chore(CR-29827): updated golang.org/x/oauth2 , github.com/argoproj/argo-cd/v2 (#791)

## What
<!-- What is changing in this PR? -->
CVE-2025-22868 -fixed by updating github.com/argoproj/argo-cd/v2
CVE-2025-22868 - fixed by updating golang.org/x/oauth2
## Why
<!-- Why are these changes being made? -->

## Notes
<!-- Add any additional notes here -->

---------

Co-authored-by: Noam Gal <noam.gal@octopus.com>

Author: vitalii-codefresh

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.23.4-alpine3.21 AS base
+FROM golang:1.24.4-alpine3.22 AS base
 
 WORKDIR /go/src/github.com/codefresh-io/cli-v2
 
@@ -27,7 +27,7 @@ RUN go mod verify
 
 ############################### CLI ###############################
 ### Compile
-FROM golang:1.23.4-alpine3.21 AS codefresh-build
+FROM golang:1.24.4-alpine3.22 AS codefresh-build
 
 WORKDIR /go/src/github.com/codefresh-io/cli-v2
 
@@ -38,14 +38,14 @@ COPY --from=base /go/pkg/mod /go/pkg/mod
 
 COPY . .
 
-ENV GOPATH /go
-ENV GOBIN /go/bin
+ENV GOPATH=/go
+ENV GOBIN=/go/bin
 
 ARG SEGMENT_WRITE_KEY
 RUN make local DEV_MODE=false SEGMENT_WRITE_KEY=${SEGMENT_WRITE_KEY}
 
 ### Run
-FROM alpine:3.21 AS codefresh
+FROM alpine:3.22 AS codefresh
 
 WORKDIR /go/src/github.com/codefresh-io/cli-v2
 

Makefile

@@ -1,4 +1,4 @@
-VERSION=v0.2.8
+VERSION=v0.2.9
 
 OUT_DIR=dist
 YEAR?=$(shell date +"%Y")
@@ -176,4 +176,4 @@ $(GOBIN)/mockgen:
 $(GOBIN)/golangci-lint:
 	@mkdir dist || true
 	@echo installing: golangci-lint
-	@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.62.2
+	@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.64.8

go.mod

@@ -1,12 +1,10 @@
 module github.com/codefresh-io/cli-v2
 
-go 1.23.1
-
-toolchain go1.23.4
+go 1.24.4
 
 require (
 	github.com/Masterminds/semver/v3 v3.3.1
-	github.com/argoproj/argo-cd/v2 v2.13.4
+	github.com/argoproj/argo-cd/v2 v2.13.8
 	github.com/codefresh-io/go-sdk v1.4.9
 	github.com/fatih/color v1.18.0
 	github.com/gobuffalo/packr v1.30.1
@@ -201,7 +199,7 @@ require (
 	golang.org/x/crypto v0.37.0 // indirect
 	golang.org/x/mod v0.22.0 // indirect
 	golang.org/x/net v0.37.0 // indirect
-	golang.org/x/oauth2 v0.24.0 // indirect
+	golang.org/x/oauth2 v0.27.0 // indirect
 	golang.org/x/sync v0.13.0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
 	golang.org/x/term v0.31.0 // indirect

go.sum

@@ -45,8 +45,8 @@ github.com/alicebob/miniredis/v2 v2.33.0/go.mod h1:MhP4a3EU7aENRi9aO+tHfTBZicLqQ
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/argoproj/argo-cd/v2 v2.13.4 h1:YAj2J2RUq+gMaG2vmtQ+qyUxlbrAzk3P6SwYHXlkUPw=
-github.com/argoproj/argo-cd/v2 v2.13.4/go.mod h1:1xggXUniuSkUtcBu0EWl45k1BTuYSASd0bn6WOma4vA=
+github.com/argoproj/argo-cd/v2 v2.13.8 h1:FX4wajO+DUADwyMq/+y+UlLhcljVY8v/+5DllzxEfwo=
+github.com/argoproj/argo-cd/v2 v2.13.8/go.mod h1:VnIEoaw53mwPEGKqixL3ee1qfP3tNUFj+9RHJVhmxws=
 github.com/argoproj/gitops-engine v0.7.1-0.20250328191959-6d3cf122b03f h1:T18BJdtZF/HWdkyCqcNI6kQ3SbIomn6g+AZtZtvQUjE=
 github.com/argoproj/gitops-engine v0.7.1-0.20250328191959-6d3cf122b03f/go.mod h1:WsnykM8idYRUnneeT31cM/Fq/ZsjkefCbjiD8ioCJkU=
 github.com/argoproj/pkg v0.13.7-0.20230901113346-235a5432ec98 h1:Y1wJVJePMad3LwH+OIX4cl9ND3251XUNxjgpxFRWmZs=
@@ -813,8 +813,8 @@ golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
-golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
-golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
+golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=