Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Abandoned Dependencies

The following dependencies have not received updates for an extended period and may be unmaintained.

View abandoned dependencies (2)

[!NOTE]
Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Datasource	Package	Last Updated
gomod	github.com/google/go-cmp	2025-01-14
gomod	gopkg.in/yaml.v3	2022-05-27

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• fix(deps): update module github.com/1password/onepassword-sdk-go to v0.4.0
• fix(deps): update module github.com/googleapis/gax-go/v2 to v2.22.0
• fix(deps): update module github.com/tidwall/gjson to v1.19.0
• fix(deps): update module google.golang.org/api to v0.278.0
• chore(deps): update goreleaser/goreleaser-action action to v7
• 🔐 Create all rate-limited PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update module go.opentelemetry.io/otel to v1.41.0 [security]
• chore(deps): update module golang.org/x/net to v0.53.0 [security]
• chore(deps): update github/codeql-action digest to 458d36d
• chore(deps): update actions/checkout action to v5.0.1
• fix(deps): update module github.com/spf13/cobra to v1.10.2
• chore(deps): update actions/setup-go action to v6.4.0
• fix(deps): update module cloud.google.com/go/secretmanager to v1.20.0
• chore(deps): update actions/checkout action to v6
• chore(deps): update actions/upload-artifact action to v7
• chore(deps): update github/codeql-action action to v4
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Important

2/2 CVEs have Renovate fixes.

Detected Dependencies

github-actions (3)

.github/workflows/release.yml (3)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• actions/setup-go v6.0.0@44694675825211faa026b3c33043df3e48a5fa00 → [Updates: v6.4.0]
• goreleaser/goreleaser-action v6.4.0@e435ccd777264be153ace6237001ef4d979d3a7a → [Updates: v7.2.1]

.github/workflows/scorecard.yml (4)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• ossf/scorecard-action v2.4.3@4eaacf0543bb3f2c246792bd56e8cdeffafb205a
• actions/upload-artifact v4.6.2@ea165f8d65b6e75b540449e92b4886f43607fa02 → [Updates: v7.0.1]
• github/codeql-action v3@d198d2fabf39a7f36b5ce57ce70d4942944f006e → [Updates: v4, v3]

.github/workflows/test.yml (2)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• actions/setup-go v6.0.0@44694675825211faa026b3c33043df3e48a5fa00 → [Updates: v6.4.0]

gomod (1)

go.mod (15)

• go 1.24.2
• cloud.google.com/go/secretmanager v1.15.0 → [Updates: v1.20.0]
• github.com/1password/onepassword-sdk-go v0.3.1 → [Updates: v0.4.0]
• github.com/aws/aws-sdk-go-v2 v1.41.7
• github.com/aws/aws-sdk-go-v2/config v1.32.17
• github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.7
• github.com/google/go-cmp v0.7.0
• github.com/googleapis/gax-go/v2 v2.15.0 → [Updates: v2.22.0]
• github.com/spf13/cobra v1.10.1 → [Updates: v1.10.2]
• github.com/stretchr/testify v1.11.1
• github.com/tidwall/gjson v1.18.0 → [Updates: v1.19.0]
• google.golang.org/api v0.251.0 → [Updates: v0.278.0]
• gopkg.in/yaml.v3 v3.0.1
• go.opentelemetry.io/otel v1.39.0 → [Updates: v1.41.0]
• golang.org/x/net v0.48.0 → [Updates: v0.53.0]

renovate-config (1)

renovate.json5

---

• Check this box to trigger a request for Renovate to run again on this repository