Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Config Migration Needed

• Select this checkbox to let Renovate create an automated Config Migration PR.

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): update quay.io/brancz/kube-rbac-proxy docker tag to v0.20.1

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update module golang.org/x/crypto to v0.45.0 [security]
• chore(deps-dev): update actions/checkout digest to 34e1148
• chore(deps-dev): update pascalgn/size-label-action digest to 6ec5bd0
• chore(deps): update gcr.io/distroless/static:latest docker digest to 87bce11
• chore(deps): update golang.org/x/exp digest to 87e1e73
• chore(deps-dev): update actions/checkout action to v4.3.1
• chore(deps-dev): update anchore/sbom-action action to v0.20.10
• chore(deps-dev): update ossf/scorecard-action action to v2.4.3
• chore(deps-dev): update sigstore/cosign-installer action to v3.10.1
• chore(deps-dev): update step-security/harden-runner action to v2.13.2
• chore(deps): update kubernetes packages to v0.34.2 (k8s.io/api, k8s.io/apimachinery, k8s.io/client-go)
• chore(deps): update module go.mongodb.org/mongo-driver to v1.17.6
• chore(deps): update module sigs.k8s.io/controller-runtime to v0.22.4
• chore(deps-dev): update dependency go to 1.25.x
• chore(deps-dev): update dependency python to 3.14
• chore(deps-dev): update docker/login-action action to v3.6.0
• chore(deps-dev): update github/codeql-action action to v3.31.5
• chore(deps-dev): update helm/chart-testing-action action to v2.8.0
• chore(deps-dev): update helm/kind-action action to v1.13.0
• chore(deps): update module github.com/fluxcd/pkg/runtime to v0.91.0
• chore(deps): update module github.com/onsi/ginkgo/v2 to v2.27.2
• chore(deps-dev): update actions/checkout action to v6
• chore(deps-dev): update actions/setup-go action to v6
• chore(deps-dev): update actions/setup-python action to v6
• chore(deps-dev): update actions/stale action to v10
• chore(deps-dev): update github artifact actions (major) (actions/download-artifact, actions/upload-artifact)
• chore(deps-dev): update github/codeql-action action to v4
• chore(deps-dev): update sigstore/cosign-installer action to v4
• chore(deps-dev): update zgosalvez/github-actions-ensure-sha-pinned-actions action to v4
• chore(deps): update module go.mongodb.org/mongo-driver to v2
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

dockerfile

Dockerfile

• gcr.io/distroless/static latest@sha256:ce46866b3a5170db3b49364900fb3168dc0833dfb46c26da5c77f22abb01d8c3

github-actions

.github/workflows/main.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
• shogo82148/actions-goveralls v1.10.0@25f5320d970fb565100cf1993ada29be1bb196a1
• go 1.24.x

.github/workflows/pr-actions.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4.3.0@08eba0b27e820071cde6df949e0beb9ba4906955
• zgosalvez/github-actions-ensure-sha-pinned-actions v3.0.25@fc87bb5b5a97953d987372e74478de634726b3e5

.github/workflows/pr-build.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• azure/setup-helm v3.5@5119fcb9089d432beecbf79bb2c7915207344b78
• actions/setup-python v5.6.0@a26af69be951a213d495a4c3e4e4022e16d87065
• helm/chart-testing-action v2.7.0@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
• actions/upload-artifact v4.6.2@ea165f8d65b6e75b540449e92b4886f43607fa02
• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
• engineerd/setup-kind v0.5.0@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0
• actions/download-artifact v4.3.0@d3f86a106a0bac45b974a628896c90dbdf5c8093
• imranismail/setup-kustomize v2.1.0@2ba527d4d055ab63514ba50a99456fc35684947f
• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• azure/setup-helm v3.5@5119fcb9089d432beecbf79bb2c7915207344b78
• actions/setup-python v5.6.0@a26af69be951a213d495a4c3e4e4022e16d87065
• helm/chart-testing-action v2.7.0@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
• helm/kind-action v1.12.0@a1b0e391336a6ee6713a0583f8c6240d70863de3
• actions/download-artifact v4.3.0@d3f86a106a0bac45b974a628896c90dbdf5c8093
• python 3.13
• go 1.24.x
• go 1.24.x
• go 1.24.x
• go 1.24.x
• python 3.13

