Skip to content

chore(cherry-pick-3.0): bump expr version from v1.16.9 to v1.17.7 #25908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
crenshaw-dev merged 1 commit into from
Jan 9, 2026
Merged

chore(cherry-pick-3.0): bump expr version from v1.16.9 to v1.17.7 #25908

crenshaw-dev merged 1 commit into from
Jan 9, 2026
+3 −3

Conversation

@aali309
Copy link
Contributor

@aali309 aali309 commented Jan 8, 2026
edited
Loading

Related to #25877

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Title of the PR
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.
  • Optional. My organization is added to USERS.md.
  • Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

@aali309 aali309 requested a review from a team as a code owner January 8, 2026 18:49
@crenshaw-dev
Copy link
Member

crenshaw-dev commented Jan 8, 2026

Is the vulnerability exploitable in Argo CD? Bumping a patch release makes sense to me, but minor versions may include more significant changes.

@codecov
Copy link

codecov bot commented Jan 8, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.93%. Comparing base (73b21ff) to head (5ee6c1c).
⚠️ Report is 3 commits behind head on release-3.0.

Additional details and impacted files 
@@               Coverage Diff               @@
##           release-3.0   #25908      +/-   ##
===============================================
- Coverage        56.96%   56.93%   -0.04%     
===============================================
  Files              346      346              
  Lines            46918    46918              
===============================================
- Hits             26728    26711      -17     
- Misses           17529    17545      +16     
- Partials          2661     2662       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@aali309
Copy link
Contributor Author

aali309 commented Jan 8, 2026

Is the vulnerability exploitable in Argo CD? Bumping a patch release makes sense to me, but minor versions may include more significant changes.

Yes @crenshaw-dev, please see here

@crenshaw-dev crenshaw-dev merged commit f9212b0 into argoproj:release-3.0 Jan 9, 2026
21 of 22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crenshaw-dev crenshaw-dev crenshaw-dev approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aali309 @crenshaw-dev