Dependency Dashboard

[forking-renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• chore(deps): update github-actions (actions/download-artifact, actions/setup-node, actions/upload-artifact, github/codeql-action, golangci/golangci-lint-action, ossf/scorecard-action, slsa-framework/slsa-verifier)
• fix(deps): update dependency @actions/tool-cache to v2.0.2
• fix(deps): update dependency org.twdata.maven:mojo-executor to v2.4.1
• chore(deps): update dependency autolinker to v4.1.0
• chore(deps): update dependency go to v1.24.0
• chore(deps): update golang docker tag to v1.24
• fix(deps): update go (github.com/google/go-cmp, github.com/in-toto/attestation, github.com/sigstore/cosign/v2, github.com/sigstore/fulcio, github.com/sigstore/protobuf-specs, github.com/sigstore/rekor, github.com/sigstore/sigstore, github.com/sigstore/sigstore-go, github.com/spf13/cobra, golang.org/x/mod, google.golang.org/protobuf, sigs.k8s.io/release-utils)
• chore(deps): update npm dev (major) (@types/jasmine, @types/node, eslint, eslint-plugin-github, renovate, typescript-eslint)

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• chore(deps): update npm dev (@types/jasmine, @types/node, @vercel/ncc, eslint, eslint-plugin-prettier, jasmine, renovate, typescript, typescript-eslint)

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update golang:1.23 docker digest to adfbe17
• fix(deps): update golang.org/x/exp digest to dead583

Detected dependencies

dockerfile

cli/experimental/service/Dockerfile

• golang 1.23@sha256:51a6466e8dbf3e00e422eb0f7a97ac450b2d57b33617bbe8d2ee0bddcd9d0d37
• gcr.io/distroless/base nonroot@sha256:97d15218016debb9b6700a8c1c26893d3291a469852ace8d8f7d15b2f156920f

github-actions

.github/workflows/codeql-analysis.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34
• github/codeql-action v3.28.1@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c
• github/codeql-action v3.28.1@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c
• github/codeql-action v3.28.1@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c

.github/workflows/depsreview.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/dependency-review-action v4.5.0@3b139cfc5fae8b618d3eae3675e383bb1769c019

.github/workflows/e2e.schedule.cli.yml

• actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683

.github/workflows/e2e.schedule.installer.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683

.github/workflows/pr-title.yml

• thehanimo/pr-title-checker v1.4.3@7fbfe05602bdd86f926d3fb3bccb6f3aed43bc70

.github/workflows/pre-submit.actions.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-node v4.1.0@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
• actions/upload-artifact v4.6.0@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08

.github/workflows/pre-submit.cli.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34
• actions/upload-artifact v4.6.0@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08

.github/workflows/pre-submit.e2e.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683

.github/workflows/pre-submit.lfs.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actionsdesk/lfs-warning v3.3@4b98a8a5e6c429c23c34eee02d71553bca216425

.github/workflows/pre-submit.lint.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34
• golangci/golangci-lint-action v6.2.0@ec5d18412c0aeab7936cb16880d708ba2a64e1ae
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-node v4.1.0@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-node v4.1.0@39370e3970a6d050c480ffad4ff0ed4d3fdee5af

.github/workflows/pre-submit.references.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683

.github/workflows/release.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• slsa-framework/slsa-github-generator X.Y.Z
• slsa-framework/slsa-verifier v2.6.0@3714a2a4684014deb874a0e737dffa0ee02dd647
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683

.github/workflows/scorecards.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• ossf/scorecard-action v2.4.0@62b2cac7ed8198b15735ed49ab1e5cf35480ba46
• actions/upload-artifact v4.6.0@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
• github/codeql-action v3.28.1@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c

.github/workflows/update-actions-dist-post-commit.yml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/upload-artifact v4.6.0@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16

gomod

go.mod

• go 1.23.2
• go 1.23.5
• github.com/docker/go v1.5.1-1
• github.com/go-openapi/runtime v0.28.0
• github.com/google/go-cmp v0.6.0
• github.com/in-toto/in-toto-golang v0.9.0
• github.com/secure-systems-lab/go-securesystemslib v0.9.0
• github.com/sigstore/rekor v1.3.8
• github.com/sigstore/sigstore v1.8.12
• github.com/google/go-containerregistry v0.20.3
• github.com/gorilla/mux v1.8.1
• github.com/in-toto/attestation v1.1.0
• github.com/sigstore/cosign/v2 v2.4.1
• github.com/sigstore/sigstore-go v0.6.2
• github.com/slsa-framework/slsa-github-generator v1.10.0
• github.com/spf13/cobra v1.8.1
• golang.org/x/mod v0.22.0
• sigs.k8s.io/release-utils v0.9.0
• github.com/sigstore/fulcio v1.6.5
• github.com/sigstore/protobuf-specs v0.3.3
• golang.org/x/exp v0.0.0-20250128144449-3edf0e91c1ae@3edf0e91c1ae
• google.golang.org/protobuf v1.36.3

maven

experimental/maven-plugin/pom.xml

• org.apache.maven:maven-core 3.9.9
• org.apache.maven:maven-plugin-api 3.9.9
• org.apache.maven.plugin-tools:maven-plugin-annotations 3.15.1
• org.apache.maven:maven-project 2.2.1
• org.twdata.maven:mojo-executor 2.4.0

npm

actions/installer/package.json

• @actions/core ^1.9.1
• @actions/exec ^1.1.1
• @actions/github ^6.0.0
• @actions/io ^1.1.2
• @actions/tool-cache ^2.0.1
• nodejs ^0.0.0
• @types/jasmine 4.6.4
• @types/node 18.19.33
• @vercel/ncc 0.38.1
• eslint 8.57.0
• eslint-plugin-github 4.10.2
• eslint-plugin-prettier 5.1.3
• jasmine 5.1.0
• typescript 5.4.3
• typescript-eslint 7.5.0

package.json

• markdown-toc 1.2.0
• renovate 37.374.1
• autolinker ^4.0.0

pip_requirements

requirements-lint.txt

• pathspec ==0.12.1
• PyYAML ==6.0.2
• yamllint ==1.35.1

---

• Check this box to trigger a request for Renovate to run again on this repository