Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

These problems occurred while renovating this repository. View logs.

• WARN: File contents are invalid JSON but parse using JSON5. Support for this will be removed in a future release so please change to a support .json5 file name or ensure correct JSON syntax.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update cgr.dev/chainguard/glibc-dynamic:latest-dev docker digest to 5cf0cb9
• chore(deps): update dependency go to v1.23.6
• chore(deps): update github actions minor and patch updates (golangci/golangci-lint-action, sigstore/cosign-installer)
• fix(deps): update module gitlab.com/gitlab-org/api/client-go to v0.122.0
• fix(deps): update module github.com/google/go-github/v68 to v69
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

dockerfile

Containerfile

• cgr.dev/chainguard/glibc-dynamic latest-dev@sha256:5add7d895ce39a40af62fba71503e72c4b500d6ee880f9bf37c89fd6e4e0a637

github-actions

.github/workflows/golint.yml

• step-security/harden-runner v2.10.4@cb605e52c26070c328afc4562f0b4ada7618a84e
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34
• golangci/golangci-lint-action v6.2.0@ec5d18412c0aeab7936cb16880d708ba2a64e1ae

.github/workflows/openssfscorecard.yml

• itiquette/.github main

.github/workflows/pullrequest-workflow.yml

• itiquette/.github main
• itiquette/.github main
• itiquette/.github main
• itiquette/.github main

.github/workflows/release-slsa.yml

• slsa-framework/slsa-github-generator v2.0.0
• slsa-framework/slsa-github-generator v2.0.0
• slsa-framework/slsa-verifier v2.6.0@3714a2a4684014deb874a0e737dffa0ee02dd647
• docker/login-action v3.3.0@9780b0c442fbb1117ed29e0efdff1e18412f7567
• sigstore/cosign-installer v3.7.0@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da

.github/workflows/release-workflow.yml

• itiquette/.github main

.github/workflows/release.yml

• step-security/harden-runner v2.10.4@cb605e52c26070c328afc4562f0b4ada7618a84e
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34
• sigstore/cosign-installer v3.7.0@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da
• anchore/sbom-action v0.18.0@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0
• docker/login-action v3.3.0@9780b0c442fbb1117ed29e0efdff1e18412f7567
• orhun/git-cliff-action v4@4a4a951bc43fafe41cd2348d181853f52356bee7
• goreleaser/goreleaser-action v6.1.0@9ed2f89a662bf1735a48bc8557fd212fa902bebf

.github/workflows/test.yml

• step-security/harden-runner v2.10.4@cb605e52c26070c328afc4562f0b4ada7618a84e
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34

gomod

go.mod

• go 1.23.5
• code.gitea.io/sdk/gitea v0.20.0
• github.com/go-git/go-git/v5 v5.13.2
• github.com/google/go-github/v68 v68.0.0
• github.com/hashicorp/go-retryablehttp v0.7.7
• github.com/knadh/koanf/parsers/dotenv v1.0.0
• github.com/knadh/koanf/parsers/yaml v0.1.0
• github.com/knadh/koanf/providers/env v1.0.0
• github.com/knadh/koanf/providers/file v1.1.2
• github.com/knadh/koanf/v2 v2.1.2
• github.com/mholt/archives v0.1.0
• github.com/rs/zerolog v1.33.0
• github.com/spf13/cobra v1.8.1
• github.com/stretchr/testify v1.10.0
• gitlab.com/gitlab-org/api/client-go v0.120.0
• github.com/go-git/go-billy/v5 v5.6.2
• github.com/muesli/mango-cobra v1.2.0
• github.com/muesli/roff v0.1.0
• golang.org/x/crypto v0.32.0

---

• Check this box to trigger a request for Renovate to run again on this repository