This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.View this repository on the Mend.io Web Portal .
Repository Problems
These problems occurred while renovating this repository. View logs .
⚠️ WARN: Package lookup failures
Abandoned Dependencies
The following dependencies have not received updates for an extended period and may be unmaintained.
View abandoned dependencies (4)
[!NOTE]abandonmentThreshold
Rate-Limited
The following updates are currently rate-limited. To force their creation now, click on a checkbox below.
Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package ossf/scorecard-action), Could not determine new digest for update (github-digest package quay/clair-action), Could not determine new digest for update (github-tags package checkmarx/dustilock), Could not determine new digest for update (github-tags package microsoft/security-devops-action), Could not determine new digest for update (github-tags package google/osv-scanner-action), Could not determine new digest for update (github-tags package trufflesecurity/trufflehog), Could not determine new digest for update (github-tags package checkmarx/vorpal-reviewdog-github-action).
Files affected: .github/workflows/ossf.yml, .github/workflows/scans.yml
Open
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
PR Closed (Blocked)
The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.
Vulnerabilities
Renovate has not found any CVEs on osv.dev .
Detected Dependencies
docker-compose (1)
compose.yaml
dockerfile (1)
Dockerfile (2)
ghcr.io/astral-sh/uv 0.11.10@sha256:bca7f6959666f3524e0c42129f9d8bbcfb0c180d847f5187846b98ff06125ead → [Updates: 0.11.11]debian stable-slim@sha256:8f0c555de6a2f9c2bda1b170b67479d11f7f5e3b66bb4a7a1d8843361c9dd3ff
github-actions (5)
.github/workflows/automerge.yml (1)
dependabot/fetch-metadata v3@25dd0e34f4fe68f24cc83900b1fe3fe149efef98
.github/workflows/ci.yml (10)
actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddastral-sh/setup-uv v8.1.0@08807647e7069bb48b6ef5acd8ec9567f424441bactions/setup-python v6@a309ff8b426b58ec0e2a45f0f869d46889d02405docker/setup-qemu-action v4@ce360397dd3f832beb865e1373c09c0e9f86d70adocker/setup-buildx-action v4@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedddocker/build-push-action v7@bcafcacb16a39f128d818304e6c9c0c18556b85fdocker/metadata-action v6@030e881283bb7a6894de51c315a6bfe6a94e05cfdocker/login-action v4@4907a6ddec9925e35a0a9e82d7399ccc52663121docker/build-push-action v7@bcafcacb16a39f128d818304e6c9c0c18556b85fdocker/build-push-action v7@bcafcacb16a39f128d818304e6c9c0c18556b85f
.github/workflows/ossf.yml (3)
actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddossf/scorecard-action v2@4eaacf0543bb3f2c246792bd56e8cdeffafb205agithub/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7
.github/workflows/pr.yml (3)
amannn/action-semantic-pull-request v6@48f256284bd46cdaab1048c3721360e808335d50actions/labeler v6@f27b608878404679385c85cfa523b85ccb86e213pascalgn/size-label-action v0.5.7@56b489b027932ec0cf60438a1a5f1a19c8fc71ff
.github/workflows/scans.yml (52)
actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddbridgecrewio/checkov-action master@9201a8e6eaa919e3444d7c4ca691896efde4f033github/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dddocker/build-push-action v7@bcafcacb16a39f128d818304e6c9c0c18556b85fquay/clair-action V0@5c49d6aa4b73f499c3da163fc599053e0cf07797github/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddmicrosoft/DevSkim-Action v1@4b5047945a44163b94642a1cecc0d93a3f428cc6github/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddcheckmarx/dustilock v1@9a0cc4fe3da93f7efb38679896c074dc94d60ac6actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddgitleaks/gitleaks-action v2@ff98106e4c7b2bc287b24eaf42907196329070c7github/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddanchore/scan-action v7@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2github/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dddocker/build-push-action v7@bcafcacb16a39f128d818304e6c9c0c18556b85fanchore/scan-action