Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Note

These dependencies have not received updates for an extended period and may be unmaintained:

View abandoned dependencies (1)

Datasource	Name	Last Updated
gomod	github.com/muesli/roff	2022-01-11

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release.
Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update actions/checkout action to v6
• chore(deps): update actions/setup-go action to v6
• chore(deps): update golangci/golangci-lint-action action to v9
• chore(deps): update sigstore/cosign-installer action to v4
• fix(deps): update module gitlab.com/gitlab-org/api/client-go to v1
• 🔐 Create all rate-limited PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update module github.com/cloudflare/circl to v1.6.1 [security]
• chore(deps): update module github.com/ulikunitz/xz to v0.5.15 [security]
• chore(deps): update module github.com/go-viper/mapstructure/v2 to v2.4.0 [security]
• chore(deps): update module github.com/nwaples/rardecode/v2 to v2.2.0 [security]
• fix(deps): update module golang.org/x/crypto to v0.45.0 [security]
• chore(deps): update cgr.dev/chainguard/glibc-dynamic:latest-dev docker digest to 24b2d5f
• chore(deps): update orhun/git-cliff-action digest to e16f179
• chore(deps): update dependency go to v1.25.5
• chore(deps): update github actions minor and patch updates (actions/checkout, actions/setup-go, anchore/sbom-action, docker/login-action, goreleaser/goreleaser-action, sigstore/cosign-installer, slsa-framework/slsa-verifier, step-security/harden-runner)
• fix(deps): update go dependencies minor and patch updates (code.gitea.io/sdk/gitea, github.com/go-git/go-billy/v5, github.com/go-git/go-git/v5, github.com/hashicorp/go-retryablehttp, github.com/knadh/koanf/parsers/dotenv, github.com/knadh/koanf/providers/env, github.com/knadh/koanf/providers/file, github.com/knadh/koanf/v2, github.com/mholt/archives, github.com/muesli/mango-cobra, github.com/spf13/cobra, github.com/stretchr/testify, gitlab.com/gitlab-org/api/client-go)
• fix(deps): update github dependencies (major) (github.com/google/go-github/v71, github.com/knadh/koanf/parsers/yaml, github.com/knadh/koanf/providers/env)
• Click on this checkbox to rebase all open PRs at once

Detected Dependencies

dockerfile (1)

Containerfile (1)

• cgr.dev/chainguard/glibc-dynamic latest-dev@sha256:aeb7aad55c12941a500ed0019fe2d635ba2734b4fbc44238f7d7d0d343a1eee6 → [Updates: latest-dev]

github-actions (7)

.github/workflows/golint.yml (4)

• step-security/harden-runner v2.12.0@0634a2670c59f64b4a01f0f96f84700a4088b9f0 → [Updates: v2.14.0]
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v4.3.1, v6.0.1]
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 → [Updates: v5.6.0, v6.1.0]
• golangci/golangci-lint-action v6.5.2@55c2c1448f86e01eaae002a5a3a9624417608d84 → [Updates: v9.2.0]

.github/workflows/openssfscorecard.yml (1)

• itiquette/.github main

.github/workflows/pullrequest-workflow.yml (4)

• itiquette/.github main
• itiquette/.github main
• itiquette/.github main
• itiquette/.github main

.github/workflows/release-slsa.yml (5)

• slsa-framework/slsa-github-generator v2.1.0
• slsa-framework/slsa-github-generator v2.1.0
• slsa-framework/slsa-verifier v2.7.0@6657aada084353c65e5dde35394b1a010289fab0 → [Updates: v2.7.1]
• docker/login-action v3.4.0@74a5d142397b4f367a81961eba4e8cd7edddf772 → [Updates: v3.6.0]
• sigstore/cosign-installer v3.8.2@3454372f43399081ed03b604cb2d021dabca52bb → [Updates: v3.10.1, v4.0.0]

.github/workflows/release-workflow.yml (1)

• itiquette/.github main

.github/workflows/release.yml (8)

• step-security/harden-runner v2.12.0@0634a2670c59f64b4a01f0f96f84700a4088b9f0 → [Updates: v2.14.0]
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v4.3.1, v6.0.1]
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 → [Updates: v5.6.0, v6.1.0]
• sigstore/cosign-installer v3.8.2@3454372f43399081ed03b604cb2d021dabca52bb → [Updates: v3.10.1, v4.0.0]
• anchore/sbom-action v0.20.0@e11c554f704a0b820cbf8c51673f6945e0731532 → [Updates: v0.21.1]
• docker/login-action v3.4.0@74a5d142397b4f367a81961eba4e8cd7edddf772 → [Updates: v3.6.0]
• orhun/git-cliff-action v4@4a4a951bc43fafe41cd2348d181853f52356bee7 → [Updates: v4]
• goreleaser/goreleaser-action v6.3.0@9c156ee8a17a598857849441385a2041ef570552 → [Updates: v6.4.0]

.github/workflows/test.yml (3)

• step-security/harden-runner v2.12.0@0634a2670c59f64b4a01f0f96f84700a4088b9f0 → [Updates: v2.14.0]
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v4.3.1, v6.0.1]
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 → [Updates: v5.6.0, v6.1.0]

gomod (1)

go.mod (23)

• go 1.24.2 → [Updates: 1.25.5]
• code.gitea.io/sdk/gitea v0.21.0 → [Updates: v0.22.1]
• github.com/go-git/go-git/v5 v5.14.0 → [Updates: v5.16.4]
• github.com/google/go-github/v71 v71.0.0 → [Updates: v81.0.0]
• github.com/hashicorp/go-retryablehttp v0.7.7 → [Updates: v0.7.8]
• github.com/knadh/koanf/parsers/dotenv v1.0.0 → [Updates: v1.1.1]
• github.com/knadh/koanf/parsers/yaml v0.1.0 → [Updates: v1.1.0]
• github.com/knadh/koanf/providers/env v1.0.0 → [Updates: v1.1.0, v2.0.0]
• github.com/knadh/koanf/providers/file v1.1.2 → [Updates: v1.2.1]
• github.com/knadh/koanf/v2 v2.1.2 → [Updates: v2.3.0]
• github.com/mholt/archives v0.1.1 → [Updates: v0.1.5]
• github.com/rs/zerolog v1.34.0
• github.com/spf13/cobra v1.9.1 → [Updates: v1.10.2]
• github.com/stretchr/testify v1.10.0 → [Updates: v1.11.1]
• gitlab.com/gitlab-org/api/client-go v0.127.0 → [Updates: v0.161.1, v1.11.0]
• github.com/cloudflare/circl v1.6.0 → [Updates: v1.6.1]
• github.com/go-git/go-billy/v5 v5.6.2 → [Updates: v5.7.0]
• github.com/go-viper/mapstructure/v2 v2.2.1 → [Updates: v2.4.0]
• github.com/muesli/mango-cobra v1.2.0 → [Updates: v1.3.0]
• github.com/muesli/roff v0.1.0
• github.com/nwaples/rardecode/v2 v2.1.1 → [Updates: v2.2.0]
• github.com/ulikunitz/xz v0.5.12 → [Updates: v0.5.15]
• golang.org/x/crypto v0.37.0 → [Updates: v0.45.0]

---

• Check this box to trigger a request for Renovate to run again on this repository