slsa-verifier icon indicating copy to clipboard operation
slsa-verifier copied to clipboard
verified publisher icon slsa-framework

Dependency Dashboard

Open forking-renovate[bot] opened this issue 3 years ago • 0 comments

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

[!NOTE] These dependencies have not received updates for an extended period and may be unmaintained:

View abandoned dependencies (10)
Datasource Name Last Updated
github-actions actionsdesk/lfs-warning 2024-04-04
gomod github.com/docker/go 2015-11-02
gomod github.com/gorilla/mux 2023-10-18
gomod github.com/in-toto/in-toto-golang 2023-05-04
gomod github.com/slsa-framework/slsa-github-generator 2024-03-21
npm @actions/core 2024-10-04
npm @actions/exec 2022-03-17
npm markdown-toc 2017-09-19
npm nodejs 2014-05-04
pip_requirements pathspec 2023-12-10

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

  • [ ] chore(deps): update npm dev (major) (@types/jasmine, @types/node, eslint, eslint-plugin-github, renovate, typescript-eslint)

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

  • [ ] fix(deps): update dependency org.twdata.maven:mojo-executor to v2.4.1
  • [ ] chore(deps): update dependency aspect_bazel_lib to v2.21.2
  • [ ] chore(deps): update dependency aspect_rules_js to v1.42.3
  • [ ] chore(deps): update dependency autolinker to v4.1.5
  • [ ] chore(deps): update dependency bazel_features to v1.38.0
  • [ ] chore(deps): update dependency bazel_skylib to v1.8.2
  • [ ] chore(deps): update dependency go to v1.25.4
  • [ ] chore(deps): update dependency rules_buf to v0.5.2
  • [ ] chore(deps): update dependency rules_multirun to v0.13.0
  • [ ] chore(deps): update dependency rules_multitool to v0.15.0
  • [ ] chore(deps): update dependency stardoc to v0.8.0
  • [ ] chore(deps): update dependency toolchains_protoc to v0.6.0
  • [ ] chore(deps): update dependency yamllint to v1.37.1
  • [ ] chore(deps): update github-actions (actions/checkout, actions/dependency-review-action, actions/download-artifact, actions/setup-go, actions/setup-node, actions/upload-artifact, github/codeql-action, golangci/golangci-lint-action, ossf/scorecard-action, slsa-framework/slsa-verifier)
  • [ ] fix(deps): update go (github.com/go-openapi/runtime, github.com/google/go-cmp, github.com/google/go-containerregistry, github.com/in-toto/attestation, github.com/secure-systems-lab/go-securesystemslib, github.com/sigstore/cosign/v2, github.com/sigstore/fulcio, github.com/sigstore/protobuf-specs, github.com/sigstore/rekor, github.com/sigstore/sigstore, github.com/sigstore/sigstore-go, github.com/spf13/cobra, golang.org/x/mod, google.golang.org/protobuf, sigs.k8s.io/release-utils)
  • [ ] chore(deps): update dependency aspect_rules_js to v2
  • [ ] chore(deps): update dependency platforms to v1
  • [ ] chore(deps): update dependency rules_multitool to v1
  • [ ] chore(deps): update dependency rules_proto to v7
  • [ ] chore(deps): update github-actions (major) (actions/checkout, actions/download-artifact, actions/setup-go, actions/setup-node, actions/upload-artifact, github/codeql-action, golangci/golangci-lint-action, node)
  • [ ] fix(deps): update dependency @actions/io to v2
  • [ ] fix(deps): update module github.com/sigstore/cosign/v2 to v3
  • [ ] fix(deps): update module github.com/sigstore/sigstore-go to v1
  • [ ] 🔐 Create all rate-limited PRs at once 🔐

Edited/Blocked

The following updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox below.

  • [ ] chore(deps): update npm dev (@types/jasmine, @types/node, @vercel/ncc, eslint, eslint-plugin-prettier, jasmine, renovate, typescript, typescript-eslint)

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

  • [ ] chore(deps): update gcr.io/distroless/base:nonroot docker digest to 10136f3
  • [ ] chore(deps): update golang:1.23 docker digest to 60deed9
  • [ ] fix(deps): update golang.org/x/exp digest to a4bb9ff
  • [ ] chore(deps): update dependency pyyaml to v6.0.3
  • [ ] fix(deps): update dependency org.apache.maven:maven-core to v3.9.11
  • [ ] fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.11
  • [ ] fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.15.2
  • [ ] chore(deps): update golang docker tag to v1.25
  • [ ] Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

  • [ ] chore(deps): update dependency platforms to v0.0.11
  • [ ] chore(deps): update dependency rules_proto to v6.0.2