.github/workflows/pr-goreleaser.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4.3.0@08eba0b27e820071cde6df949e0beb9ba4906955
• goreleaser/goreleaser-action v6.4.0@e435ccd777264be153ace6237001ef4d979d3a7a

.github/workflows/pr-label.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• pascalgn/size-label-action 49850f3557d4b77f0b2e759829defd77ccc07c54

.github/workflows/pr-stale.yaml

• actions/stale v9.1.0@5bef64f19d7facfb25b37b414482c7164d639639

.github/workflows/pr-trivy.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
• github/codeql-action v3.30.4@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9

.github/workflows/rebase.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• cirrus-actions/rebase 1.8@b87d48154a87a85666003575337e27b8cd65f691

.github/workflows/release.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
• docker/login-action v3.5.0@184bdaa0721073962dff0199f1fb9940f07167d1
• sigstore/cosign-installer v3.10.0@d7543c93d881b35a8faa02e8e3605f69b7a1ce62
• anchore/sbom-action v0.20.6@f8bdd1d8ac5e901a77a92f111440fdb1b593736b
• goreleaser/goreleaser-action v6.4.0@e435ccd777264be153ace6237001ef4d979d3a7a
• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• azure/setup-helm v3.5@5119fcb9089d432beecbf79bb2c7915207344b78
• sigstore/cosign-installer v3.10.0@d7543c93d881b35a8faa02e8e3605f69b7a1ce62
• go 1.24.x

.github/workflows/report-on-vulnerabilities.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
• actions/upload-artifact v4.6.2@ea165f8d65b6e75b540449e92b4886f43607fa02
• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4.3.0@08eba0b27e820071cde6df949e0beb9ba4906955
• actions/download-artifact v4.3.0@d3f86a106a0bac45b974a628896c90dbdf5c8093
• JasonEtco/create-an-issue v2.9.2@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5

.github/workflows/scan.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683
• github/codeql-action codeql-bundle-20221020@f0a12816612c7306b485a22cb164feb43c6df818
• github/codeql-action codeql-bundle-20221020@f0a12816612c7306b485a22cb164feb43c6df818
• github/codeql-action codeql-bundle-20221020@f0a12816612c7306b485a22cb164feb43c6df818

.github/workflows/scorecard.yaml

• step-security/harden-runner v2.13.1@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a
• actions/checkout v4.3.0@08eba0b27e820071cde6df949e0beb9ba4906955
• ossf/scorecard-action v2.4.2@05b42c624433fc40578a4040d5cf5e36ddca8cde
• actions/upload-artifact v4.6.2@ea165f8d65b6e75b540449e92b4886f43607fa02
• github/codeql-action v3.30.4@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9

gomod

go.mod

• go 1.24.2
• github.com/fluxcd/pkg/runtime v0.80.0
• github.com/go-logr/logr v1.4.3
• github.com/onsi/ginkgo/v2 v2.25.3
• github.com/onsi/gomega v1.38.2
• github.com/spf13/pflag v1.0.10
• go.mongodb.org/mongo-driver v1.17.4
• golang.org/x/crypto v0.42.0
• golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0@7e4ce0ab07d0
• k8s.io/api v0.34.1
• k8s.io/apimachinery v0.34.1
• k8s.io/client-go v0.34.1
• sigs.k8s.io/controller-runtime v0.22.1

helm-values

chart/growthbook-controller/values.yaml

• quay.io/brancz/kube-rbac-proxy v0.20.0

kustomize

config/base/manager/kustomization.yaml

• ghcr.io/doodlescheduling/growthbook-controller v0.6.0

renovate-config-presets

renovate.json

---

• Check this box to trigger a request for Renovate to run again on this repository