html
+++ b/docs/snyk/v2.3.13/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:21:52 am</p>
+                <p class="timestamp">January 22nd 2023, 12:24:51 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.3.13/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.3.13/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:22:24 am</p>
+                <p class="timestamp">January 22nd 2023, 12:25:20 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.3.13/argocd-test.html
+++ b/docs/snyk/v2.3.13/argocd-test.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:20:14 am</p>
+                <p class="timestamp">January 22nd 2023, 12:23:14 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -748,108 +748,6 @@
                <p><a href="https://snyk.io/vuln/SNYK-JS-MOMENT-2944238">More about this vulnerability</a></p>
            </div>
        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Denial of Service (DoS)</h2>
-            <div class="card__section">
-        
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/prometheus/client_golang/prometheus/promhttp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@0.0.0 and github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods. </p>
-        <p><strong>Note:</strong> In order to be affected, an instrumented software must:</p>
-        <ol>
-        <li><p>use <code>promhttp.InstrumentHandler*</code> middleware except <code>RequestsInFlight</code></p>
-        </li>
-        <li><p>not filter any specific methods (e.g GET) before middleware</p>
-        </li>
-        <li><p>pass metric with <code>method</code> label name to the middleware</p>
-        </li>
-        <li><p>not have any firewall/LB/proxy that filters away requests with unknown <code>method</code>.</p>
-        </li>
-        </ol>
-        <p><strong>Workarounds:</strong> </p>
-        <ol>
-        <li><p>removing the <code>method</code> label name from <code>counter/gauge</code> used in the <code>InstrumentHandler</code></p>
-        </li>
-        <li><p>turning off affected <code>promhttp</code> handlers</p>
-        </li>
-        <li><p>adding custom middleware before <code>promhttp</code> handler that will sanitize the request method given by Go <code>http.Request</code></p>
-        </li>
-        <li><p>using a reverse proxy or web application firewall, configured to only allow a limited set of methods.</p>
-        </li>
-        </ol>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
-        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
-        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
-        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
-        <p>Two common types of DoS vulnerabilities:</p>
-        <ul>
-        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
-        </li>
-        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
-        </li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/prometheus/client_golang/prometheus/promhttp</code> to version 1.11.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/prometheus/client_golang/commit/989baa30fe956631907493ccee1f8e7708660d96">GitHub Commit</a></li>
-        <li><a href="https://github.com/prometheus/client_golang/pull/987">GitHub PR</a></li>
-        <li><a href="https://github.com/prometheus/client_golang/releases/tag/v1.11.1">GitHub Release</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2045880">RedHat Bugzilla Bug</a></li>
-        <li><a href="https://github.com/prometheus/client_golang/blob/22da9497b8f0d53072dfc4721904faa7395d8318/prometheus/promhttp/instrument_server.go#L95">Vulnerable Code</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSCLIENTGOLANGPROMETHEUSPROMHTTP-2401819">More about this vulnerability</a></p>
-            </div>
-        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
@@ -3269,6 +3167,145 @@
            </div>
        
        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            cookiejar
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    argo-cd-ui@1.0.0, superagent@3.8.3 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        superagent@3.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cookiejar@2.1.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the <code>Cookie.parse</code> function, which uses an insecure regular expression.</p>
+        <h2 id="poc">PoC</h2>
+        <pre><code class="language-js">const { CookieJar } = require(&quot;cookiejar&quot;);
+        
+        const jar = new CookieJar();
+        
+        const start = performance.now();
+        const attack = &quot;a&quot; + &quot;t&quot;.repeat(50_000);
+        jar.setCookie(attack);
+        console.log(`CookieJar.setCookie(): ${performance.now() - start}`);
+        </code></pre>
+        <h2 id="details">Details</h2>
+        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
+        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
+        <p>Let’s take the following regular expression as an example:</p>
+        <pre><code class="language-js">regex = /A(B|C+)+D/
+        </code></pre>
+        <p>This regular expression accomplishes the following:</p>
+        <ul>
+        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
+        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
+        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
+        </ul>
+        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
+        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
+        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
+        1.79s user 0.02s system 99% cpu 1.812 total
+        </code></pre>
+        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
+        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
+        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
+        <ol>
+        <li>CCC</li>
+        <li>CC+C</li>
+        <li>C+CC</li>
+        <li>C+C+C.</li>
+        </ol>
+        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
+        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
+        <table>
+        <thead>
+        <tr>
+        <th>String</th>
+        <th align="right">Number of C&#39;s</th>
+        <th align="right">Number of steps</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td>ACCCX</td>
+        <td align="right">3</td>
+        <td align="right">38</td>
+        </tr>
+        <tr>
+        <td>ACCCCX</td>
+        <td align="right">4</td>
+        <td align="right">71</td>
+        </tr>
+        <tr>
+        <td>ACCCCCX</td>
+        <td align="right">5</td>
+        <td align="right">136</td>
+        </tr>
+        <tr>
+        <td>ACCCCCCCCCCCCCCX</td>
+        <td align="right">14</td>
+        <td align="right">65,553</td>
+        </tr>
+        </tbody></table>
+        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>cookiejar</code> to version 2.1.4 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5">GitHub Commit</a></li>
+        <li><a href="https://github.com/bmeck/node-cookiejar/pull/39">GitHub PR</a></li>
+        <li><a href="https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js#L73">Vulnerable Code</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
      </div><!-- cards -->
    </div>
  </main><!-- .layout-stacked__content -->
--- a/docs/snyk/v2.3.13/ghcr.io_dexidp_dex_v2.35.3.html
+++ b/docs/snyk/v2.3.13/ghcr.io_dexidp_dex_v2.35.3.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:20:18 am</p>
+                <p class="timestamp">January 22nd 2023, 12:23:18 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.3.13/haproxy_2.0.29-alpine.html
+++ b/docs/snyk/v2.3.13/haproxy_2.0.29-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:18:42 am</p>
+                <p class="timestamp">January 22nd 2023, 12:23:21 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.3.13/quay.io_argoproj_argocd-applicationset_v0.4.1.html
+++ b/docs/snyk/v2.3.13/quay.io_argoproj_argocd-applicationset_v0.4.1.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:20:34 am</p>
+                <p class="timestamp">January 22nd 2023, 12:23:34 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
@@ -2171,6 +2171,7 @@
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220707-0008/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/">FEDORA</a></li>
+        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf">CONFIRM</a></li>
        </ul>
        
