Dependency Dashboard

[renovate-sh-app]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Config Migration Needed

• Select this checkbox to let Renovate create an automated Config Migration PR.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Package lookup failures

Abandoned Dependencies

The following dependencies have not received updates for an extended period and may be unmaintained.

View abandoned dependencies (1)

[!NOTE]
Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Datasource	Package	Last Updated
github-actions	tibdex/github-app-token	2023-09-19

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update semgrep/semgrep docker tag to v1.163.0
• chore(deps): update actions/checkout action to v6
• chore(deps): update actions/github-script action to v9
• chore(deps): update astral-sh/setup-uv action to v8
• chore(deps): update dependabot/fetch-metadata action to v3
• chore(deps): update github artifact actions (major) (actions/download-artifact, actions/upload-artifact)
• chore(deps): update mshick/add-pr-comment action to v3
• 🔐 Create all rate-limited PRs at once 🔐

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package actions/checkout), Failed to look up github-tags package aquasecurity/trivy-action: no-result, Failed to look up github-releases package aquasecurity/trivy: no-result.

Files affected: trivy/action.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): pin dependencies (grafana/security-github-actions, semgrep/semgrep)
• chore(deps): update actions/checkout digest to 93cb6ef
• chore(deps): update snyk/actions digest to 8e119fb
• chore(deps): update actions/checkout action to v5.0.1
• chore(deps): update grafana/shared-workflows/create-github-app-token action to v0.2.3
• chore(deps): update grafana/shared-workflows/get-vault-secrets action to v1.3.2
• chore(deps): update actions/checkout action to v4.3.1
• chore(deps): update actions/upload-artifact action to v4.6.2
• chore(deps): update astral-sh/setup-uv action to v6.8.0
• chore(deps): update trufflesecurity/trufflehog docker tag to v3.95.3
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• chore(deps): update tibdex/github-app-token action to v2

Vulnerabilities

Renovate has not found any CVEs on osv.dev.

Detected Dependencies

github-actions (8)

.github/workflows/dependabot-automerge.yaml (2)

• tibdex/github-app-token v1@32691ba7c9e7063bd457bd8f2a5703138591fa58 → [Updates: v2]
• dependabot/fetch-metadata v1.7.0@8348ea7f5d949b08c7f125a44b569c9626b05db3 → [Updates: v3.1.0]

.github/workflows/org-required-trufflehog.yml (1)

• grafana/security-github-actions main → [Updates: main]

.github/workflows/periodic-zizmor.yaml (5)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• grafana/shared-workflows create-github-app-token/v0.2.2@ae92934a14a48b94494dbc06d74a81d47fe08a40 → [Updates: create-github-app-token/v0.2.3]
• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• astral-sh/setup-uv v6.7.0@b75a909f75acd358c2196fb9a5f1299a9a8868a4 → [Updates: v6.8.0, v8.1.0]
• actions/github-script v7@f28e40c7f34bde8b3046d885e986cb6290c5673b → [Updates: v9]

.github/workflows/reusable-trufflehog.yml (5)

• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332 → [Updates: v4.3.1, v6.0.2]
• mshick/add-pr-comment v2.8.2@b8f338c590a895d50bcbfa6c5859251edc8952fc → [Updates: v3.11.0]
• actions/upload-artifact v4.4.0@50769540e7f4bd5e21e526ee35c689e35e0d6874 → [Updates: v4.6.2, v7.0.1]
• grafana/shared-workflows get-vault-secrets/v1.3.1@f1614b210386ac420af6807a997ac7f6d96e477a → [Updates: get-vault-secrets/v1.3.2]
• actions/download-artifact v4@d3f86a106a0bac45b974a628896c90dbdf5c8093 → [Updates: v8]

.github/workflows/self-zizmor.yaml (1)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]

.github/workflows/semgrep.yaml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• semgrep/semgrep 1.152.0 → [Updates: 1.163.0, 1.152.0]

.github/workflows/snyk_monitor.yml (2)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• snyk/actions master@e2221410bff24446ba09102212d8bc75a567237d → [Updates: master]

trivy/action.yml (7)

• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
• actions/checkout 5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
• aquasecurity/trivy v0.69.3
• aquasecurity/trivy v0.69.3

regex (3)

.github/workflows/reusable-trufflehog.yml (1)

• trufflesecurity/trufflehog v3.94.0 → [Updates: v3.95.3]

.github/workflows/reusable-trufflehog.yml (1)

• trufflesecurity/trufflehog v3.94.0 → [Updates: v3.95.3]

pre-commit/trufflehog.sh (1)

• trufflesecurity/trufflehog 3.88.29@sha256:6375b4dd7d045656bf78f52ac5a6e992eff344da9def96f0953cda26f791ffb7 → [Updates: 3.95.3]

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.