v7@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2github/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddcheckmarx/kics-github-action v2@adb675615871acaa5238d433dce4807d485f993fgithub/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddoxsecurity/megalinter v9@8fbdead70d1409964ab3d5afa885e18ee85388bbactions/upload-artifact v7@043fb46d1a93c77aae656e7c1c64a875d1fc6a0agithub/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddmicrosoft/security-devops-action v1@08976cb623803b1b36d7112d4ff9f59eae704de0github/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7google/osv-scanner-action v2@c5996e0193a3df57d695c1b8a1dec2a4c62e8730google/osv-scanner-action v2@c5996e0193a3df57d695c1b8a1dec2a4c62e8730actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddanchore/sbom-action v0@e22c389904149dbc22b58101806040fa8d37a610anchore/scan-action v7@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2github/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddaquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25github/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dddocker/build-push-action v7@bcafcacb16a39f128d818304e6c9c0c18556b85faquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25github/codeql-action v4@e46ed2cbd01164d986452f91f178727624ae40d7actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddtrufflesecurity/trufflehog v3@6c05c4a00b91aa542267d8e32a8254774799d68dactions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83ddstep-security/changed-files v47@2e07db73e5ccdb319b9a6c7766bd46d39d304badcheckmarx/vorpal-reviewdog-github-action v1@8cc292f337a2f1dea581b4f4bd73852e7becb50d
pep621 (1)
pyproject.toml (16)
python >=3.11,<4.0fastapi >=0.115gunicorn >=23.0loguru >=0.7sqlmodel >=0.0typer >=0.15mypy ~=1.15 → [Updates: ~=2.0]pytest ~=9.0pytest-cov ~=7.0pytest-env ~=1.1pytest-mock ~=3.14pytest-xdist ~=3.6pyinstaller ~=6.13 scons ~=4.9 staticx ~=0.14 poetry-core >=2.0,<3.0
pre-commit (1)
.pre-commit-config.yaml (13)
pre-commit/pre-commit v4.6.0pre-commit/pre-commit-hooks v6.0.0gitleaks/gitleaks v8.30.1rhysd/actionlint v1.7.12editorconfig-checker/editorconfig-checker v3.6.1hadolint/hadolint v2.14.0DavidAnson/markdownlint-cli2 v0.22.1astral-sh/ruff-pre-commit v0.15.12koalaman/shellcheck-precommit v0.11.0scop/pre-commit-shfmt v3.13.1-1ComPWA/taplo-pre-commit v0.9.3astral-sh/uv-pre-commit 0.11.10 → [Updates: 0.11.11]google/yamlfmt v0.21.0
pyenv (1)
.python-version (1)
python 3.13 → [Updates: 3.14]
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.
Repository Problems
These problems occurred while renovating this repository. View logs.
Abandoned Dependencies
The following dependencies have not received updates for an extended period and may be unmaintained.
View abandoned dependencies (4)
2021-11-212024-11-072024-12-062024-08-19Rate-Limited
The following updates are currently rate-limited. To force their creation now, click on a checkbox below.
Warning
Renovate failed to look up the following dependencies:
Could not determine new digest for update (github-tags package ossf/scorecard-action),Could not determine new digest for update (github-digest package quay/clair-action),Could not determine new digest for update (github-tags package checkmarx/dustilock),Could not determine new digest for update (github-tags package microsoft/security-devops-action),Could not determine new digest for update (github-tags package google/osv-scanner-action),Could not determine new digest for update (github-tags package trufflesecurity/trufflehog),Could not determine new digest for update (github-tags package checkmarx/vorpal-reviewdog-github-action).Files affected:
.github/workflows/ossf.yml,.github/workflows/scans.ymlOpen
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
astral-sh/uv-pre-commit,ghcr.io/astral-sh/uv)PR Closed (Blocked)
The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.
Vulnerabilities
Renovate has not found any CVEs on osv.dev.
Detected Dependencies
docker-compose (1)
dockerfile (1)
github-actions (5)
pep621 (1)
pre-commit (1)
pyenv (1)