Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Pending Approval

The following branches are pending approval. To create them, click on a checkbox below.

• chore(deps): update all patch dependencies (@aws-sdk/types, @types/node, pnpm)
• chore(deps): update all minor dependencies to v3.1067.0 (@aws-sdk/client-dynamodb, @aws-sdk/client-s3, @aws-sdk/client-sqs, @aws-sdk/lib-dynamodb, @aws-sdk/s3-request-presigner)
• chore(deps): update actions/checkout action to v6
• chore(deps): update actions/create-github-app-token action to v3
• chore(deps): update actions/dependency-review-action action to v5
• chore(deps): update actions/setup-node action to v6
• chore(deps): update actions/setup-python action to v6
• chore(deps): update aws-actions/configure-aws-credentials action to v6
• chore(deps): update cds-snc/security-tools action to v4
• chore(deps): update dependency @biomejs/biome to v2
• chore(deps): update dependency @types/supertest to v7
• chore(deps): update dependency node to v24 (node, @types/node)
• chore(deps): update dependency pino-pretty to v13
• chore(deps): update dependency typescript to v6
• chore(deps): update dependency vite-tsconfig-paths to v6
• chore(deps): update github/codeql-action action to v4
• chore(deps): update googleapis/release-please-action action to v5
• chore(deps): update pnpm to v11
• fix(deps): update dependency dotenv to v17
• fix(deps): update dependency express to v5 (express, @types/express)
• fix(deps): update dependency got to v15
• fix(deps): update dependency jose to v6
• fix(deps): update dependency pino to v10
• fix(deps): update dependency rate-limiter-flexible to v11
• fix(deps): update dependency redis to v6
• 🔐 Create all pending approval PRs at once 🔐

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• chore(deps): update docker pin digests
• chore(deps): lock file maintenance
• 🔐 Create all awaiting schedule PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): update all non-major github action dependencies to v22.23.0
• chore(deps): update ghcr.io/devcontainers/features/node docker tag to v2

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-digest package cds-snc/security-tools).

Files affected: .github/workflows/staging-post-deployment.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update dependency cryptography to v48 [security]

Detected Dependencies

devcontainer (1)

.devcontainer/devcontainer.json (5)

• mcr.microsoft.com/vscode/devcontainers/base debian@sha256:a07f1804d8e665ff64bf6adcd60f4d9b9223dc52ee18a1f1a7a8e1ee1a134d34 → [Updates: debian]
• ghcr.io/devcontainers/features/node 1 → [Updates: 2]
• node 22.22.3 → [Updates: 22.23.0, 24.16.0]
• ghcr.io/devcontainers/features/python 1
• python 3.14

dockerfile (1)

Dockerfile (2)

• node 22.22.3-alpine3.23@sha256:968df39aedcea65eeb078fb336ed7191baf48f972b4479711397108be0966920 → [Updates: 22.23.0-alpine3.23, 24.16.0-alpine3.23]
• node 22.22.3-alpine3.23@sha256:968df39aedcea65eeb078fb336ed7191baf48f972b4479711397108be0966920 → [Updates: 22.23.0-alpine3.23, 24.16.0-alpine3.23]

github-actions (12)

.github/workflows/codeql.yml (4)

• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.3]
• github/codeql-action v3.36.2@dd903d2e4f5405488e5ef1422510ee31c8b32357 → [Updates: v4.36.2]
• github/codeql-action v3.36.2@dd903d2e4f5405488e5ef1422510ee31c8b32357 → [Updates: v4.36.2]
• github/codeql-action v3.36.2@dd903d2e4f5405488e5ef1422510ee31c8b32357 → [Updates: v4.36.2]

.github/workflows/dependency-review.yml (2)

• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.3]
• actions/dependency-review-action v4.9.0@2031cfc080254a8a887f58cffee85186f0e49e48 → [Updates: v5.0.0]

.github/workflows/deploy-documentation.yml (3)

• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.3]
• actions/setup-python v5.6.0@a26af69be951a213d495a4c3e4e4022e16d87065 → [Updates: v6.2.0]
• python 3.x

.github/workflows/docker-vulnerability-scan.yml (2)

• aws-actions/configure-aws-credentials v4.3.1@7474bc4690e29a8392af63c5b98e7449536d5c3a → [Updates: v6.2.0]
• cds-snc/security-tools v3.2.1@5a93d1deec72d4cb2737cb8418364fedba1c695c → [Updates: v4.0.3]