              <hr/>
@@ -2349,6 +2350,7 @@
        <li><a href="https://security.netapp.com/advisory/ntap-20220715-0011/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/">FEDORA</a></li>
        <li><a href="https://security.gentoo.org/glsa/202210-02">GENTOO</a></li>
+        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf">CONFIRM</a></li>
        </ul>
        
              <hr/>
@@ -4746,6 +4748,7 @@
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0008/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202212-01">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -4817,6 +4820,7 @@
        <li><a href="https://hackerone.com/reports/1543773">MISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0008/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202212-01">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -4889,6 +4893,7 @@
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0009/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202212-01">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -4964,6 +4969,8 @@
        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0003/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/28">FULLDISC</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202212-01">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -5038,6 +5045,8 @@
        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0003/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/28">FULLDISC</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202212-01">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -5115,6 +5124,7 @@
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/28">FULLDISC</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf">CONFIRM</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202212-01">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -5191,6 +5201,7 @@
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/28">FULLDISC</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf">CONFIRM</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202212-01">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -7639,6 +7650,7 @@
        <li><a href="https://hackerone.com/reports/1546268">MISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0008/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202212-01">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -7713,6 +7725,7 @@
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/">FEDORA</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202212-01">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -7785,6 +7798,7 @@
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0009/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202212-01">GENTOO</a></li>
        </ul>
        
              <hr/>
--- a/docs/snyk/v2.3.13/quay.io_argoproj_argocd_v2.3.13.html
+++ b/docs/snyk/v2.3.13/quay.io_argoproj_argocd_v2.3.13.html
--- a/docs/snyk/v2.3.13/redis_6.2.8-alpine.html
+++ b/docs/snyk/v2.3.13/redis_6.2.8-alpine.html
@@ -456,12 +456,12 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:17:16 am</p>
+                <p class="timestamp">January 22nd 2023, 12:24:04 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
                <ul>
-                  <li class="paths">redis:7.0.5-alpine (apk)</li>
+                  <li class="paths">redis:6.2.8-alpine (apk)</li>
                </ul>
              </div>
    
@@ -477,7 +477,7 @@
          <table class="metatable">
              <tbody>
              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.5-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:6.2.8-alpine</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
              
              </tbody>
--- a/docs/snyk/v2.4.19/argocd-iac-install.html
+++ b/docs/snyk/v2.4.19/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:19:52 am</p>
+                <p class="timestamp">January 22nd 2023, 12:22:53 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.4.19/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.4.19/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:20:00 am</p>
+                <p class="timestamp">January 22nd 2023, 12:23:01 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.4.19/argocd-test.html
+++ b/docs/snyk/v2.4.19/argocd-test.html
@@ -7,7 +7,7 @@
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>Snyk test report</title>
-  <meta name="description" content="9 known vulnerabilities found in 132 vulnerable dependency paths.">
+  <meta name="description" content="8 known vulnerabilities found in 128 vulnerable dependency paths.">
  <base target="_blank">
  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
    sizes="194x194">
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:18:34 am</p>
+                <p class="timestamp">January 22nd 2023, 12:21:39 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -466,9 +466,9 @@
              </div>
    
              <div class="meta-counts">
-                <div class="meta-count"><span>9</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>132 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>1648</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>128 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>1656</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
          </header><!-- .project__header -->
@@ -476,237 +476,6 @@

