Dependency Dashboard #4
Description
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.
Abandoned Dependencies
Note
Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.
These dependencies have not received updates for an extended period and may be unmaintained:
View abandoned dependencies (2)
| Datasource | Name | Last Updated |
|---|---|---|
| github-actions | microsoft/security-devops-action |
2024-11-07 |
| github-actions | pascalgn/size-label-action |
2024-10-23 |
Warning
Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package ossf/scorecard-action), Could not determine new digest for update (github-tags package microsoft/security-devops-action), Could not determine new digest for update (github-tags package aquasecurity/trivy-action).
Files affected: .github/workflows/ossf.yml, .github/workflows/scans.yml
Open
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
- chore(deps): update github/codeql-action digest to 19b2f06
- chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.26
- Click on this checkbox to rebase all open PRs at once
Vulnerabilities
Renovate has not found any CVEs on osv.dev.
Detected Dependencies
docker-compose (1)
compose.yaml
dockerfile (1)
Dockerfile (2)
ghcr.io/astral-sh/uv 0.9.24@sha256:816fdce3387ed2142e37d2e56e1b1b97ccc1ea87731ba199dc8a25c04e4997c5→ [Updates:0.9.26]public.ecr.aws/ubuntu/ubuntu 24.04@sha256:6b4c0f97bc73e76ac20ef992258e9b8c831b7755d2047d83109da8eb279881fe
github-actions (5)
.github/workflows/automerge.yml (1)
dependabot/fetch-metadata v2@21025c705c08248db411dc16f3619e6b5f9ea21a.github/workflows/ci.yml (7)
actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8docker/bake-action v6@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8docker/setup-qemu-action v3@c7c53464625b32c7a7e944ae62b3e17d2b600130docker/setup-buildx-action v3@8d2750c68a42422c14e847fe6c8ac0403b4cbd6fdocker/login-action v3@5e57cd118135c172c3672efd75eb46360885c0efdocker/bake-action v6@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4.github/workflows/ossf.yml (3)
actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8ossf/scorecard-action v2@4eaacf0543bb3f2c246792bd56e8cdeffafb205agithub/codeql-action v4@cdefb33c0f6224e58673d9004f47f7cb3e328b89→ [Updates:v4].github/workflows/pr.yml (3)
amannn/action-semantic-pull-request v6.1.1@48f256284bd46cdaab1048c3721360e808335d50actions/labeler v6@634933edcd8ababfe52f92936142cc22ac488b1bpascalgn/size-label-action v0.5.5@f8edde36b3be04b4f65dcfead05dc8691b374348.github/workflows/scans.yml (16)
actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8oxsecurity/megalinter v9@42bb470545e359597e7f12156947c436e4e3fb9aactions/upload-artifact v6@b7c566a772e6b6bfb58ed0dc250532a479d7789fgithub/codeql-action v4@cdefb33c0f6224e58673d9004f47f7cb3e328b89→ [Updates:v4]actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8microsoft/security-devops-action v1@08976cb623803b1b36d7112d4ff9f59eae704de0github/codeql-action v4@cdefb33c0f6224e58673d9004f47f7cb3e328b89→ [Updates:v4]actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8aquasecurity/trivy-action 0.30@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8aquasecurity/trivy-action 0.30@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8github/codeql-action v4@cdefb33c0f6224e58673d9004f47f7cb3e328b89→ [Updates:v4]actions/checkout v6@8e8c483db84b4bee98b60c0593521ed34d9990e8docker/build-push-action v6@263435318d21b8e681c14492fe198d362a7d2c83aquasecurity/trivy-action 0.30@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8aquasecurity/trivy-action 0.30@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8github/codeql-action v4@cdefb33c0f6224e58673d9004f47f7cb3e328b89→ [Updates:v4]
pip_requirements (1)
requirements.txt
pre-commit (1)
.pre-commit-config.yaml (8)
pre-commit/pre-commit v4.5.1pre-commit/pre-commit-hooks v6.0.0gitleaks/gitleaks v8.30.0rhysd/actionlint v1.7.10editorconfig-checker/editorconfig-checker v3.6.0hadolint/hadolint v2.14.0DavidAnson/markdownlint-cli2 v0.20.0google/yamlfmt v0.21.0
- Check this box to trigger a request for Renovate to run again on this repository