Dependency Dashboard

[williaby]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Config Migration Needed

• Select this checkbox to let Renovate create an automated Config Migration PR.

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package dependency-check/Dependency-Check_Action).

Files affected: workflow-templates/python-security-analysis.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): Update GitHub Actions (ByronWilliamsCPA/.github, docker/build-push-action, docker/login-action, docker/metadata-action, docker/setup-buildx-action, github/codeql-action, sonarsource/sonarqube-quality-gate-action, step-security/harden-runner)

Detected Dependencies

github-actions (49)

.github/workflows/codeql.yml (4)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]

.github/workflows/dependency-review.yml (3)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/dependency-review-action v5.0.0@a1d282b36b6f3519aa1f3fc636f609c47dddb294

.github/workflows/pr-validation.yml (4)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]

.github/workflows/python-ci.yml (12)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• python ${{ inputs.python-version }}

.github/workflows/python-codecov.yml (5)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• codecov/codecov-action v6.0.1@e79a6962e0d4c0c17b229090214935d2e33f8354
• codecov/codecov-action v6.0.1@e79a6962e0d4c0c17b229090214935d2e33f8354

.github/workflows/python-compatibility.yml (8)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• python ${{ matrix.python }}

.github/workflows/python-container-security.yml (12)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• hadolint/hadolint-action v3.3.0@2332a7b74a6de0dda2e2221d575162eba76ba5e5
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]

.github/workflows/python-docker.yml (12)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/login-action v4.1.0@4907a6ddec9925e35a0a9e82d7399ccc52663121 → [Updates: v4.2.0]
• docker/setup-qemu-action v4.0.0@ce360397dd3f832beb865e1373c09c0e9f86d70a → [Updates: v4.1.0]
• docker/setup-buildx-action v4.0.0@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd → [Updates: v4.1.0]
• docker/login-action v4.1.0@4907a6ddec9925e35a0a9e82d7399ccc52663121 → [Updates: v4.2.0]
• docker/metadata-action v6.0.0@030e881283bb7a6894de51c315a6bfe6a94e05cf → [Updates: v6.1.0]
• docker/build-push-action v7.1.0@bcafcacb16a39f128d818304e6c9c0c18556b85f → [Updates: v7.2.0]
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• marocchino/sticky-pull-request-comment v3.0.4@0ea0beb66eb9baf113663a64ec522f60e49231c0

.github/workflows/python-docs.yml (11)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/configure-pages v6.0.0@45bfe0192ca1faeb007ade9deae92b16b8254a0d
• actions/upload-pages-artifact v5.0.0@fc324d3547104276b827a68afc52ff2a11cc49c9
• actions/deploy-pages v5.0.0@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128
• python ${{ inputs.python-version }}

.github/workflows/python-fips-compatibility.yml (8)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b

.github/workflows/python-fuzzing.yml (8)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• google/clusterfuzzlite v1@884713a6c30a92e5e8544c39945cd7cb630abcd1
• google/clusterfuzzlite v1@884713a6c30a92e5e8544c39945cd7cb630abcd1
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• python ${{ inputs.python-version }}

.github/workflows/python-mutation.yml (7)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3
• python ${{ inputs.python-version }}

.github/workflows/python-performance-regression.yml (6)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3
• python ${{ inputs.python-version }}

.github/workflows/python-pr-validation.yml (1)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]

.github/workflows/python-precommit.yml (3)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b

.github/workflows/python-publish-pypi.yml (12)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• pypa/gh-action-pypi-publish v1.14.0@cef221092ed1bacb1cc03d23a2d87d1d172e277b
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• pypa/gh-action-pypi-publish v1.14.0@cef221092ed1bacb1cc03d23a2d87d1d172e277b
• python ${{ inputs.python-version }}

.github/workflows/python-qlty-coverage.yml (4)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• qltysh/qlty-action v2.2.0@a19242102d17e497f437d7466aa01b528537e899