    <div class="layout-container" style="padding-top: 35px;">
      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Prototype Poisoning</h2>
-            <div class="card__section">
-        
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            qs
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, superagent@3.8.3 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        superagent@3.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        qs@6.10.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-url-parse@11.6.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-up@4.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        parse-url@6.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        parse-path@4.0.4
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        qs@6.10.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://www.npmjs.com/package/qs">qs</a> is a querystring parser that supports nesting and arrays, with a depth limit.</p>
-        <p>Affected versions of this package are vulnerable to Prototype Poisoning which allows attackers to cause a Node process to hang, processing an Array object whose prototype has been replaced by one with an excessive length value.</p>
-        <p><strong>Note:</strong> In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as <code>a[__proto__]=b&amp;a[__proto__]&amp;a[length]=100000000</code>.</p>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
-        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
-        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
-        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
-        <p>Two common types of DoS vulnerabilities:</p>
-        <ul>
-        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
-        </li>
-        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
-        </li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>qs</code> to version 6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/ljharb/qs/pull/428">GitHub PR</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2150323">RedHat Bugzilla Bug</a></li>
-        <li><a href="https://github.com/n8tz/CVE-2022-24999">Researcher Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-QS-3153490">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Denial of Service (DoS)</h2>
-            <div class="card__section">
-        
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/prometheus/client_golang/prometheus/promhttp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@0.0.0 and github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        sigs.k8s.io/controller-runtime@0.11.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        sigs.k8s.io/controller-runtime/pkg/manager@0.11.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        sigs.k8s.io/controller-runtime@0.11.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        sigs.k8s.io/controller-runtime/pkg/manager@0.11.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods. </p>
-        <p><strong>Note:</strong> In order to be affected, an instrumented software must:</p>
-        <ol>
-        <li><p>use <code>promhttp.InstrumentHandler*</code> middleware except <code>RequestsInFlight</code></p>
-        </li>
-        <li><p>not filter any specific methods (e.g GET) before middleware</p>
-        </li>
-        <li><p>pass metric with <code>method</code> label name to the middleware</p>
-        </li>
-        <li><p>not have any firewall/LB/proxy that filters away requests with unknown <code>method</code>.</p>
-        </li>
-        </ol>
-        <p><strong>Workarounds:</strong> </p>
-        <ol>
-        <li><p>removing the <code>method</code> label name from <code>counter/gauge</code> used in the <code>InstrumentHandler</code></p>
-        </li>
-        <li><p>turning off affected <code>promhttp</code> handlers</p>
-        </li>
-        <li><p>adding custom middleware before <code>promhttp</code> handler that will sanitize the request method given by Go <code>http.Request</code></p>
-        </li>
-        <li><p>using a reverse proxy or web application firewall, configured to only allow a limited set of methods.</p>
-        </li>
-        </ol>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
-        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
-        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
-        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
-        <p>Two common types of DoS vulnerabilities:</p>
-        <ul>
-        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
-        </li>
-        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
-        </li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/prometheus/client_golang/prometheus/promhttp</code> to version 1.11.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/prometheus/client_golang/commit/989baa30fe956631907493ccee1f8e7708660d96">GitHub Commit</a></li>
-        <li><a href="https://github.com/prometheus/client_golang/pull/987">GitHub PR</a></li>
-        <li><a href="https://github.com/prometheus/client_golang/releases/tag/v1.11.1">GitHub Release</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2045880">RedHat Bugzilla Bug</a></li>
-        <li><a href="https://github.com/prometheus/client_golang/blob/22da9497b8f0d53072dfc4721904faa7395d8318/prometheus/promhttp/instrument_server.go#L95">Vulnerable Code</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSCLIENTGOLANGPROMETHEUSPROMHTTP-2401819">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
            <div class="card__section">
@@ -3488,6 +3257,145 @@
            </div>
        
