Dependency Dashboard

[forking-renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• chore(deps): update golang:1.21 docker digest to 16438a8
• fix(deps): update golang.org/x/exp digest to 4c93da0
• chore(deps): update github-actions (actions/checkout, actions/dependency-review-action, actions/download-artifact, actions/setup-go, actions/upload-artifact, actionsdesk/lfs-warning, github/codeql-action, golangci/golangci-lint-action, ossf/scorecard-action, slsa-framework/slsa-github-generator, slsa-framework/slsa-verifier)
• fix(deps): update dependency org.apache.maven:maven-core to v3.9.7
• fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.7
• fix(deps): update go (github.com/sigstore/protobuf-specs, github.com/sigstore/sigstore-go, github.com/slsa-framework/slsa-github-generator, golang.org/x/mod, google.golang.org/protobuf, sigs.k8s.io/release-utils)
• chore(deps): update dependency go to v1.22.3
• chore(deps): update golang docker tag to v1.22
• fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.13.0
• chore(deps): update github-actions (major) (golangci/golangci-lint-action, slsa-framework/slsa-github-generator)
• chore(deps): update npm dev (major) (@types/jasmine, @types/node, eslint)

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• chore(deps): update npm dev (@types/node, eslint, eslint-plugin-prettier, markdown-toc, renovate, typescript, typescript-eslint)

Detected dependencies

dockerfile

cli/experimental/service/Dockerfile

• golang 1.21@sha256:d83472f1ab5712a6b2b816dc811e46155e844ddc02f5f5952e72c6deedafed77
• gcr.io/distroless/base nonroot@sha256:53745e95f227cd66e8058d52f64efbbeb6c6af2c193e3c16981137e5083e6a32

github-actions

.github/workflows/codeql-analysis.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/setup-go v5.0.0@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
• github/codeql-action v3.24.9@1b1aada464948af03b950897e5eb522f92603cc2
• github/codeql-action v3.24.9@1b1aada464948af03b950897e5eb522f92603cc2
• github/codeql-action v3.24.9@1b1aada464948af03b950897e5eb522f92603cc2

.github/workflows/depsreview.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/dependency-review-action v4.2.5@5bbc3ba658137598168acb2ab73b21c432dd411b

.github/workflows/e2e.schedule.cli.yml

• actions/download-artifact v4.1.4@c850b930e6ba138125429b7e5c93fc707a7f8427
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11

.github/workflows/e2e.schedule.installer.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11

.github/workflows/pr-title.yml

• thehanimo/pr-title-checker v1.4.2@1d8cd483a2b73118406a187f54dca8a9415f1375

.github/workflows/pre-submit.actions.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/setup-node v4.0.2@60edb5dd545a775178f52524783378180af0d1f8
• actions/upload-artifact v4.3.1@5d5d22a31266ced268874388b861e4b58bb5c2f3

.github/workflows/pre-submit.cli.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/setup-go v5.0.0@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
• actions/upload-artifact v4.3.1@5d5d22a31266ced268874388b861e4b58bb5c2f3

.github/workflows/pre-submit.e2e.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/setup-go v5.0.0@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11

.github/workflows/pre-submit.lfs.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actionsdesk/lfs-warning v3.2@e5f9a4c21f4bee104db7c0f23954dde59e5df909

.github/workflows/pre-submit.lint.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/setup-go v5.0.0@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
• golangci/golangci-lint-action v4
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/setup-node v4.0.2@60edb5dd545a775178f52524783378180af0d1f8
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/setup-node v4.0.2@60edb5dd545a775178f52524783378180af0d1f8

.github/workflows/pre-submit.references.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11

.github/workflows/release.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• slsa-framework/slsa-github-generator v1.10.0
• slsa-framework/slsa-verifier v2.4.1
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11

.github/workflows/scorecards.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• ossf/scorecard-action v2.3.1@0864cf19026789058feabb7e87baa5f140aac736
• actions/upload-artifact v4.3.1@5d5d22a31266ced268874388b861e4b58bb5c2f3
• github/codeql-action v3.24.9@1b1aada464948af03b950897e5eb522f92603cc2

.github/workflows/update-actions-dist-post-commit.yml

• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/upload-artifact v4.3.1@5d5d22a31266ced268874388b861e4b58bb5c2f3
• actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
• actions/download-artifact v4.1.4@c850b930e6ba138125429b7e5c93fc707a7f8427

gomod

go.mod

• go 1.21
• go 1.21.6
• github.com/docker/go v1.5.1-1
• github.com/go-openapi/runtime v0.28.0
• github.com/google/go-cmp v0.6.0
• github.com/in-toto/in-toto-golang v0.9.0
• github.com/secure-systems-lab/go-securesystemslib v0.8.0
• github.com/sigstore/rekor v1.3.6
• github.com/sigstore/sigstore v1.8.3
• github.com/google/go-containerregistry v0.19.1
• github.com/gorilla/mux v1.8.1
• github.com/sigstore/cosign/v2 v2.2.4
• github.com/sigstore/sigstore-go v0.2.0
• github.com/slsa-framework/slsa-github-generator v1.9.0
• github.com/spf13/cobra v1.8.0
• golang.org/x/mod v0.16.0
• sigs.k8s.io/release-utils v0.7.7
• github.com/sigstore/fulcio v1.4.5
• github.com/sigstore/protobuf-specs v0.3.0
• golang.org/x/exp v0.0.0-20231108232855-2478ac86f678@2478ac86f678
• google.golang.org/protobuf v1.33.0

maven

experimental/maven-plugin/pom.xml

• org.apache.maven:maven-core 3.9.6
• org.apache.maven:maven-plugin-api 3.9.6
• org.apache.maven.plugin-tools:maven-plugin-annotations 3.11.0
• org.apache.maven:maven-project 2.2.1
• org.twdata.maven:mojo-executor 2.4.0

npm

actions/installer/package.json

• @actions/core ^1.9.1
• @actions/exec ^1.1.1
• @actions/github ^6.0.0
• @actions/io ^1.1.2
• @actions/tool-cache ^2.0.1
• nodejs ^0.0.0
• @types/jasmine 4.6.4
• @types/node 18.19.28
• @vercel/ncc 0.38.1
• eslint ^8.57.0
• eslint-plugin-github 4.10.2
• eslint-plugin-prettier ^5.1.3
• jasmine 5.1.0
• typescript ^5.4.3
• typescript-eslint ^7.5.0

package.json

• markdown-toc ^1.2.0
• renovate 37.363.4

---

• Check this box to trigger a request for Renovate to run again on this repository