.github/workflows/python-release.yml (15)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• python-semantic-release/python-semantic-release v10.5.3@350c48fcb3ffcdfd2e0a235206bc2ecea6b69df0
• sigstore/gh-action-sigstore-python v3.3.0@04cffa1d795717b140764e8b640de88853c92acc
• softprops/action-gh-release v3.0.0@b4309332981a82ec1c5618f44dd2e27cc8bfbfda
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• python ${{ inputs.python-version }}

.github/workflows/python-reuse.yml (5)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• fsfe/reuse-action v6.0.0@676e2d560c9a403aa252096d99fcab3e1132b0f5
• fsfe/reuse-action v6.0.0@676e2d560c9a403aa252096d99fcab3e1132b0f5
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

.github/workflows/python-sbom.yml (34)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• anchore/scan-action v7.4.0@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2
• anchore/scan-action v7.4.0@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• google/osv-scanner-action v2.3.8@9a498708959aeaef5ef730655706c5a1df1edbc2
• google/osv-scanner-action v2.3.8@9a498708959aeaef5ef730655706c5a1df1edbc2
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• python ${{ inputs.python-version }}
• python ${{ inputs.python-version }}

.github/workflows/python-scorecard.yml (5)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• ossf/scorecard-action v2.4.3@4eaacf0543bb3f2c246792bd56e8cdeffafb205a
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

.github/workflows/python-security-analysis.yml (25)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• dorny/paths-filter v4.0.1@fbd0ab8f3e69293af611ebaee6363fc25e6d187d
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/dependency-review-action v5.0.0@a1d282b36b6f3519aa1f3fc636f609c47dddb294
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• google/osv-scanner-action v2.3.8@9a498708959aeaef5ef730655706c5a1df1edbc2
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• python ${{ inputs.python-version }}
• python ${{ inputs.python-version }}

.github/workflows/python-slsa.yml (1)

• slsa-framework/slsa-github-generator v2.1.0@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a

.github/workflows/python-sonarcloud.yml (9)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• SonarSource/sonarqube-scan-action v8.1.0@7006c4492b2e0ee0f816d36501671557c97f5995
• sonarsource/sonarqube-quality-gate-action v1.2.0@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• python ${{ inputs.python-version }}

.github/workflows/python-supplemental-checks.yml (15)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• lycheeverse/lychee-action v2.8.0@8646ba30535128ac92d33dfc9133794bfdd9b411
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• amannn/action-semantic-pull-request v6.1.1@48f256284bd46cdaab1048c3721360e808335d50
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• python ${{ inputs.python-version }}

.github/workflows/release-tag.yml (2)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/reuse.yml (6)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• fsfe/reuse-action v6.0.0@676e2d560c9a403aa252096d99fcab3e1132b0f5
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/scorecard.yml (1)

• ByronWilliamsCPA/.github main@6f71aecae2c91214ca0a0a2206a36cf912aa31ac → [Updates: main]

.github/workflows/security-analysis.yml (2)

• ByronWilliamsCPA/.github main@6f71aecae2c91214ca0a0a2206a36cf912aa31ac → [Updates: main]
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]

.github/workflows/self-test.yml (4)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/shell-tests.yml (2)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/sonarcloud.yml (3)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• SonarSource/sonarqube-scan-action v8.1.0@7006c4492b2e0ee0f816d36501671557c97f5995

workflow-templates/python-ci.yml (19)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• python 3.12
• python ${{ matrix.python-version }}
• python 3.12

workflow-templates/python-cifuzzy.yml (6)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• google/clusterfuzzlite v1@884713a6c30a92e5e8544c39945cd7cb630abcd1
• google/clusterfuzzlite v1@884713a6c30a92e5e8544c39945cd7cb630abcd1
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

workflow-templates/python-codecov.yml (11)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• codecov/codecov-action v6.0.1@e79a6962e0d4c0c17b229090214935d2e33f8354
• codecov/codecov-action v6.0.1@e79a6962e0d4c0c17b229090214935d2e33f8354
• codecov/codecov-action v6.0.1@e79a6962e0d4c0c17b229090214935d2e33f8354
• codecov/codecov-action v6.0.1@e79a6962e0d4c0c17b229090214935d2e33f8354
• codecov/codecov-action v6.0.1@e79a6962e0d4c0c17b229090214935d2e33f8354

workflow-templates/python-compatibility.yml (1)

• ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac

workflow-templates/python-container-security.yml (1)

• ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac

workflow-templates/python-docs.yml (28)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• lycheeverse/lychee-action v2.8.0@8646ba30535128ac92d33dfc9133794bfdd9b411
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• peaceiris/actions-gh-pages v4.1.0@84c30a85c19949d7eee79c4ff27748b70285e453
• python 3.12
• python 3.12
• python 3.12

workflow-templates/python-fips-compatibility.yml (1)

• ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac

workflow-templates/python-mutation.yml (1)

• ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac

workflow-templates/python-pr-validation.yml (1)

• ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac

workflow-templates/python-publish-pypi.yml (12)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• snok/install-poetry v1.4.1@76e04a911780d5b312d89783f7b1cd627778900a
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• pypa/gh-action-pypi-publish v1.14.0@cef221092ed1bacb1cc03d23a2d87d1d172e277b
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• pypa/gh-action-pypi-publish v1.14.0@cef221092ed1bacb1cc03d23a2d87d1d172e277b
• python 3.12

workflow-templates/python-release.yml (12)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• slsa-framework/slsa-github-generator v2.1.0@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• sigstore/cosign-installer v4.1.2@6f9f17788090df1f26f669e9d70d6ae9567deba6
• softprops/action-gh-release v3.0.0@b4309332981a82ec1c5618f44dd2e27cc8bfbfda
• python 3.12

workflow-templates/python-reuse.yml (1)

• ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac

workflow-templates/python-sbom.yml (1)

• ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac

workflow-templates/python-scorecard.yml (1)

• ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac

workflow-templates/python-security-analysis.yml (29)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• dorny/paths-filter v4.0.1@fbd0ab8f3e69293af611ebaee6363fc25e6d187d
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• snok/install-poetry v1.4.1@76e04a911780d5b312d89783f7b1cd627778900a
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/dependency-review-action v5.0.0@a1d282b36b6f3519aa1f3fc636f609c47dddb294
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• snok/install-poetry v1.4.1@76e04a911780d5b312d89783f7b1cd627778900a
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• google/osv-scanner-action v2.3.8@9a498708959aeaef5ef730655706c5a1df1edbc2
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• dependency-check/Dependency-Check_Action v1.1.0@75ba02d6183445fe0761d26e836bde58b1560600
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• github/codeql-action v4.35.5@9e0d7b8d25671d64c341c19c0152d693099fb5ba → [Updates: v4.36.0]
• python 3.12
• python 3.12

workflow-templates/python-slsa.yml (7)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441b
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac
• python 3.12

workflow-templates/python-sonarcloud.yml (7)

• step-security/harden-runner v2.19.3@ab7a9404c0f3da075243ca237b5fac12c98deaa5 → [Updates: v2.19.4]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v6@a309ff8b426b58ec0e2a45f0f869d46889d02405
• SonarSource/sonarqube-scan-action v8@7006c4492b2e0ee0f816d36501671557c97f5995
• sonarsource/sonarqube-quality-gate-action master → [Updates: master]
• actions/upload-artifact v7@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• python 3.12

[williaby]

Closing as stale. PR #70 (the referenced open PR) was superseded by the consolidated #94, which has been merged. All dependency pins are now on main.

[williaby]

Closing per prior triage comment. Renovate will regenerate this dashboard automatically if it has live items to surface.