Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Abandoned Dependencies

The following dependencies have not received updates for an extended period and may be unmaintained.

View abandoned dependencies (3)

[!NOTE]
Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Datasource	Package	Last Updated
github-actions	golang/govulncheck-action	2024-10-02
github-actions	pre-commit/action	2024-02-07
gomod	github.com/google/go-cmp	2025-01-14

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): update github-actions (docker/build-push-action, docker/login-action, docker/setup-buildx-action, golangci/golangci-lint-action)

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update docker (docker/dockerfile, gcr.io/distroless/static-debian12)

Detected Dependencies

dockerfile (2)

Dockerfile (2)

• docker/dockerfile 1@sha256:2780b5c3bab67f1f76c781860de469442999ed1a0d7992a5efdf2cffc0e3d769 → [Updates: 1]
• gcr.io/distroless/static-debian12 sha256:20bc6c0bc4d625a22a8fde3e55f6515709b32055ef8fb9cfbddaa06d1760f838 → [Updates: undefined]

Dockerfile.scratch (1)

• docker/dockerfile 1@sha256:2780b5c3bab67f1f76c781860de469442999ed1a0d7992a5efdf2cffc0e3d769 → [Updates: 1]

github-actions (9)

.github/workflows/build-publish.yml (15)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/setup-qemu-action v4.0.0@ce360397dd3f832beb865e1373c09c0e9f86d70a
• docker/setup-buildx-action v4.0.0@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd → [Updates: v4.1.0]
• docker/login-action v4.1.0@4907a6ddec9925e35a0a9e82d7399ccc52663121 → [Updates: v4.2.0]
• docker/login-action v4.1.0@4907a6ddec9925e35a0a9e82d7399ccc52663121 → [Updates: v4.2.0]
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• sigstore/cosign-installer v4.1.2@6f9f17788090df1f26f669e9d70d6ae9567deba6
• aquasecurity/setup-trivy v0.2.6@3fb12ec12f41e471780db15c232d5dd185dcb514
• actions/attest-build-provenance v4.1.0@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
• actions/attest-build-provenance v4.1.0@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• softprops/action-gh-release v3@b4309332981a82ec1c5618f44dd2e27cc8bfbfda
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• ubuntu 24.04
• aquasecurity/trivy v0.70.0

.github/workflows/ci.yml (26)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• pre-commit/action v3.0.1@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd
• golangci/golangci-lint-action v9.2.0@1e7e51e771db61008b38414a730f564565cf7c20 → [Updates: v9.2.1]
• DavidAnson/markdownlint-cli2-action v23.2.0@ded1f9488f68a970bc66ea5619e13e9b52e601cd
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• hadolint/hadolint-action v3.3.0@2332a7b74a6de0dda2e2221d575162eba76ba5e5
• reviewdog/action-actionlint v1.72@6fb7acc99f4a1008869fa8a0f09cfca740837d9d
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• deepsourcelabs/test-coverage-action v1.1.3@4284bb73a04adb39faaa6bfcc2d0e3dd137ffed7
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• docker/setup-buildx-action v4.0.0@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd → [Updates: v4.1.0]
• docker/build-push-action v7.1.0@bcafcacb16a39f128d818304e6c9c0c18556b85f → [Updates: v7.2.0]
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• ubuntu 24.04
• golangci/golangci-lint v2.12.2
• python 3.14
• ubuntu 24.04
• ubuntu 24.04

.github/workflows/commitlint.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• wagoid/commitlint-github-action v6@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed
• ubuntu 24.04

.github/workflows/continuous-security.yml (12)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• golang/govulncheck-action v1.0.4@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• docker/setup-buildx-action v4.0.0@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd → [Updates: v4.1.0]
• docker/build-push-action v7.1.0@bcafcacb16a39f128d818304e6c9c0c18556b85f → [Updates: v7.2.0]
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• anchore/sbom-action v0.24.0@e22c389904149dbc22b58101806040fa8d37a610
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• ubuntu 24.04

.github/workflows/deepsource-coverage.yml (4)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• deepsourcelabs/test-coverage-action v1.1.3@4284bb73a04adb39faaa6bfcc2d0e3dd137ffed7
• ubuntu 24.04

.github/workflows/deprecation-check.yml (2)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• ubuntu 24.04

.github/workflows/labels-sync.yml (1)

• ubuntu 24.04

.github/workflows/release.yml (2)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• ubuntu 24.04

.github/workflows/renovate-validate.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• renovatebot/github-action v46.1.14@693b9ef15eec82123529a37c782242f091365961
• ubuntu 24.04

gomod (1)

go.mod (18)

• go 1.26.2
• github.com/google/go-cmp v0.7.0
• github.com/prometheus/client_golang v1.23.2
• github.com/sirupsen/logrus v1.9.4
• github.com/stretchr/testify v1.11.1
• go.opentelemetry.io/contrib/instrumentation/runtime v0.68.0
• go.opentelemetry.io/otel v1.43.0
• go.opentelemetry.io/otel/exporters/prometheus v0.65.0
• go.opentelemetry.io/otel/metric v1.43.0
• go.opentelemetry.io/otel/sdk v1.43.0
• go.opentelemetry.io/otel/sdk/metric v1.43.0
• golang.org/x/sync v0.20.0
• k8s.io/api v0.36.1
• k8s.io/apiextensions-apiserver v0.36.1
• k8s.io/apimachinery v0.36.1
• k8s.io/client-go v0.36.1
• sigs.k8s.io/controller-runtime v0.24.1
• sigs.k8s.io/yaml v1.6.0

regex (2)

Dockerfile (1)

• golang 1.26.3-alpine@sha256:91eda9776261207ea25fd06b5b7fed8d397dd2c0a283e77f2ab6e91bfa71079d

Dockerfile.scratch (1)

• golang 1.26.3-alpine@sha256:91eda9776261207ea25fd06b5b7fed8d397dd2c0a283e77f2ab6e91bfa71079d

---

• Check this box to trigger a request for Renovate to run again on this repository