You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on May 14, 2026. It is now read-only.
Version tagging appears to have stopped at v0.7.3 which is causing issues with scanners and Argo-CD not being able to pull in a newer version tag that can be recognized.
Specifically github.com/argoproj/gitops-engine v0.7.1-0.20250129155113-faf5a4e5c37d is the referenced tag in Argo-CD but GO-2025-3437, GHSA-274v-mgcv-cm8j, show an issue with that version because v0.7.x tags all have not been updated in 3+ years and it appears that gitops-engine has switched to syncing versions with Argo-CD itself. Example release-2.1x but not tags are generated for these so everyone is still using the tag mentioned above. I have submitted a GHSA-274v-mgcv-cm8j vuln enrichment change but my question is there any plan to generate new tags for GitOps-Engine?
Say 2.1x tags when a new release branch is generated? Or when the Argo-CD repo release is generated GitOps-Engine also generates a new one if required?
Version tagging appears to have stopped at v0.7.3 which is causing issues with scanners and Argo-CD not being able to pull in a newer version tag that can be recognized.
Specifically github.com/argoproj/gitops-engine v0.7.1-0.20250129155113-faf5a4e5c37d is the referenced tag in Argo-CD but GO-2025-3437, GHSA-274v-mgcv-cm8j, show an issue with that version because v0.7.x tags all have not been updated in 3+ years and it appears that gitops-engine has switched to syncing versions with Argo-CD itself. Example release-2.1x but not tags are generated for these so everyone is still using the tag mentioned above. I have submitted a GHSA-274v-mgcv-cm8j vuln enrichment change but my question is there any plan to generate new tags for GitOps-Engine?
Say 2.1x tags when a new release branch is generated? Or when the Argo-CD repo release is generated GitOps-Engine also generates a new one if required?