        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            cookiejar
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    argo-cd-ui@1.0.0, superagent@7.1.3 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        superagent@7.1.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cookiejar@2.1.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the <code>Cookie.parse</code> function, which uses an insecure regular expression.</p>
+        <h2 id="poc">PoC</h2>
+        <pre><code class="language-js">const { CookieJar } = require(&quot;cookiejar&quot;);
+        
+        const jar = new CookieJar();
+        
+        const start = performance.now();
+        const attack = &quot;a&quot; + &quot;t&quot;.repeat(50_000);
+        jar.setCookie(attack);
+        console.log(`CookieJar.setCookie(): ${performance.now() - start}`);
+        </code></pre>
+        <h2 id="details">Details</h2>
+        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
+        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
+        <p>Let’s take the following regular expression as an example:</p>
+        <pre><code class="language-js">regex = /A(B|C+)+D/
+        </code></pre>
+        <p>This regular expression accomplishes the following:</p>
+        <ul>
+        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
+        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
+        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
+        </ul>
+        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
+        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
+        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
+        1.79s user 0.02s system 99% cpu 1.812 total
+        </code></pre>
+        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
+        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
+        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
+        <ol>
+        <li>CCC</li>
+        <li>CC+C</li>
+        <li>C+CC</li>
+        <li>C+C+C.</li>
+        </ol>
+        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
+        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
+        <table>
+        <thead>
+        <tr>
+        <th>String</th>
+        <th align="right">Number of C&#39;s</th>
+        <th align="right">Number of steps</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td>ACCCX</td>
+        <td align="right">3</td>
+        <td align="right">38</td>
+        </tr>
+        <tr>
+        <td>ACCCCX</td>
+        <td align="right">4</td>
+        <td align="right">71</td>
+        </tr>
+        <tr>
+        <td>ACCCCCX</td>
+        <td align="right">5</td>
+        <td align="right">136</td>
+        </tr>
+        <tr>
+        <td>ACCCCCCCCCCCCCCX</td>
+        <td align="right">14</td>
+        <td align="right">65,553</td>
+        </tr>
+        </tbody></table>
+        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>cookiejar</code> to version 2.1.4 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5">GitHub Commit</a></li>
+        <li><a href="https://github.com/bmeck/node-cookiejar/pull/39">GitHub PR</a></li>
+        <li><a href="https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js#L73">Vulnerable Code</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
      </div><!-- cards -->
    </div>
  </main><!-- .layout-stacked__content -->
--- a/docs/snyk/v2.4.19/ghcr.io_dexidp_dex_v2.35.3.html
+++ b/docs/snyk/v2.4.19/ghcr.io_dexidp_dex_v2.35.3.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:18:38 am</p>
+                <p class="timestamp">January 22nd 2023, 12:21:42 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.4.19/haproxy_2.0.29-alpine.html
+++ b/docs/snyk/v2.4.19/haproxy_2.0.29-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:20:20 am</p>
+                <p class="timestamp">January 22nd 2023, 12:21:47 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.4.19/quay.io_argoproj_argocd_v2.4.19.html
+++ b/docs/snyk/v2.4.19/quay.io_argoproj_argocd_v2.4.19.html
--- a/docs/snyk/v2.4.19/redis_7.0.7-alpine.html
+++ b/docs/snyk/v2.4.19/redis_7.0.7-alpine.html
@@ -456,12 +456,12 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:21:05 am</p>
+                <p class="timestamp">January 22nd 2023, 12:22:07 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
                <ul>
-                  <li class="paths">redis:6.2.7-alpine (apk)</li>
+                  <li class="paths">redis:7.0.7-alpine (apk)</li>
                </ul>
              </div>
    
@@ -477,7 +477,7 @@
          <table class="metatable">
              <tbody>
              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:6.2.7-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.7-alpine</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
              
              </tbody>
--- a/docs/snyk/v2.5.7/argocd-iac-install.html
+++ b/docs/snyk/v2.5.7/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:18:08 am</p>
+                <p class="timestamp">January 22nd 2023, 12:21:13 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.5.7/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.5.7/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:18:17 am</p>
+                <p class="timestamp">January 22nd 2023, 12:21:22 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.5.7/argocd-test.html
+++ b/docs/snyk/v2.5.7/argocd-test.html
@@ -7,7 +7,7 @@
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>Snyk test report</title>
-  <meta name="description" content="8 known vulnerabilities found in 131 vulnerable dependency paths.">
+  <meta name="description" content="8 known vulnerabilities found in 130 vulnerable dependency paths.">
  <base target="_blank">
  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
    sizes="194x194">
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:16:48 am</p>
+                <p class="timestamp">January 22nd 2023, 12:19:59 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
@@ -467,8 +467,8 @@
    
              <div class="meta-counts">
                <div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>131 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>1721</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>130 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>1720</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
          </header><!-- .project__header -->
@@ -476,107 +476,6 @@

    <div class="layout-container" style="padding-top: 35px;">
      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Prototype Poisoning</h2>
-            <div class="card__section">
-        
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            qs
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-url-parse@11.6.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-up@4.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        parse-url@6.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        parse-path@4.0.4
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        qs@6.10.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        superagent@7.1.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        formidable@2.0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        qs@6.9.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://www.npmjs.com/package/qs">qs</a> is a querystring parser that supports nesting and arrays, with a depth limit.</p>
-        <p>Affected versions of this package are vulnerable to Prototype Poisoning which allows attackers to cause a Node process to hang, processing an Array object whose prototype has been replaced by one with an excessive length value.</p>
-        <p><strong>Note:</strong> In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as <code>a[__proto__]=b&amp;a[__proto__]&amp;a[length]=100000000</code>.</p>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
-        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
-        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
-        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
-        <p>Two common types of DoS vulnerabilities:</p>
-        <ul>
-        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
-        </li>
-        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
-        </li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>qs</code> to version 6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/ljharb/qs/pull/428">GitHub PR</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2150323">RedHat Bugzilla Bug</a></li>
-        <li><a href="https://github.com/n8tz/CVE-2022-24999">Researcher Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-QS-3153490">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
            <div class="card__section">
@@ -3388,6 +3287,145 @@
            </div>
        
