Dependency Dashboard

[renovate-sh-app]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Note

These dependencies have not received updates for an extended period and may be unmaintained:

View abandoned dependencies (14)

Datasource	Name	Last Updated
github-actions	actions/configure-pages	2024-03-30
github-actions	actions/deploy-pages	2024-03-15
github-actions	creekorful/goreportcard-action	2020-01-29
github-actions	golang/govulncheck-action	2024-10-01
gomod	github.com/chainguard-dev/git-urls	2023-12-05
gomod	github.com/fatih/color	2024-10-03
gomod	github.com/go-enry/go-license-detector/v4	2023-05-15
gomod	github.com/go-task/slim-sprig/v3	2023-09-14
gomod	github.com/mattn/go-isatty	2023-10-17
gomod	gopkg.in/yaml.v3	2022-05-27

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release.
Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• chore(deps): update workflow tooling (golangci/golangci-lint, goreleaser/goreleaser, securego/gosec)
• fix(deps): update module golang.org/x/mod to v0.31.0
• 🔐 Create all awaiting schedule PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): update codecov/codecov-action action to v5.5.2
• chore(deps): update dependency securego/gosec to v2.22.11
• chore(deps): update grafana/shared-workflows/dockerhub-login action to v1.0.3
• chore(deps): update github artifact actions (major) (actions/download-artifact, actions/upload-artifact)

---

Warning

Renovate failed to look up the following dependencies: Failed to look up github-releases package golang.org/x/vuln/cmd/govulncheck.

Files affected: .github/workflows/integration.yml

---

Vulnerabilities

Renovate has not found any CVEs on osv.dev.

Detected Dependencies

devcontainer (1)

.devcontainer/devcontainer.json (12)

• mcr.microsoft.com/devcontainers/base 2-bookworm
• ghcr.io/devcontainers/features/github-cli 1
• ghcr.io/devcontainers/features/docker-in-docker 2
• ghcr.io/devcontainers/features/go 1
• ghcr.io/guiyomh/features/goreleaser 0
• ghcr.io/guiyomh/features/gotestsum 0
• ghcr.io/szkiba/devcontainer-features/gosec 1
• ghcr.io/szkiba/devcontainer-features/govulncheck 1
• ghcr.io/szkiba/devcontainer-features/bats 1
• ghcr.io/szkiba/devcontainer-features/cdo 1
• ghcr.io/szkiba/devcontainer-features/mdcode 1
• ghcr.io/devcontainers-extra/features/eget 1

dockerfile (2)

Dockerfile (3)

• securego/gosec 2.22.11@sha256:4c42d880c93d9a38771dc130a705bae2480a45a1bb32240249806b12d7641d6d
• golang 1.25.5-alpine3.22@sha256:3587db7cc96576822c606d119729370dbf581931c5f43ac6d3fa03ab4ed85a10
• golang 1.25.5-alpine3.22@sha256:3587db7cc96576822c606d119729370dbf581931c5f43ac6d3fa03ab4ed85a10

Dockerfile.goreleaser (3)

• securego/gosec 2.22.11@sha256:4c42d880c93d9a38771dc130a705bae2480a45a1bb32240249806b12d7641d6d
• golang 1.25.5-alpine3.22@sha256:3587db7cc96576822c606d119729370dbf581931c5f43ac6d3fa03ab4ed85a10
• golang 1.25.5-alpine3.22@sha256:3587db7cc96576822c606d119729370dbf581931c5f43ac6d3fa03ab4ed85a10

github-actions (7)

.github/workflows/extension-release.yml (13)

• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/upload-artifact v5@330a01c490aca151604b8cf639adc76d48f6c5d4 → [Updates: v6]
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• securego/gosec v2.22.10@6be2b51fd78feca86af91f5186b7964d76cb1256 → [Updates: v2.22.11]
• golang/govulncheck-action v1.0.4@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• bats-core/bats-action 3.0.1@42fcc8700f773c075a16a90eb11674c0318ad507
• grafana/setup-xk6 v1.1.1@97b842b765bd3fea56db7195e98c5f61cab8fe46
• actions/download-artifact v6@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 → [Updates: v7]
• actions/upload-artifact v5@330a01c490aca151604b8cf639adc76d48f6c5d4 → [Updates: v6]
• actions/download-artifact v6@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 → [Updates: v7]
• softprops/action-gh-release v2.5.0@a06a81a03ee405af7f2048a818ed3f03bbf83c7b
• go ${{ inputs.go-version }}

.github/workflows/extension-validate.yml (35)

• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• securego/gosec v2.22.10@6be2b51fd78feca86af91f5186b7964d76cb1256 → [Updates: v2.22.11]
• golang/govulncheck-action v1.0.4@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• grafana/setup-xk6 v1.1.1@97b842b765bd3fea56db7195e98c5f61cab8fe46
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• golangci/golangci-lint-action v9.2.0@1e7e51e771db61008b38414a730f564565cf7c20
• golangci/golangci-lint-action v9.2.0@1e7e51e771db61008b38414a730f564565cf7c20
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• bats-core/bats-action 3.0.1@42fcc8700f773c075a16a90eb11674c0318ad507
• grafana/setup-xk6 v1.1.1@97b842b765bd3fea56db7195e98c5f61cab8fe46
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• codecov/codecov-action v5.5.1@5a1091511ad55cbe89839c7260b706298ca349f7 → [Updates: v5.5.2]
• creekorful/goreportcard-action v1.0@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• oven-sh/setup-bun v2.0.2@735343b667d3e6f658f44d0eca948eb6282f2b76
• actions/configure-pages v5@983d7736d9b0ae728b81ab479565c72886d7745b
• actions/upload-pages-artifact v4@7b1f4a764d45c48632c6b24a0339c27f5614fb0b
• actions/deploy-pages v4@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• go ${{inputs.go-version}}
• go ${{ inputs.go-version }}
• go ${{ inputs.go-version }}
• go ${{ matrix.go-version }}
• go ${{ matrix.go-version }}
• go ${{inputs.go-version}}

.github/workflows/integration.yml (5)

• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• goreleaser/goreleaser-action v6.4.0@e435ccd777264be153ace6237001ef4d979d3a7a
• bats-core/bats-action 3.0.1@42fcc8700f773c075a16a90eb11674c0318ad507
• go 1.25.x

.github/workflows/liveness.yml (4)

• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• bats-core/bats-action 3.0.1@42fcc8700f773c075a16a90eb11674c0318ad507
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• bats-core/bats-action 3.0.1@42fcc8700f773c075a16a90eb11674c0318ad507

.github/workflows/publish-techdocs.yaml (1)

• grafana/shared-workflows main

.github/workflows/tooling-release.yml (13)

• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• securego/gosec v2.22.10@6be2b51fd78feca86af91f5186b7964d76cb1256 → [Updates: v2.22.11]
• golang/govulncheck-action v1.0.4@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• docker/setup-qemu-action v3.7.0@c7c53464625b32c7a7e944ae62b3e17d2b600130
• bats-core/bats-action 3.0.1@42fcc8700f773c075a16a90eb11674c0318ad507
• goreleaser/goreleaser-action v6.4.0@e435ccd777264be153ace6237001ef4d979d3a7a
• grafana/shared-workflows dockerhub-login/v1.0.2@c6d954f7cd9c0022018982e01268de6cb75b913c → [Updates: dockerhub-login/v1.0.3]
• docker/login-action v3.6.0@5e57cd118135c172c3672efd75eb46360885c0ef
• goreleaser/goreleaser-action v6.4.0@e435ccd777264be153ace6237001ef4d979d3a7a
• go ${{ inputs.go-version }}

.github/workflows/tooling-validate.yml (26)

• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• securego/gosec v2.22.10@6be2b51fd78feca86af91f5186b7964d76cb1256 → [Updates: v2.22.11]
• golang/govulncheck-action v1.0.4@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• golangci/golangci-lint-action v9.2.0@1e7e51e771db61008b38414a730f564565cf7c20
• golangci/golangci-lint-action v9.2.0@1e7e51e771db61008b38414a730f564565cf7c20
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• bats-core/bats-action 3.0.1@42fcc8700f773c075a16a90eb11674c0318ad507
• goreleaser/goreleaser-action v6.4.0@e435ccd777264be153ace6237001ef4d979d3a7a
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• actions/setup-go v6@4dc6199c7b1a012772edbd06daecab0f50c9053c
• codecov/codecov-action v5.5.1@5a1091511ad55cbe89839c7260b706298ca349f7 → [Updates: v5.5.2]
• creekorful/goreportcard-action v1.0@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9
• actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8
• go ${{ inputs.go-version }}
• go ${{ inputs.go-version }}
• go ${{ matrix.go-version }}
• go ${{ matrix.go-version }}
• go ${{inputs.go-version}}

gomod (1)

go.mod (19)

• go 1.25
• github.com/Masterminds/semver/v3 v3.4.0
• github.com/chainguard-dev/git-urls v1.0.2
• github.com/ctrf-io/go-ctrf-json-reporter v0.0.15
• github.com/fatih/color v1.18.0
• github.com/go-enry/go-license-detector/v4 v4.3.1
• github.com/go-git/go-git/v5 v5.16.4
• github.com/go-task/slim-sprig/v3 v3.0.0
• github.com/goreleaser/fileglob v1.4.0
• github.com/grafana/k6foundry v0.4.7
• github.com/lmittmann/tint v1.1.2
• github.com/mattn/go-colorable v0.1.14
• github.com/mattn/go-isatty v0.0.20
• github.com/spf13/cobra v1.10.2
• github.com/spf13/pflag v1.0.10
• github.com/szkiba/docsme v0.2.0
• github.com/szkiba/efa v0.1.1
• golang.org/x/mod v0.30.0 → [Updates: v0.31.0]
• gopkg.in/yaml.v3 v3.0.1

regex (18)

.devcontainer/devcontainer.json (1)

• golangci/golangci-lint 2.7.1 → [Updates: 2.7.2]

.devcontainer/devcontainer.json (1)

• goreleaser/goreleaser 2.13.0 → [Updates: 2.13.2]

.devcontainer/devcontainer.json (1)

• securego/gosec 2.22.10 → [Updates: 2.22.11]

.devcontainer/devcontainer.json (1)

• golang.org/x/vuln/cmd/govulncheck 1.1.4

.devcontainer/devcontainer.json (1)

• bats-core/bats-core 1.13.0

.github/workflows/extension-release.yml (1)

• bats-core/bats-core 1.13.0

.github/workflows/extension-validate.yml (1)

• bats-core/bats-core 1.13.0

.github/workflows/integration.yml (1)

• goreleaser/goreleaser 2.13.0 → [Updates: 2.13.2]

.github/workflows/integration.yml (1)

• golang.org/x/vuln/cmd/govulncheck v1.1.4

.github/workflows/integration.yml (1)

• securego/gosec v2.22.10 → [Updates: v2.22.11]

.github/workflows/integration.yml (1)

• bats-core/bats-core 1.13.0

.github/workflows/liveness.yml (2)

• bats-core/bats-core 1.13.0
• bats-core/bats-core 1.13.0

.github/workflows/release.yml (1)

• goreleaser/goreleaser 2.13.0 → [Updates: 2.13.2]

.github/workflows/tooling-release.yml (1)

• bats-core/bats-core 1.13.0

.github/workflows/tooling-validate.yml

.github/workflows/tooling-validate.yml (1)

• bats-core/bats-core 1.13.0

.github/workflows/validate.yml (1)

• golangci/golangci-lint v2.7.1 → [Updates: v2.7.2]

.github/workflows/validate.yml (1)

• goreleaser/goreleaser 2.13.0 → [Updates: 2.13.2]

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.