Dependency Dashboard #95
Description
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.
Abandoned Dependencies
Note
Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.
These dependencies have not received updates for an extended period and may be unmaintained:
View abandoned dependencies (5)
| Datasource | Package | Last Updated |
|---|---|---|
| github-actions | checkmarx/dustilock | 2021-11-21 |
| github-actions | microsoft/security-devops-action | 2024-11-07 |
| pep621 | loguru | 2024-12-06 |
| pep621 | staticx | 2023-08-07 |
| pre-commit | ComPWA/taplo-pre-commit | 2024-08-19 |
Awaiting Schedule
The following updates are awaiting their schedule. To get an update now, click on a checkbox below.
- chore(deps): lock file maintenance
Warning
Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package ossf/scorecard-action), Could not determine new digest for update (github-digest package quay/clair-action), Could not determine new digest for update (github-tags package checkmarx/dustilock), Could not determine new digest for update (github-tags package checkmarx/kics-github-action), Could not determine new digest for update (github-tags package microsoft/security-devops-action), Could not determine new digest for update (github-tags package google/osv-scanner-action), Could not determine new digest for update (github-tags package aquasecurity/trivy-action), Could not determine new digest for update (github-tags package trufflesecurity/trufflehog), Could not determine new digest for update (github-tags package checkmarx/vorpal-reviewdog-github-action).
Files affected: .github/workflows/ossf.yml, .github/workflows/scans.yml
PR Closed (Blocked)
The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.
Vulnerabilities
Renovate has not found any CVEs on osv.dev.
Detected Dependencies
docker-compose (1)
compose.yaml
dockerfile (1)
Dockerfile (2)
ghcr.io/astral-sh/uv 0.11.3@sha256:90bbb3c16635e9627f49eec6539f956d70746c409209041800a0280b93152823debian stable-slim@sha256:99fc6d2a0882fcbcdc452948d2d54eab91faafc7db037df82425edcdcf950e1f
github-actions (5)
.github/workflows/automerge.yml (1)
dependabot/fetch-metadata v2@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36.github/workflows/ci.yml (10)
actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddastral-sh/setup-uv v7@37802adc94f370d6bfd71619e3f0bf239e1f3b78actions/setup-python v6@a309ff8b426b58ec0e2a45f0f869d46889d02405docker/setup-qemu-action v4@ce360397dd3f832beb865e1373c09c0e9f86d70adocker/setup-buildx-action v4@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedddocker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294docker/metadata-action v6@030e881283bb7a6894de51c315a6bfe6a94e05cfdocker/login-action v4@4907a6ddec9925e35a0a9e82d7399ccc52663121docker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294docker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294.github/workflows/ossf.yml (3)
actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddossf/scorecard-action v2@4eaacf0543bb3f2c246792bd56e8cdeffafb205agithub/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13.github/workflows/pr.yml (3)
amannn/action-semantic-pull-request v6@48f256284bd46cdaab1048c3721360e808335d50actions/labeler v6@634933edcd8ababfe52f92936142cc22ac488b1bpascalgn/size-label-action v0.5.7@56b489b027932ec0cf60438a1a5f1a19c8fc71ff.github/workflows/scans.yml (52)
actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddbridgecrewio/checkov-action master@0ce65fae06c148e349f955c3c35ad049c11e838cgithub/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dddocker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294quay/clair-action V0@5c49d6aa4b73f499c3da163fc599053e0cf07797github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddmicrosoft/DevSkim-Action v1@4b5047945a44163b94642a1cecc0d93a3f428cc6github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddcheckmarx/dustilock v1@9a0cc4fe3da93f7efb38679896c074dc94d60ac6actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddgitleaks/gitleaks-action v2@ff98106e4c7b2bc287b24eaf42907196329070c7github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddanchore/scan-action v7@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dddocker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294anchore/scan-action v7@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddcheckmarx/kics-github-action v2@05aa5eb70eede1355220f4ca5238d96b397e30a6github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddoxsecurity/megalinter v9@8fbdead70d1409964ab3d5afa885e18ee85388bbactions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024fgithub/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddmicrosoft/security-devops-action v1@08976cb623803b1b36d7112d4ff9f59eae704de0github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13google/osv-scanner-action v2@c5996e0193a3df57d695c1b8a1dec2a4c62e8730google/osv-scanner-action v2@c5996e0193a3df57d695c1b8a1dec2a4c62e8730actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddanchore/sbom-action v0@e22c389904149dbc22b58101806040fa8d37a610anchore/scan-action v7@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddaquasecurity/trivy-action 0.30@57a97c7e7821a5776cebc9bb87c984fa69cba8f1aquasecurity/trivy-action 0.30@57a97c7e7821a5776cebc9bb87c984fa69cba8f1github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dddocker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294aquasecurity/trivy-action 0.30@57a97c7e7821a5776cebc9bb87c984fa69cba8f1aquasecurity/trivy-action 0.30@57a97c7e7821a5776cebc9bb87c984fa69cba8f1github/codeql-action v4@c10b8064de6f491fea524254123dbe5e09572f13actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddtrufflesecurity/trufflehog v3@6c05c4a00b91aa542267d8e32a8254774799d68dactions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddstep-security/changed-files v47@60967b822d3001fa82242f8d6b4ed46bc3600a68checkmarx/vorpal-reviewdog-github-action v1@8cc292f337a2f1dea581b4f4bd73852e7becb50d
pep621 (1)
pyproject.toml (16)
python >=3.11,<4.0fastapi >=0.115gunicorn >=23.0loguru >=0.7sqlmodel >=0.0typer >=0.15mypy ~=1.15pytest ~=9.0pytest-cov ~=7.0pytest-env ~=1.1pytest-mock ~=3.14pytest-xdist ~=3.6pyinstaller ~=6.13scons ~=4.9staticx ~=0.14poetry-core >=2.0,<3.0
pre-commit (1)
.pre-commit-config.yaml (13)
pre-commit/pre-commit v4.5.1pre-commit/pre-commit-hooks v6.0.0gitleaks/gitleaks v8.30.1rhysd/actionlint v1.7.12editorconfig-checker/editorconfig-checker v3.6.1hadolint/hadolint v2.14.0DavidAnson/markdownlint-cli2 v0.22.0astral-sh/ruff-pre-commit v0.15.9koalaman/shellcheck-precommit v0.11.0scop/pre-commit-shfmt v3.13.0-1ComPWA/taplo-pre-commit v0.9.3astral-sh/uv-pre-commit 0.11.3google/yamlfmt v0.21.0
pyenv (1)
.python-version (1)
python 3.13→ [Updates:3.14]
- Check this box to trigger a request for Renovate to run again on this repository