        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            cookiejar
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    argo-cd-ui@1.0.0, superagent@7.1.6 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        superagent@7.1.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cookiejar@2.1.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the <code>Cookie.parse</code> function, which uses an insecure regular expression.</p>
+        <h2 id="poc">PoC</h2>
+        <pre><code class="language-js">const { CookieJar } = require(&quot;cookiejar&quot;);
+        
+        const jar = new CookieJar();
+        
+        const start = performance.now();
+        const attack = &quot;a&quot; + &quot;t&quot;.repeat(50_000);
+        jar.setCookie(attack);
+        console.log(`CookieJar.setCookie(): ${performance.now() - start}`);
+        </code></pre>
+        <h2 id="details">Details</h2>
+        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
+        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
+        <p>Let’s take the following regular expression as an example:</p>
+        <pre><code class="language-js">regex = /A(B|C+)+D/
+        </code></pre>
+        <p>This regular expression accomplishes the following:</p>
+        <ul>
+        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
+        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
+        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
+        </ul>
+        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
+        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
+        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
+        1.79s user 0.02s system 99% cpu 1.812 total
+        </code></pre>
+        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
+        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
+        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
+        <ol>
+        <li>CCC</li>
+        <li>CC+C</li>
+        <li>C+CC</li>
+        <li>C+C+C.</li>
+        </ol>
+        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
+        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
+        <table>
+        <thead>
+        <tr>
+        <th>String</th>
+        <th align="right">Number of C&#39;s</th>
+        <th align="right">Number of steps</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td>ACCCX</td>
+        <td align="right">3</td>
+        <td align="right">38</td>
+        </tr>
+        <tr>
+        <td>ACCCCX</td>
+        <td align="right">4</td>
+        <td align="right">71</td>
+        </tr>
+        <tr>
+        <td>ACCCCCX</td>
+        <td align="right">5</td>
+        <td align="right">136</td>
+        </tr>
+        <tr>
+        <td>ACCCCCCCCCCCCCCX</td>
+        <td align="right">14</td>
+        <td align="right">65,553</td>
+        </tr>
+        </tbody></table>
+        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>cookiejar</code> to version 2.1.4 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5">GitHub Commit</a></li>
+        <li><a href="https://github.com/bmeck/node-cookiejar/pull/39">GitHub PR</a></li>
+        <li><a href="https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js#L73">Vulnerable Code</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
      </div><!-- cards -->
    </div>
  </main><!-- .layout-stacked__content -->
--- a/docs/snyk/v2.5.7/ghcr.io_dexidp_dex_v2.35.3.html
+++ b/docs/snyk/v2.5.7/ghcr.io_dexidp_dex_v2.35.3.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:16:55 am</p>
+                <p class="timestamp">January 22nd 2023, 12:20:03 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.5.7/haproxy_2.6.2-alpine.html
+++ b/docs/snyk/v2.5.7/haproxy_2.6.2-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:16:57 am</p>
+                <p class="timestamp">January 22nd 2023, 12:20:05 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.5.7/quay.io_argoproj_argocd_v2.5.7.html
+++ b/docs/snyk/v2.5.7/quay.io_argoproj_argocd_v2.5.7.html
--- a/docs/snyk/v2.4.18/redis_7.0.4-alpine.html
+++ b/docs/snyk/v2.4.18/redis_7.0.4-alpine.html
@@ -456,19 +456,19 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">December 18th 2022, 12:19:04 am</p>
+                <p class="timestamp">January 22nd 2023, 12:20:24 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
                <ul>
-                  <li class="paths">redis:7.0.4-alpine (apk)</li>
+                  <li class="paths">redis:7.0.7-alpine (apk)</li>
                </ul>
              </div>
    
              <div class="meta-counts">
                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>17</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
          </header><!-- .project__header -->
@@ -477,7 +477,7 @@
          <table class="metatable">
              <tbody>
              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.4-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.7-alpine</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
              
