Dependency Dashboard

[renovate-sh-app]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Config Migration Needed

See Config Migration PR: #77.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Package lookup failures

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update actions/checkout digest to 93cb6ef
• chore(deps): update actions/create-github-app-token digest to 29824e6
• chore(deps): update int128/hide-comment-action action to v1.50.0
• chore(deps): update trufflesecurity/trufflehog docker tag to v3.92.5
• chore(deps): update actions/checkout action to v6
• chore(deps): update actions/upload-artifact action to v6
• chore(deps): update astral-sh/setup-uv action to v7
• 🔐 Create all rate-limited PRs at once 🔐

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package actions/checkout).

Files affected: trivy/action.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update grafana/shared-workflows/ action to
• chore(deps): update snyk/actions digest to 9adf32b
• chore(deps): update actions/checkout action to v5.0.1
• chore(deps): update actions/checkout action to v4.3.1
• chore(deps): update actions/upload-artifact action to v4.6.2
• chore(deps): update astral-sh/setup-uv action to v6.8.0
• chore(deps): update int128/comment-action action to v1.49.0
• chore(deps): update actions/github-script action to v8
• chore(deps): update dependabot/fetch-metadata action to v2
• chore(deps): update tibdex/github-app-token action to v2
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Renovate has not found any CVEs on osv.dev.

Detected Dependencies

github-actions (7)

.github/workflows/dependabot-automerge.yaml (2)

• tibdex/github-app-token v1@32691ba7c9e7063bd457bd8f2a5703138591fa58 → [Updates: v2]
• dependabot/fetch-metadata v1.7.0@8348ea7f5d949b08c7f125a44b569c9626b05db3 → [Updates: v2.5.0]

.github/workflows/org-required-trufflehog.yml (1)

• grafana/security-github-actions main

.github/workflows/periodic-zizmor.yaml (6)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• grafana/shared-workflows get-vault-secrets/v1.3.0@a37de51f3d713a30a9e4b21bcdfbd38170020593
• actions/create-github-app-token v2@67018539274d69449ef7c02e8e71183d1719ab42 → [Updates: v2]
• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• astral-sh/setup-uv v6.7.0@b75a909f75acd358c2196fb9a5f1299a9a8868a4 → [Updates: v6.8.0, v7.2.0]
• actions/github-script v7@f28e40c7f34bde8b3046d885e986cb6290c5673b → [Updates: v8]

.github/workflows/reusable-trufflehog.yml (4)

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332 → [Updates: v4.3.1, v6.0.1]
• int128/hide-comment-action v1.43.0@a30d551065e4231e6d7a671bb5ce884f9ee6417b → [Updates: v1.50.0]
• int128/comment-action v1.39.0@f4faf53666ef83da7d274fa2007e9212c4d719c3 → [Updates: v1.49.0]
• actions/upload-artifact v4.4.0@50769540e7f4bd5e21e526ee35c689e35e0d6874 → [Updates: v4.6.2, v6.0.0]

.github/workflows/self-zizmor.yaml (2)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• grafana/shared-workflows 835ea6d866784d0db603612bfbb354d152b62f5c → [Updates: undefined]

.github/workflows/snyk_monitor.yml (2)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• snyk/actions e2221410bff24446ba09102212d8bc75a567237d → [Updates: undefined]

trivy/action.yml (5)

• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: 5.0.1, 6.0.1]
• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: 5.0.1, 6.0.1]
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: 5.0.1, 6.0.1]
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8

regex (3)

.github/workflows/reusable-trufflehog.yml (1)

• trufflesecurity/trufflehog 3.89.2 → [Updates: 3.92.5]

.github/workflows/reusable-trufflehog.yml (1)

• trufflesecurity/trufflehog 3.89.2 → [Updates: 3.92.5]

pre-commit/trufflehog.sh (1)

• trufflesecurity/trufflehog 3.88.29@sha256:6375b4dd7d045656bf78f52ac5a6e992eff344da9def96f0953cda26f791ffb7 → [Updates: 3.92.5]

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.