.github/workflows/labels.yml (1)

• cds-snc/labels v1

.github/workflows/prod-post-deployment.yml (1)

• cds-snc/sentinel-forward-data-action main@e358bf24b818e68a22c9736715a3b544851aaba8

.github/workflows/release-generator.yml (2)

• actions/create-github-app-token v1.12.0@d72941d797fd3113feb6b93fd0dec494b13a2547 → [Updates: v3.2.0]
• googleapis/release-please-action v4.4.1@5c625bfb5d1ff62eadeeb3772007f7f66fdcf071 → [Updates: v5.0.0]

.github/workflows/shellcheck.yml (1)

• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.3]

.github/workflows/staging-post-deployment.yml (3)

• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.3]
• cds-snc/security-tools  v4.0.3@837a88b6337d4842543184c8eac97a8adac8f302
• cds-snc/sentinel-forward-data-action main@e358bf24b818e68a22c9736715a3b544851aaba8

.github/workflows/test-code.yml (3)

• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.3]
• actions/setup-node v4.4.0@49933ea5288caeca8642d1e84afbd3f7d6820020 → [Updates: v6.4.0]
• node 22.22.3 → [Updates: 22.23.0, 24.16.0]

.github/workflows/test-docker-build.yml (1)

• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.3]

.github/workflows/workflow-failure.yml

npm (2)

examples/nodejs/package.json (4)

• axios ^1.12.0 → [Updates: ^1.12.0]
• jose ^6.0.10
• @types/node ^22.14.1 → [Updates: ^22.14.1, ^24.0.0]
• typescript ^5.8.3 → [Updates: ^6.0.0]

package.json (33)

• @aws-sdk/client-dynamodb ^3.823.0 → [Updates: ^3.823.0]
• @aws-sdk/client-s3 ^3.823.0 → [Updates: ^3.823.0]
• @aws-sdk/client-sqs ^3.823.0 → [Updates: ^3.823.0]
• @aws-sdk/lib-dynamodb ^3.823.0 → [Updates: ^3.823.0]
• @aws-sdk/s3-request-presigner ^3.859.0 → [Updates: ^3.859.0]
• @gcforms/database 1.1.1 → [Updates: 1.1.2]
• cors ^2.8.5
• dotenv ^16.4.5 → [Updates: ^17.0.0]
• express ^4.21.0 → [Updates: ^5.0.0]
• express-validator ^7.2.0
• got ^14.4.7 → [Updates: ^15.0.0]
• jose ^5.9.3 → [Updates: ^6.0.0]
• pino ^9.4.0 → [Updates: ^10.0.0]
• rate-limiter-flexible ^5.0.4 → [Updates: ^11.0.0]
• redis ^4.7.0 → [Updates: ^6.0.0]
• @aws-sdk/types ^3.662.0 → [Updates: ^3.662.0]
• @biomejs/biome ^1.9.0 → [Updates: ^2.0.0]
• @types/cors ^2.8.18
• @types/express ^4.17.21 → [Updates: ^5.0.0]
• @types/node ^22.7.4 → [Updates: ^22.7.4, ^24.0.0]
• @types/supertest ^6.0.2 → [Updates: ^7.0.0]
• aws-sdk-client-mock ^4.0.2
• pino-pretty ^11.2.2 → [Updates: ^13.0.0]
• supertest ^7.0.0
• tsc-alias ^1.8.15
• tsx ^4.19.1
• typescript ^5.6.2 → [Updates: ^6.0.0]
• vite ^8.0.16
• vite-tsconfig-paths ^5.0.1 → [Updates: ^6.0.0]
• vitest ^4.0.0 → [Updates: ^4.0.0]
• vitest-mock-express ^2.2.0
• vitest-mock-extended ^4.0.0
• pnpm 10.34.1 → [Updates: 10.34.3, 11.6.0]

pip_requirements (1)

examples/python/requirements.txt (4)

• PyJWT ==2.13.0
• httpx ==0.28.1
• cryptography ==46.0.7 → [Updates: ==48.0.1]
• requests ==2.34.2

renovate-config (1)

renovate.json

---

• Check this box to trigger a request for Renovate to run again on this repository