              </tbody>
--- a/docs/snyk/v2.6.0-rc4/argocd-iac-install.html
+++ b/docs/snyk/v2.6.0-rc4/argocd-iac-install.html
--- a/docs/snyk/v2.6.0-rc4/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.6.0-rc4/argocd-iac-namespace-install.html
--- a/docs/snyk/v2.6.0-rc4/argocd-test.html
+++ b/docs/snyk/v2.6.0-rc4/argocd-test.html
@@ -0,0 +1,623 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="1 known vulnerabilities found in 1 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #4b45a9;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">January 22nd 2023, 12:17:46 am</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following paths:</span>
+                <ul>
+                  <li class="paths">/argo-cd/argoproj/argo-cd/v2 (gomodules)</li><li class="paths">/argo-cd (yarn)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>1</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>1 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>1730</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            cookiejar
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    argo-cd-ui@1.0.0, superagent@7.1.6 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        superagent@7.1.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cookiejar@2.1.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the <code>Cookie.parse</code> function, which uses an insecure regular expression.</p>
+        <h2 id="poc">PoC</h2>
+        <pre><code class="language-js">const { CookieJar } = require(&quot;cookiejar&quot;);
+        
+        const jar = new CookieJar();
+        
+        const start = performance.now();
+        const attack = &quot;a&quot; + &quot;t&quot;.repeat(50_000);
+        jar.setCookie(attack);
+        console.log(`CookieJar.setCookie(): ${performance.now() - start}`);
+        </code></pre>
+        <h2 id="details">Details</h2>
+        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
+        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
+        <p>Let’s take the following regular expression as an example:</p>
+        <pre><code class="language-js">regex = /A(B|C+)+D/
+        </code></pre>
+        <p>This regular expression accomplishes the following:</p>
+        <ul>
+        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
+        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
+        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
+        </ul>
+        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
+        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
+        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
+        1.79s user 0.02s system 99% cpu 1.812 total
+        </code></pre>
+        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
+        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
+        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
+        <ol>
+        <li>CCC</li>
+        <li>CC+C</li>
+        <li>C+CC</li>
+        <li>C+C+C.</li>
+        </ol>
+        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
+        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
+        <table>
+        <thead>
+        <tr>
+        <th>String</th>
+        <th align="right">Number of C&#39;s</th>
+        <th align="right">Number of steps</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td>ACCCX</td>
+        <td align="right">3</td>
+        <td align="right">38</td>
+        </tr>
+        <tr>
+        <td>ACCCCX</td>
+        <td align="right">4</td>
+        <td align="right">71</td>
+        </tr>
+        <tr>
+        <td>ACCCCCX</td>
+        <td align="right">5</td>
+        <td align="right">136</td>
+        </tr>
+        <tr>
+        <td>ACCCCCCCCCCCCCCX</td>
+        <td align="right">14</td>
+        <td align="right">65,553</td>
+        </tr>
+        </tbody></table>
+        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>cookiejar</code> to version 2.1.4 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5">GitHub Commit</a></li>
+        <li><a href="https://github.com/bmeck/node-cookiejar/pull/39">GitHub PR</a></li>
+        <li><a href="https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js#L73">Vulnerable Code</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
--- a/docs/snyk/v2.6.0-rc4/ghcr.io_dexidp_dex_v2.35.3.html
+++ b/docs/snyk/v2.6.0-rc4/ghcr.io_dexidp_dex_v2.35.3.html
@@ -0,0 +1,492 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #4b45a9;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">January 22nd 2023, 12:17:50 am</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following path:</span>
+                <ul>
+                  <li class="paths">ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>14</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+      <section class="layout-container">
+          <table class="metatable">
+              <tbody>
+              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|ghcr.io/dexidp/dex</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">ghcr.io/dexidp/dex:v2.35.3/dexidp/dex</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
+              
+              </tbody>
+          </table>
+      </section>
+    <div class="layout-container" style="padding-top: 35px;">
+      No known vulnerabilities detected.
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
--- a/docs/snyk/v2.6.0-rc4/haproxy_2.6.2-alpine.html
+++ b/docs/snyk/v2.6.0-rc4/haproxy_2.6.2-alpine.html
@@ -0,0 +1,492 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #4b45a9;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">January 22nd 2023, 12:17:52 am</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following path:</span>
+                <ul>
+                  <li class="paths">haproxy:2.6.2-alpine (apk)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>17</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+      <section class="layout-container">
+          <table class="metatable">
+              <tbody>
+              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|haproxy</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">haproxy:2.6.2-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
+              
+              </tbody>
+          </table>
+      </section>
+    <div class="layout-container" style="padding-top: 35px;">
+      No known vulnerabilities detected.
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
--- a/docs/snyk/v2.6.0-rc4/quay.io_argoproj_argocd_v2.6.0-rc4.html
+++ b/docs/snyk/v2.6.0-rc4/quay.io_argoproj_argocd_v2.6.0-rc4.html
--- a/docs/snyk/v2.6.0-rc4/redis_7.0.7-alpine.html
+++ b/docs/snyk/v2.6.0-rc4/redis_7.0.7-alpine.html
@@ -0,0 +1,492 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #4b45a9;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">January 22nd 2023, 12:18:12 am</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following path:</span>
+                <ul>
+                  <li class="paths">redis:7.0.7-alpine (apk)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+      <section class="layout-container">
+          <table class="metatable">
+              <tbody>
+              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.7-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
+              
+              </tbody>
+          </table>
+      </section>
+    <div class="layout-container" style="padding-top: 35px;">
+      No known vulnerabilities detected.
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
--- a/docs/user-guide/commands/argocd_admin_repo_generate-spec.md
+++ b/docs/user-guide/commands/argocd_admin_repo_generate-spec.md
@@ -38,7 +38,6 @@ argocd admin repo generate-spec REPOURL [flags]
 ```
      --enable-lfs                              enable git-lfs (Large File Support) on this repository
      --enable-oci                              enable helm-oci (Helm OCI-Based Repository)
-      --force-http-basic-auth                   whether to force use of basic auth when connecting repository via HTTP
      --gcp-service-account-key-path string     service account key for the Google Cloud Platform
      --github-app-enterprise-base-url string   base url to use when using GitHub Enterprise (e.g. https://ghe.example.com/api/v3
      --github-app-id int                       id of the GitHub Application
--- a/docs/user-guide/commands/argocd_app_sync.md
+++ b/docs/user-guide/commands/argocd_app_sync.md
@@ -26,6 +26,9 @@ argocd app sync [APPNAME... | -l selector | --project project-name] [flags]
  # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME
  argocd app sync my-app --resource :Service:my-service
  argocd app sync my-app --resource argoproj.io:Rollout:my-rollout
+  argocd app sync my-app --resource '!apps:Deployment:my-service'
+  argocd app sync my-app --resource apps:Deployment:my-service --resource :Service:my-service
+  argocd app sync my-app --resource '!*:Service:*'
  # Specify namespace if the application has resources with the same name in different namespaces
  argocd app sync my-app --resource argoproj.io:Rollout:my-namespace/my-rollout
 ```
@@ -46,7 +49,7 @@ argocd app sync [APPNAME... | -l selector | --project project-name] [flags]
      --project stringArray                   Sync apps that belong to the specified projects. This option may be specified repeatedly.
      --prune                                 Allow deleting unexpected resources
      --replace                               Use a kubectl create/replace instead apply
-      --resource stringArray                  Sync only specific resources as GROUP:KIND:NAME. Fields may be blank. This option may be specified repeatedly
+      --resource stringArray                  Sync only specific resources as GROUP:KIND:NAME or !GROUP:KIND:NAME. Fields may be blank and '*' can be used. This option may be specified repeatedly
      --retry-backoff-duration duration       Retry backoff base duration. Input needs to be a duration (e.g. 2m, 1h) (default 5s)
      --retry-backoff-factor int              Factor multiplies the base duration after each failed retry (default 2)
      --retry-backoff-max-duration duration   Max retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s)
--- a/docs/user-guide/commands/argocd_app_wait.md
+++ b/docs/user-guide/commands/argocd_app_wait.md
@@ -15,6 +15,16 @@ argocd app wait [APPNAME.. | -l selector] [flags]
  # Wait for multiple apps
  argocd app wait my-app other-app

