Dependency Dashboard

[renovate-sh-app]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Config Migration Needed

See Config Migration PR: #77.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Package lookup failures

Abandoned Dependencies

Note

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

These dependencies have not received updates for an extended period and may be unmaintained:

View abandoned dependencies (1)

Datasource	Package	Last Updated
github-actions	mshick/add-pr-comment	2024-02-01

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update actions/create-github-app-token digest to 29824e6
• chore(deps): update grafana/shared-workflows/get-vault-secrets action to v1.3.1
• chore(deps): update aquasecurity/trivy-action action to v0.34.1
• chore(deps): update trufflesecurity/trufflehog docker tag to v3.93.4
• chore(deps): update actions/checkout action to v6
• chore(deps): update actions/upload-artifact action to v6
• chore(deps): update astral-sh/setup-uv action to v7
• 🔐 Create all rate-limited PRs at once 🔐

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package actions/checkout).

Files affected: trivy/action.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update actions/checkout digest to 93cb6ef
• chore(deps): update grafana/shared-workflows/ action to
• chore(deps): update snyk/actions digest to 9adf32b
• chore(deps): update actions/checkout action to v5.0.1
• chore(deps): update actions/checkout action to v4.3.1
• chore(deps): update actions/upload-artifact action to v4.6.2
• chore(deps): update astral-sh/setup-uv action to v6.8.0
• chore(deps): update actions/github-script action to v8
• chore(deps): update dependabot/fetch-metadata action to v2
• chore(deps): update tibdex/github-app-token action to v2
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Renovate has not found any CVEs on osv.dev.

Detected Dependencies

github-actions (7)

.github/workflows/dependabot-automerge.yaml (2)

• tibdex/github-app-token v1@32691ba7c9e7063bd457bd8f2a5703138591fa58 → [Updates: v2]
• dependabot/fetch-metadata v1.7.0@8348ea7f5d949b08c7f125a44b569c9626b05db3 → [Updates: v2.5.0]

.github/workflows/org-required-trufflehog.yml (1)

• grafana/security-github-actions main

.github/workflows/periodic-zizmor.yaml (6)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• grafana/shared-workflows get-vault-secrets/v1.3.0@a37de51f3d713a30a9e4b21bcdfbd38170020593 → [Updates: get-vault-secrets/v1.3.1]
• actions/create-github-app-token v2@67018539274d69449ef7c02e8e71183d1719ab42 → [Updates: v2]
• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• astral-sh/setup-uv v6.7.0@b75a909f75acd358c2196fb9a5f1299a9a8868a4 → [Updates: v6.8.0, v7.3.0]
• actions/github-script v7@f28e40c7f34bde8b3046d885e986cb6290c5673b → [Updates: v8]

.github/workflows/reusable-trufflehog.yml (3)

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332 → [Updates: v4.3.1, v6.0.2]
• mshick/add-pr-comment v2.8.2@b8f338c590a895d50bcbfa6c5859251edc8952fc
• actions/upload-artifact v4.4.0@50769540e7f4bd5e21e526ee35c689e35e0d6874 → [Updates: v4.6.2, v6.0.0]

.github/workflows/self-zizmor.yaml (2)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• grafana/shared-workflows 835ea6d866784d0db603612bfbb354d152b62f5c → [Updates: undefined]

.github/workflows/snyk_monitor.yml (2)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• snyk/actions e2221410bff24446ba09102212d8bc75a567237d → [Updates: undefined]

trivy/action.yml (5)

• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: 5.0.1, 6.0.2]
• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: 5.0.1, 6.0.2]
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 → [Updates: 0.34.1]
• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: 5.0.1, 6.0.2]
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 → [Updates: 0.34.1]

regex (3)

.github/workflows/reusable-trufflehog.yml (1)

• trufflesecurity/trufflehog 3.89.2 → [Updates: 3.93.4]

.github/workflows/reusable-trufflehog.yml (1)

• trufflesecurity/trufflehog 3.89.2 → [Updates: 3.93.4]

pre-commit/trufflehog.sh (1)

• trufflesecurity/trufflehog 3.88.29@sha256:6375b4dd7d045656bf78f52ac5a6e992eff344da9def96f0953cda26f791ffb7 → [Updates: 3.93.4]

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.