Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• chore(deps): update github-actions (actions/dependency-review-action, actions/download-artifact, actions/setup-go, actions/setup-node, actions/upload-artifact, github/codeql-action, golangci/golangci-lint-action, ossf/scorecard-action, slsa-framework/slsa-verifier)
• fix(deps): update dependency org.apache.maven:maven-core to v3.9.9
• fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.9
• fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.15.0
• chore(deps): update npm dev (major) (@types/jasmine, @types/node, eslint, eslint-plugin-github, renovate, typescript-eslint)

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• chore(deps): update npm dev (@types/node, @vercel/ncc, eslint, eslint-plugin-prettier, jasmine, renovate, typescript, typescript-eslint)
• fix(deps): update go (github.com/google/go-containerregistry, github.com/sigstore/cosign/v2, github.com/sigstore/fulcio, github.com/sigstore/sigstore, github.com/sigstore/sigstore-go, github.com/slsa-framework/slsa-github-generator, golang.org/x/mod, sigs.k8s.io/release-utils)
• chore(deps): update golang docker tag to v1.23

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update gcr.io/distroless/base:nonroot docker digest to dedef8b
• chore(deps): update golang:1.21 docker digest to 4746d26
• fix(deps): update golang.org/x/exp digest to 701f63a
• chore(deps): update dependency pyyaml to v6.0.2
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

dockerfile

cli/experimental/service/Dockerfile

• golang 1.21@sha256:f2eb989b0b5579b75652b72ee7b3b04cb1736fc254d7efbf3e492d4c9ea7235a
• gcr.io/distroless/base nonroot@sha256:53745e95f227cd66e8058d52f64efbbeb6c6af2c193e3c16981137e5083e6a32

github-actions

.github/workflows/codeql-analysis.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-go v5.0.1@cdcb36043654635271a94b9a6d1392de5bb323a7
• github/codeql-action v3.25.11@b611370bb5703a7efb587f9d136a52ea24c5c38c
• github/codeql-action v3.25.11@b611370bb5703a7efb587f9d136a52ea24c5c38c
• github/codeql-action v3.25.11@b611370bb5703a7efb587f9d136a52ea24c5c38c

.github/workflows/depsreview.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/dependency-review-action v4.3.3@72eb03d02c7872a771aacd928f3123ac62ad6d3a

.github/workflows/e2e.schedule.cli.yml

• actions/download-artifact v4.1.7@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332

.github/workflows/e2e.schedule.installer.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332

.github/workflows/pr-title.yml

• thehanimo/pr-title-checker v1.4.2@1d8cd483a2b73118406a187f54dca8a9415f1375

.github/workflows/pre-submit.actions.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-node v4.0.2@60edb5dd545a775178f52524783378180af0d1f8
• actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808

.github/workflows/pre-submit.cli.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-go v5.0.1@cdcb36043654635271a94b9a6d1392de5bb323a7
• actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808

.github/workflows/pre-submit.e2e.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-go v5.0.1@cdcb36043654635271a94b9a6d1392de5bb323a7
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332

.github/workflows/pre-submit.lfs.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actionsdesk/lfs-warning v3.3@4b98a8a5e6c429c23c34eee02d71553bca216425

.github/workflows/pre-submit.lint.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-go v5.0.2@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
• golangci/golangci-lint-action v6.0.1@a4f60bb28d35aeee14e6880718e0c85ff1882e64
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-node v4.0.2@60edb5dd545a775178f52524783378180af0d1f8
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-node v4.0.2@60edb5dd545a775178f52524783378180af0d1f8

.github/workflows/pre-submit.references.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332

.github/workflows/release.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• slsa-framework/slsa-github-generator X.Y.Z
• slsa-framework/slsa-verifier v2.5.1@eb7007070baa04976cb9e25a0d8034f8db030a86
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332

.github/workflows/scorecards.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• ossf/scorecard-action v2.3.3@dc50aa9510b46c811795eb24b2f1ba02a914e534
• actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808
• github/codeql-action v3.25.11@b611370bb5703a7efb587f9d136a52ea24c5c38c

.github/workflows/update-actions-dist-post-commit.yml

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/download-artifact v4.1.7@65a9edc5881444af0b9093a5e628f2fe47ea3b2e

gomod

go.mod

• go 1.22.0
• github.com/docker/go v1.5.1-1
• github.com/go-openapi/runtime v0.28.0
• github.com/google/go-cmp v0.6.0
• github.com/in-toto/in-toto-golang v0.9.0
• github.com/secure-systems-lab/go-securesystemslib v0.8.0
• github.com/sigstore/rekor v1.3.6
• github.com/sigstore/sigstore v1.8.7
• github.com/google/go-containerregistry v0.20.0
• github.com/gorilla/mux v1.8.1
• github.com/in-toto/attestation v1.1.0
• github.com/sigstore/cosign/v2 v2.2.4
• github.com/sigstore/sigstore-go v0.5.1
• github.com/slsa-framework/slsa-github-generator v1.9.0
• github.com/spf13/cobra v1.8.1
• golang.org/x/mod v0.19.0
• sigs.k8s.io/release-utils v0.7.7
• github.com/sigstore/fulcio v1.4.5
• github.com/sigstore/protobuf-specs v0.3.2
• golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8@7f521ea00fb8
• google.golang.org/protobuf v1.34.2

maven

experimental/maven-plugin/pom.xml

• org.apache.maven:maven-core 3.9.8
• org.apache.maven:maven-plugin-api 3.9.6
• org.apache.maven.plugin-tools:maven-plugin-annotations 3.11.0
• org.apache.maven:maven-project 2.2.1
• org.twdata.maven:mojo-executor 2.4.0

npm

actions/installer/package.json

• @actions/core ^1.9.1
• @actions/exec ^1.1.1
• @actions/github ^6.0.0
• @actions/io ^1.1.2
• @actions/tool-cache ^2.0.1
• nodejs ^0.0.0
• @types/jasmine 4.6.4
• @types/node 18.19.33
• @vercel/ncc 0.38.1
• eslint 8.57.0
• eslint-plugin-github 4.10.2
• eslint-plugin-prettier 5.1.3
• jasmine 5.1.0
• typescript 5.4.3
• typescript-eslint 7.5.0

package.json

• markdown-toc 1.2.0
• renovate 37.374.1

pip_requirements

requirements-lint.txt

• pathspec ==0.12.1
• pyyaml ==6.0.1
• yamllint ==1.35.1

---

• Check this box to trigger a request for Renovate to run again on this repository