+  # Wait for apps by resource
+  # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME.
+  argocd app wait my-app --resource :Service:my-service
+  argocd app wait my-app --resource argoproj.io:Rollout:my-rollout
+  argocd app wait my-app --resource '!apps:Deployment:my-service'
+  argocd app wait my-app --resource apps:Deployment:my-service --resource :Service:my-service
+  argocd app wait my-app --resource '!*:Service:*'
+  # Specify namespace if the application has resources with the same name in different namespaces
+  argocd app wait my-app --resource argoproj.io:Rollout:my-namespace/my-rollout
+
  # Wait for apps by label, in this example we waiting for apps that are children of another app (aka app-of-apps)
  argocd app wait -l app.kubernetes.io/instance=my-app
  argocd app wait -l app.kubernetes.io/instance!=my-app
@@ -30,7 +40,7 @@ argocd app wait [APPNAME.. | -l selector] [flags]
      --health                 Wait for health
  -h, --help                   help for wait
      --operation              Wait for pending operations
-      --resource stringArray   Sync only specific resources as GROUP:KIND:NAME. Fields may be blank. This option may be specified repeatedly
+      --resource stringArray   Sync only specific resources as GROUP:KIND:NAME or !GROUP:KIND:NAME. Fields may be blank and '*' can be used. This option may be specified repeatedly
  -l, --selector string        Wait for apps by label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints.
      --suspended              Wait for suspended
      --sync                   Wait for sync
--- a/docs/user-guide/commands/argocd_cluster.md
+++ b/docs/user-guide/commands/argocd_cluster.md
@@ -21,6 +21,9 @@ argocd cluster [flags]
  # Remove a target cluster context from ArgoCD
  argocd cluster rm example-cluster

+  # Set a target cluster context from ArgoCD
+  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace '*'
+  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace namespace-one --namespace namespace-two
 ```

 ### Options
@@ -78,4 +81,5 @@ argocd cluster [flags]
 * [argocd cluster list](argocd_cluster_list.md)	 - List configured clusters
 * [argocd cluster rm](argocd_cluster_rm.md)	 - Remove cluster credentials
 * [argocd cluster rotate-auth](argocd_cluster_rotate-auth.md)	 - argocd cluster rotate-auth SERVER/NAME
+* [argocd cluster set](argocd_cluster_set.md)	 - Set cluster information

--- a/docs/user-guide/commands/argocd_cluster_set.md
+++ b/docs/user-guide/commands/argocd_cluster_set.md
@@ -0,0 +1,51 @@
+## argocd cluster set
+
+Set cluster information
+
+```
+argocd cluster set NAME [flags]
+```
+
+### Examples
+
+```
+  # Set cluster information
+  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace '*'
+  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace namespace-one --namespace namespace-two
+```
+
+### Options
+
+```
+  -h, --help                    help for set
+      --name string             Overwrite the cluster name
+      --namespace stringArray   List of namespaces which are allowed to manage. Specify '*' to manage all namespaces
+```
+
+### Options inherited from parent commands
+
+```
+      --auth-token string               Authentication token
+      --client-crt string               Client certificate file
+      --client-crt-key string           Client certificate key file
+      --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")
+      --core                            If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server
+      --grpc-web                        Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.
+      --grpc-web-root-path string       Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.
+  -H, --header strings                  Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)
+      --http-retry-max int              Maximum number of retries to establish http connection to Argo CD server
+      --insecure                        Skip server certificate and domain verification
+      --kube-context string             Directs the command to the given kube-context
+      --logformat string                Set the logging format. One of: text|json (default "text")
+      --loglevel string                 Set the logging level. One of: debug|info|warn|error (default "info")
+      --plaintext                       Disable TLS
+      --port-forward                    Connect to a random argocd-server port using port forwarding
+      --port-forward-namespace string   Namespace name which should be used for port forwarding
+      --server string                   Argo CD server address
+      --server-crt string               Server certificate file
+```
+
+### SEE ALSO
+
+* [argocd cluster](argocd_cluster.md)	 - Manage cluster credentials
+
--- a/docs/user-guide/commands/argocd_repo_add.md
+++ b/docs/user-guide/commands/argocd_repo_add.md
@@ -46,7 +46,6 @@ argocd repo add REPOURL [flags]
 ```
      --enable-lfs                              enable git-lfs (Large File Support) on this repository
      --enable-oci                              enable helm-oci (Helm OCI-Based Repository)
-      --force-http-basic-auth                   whether to force use of basic auth when connecting repository via HTTP
      --gcp-service-account-key-path string     service account key for the Google Cloud Platform
      --github-app-enterprise-base-url string   base url to use when using GitHub Enterprise (e.g. https://ghe.example.com/api/v3
      --github-app-id int                       id of the GitHub Application
--- a/docs/user-guide/commands/argocd_repocreds_add.md
+++ b/docs/user-guide/commands/argocd_repocreds_add.md
@@ -33,7 +33,6 @@ argocd repocreds add REPOURL [flags]

 ```
      --enable-oci                              Specifies whether helm-oci support should be enabled for this repo
-      --force-http-basic-auth                   whether to force basic auth when connecting via HTTP
      --gcp-service-account-key-path string     service account key for the Google Cloud Platform
      --github-app-enterprise-base-url string   base url to use when using GitHub Enterprise (e.g. https://ghe.example.com/api/v3
      --github-app-id int                       id of the GitHub Application
--- a/docs/user-guide/directory.md
+++ b/docs/user-guide/directory.md
@@ -43,9 +43,6 @@ spec:
      recurse: true
 ```

