This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.View this repository on the Mend.io Web Portal .
Abandoned Dependencies
The following dependencies have not received updates for an extended period and may be unmaintained.
View abandoned dependencies (6)
[!NOTE]abandonmentThreshold
Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package ossf/scorecard-action), Could not determine new digest for update (github-digest package quay/clair-action), Could not determine new digest for update (github-tags package checkmarx/dustilock), Could not determine new digest for update (github-tags package checkmarx/kics-github-action), Could not determine new digest for update (github-tags package microsoft/security-devops-action), Could not determine new digest for update (github-tags package google/osv-scanner-action), Could not determine new digest for update (github-tags package aquasecurity/trivy-action), Could not determine new digest for update (github-tags package trufflesecurity/trufflehog), Could not determine new digest for update (github-tags package checkmarx/vorpal-reviewdog-github-action).
Files affected: .github/workflows/ossf.yml, .github/workflows/scans.yml
Open
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
PR Closed (Blocked)
The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.
Vulnerabilities
1/1 CVEs have Renovate fixes.
pep621
pyproject.toml
pytest
Detected Dependencies
docker-compose (1)
compose.yaml
dockerfile (1)
Dockerfile (2)
ghcr.io/astral-sh/uv 0.11.4@sha256:5164bf84e7b4e2e08ce0b4c66b4a8c996a286e6959f72ac5c6e0a3c80e8cb04a → [Updates: 0.11.7]debian stable-slim@sha256:e51bfcd2226c480a5416730e0fa2c40df28b0da5ff562fc465202feeef2f1116
github-actions (5)
.github/workflows/automerge.yml (1)
dependabot/fetch-metadata v2@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 → [Updates: v3, v2]
.github/workflows/ci.yml (10)
actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddastral-sh/setup-uv v7@37802adc94f370d6bfd71619e3f0bf239e1f3b78actions/setup-python v6@a309ff8b426b58ec0e2a45f0f869d46889d02405docker/setup-qemu-action v4@ce360397dd3f832beb865e1373c09c0e9f86d70adocker/setup-buildx-action v4@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedddocker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294 → [Updates: v7]docker/metadata-action v6@030e881283bb7a6894de51c315a6bfe6a94e05cfdocker/login-action v4@4907a6ddec9925e35a0a9e82d7399ccc52663121docker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294 → [Updates: v7]docker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294 → [Updates: v7]
.github/workflows/ossf.yml (3)
actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddossf/scorecard-action v2@4eaacf0543bb3f2c246792bd56e8cdeffafb205agithub/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]
.github/workflows/pr.yml (3)
amannn/action-semantic-pull-request v6@48f256284bd46cdaab1048c3721360e808335d50actions/labeler v6@634933edcd8ababfe52f92936142cc22ac488b1bpascalgn/size-label-action v0.5.7@56b489b027932ec0cf60438a1a5f1a19c8fc71ff
.github/workflows/scans.yml (52)
actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddbridgecrewio/checkov-action master@002cd2e8cc0fe0535e6f364509e091c1a9870efa → [Updates: master]github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dddocker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294 → [Updates: v7]quay/clair-action V0@5c49d6aa4b73f499c3da163fc599053e0cf07797github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddmicrosoft/DevSkim-Action v1@4b5047945a44163b94642a1cecc0d93a3f428cc6github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddcheckmarx/dustilock v1@9a0cc4fe3da93f7efb38679896c074dc94d60ac6actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddgitleaks/gitleaks-action v2@ff98106e4c7b2bc287b24eaf42907196329070c7github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddanchore/scan-action v7@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dddocker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294 → [Updates: v7]anchore/scan-action v7@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddcheckmarx/kics-github-action