Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Repository Problems

These problems occurred while renovating this repository. View logs.

• ⚠️ WARN: Package lookup failures

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package github/codeql-action).

Files affected: .github/workflows/scorecard.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update github/codeql-action digest to c10b806
• chore(deps): update golang:1.25 docker digest to fad20fa
• chore(deps): update golang:alpine docker digest to c2a1f7b
• chore(deps): update dependency go to v1.26.2
• chore(deps): update step-security/harden-runner action to v2.17.0
• fix(deps): update module github.com/fatih/color to v1.19.0
• fix(deps): update module github.com/hashicorp/copywrite to v0.25.2
• fix(deps): update module golang.org/x/mod to v0.35.0
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• chore(deps): update golang docker tag to v1.26

Detected Dependencies

dockerfile (2)

.devcontainer/Dockerfile (2)

• golang 1.25@sha256:5a79b94c34c299ac0361fbb7c7fca6dc552e166b42341050323fa3ab137d7be9 → [Updates: 1.26, 1.25]
• mcr.microsoft.com/vscode/devcontainers/base debian@sha256:aa263c6fdd7c1bc990eead3922224fe8afbf5d85eaf3b6b9260786ab94d74933

Dockerfile (2)

• golang alpine@sha256:f6751d823c26342f9506c03797d2527668d095b0a15f1862cddb4d927a7a4ced → [Updates: alpine]
• alpine 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659

github-actions (5)

.github/workflows/build.yaml (13)

• step-security/harden-runner v2.16.1@fe104658747b27e96e4f7e80cd0a94068e53901d → [Updates: v2.17.0]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• goreleaser/goreleaser-action v7.0.0@ec59f474b9834571250b370d4735c50f8e2d1e29
• cloudsmith-io/action v0.6.14@7af394e0f8add4867bce109385962dafecad1b8d
• cloudsmith-io/action v0.6.14@7af394e0f8add4867bce109385962dafecad1b8d
• step-security/harden-runner v2.16.1@fe104658747b27e96e4f7e80cd0a94068e53901d → [Updates: v2.17.0]
• docker/setup-qemu-action v4.0.0@ce360397dd3f832beb865e1373c09c0e9f86d70a
• docker/setup-buildx-action v4.0.0@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
• docker/login-action v4.1.0@4907a6ddec9925e35a0a9e82d7399ccc52663121
• docker/build-push-action v7.0.0@d08e5c354a6adb9ed34480a06d141179aa583294
• step-security/harden-runner v2.16.1@fe104658747b27e96e4f7e80cd0a94068e53901d → [Updates: v2.17.0]
• mislav/bump-homebrew-formula-action v4.1@ccf2332299a883f6af50a1d2d41e5df7904dd769

.github/workflows/codeql.yml (4)

• step-security/harden-runner v2.16.1@fe104658747b27e96e4f7e80cd0a94068e53901d → [Updates: v2.17.0]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• github/codeql-action v4@38697555549f1db7851b81482ff19f1fa5c4fedc → [Updates: v4]
• github/codeql-action v4@38697555549f1db7851b81482ff19f1fa5c4fedc → [Updates: v4]

.github/workflows/dependency-review.yml (3)

• step-security/harden-runner v2.16.1@fe104658747b27e96e4f7e80cd0a94068e53901d → [Updates: v2.17.0]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/dependency-review-action v4.9.0@2031cfc080254a8a887f58cffee85186f0e49e48

.github/workflows/scorecard.yml (5)

• step-security/harden-runner v2.16.1@fe104658747b27e96e4f7e80cd0a94068e53901d → [Updates: v2.17.0]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• ossf/scorecard-action v2.4.3@4eaacf0543bb3f2c246792bd56e8cdeffafb205a
• actions/upload-artifact v7.0.0@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
• github/codeql-action 4.35.1@c10b8064de6f491fea524254123dbe5e09572f13

.github/workflows/test.yml (16)

• step-security/harden-runner v2.16.1@fe104658747b27e96e4f7e80cd0a94068e53901d → [Updates: v2.17.0]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• hashicorp/setup-terraform v4.0.0@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• step-security/harden-runner v2.16.1@fe104658747b27e96e4f7e80cd0a94068e53901d → [Updates: v2.17.0]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• hashicorp/setup-terraform v4.0.0@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• step-security/harden-runner v2.16.1@fe104658747b27e96e4f7e80cd0a94068e53901d → [Updates: v2.17.0]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• hashicorp/setup-terraform v4.0.0@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• step-security/harden-runner v2.16.1@fe104658747b27e96e4f7e80cd0a94068e53901d → [Updates: v2.17.0]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• hashicorp/setup-terraform v4.0.0@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c

gomod (1)

go.mod (14)

• go 1.24.0
• go 1.25.7 → [Updates: 1.26.2]
• github.com/arsham/figurine v1.3.0
• github.com/awalterschulze/gographviz v2.0.3+incompatible
• github.com/briandowns/spinner v1.23.2
• github.com/caarlos0/env/v11 v11.4.0
• github.com/fatih/color v1.18.0 → [Updates: v1.19.0]
• github.com/hashicorp/copywrite v0.24.2 → [Updates: v0.25.2]
• github.com/hashicorp/terraform-exec v0.25.0
• github.com/jwalton/go-supportscolor v1.2.0
• github.com/mattn/go-colorable v0.1.14
• github.com/spf13/cobra v1.10.2
• github.com/spf13/pflag v1.0.10
• golang.org/x/mod v0.33.0 → [Updates: v0.35.0]

---

• Check this box to trigger a request for Renovate to run again on this repository