Dependency Dashboard

[renovate-sh-app]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Config Migration Needed

See Config Migration PR: #77.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Package lookup failures

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update semgrep/semgrep docker tag to v1.161.0
• chore(deps): update trufflesecurity/trufflehog docker tag to v3.95.2
• chore(deps): update actions/checkout action to v6
• chore(deps): update actions/create-github-app-token action to v3
• chore(deps): update actions/github-script action to v9
• chore(deps): update astral-sh/setup-uv action to v8
• chore(deps): update dependabot/fetch-metadata action to v3
• chore(deps): update github artifact actions (major) (actions/download-artifact, actions/upload-artifact)
• chore(deps): update mshick/add-pr-comment action to v3
• 🔐 Create all rate-limited PRs at once 🔐

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package actions/checkout), Failed to look up github-tags package aquasecurity/trivy-action: no-result.

Files affected: trivy/action.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): pin dependencies (grafana/security-github-actions, semgrep/semgrep)
• chore(deps): update actions/checkout digest to 93cb6ef
• chore(deps): update actions/create-github-app-token digest to fee1f7d
• chore(deps): update snyk/actions digest to 9adf32b
• chore(deps): update actions/checkout action to v5.0.1
• chore(deps): update grafana/shared-workflows/get-vault-secrets action to v1.3.1
• chore(deps): update actions/checkout action to v4.3.1
• chore(deps): update actions/upload-artifact action to v4.6.2
• chore(deps): update astral-sh/setup-uv action to v6.8.0
• chore(deps): update tibdex/github-app-token action to v2
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Renovate has not found any CVEs on osv.dev.

Detected Dependencies

github-actions (8)

.github/workflows/dependabot-automerge.yaml (2)

• tibdex/github-app-token v1@32691ba7c9e7063bd457bd8f2a5703138591fa58 → [Updates: v2]
• dependabot/fetch-metadata v1.7.0@8348ea7f5d949b08c7f125a44b569c9626b05db3 → [Updates: v3.1.0]

.github/workflows/org-required-trufflehog.yml (1)

• grafana/security-github-actions main → [Updates: main]

.github/workflows/periodic-zizmor.yaml (6)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• grafana/shared-workflows get-vault-secrets/v1.3.0@a37de51f3d713a30a9e4b21bcdfbd38170020593 → [Updates: get-vault-secrets/v1.3.1]
• actions/create-github-app-token v2@67018539274d69449ef7c02e8e71183d1719ab42 → [Updates: v3, v2]
• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• astral-sh/setup-uv v6.7.0@b75a909f75acd358c2196fb9a5f1299a9a8868a4 → [Updates: v6.8.0, v8.1.0]
• actions/github-script v7@f28e40c7f34bde8b3046d885e986cb6290c5673b → [Updates: v9]

.github/workflows/reusable-trufflehog.yml (5)

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332 → [Updates: v4.3.1, v6.0.2]
• mshick/add-pr-comment v2.8.2@b8f338c590a895d50bcbfa6c5859251edc8952fc → [Updates: v3.11.0]
• actions/upload-artifact v4.4.0@50769540e7f4bd5e21e526ee35c689e35e0d6874 → [Updates: v4.6.2, v7.0.1]
• grafana/shared-workflows get-vault-secrets/v1.3.1@f1614b210386ac420af6807a997ac7f6d96e477a
• actions/download-artifact v4@d3f86a106a0bac45b974a628896c90dbdf5c8093 → [Updates: v8]

.github/workflows/self-zizmor.yaml (1)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]

.github/workflows/semgrep.yaml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• semgrep/semgrep 1.152.0 → [Updates: 1.161.0, 1.152.0]

.github/workflows/snyk_monitor.yml (2)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• snyk/actions master@e2221410bff24446ba09102212d8bc75a567237d → [Updates: master]

trivy/action.yml (5)

• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: 5.0.1, 6.0.2]
• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: 5.0.1, 6.0.2]
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: 5.0.1, 6.0.2]
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8

regex (3)

.github/workflows/reusable-trufflehog.yml (1)

• trufflesecurity/trufflehog v3.94.0 → [Updates: v3.95.2]

.github/workflows/reusable-trufflehog.yml (1)

• trufflesecurity/trufflehog v3.94.0 → [Updates: v3.95.2]

pre-commit/trufflehog.sh (1)

• trufflesecurity/trufflehog 3.88.29@sha256:6375b4dd7d045656bf78f52ac5a6e992eff344da9def96f0953cda26f791ffb7 → [Updates: 3.95.2]

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.