-!!! warning
-    Directory-type applications only work for plain manifest files. If Argo CD encounters Kustomize, Helm, or Jsonnet files when directory: is set, it will fail to render the manifests.
-
 ## Including/Excluding Files

 ### Including Only Certain Files
--- a/docs/user-guide/helm.md
+++ b/docs/user-guide/helm.md
@@ -291,7 +291,7 @@ Helm, [starting with v3.6.1](https://github.com/helm/helm/releases/tag/v3.6.1),
 prevents sending repository credentials to download charts that are being served
 from a different domain than the repository.

-If needed, it is possible to opt into passing credentials for all domains by setting the `helm-pass-credentials` flag on the cli:
+If needed, it is possible to specifically set the Helm version to template with by setting the `helm-pass-credentials` flag on the cli:

 ```bash
 argocd app set helm-guestbook --helm-pass-credentials
--- a/docs/user-guide/parameters.md
+++ b/docs/user-guide/parameters.md
@@ -54,14 +54,9 @@ argocd app create redis --repo https://github.com/helm/charts.git --path stable/

 ## Store Overrides In Git

-> The following is available from v1.8 or later
-
 The config management tool specific overrides can be specified in `.argocd-source.yaml` file stored in the source application
 directory in the Git repository.

-!!! warn
-    The `.argocd-source` is a beta feature and subject to change.
-
 The `.argocd-source.yaml` file is used during manifest generation and overrides
 application source fields, such as `kustomize`, `helm` etc.

@@ -80,8 +75,6 @@ for projects like [argocd-image-updater](https://github.com/argoproj-labs/argocd
 - Support "discovering" applications in the Git repository by projects like [applicationset](https://github.com/argoproj/applicationset)
 (see [git files generator](https://github.com/argoproj/argo-cd/blob/master/applicationset/examples/git-generator-files-discovery/git-generator-files.yaml))

-> The following is available from v1.9 or later
-
 You can also store parameter overrides in an application specific file, if you
 are sourcing multiple applications from a single path in your repository.

--- a/docs/user-guide/projects.md
+++ b/docs/user-guide/projects.md
@@ -69,8 +69,8 @@ spec:

 A source repository is considered valid if the following conditions hold:

-1) _Any_ allow source rule (i.e. a rule which isn't prefixed with `!`) permits the source
-2) AND *no* deny source (i.e. a rule which is prefixed with `!`) rejects the source
+1. _Any_ allow source rule (i.e. a rule which isn't prefixed with `!`) permits the source
+2. AND *no* deny source (i.e. a rule which is prefixed with `!`) rejects the source

 Keep in mind that `!*` is an invalid rule, since it doesn't make any sense to disallow everything.

@@ -106,8 +106,8 @@ spec:

 As with sources, a destination is considered valid if the following conditions hold:

-1) _Any_ allow destination rule (i.e. a rule which isn't prefixed with `!`) permits the destination
-2) AND *no* deny destination (i.e. a rule which is prefixed with `!`) rejects the destination
+1. _Any_ allow destination rule (i.e. a rule which isn't prefixed with `!`) permits the destination
+2. AND *no* deny destination (i.e. a rule which is prefixed with `!`) rejects the destination

 Keep in mind that `!*` is an invalid rule, since it doesn't make any sense to disallow everything. 

--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .6.2
 .6.0