v2@05aa5eb70eede1355220f4ca5238d96b397e30a6github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddoxsecurity/megalinter v9@8fbdead70d1409964ab3d5afa885e18ee85388bbactions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f → [Updates: v7]github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddmicrosoft/security-devops-action v1@08976cb623803b1b36d7112d4ff9f59eae704de0github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]google/osv-scanner-action v2@c5996e0193a3df57d695c1b8a1dec2a4c62e8730google/osv-scanner-action v2@c5996e0193a3df57d695c1b8a1dec2a4c62e8730actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddanchore/sbom-action v0@e22c389904149dbc22b58101806040fa8d37a610anchore/scan-action v7@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddaquasecurity/trivy-action 0.30@57a97c7e7821a5776cebc9bb87c984fa69cba8f1aquasecurity/trivy-action 0.30@57a97c7e7821a5776cebc9bb87c984fa69cba8f1github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dddocker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294 → [Updates: v7]aquasecurity/trivy-action 0.30@57a97c7e7821a5776cebc9bb87c984fa69cba8f1aquasecurity/trivy-action 0.30@57a97c7e7821a5776cebc9bb87c984fa69cba8f1github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4]actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddtrufflesecurity/trufflehog v3@6c05c4a00b91aa542267d8e32a8254774799d68dactions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddstep-security/changed-files v47@60967b822d3001fa82242f8d6b4ed46bc3600a68 → [Updates: v47]checkmarx/vorpal-reviewdog-github-action v1@8cc292f337a2f1dea581b4f4bd73852e7becb50d
pep621 (1)
pyproject.toml (16)
python >=3.11,<4.0fastapi >=0.115gunicorn >=23.0loguru >=0.7sqlmodel >=0.0typer >=0.15mypy ~=1.15pytest ~=9.0 → [Updates: ~=9.0]pytest-cov ~=7.0pytest-env ~=1.1pytest-mock ~=3.14pytest-xdist ~=3.6pyinstaller ~=6.13 scons ~=4.9 staticx ~=0.14 poetry-core >=2.0,<3.0
pre-commit (1)
.pre-commit-config.yaml (13)
pre-commit/pre-commit v4.5.1pre-commit/pre-commit-hooks v6.0.0gitleaks/gitleaks v8.30.1rhysd/actionlint v1.7.12editorconfig-checker/editorconfig-checker v3.6.1hadolint/hadolint v2.14.0DavidAnson/markdownlint-cli2 v0.22.0astral-sh/ruff-pre-commit v0.15.9 → [Updates: v0.15.11]koalaman/shellcheck-precommit v0.11.0scop/pre-commit-shfmt v3.13.0-1ComPWA/taplo-pre-commit v0.9.3astral-sh/uv-pre-commit 0.11.4 → [Updates: 0.11.7]google/yamlfmt v0.21.0
pyenv (1)
.python-version (1)
python 3.13 → [Updates: 3.14]
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.
Abandoned Dependencies
The following dependencies have not received updates for an extended period and may be unmaintained.
View abandoned dependencies (6)
2021-11-212025-04-172024-11-072024-12-062023-08-072024-08-19Warning
Renovate failed to look up the following dependencies:
Could not determine new digest for update (github-tags package ossf/scorecard-action),Could not determine new digest for update (github-digest package quay/clair-action),Could not determine new digest for update (github-tags package checkmarx/dustilock),Could not determine new digest for update (github-tags package checkmarx/kics-github-action),Could not determine new digest for update (github-tags package microsoft/security-devops-action),Could not determine new digest for update (github-tags package google/osv-scanner-action),Could not determine new digest for update (github-tags package aquasecurity/trivy-action),Could not determine new digest for update (github-tags package trufflesecurity/trufflehog),Could not determine new digest for update (github-tags package checkmarx/vorpal-reviewdog-github-action).Files affected:
.github/workflows/ossf.yml,.github/workflows/scans.ymlOpen
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
actions/upload-artifact,bridgecrewio/checkov-action,dependabot/fetch-metadata,docker/build-push-action,github/codeql-action,step-security/changed-files)astral-sh/ruff-pre-commit,astral-sh/uv-pre-commit,ghcr.io/astral-sh/uv)PR Closed (Blocked)
The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.
Vulnerabilities
Important
1/1CVEs have Renovate fixes.pep621
Detected Dependencies
docker-compose (1)
dockerfile (1)
github-actions (5)
pep621 (1)
pre-commit (1)
pyenv (1)