Detected dependencies

bazel-module
cli/slsa-verifier/testdata/bcr/MODULE.bazel
  • aspect_bazel_lib 2.7.7
  • aspect_rules_js 1.40.0
  • bazel_features 1.0.0
  • bazel_skylib 1.4.2
  • platforms 0.0.7
  • rules_multirun 0.9.0
  • rules_multitool 0.4.0
  • rules_diff 1.0.0
  • rules_proto 6.0.0
  • rules_buf 0.1.1
  • toolchains_protoc 0.2.1
  • stardoc 0.7.0
dockerfile
cli/experimental/service/Dockerfile
  • golang 1.23@sha256:dd5cc4b4f85d13329cb5b17cbf35c509e1c82a43bf6e5961516fda444013121a
  • gcr.io/distroless/base nonroot@sha256:0a0dc2036b7c56d1a9b6b3eed67a974b6d5410187b88cbd6f1ef305697210ee2
github-actions
.github/workflows/codeql-analysis.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34
  • github/codeql-action v3.28.1@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c
  • github/codeql-action v3.28.1@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c
  • github/codeql-action v3.28.1@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c
.github/workflows/depsreview.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/dependency-review-action v4.5.0@3b139cfc5fae8b618d3eae3675e383bb1769c019
.github/workflows/e2e.schedule.cli.yml
  • actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
.github/workflows/e2e.schedule.installer.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
.github/workflows/pr-title.yml
  • thehanimo/pr-title-checker v1.4.3@7fbfe05602bdd86f926d3fb3bccb6f3aed43bc70
.github/workflows/pre-submit.actions.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/setup-node v4.1.0@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
  • actions/upload-artifact v4.6.0@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
  • node 20
.github/workflows/pre-submit.cli.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34
  • actions/upload-artifact v4.6.0@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
.github/workflows/pre-submit.e2e.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
.github/workflows/pre-submit.lfs.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actionsdesk/lfs-warning v3.3@4b98a8a5e6c429c23c34eee02d71553bca216425
.github/workflows/pre-submit.lint.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/setup-go v5.3.0@f111f3307d8850f501ac008e886eec1fd1932a34
  • golangci/golangci-lint-action v6.2.0@ec5d18412c0aeab7936cb16880d708ba2a64e1ae
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/setup-node v4.1.0@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/setup-node v4.1.0@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
  • node 20
  • node 20
.github/workflows/pre-submit.references.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
.github/workflows/release.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • slsa-framework/slsa-github-generator X.Y.Z
  • slsa-framework/slsa-verifier v2.6.0@3714a2a4684014deb874a0e737dffa0ee02dd647
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
.github/workflows/scorecards.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • ossf/scorecard-action v2.4.0@62b2cac7ed8198b15735ed49ab1e5cf35480ba46
  • actions/upload-artifact v4.6.0@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
  • github/codeql-action v3.28.1@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c
.github/workflows/update-actions-dist-post-commit.yml
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/upload-artifact v4.6.0@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
  • actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
  • actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16
gomod
go.mod
  • go 1.23.2
  • go 1.23.5
  • github.com/docker/go v1.5.1-1
  • github.com/go-openapi/runtime v0.28.0
  • github.com/google/go-cmp v0.6.0
  • github.com/in-toto/in-toto-golang v0.9.0
  • github.com/secure-systems-lab/go-securesystemslib v0.9.0
  • github.com/sigstore/rekor v1.3.8
  • github.com/sigstore/sigstore v1.8.12
  • github.com/google/go-containerregistry v0.20.3
  • github.com/gorilla/mux v1.8.1
  • github.com/in-toto/attestation v1.1.0
  • github.com/sigstore/cosign/v2 v2.4.1
  • github.com/sigstore/sigstore-go v0.6.2
  • github.com/slsa-framework/slsa-github-generator v1.10.0
  • github.com/spf13/cobra v1.8.1
  • golang.org/x/mod v0.25.0
  • sigs.k8s.io/release-utils v0.9.0
  • github.com/sigstore/fulcio v1.6.5
  • github.com/sigstore/protobuf-specs v0.3.3
  • golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476@dcc06ee1d476
  • google.golang.org/protobuf v1.36.3
maven
experimental/maven-plugin/pom.xml
  • org.apache.maven:maven-core 3.9.9
  • org.apache.maven:maven-plugin-api 3.9.9
  • org.apache.maven.plugin-tools:maven-plugin-annotations 3.15.1
  • org.apache.maven:maven-project 2.2.1
  • org.twdata.maven:mojo-executor 2.4.0
npm
actions/installer/package.json
  • @actions/core ^1.9.1
  • @actions/exec ^1.1.1
  • @actions/github ^6.0.0
  • @actions/io ^1.1.2
  • @actions/tool-cache ^2.0.1
  • nodejs ^0.0.0
  • @types/jasmine 4.6.4
  • @types/node 18.19.33
  • @vercel/ncc 0.38.1
  • eslint 8.57.0
  • eslint-plugin-github 4.10.2
  • eslint-plugin-prettier 5.1.3
  • jasmine 5.1.0
  • typescript 5.4.3
  • typescript-eslint 7.5.0
package.json
  • markdown-toc 1.2.0
  • renovate 37.374.1
  • autolinker ^4.0.0
pip_requirements
requirements-lint.txt
  • pathspec ==0.12.1
  • PyYAML ==6.0.2
  • yamllint ==1.35.1
  • [ ] Check this box to trigger a request for Renovate to run again on this repository

forking-renovate[bot] avatar Jun 29 '22 21:06 forking-renovate[bot]