Dependency Dashboard

[forking-renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• fix(deps): update dependency org.apache.maven:maven-core to v3.9.9
• chore(deps): update github-actions (actions/checkout, actions/dependency-review-action, actions/download-artifact, actions/setup-go, actions/setup-node, actions/upload-artifact, github/codeql-action, ossf/scorecard-action, slsa-framework/slsa-verifier)
• chore(deps): update golang docker tag to v1.23
• fix(deps): update dependency @actions/core to v1.11.1
• fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.15.1
• fix(deps): update go (github.com/sigstore/cosign/v2, github.com/sigstore/fulcio, github.com/sigstore/sigstore, github.com/slsa-framework/slsa-github-generator, golang.org/x/mod, google.golang.org/protobuf, sigs.k8s.io/release-utils)
• chore(deps): update npm dev (major) (@types/jasmine, @types/node, eslint, eslint-plugin-github, renovate, typescript-eslint)

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• chore(deps): update npm dev (@types/node, @vercel/ncc, eslint, eslint-plugin-prettier, jasmine, renovate, typescript, typescript-eslint)

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update gcr.io/distroless/base:nonroot docker digest to 350980e
• fix(deps): update golang.org/x/exp digest to 2d47ceb

Detected dependencies

dockerfile

cli/experimental/service/Dockerfile

• golang 1.21@sha256:4746d26432a9117a5f58e95cb9f954ddf0de128e9d5816886514199316e4a2fb
• gcr.io/distroless/base nonroot@sha256:e5260be292def77bc70d03003f788f3d32c0796972ea1412d72cc0c843ab139a

github-actions

.github/workflows/codeql-analysis.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-go v5.0.1@cdcb36043654635271a94b9a6d1392de5bb323a7
• github/codeql-action v3.25.11@b611370bb5703a7efb587f9d136a52ea24c5c38c
• github/codeql-action v3.25.11@b611370bb5703a7efb587f9d136a52ea24c5c38c
• github/codeql-action v3.25.11@b611370bb5703a7efb587f9d136a52ea24c5c38c

.github/workflows/depsreview.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/dependency-review-action v4.3.3@72eb03d02c7872a771aacd928f3123ac62ad6d3a

.github/workflows/e2e.schedule.cli.yml

• actions/download-artifact v4.1.7@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332

.github/workflows/e2e.schedule.installer.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332

.github/workflows/pr-title.yml

• thehanimo/pr-title-checker v1.4.2@1d8cd483a2b73118406a187f54dca8a9415f1375

.github/workflows/pre-submit.actions.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-node v4.0.2@60edb5dd545a775178f52524783378180af0d1f8
• actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808

.github/workflows/pre-submit.cli.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-go v5.0.1@cdcb36043654635271a94b9a6d1392de5bb323a7
• actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808

.github/workflows/pre-submit.e2e.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-go v5.0.1@cdcb36043654635271a94b9a6d1392de5bb323a7
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332

.github/workflows/pre-submit.lfs.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actionsdesk/lfs-warning v3.3@4b98a8a5e6c429c23c34eee02d71553bca216425

.github/workflows/pre-submit.lint.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-go v5.0.2@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
• golangci/golangci-lint-action v6.1.1@971e284b6050e8a5849b72094c50ab08da042db8
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-node v4.0.2@60edb5dd545a775178f52524783378180af0d1f8
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-node v4.0.2@60edb5dd545a775178f52524783378180af0d1f8

.github/workflows/pre-submit.references.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332

.github/workflows/release.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• slsa-framework/slsa-github-generator X.Y.Z
• slsa-framework/slsa-verifier v2.5.1@eb7007070baa04976cb9e25a0d8034f8db030a86
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332

.github/workflows/scorecards.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• ossf/scorecard-action v2.3.3@dc50aa9510b46c811795eb24b2f1ba02a914e534
• actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808
• github/codeql-action v3.25.11@b611370bb5703a7efb587f9d136a52ea24c5c38c

.github/workflows/update-actions-dist-post-commit.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/download-artifact v4.1.7@65a9edc5881444af0b9093a5e628f2fe47ea3b2e

gomod

go.mod

• go 1.23.1
• github.com/docker/go v1.5.1-1
• github.com/go-openapi/runtime v0.28.0
• github.com/google/go-cmp v0.6.0
• github.com/in-toto/in-toto-golang v0.9.0
• github.com/secure-systems-lab/go-securesystemslib v0.8.0
• github.com/sigstore/rekor v1.3.6
• github.com/sigstore/sigstore v1.8.9
• github.com/google/go-containerregistry v0.20.2
• github.com/gorilla/mux v1.8.1
• github.com/in-toto/attestation v1.1.0
• github.com/sigstore/cosign/v2 v2.2.4
• github.com/sigstore/sigstore-go v0.6.2
• github.com/slsa-framework/slsa-github-generator v1.9.0
• github.com/spf13/cobra v1.8.1
• golang.org/x/mod v0.21.0
• sigs.k8s.io/release-utils v0.8.4
• github.com/sigstore/fulcio v1.4.5
• github.com/sigstore/protobuf-specs v0.3.2
• golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6@225e2abe05e6
• google.golang.org/protobuf v1.34.2

maven

experimental/maven-plugin/pom.xml

• org.apache.maven:maven-core 3.9.8
• org.apache.maven:maven-plugin-api 3.9.9
• org.apache.maven.plugin-tools:maven-plugin-annotations 3.11.0
• org.apache.maven:maven-project 2.2.1
• org.twdata.maven:mojo-executor 2.4.0

npm

actions/installer/package.json

• @actions/core ^1.9.1
• @actions/exec ^1.1.1
• @actions/github ^6.0.0
• @actions/io ^1.1.2
• @actions/tool-cache ^2.0.1
• nodejs ^0.0.0
• @types/jasmine 4.6.4
• @types/node 18.19.33
• @vercel/ncc 0.38.1
• eslint 8.57.0
• eslint-plugin-github 4.10.2
• eslint-plugin-prettier 5.1.3
• jasmine 5.1.0
• typescript 5.4.3
• typescript-eslint 7.5.0

package.json

• markdown-toc 1.2.0
• renovate 37.374.1
• autolinker ^4.0.0

pip_requirements

requirements-lint.txt

• pathspec ==0.12.1
• PyYAML ==6.0.2
• yamllint ==1.35.1

---

• Check this box to trigger a request for Renovate to run again on this repository