Configure Renovate

[renovate-bot]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• .github/actions/secops-test-report/action.yml (github-actions)
• .github/actions/tests-setup/action.yml (github-actions)
• .github/workflows/linting.yml (github-actions)
• .github/workflows/tests.yml (github-actions)
• pipelines/detection-as-code/.github/workflows/secops.yaml (github-actions)
• pipelines/parsers-as-code/.github/workflows/secops.yaml (github-actions)
• pipelines/response-as-code/.github/workflows/pull.yaml (github-actions)
• pipelines/response-as-code/.github/workflows/sync.yaml (github-actions)
• pipelines/response-as-code/.gitlab-ci.yml (gitlabci)
• pipelines/detection-as-code/.gitlab-ci.yml (gitlabci)
• blueprints/secops-anonymization-pipeline/source/requirements.txt (pip_requirements)
• blueprints/secops-archiver/source/requirements.txt (pip_requirements)
• blueprints/secops-tenant/source/cai_to_pubsub_function/requirements.txt (pip_requirements)
• blueprints/secops-tenant/source/scc_to_secops_function/requirements.txt (pip_requirements)
• pipelines/detection-as-code/scripts/requirements.txt (pip_requirements)
• pipelines/parsers-as-code/requirements.txt (pip_requirements)
• pipelines/response-as-code/requirements.txt (pip_requirements)
• tools/requirements.txt (pip_requirements)
• blueprints/bindplane-gke/main.tf (terraform)
• blueprints/secops-anonymization-pipeline/main.tf (terraform)
• blueprints/secops-archiver/main.tf (terraform)
• blueprints/secops-gke-forwarder/main.tf (terraform)
• blueprints/secops-gke-forwarder/secops-forwarder-deployment/main.tf (terraform)
• blueprints/secops-gke-forwarder/secops-forwarder-deployment/versions_override.tf (terraform)
• blueprints/secops-instance/main.tf (terraform)
• blueprints/secops-instance/secops-providers.tf (terraform)
• blueprints/secops-instance/secops.tf (terraform)
• blueprints/secops-instance/secrets.tf (terraform)
• blueprints/secops-instance/versions.tf (terraform)
• blueprints/secops-instance/workspace.tf (terraform)
• blueprints/secops-tenant-factory/main.tf (terraform)
• blueprints/secops-tenant-factory/secops-providers.tf (terraform)
• blueprints/secops-tenant-factory/versions.tf (terraform)
• blueprints/secops-tenant/cai.tf (terraform)
• blueprints/secops-tenant/log-sink.tf (terraform)
• blueprints/secops-tenant/main.tf (terraform)
• blueprints/secops-tenant/scc.tf (terraform)
• blueprints/secops-tenant/secops-providers.tf (terraform)
• blueprints/secops-tenant/secrets.tf (terraform)
• blueprints/secops-tenant/versions.tf (terraform)
• modules/secops-data-rbac/versions.tf (terraform)
• modules/secops-data-rbac/versions.tofu (terraform)
• modules/secops-rules/versions.tf (terraform)
• modules/secops-rules/versions.tofu (terraform)
• tools/lockfile/default-versions_override.tf (terraform)
• tools/lockfile/versions.tf (terraform)
• tools/lockfile/versions.tofu (terraform)
• .tflint.hcl (tflint-plugin)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Hopefully safe environment variables to allow users to configure.
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 18 Pull Requests:

Update dependency requests to v2.32.4 [SECURITY]

• Branch name: renovate/pypi-requests-vulnerability
• Merge into: main
• Upgrade requests to ==2.32.4

Update dependency click to v8.3.0

• Schedule: ["at any time"]
• Branch name: renovate/click-8.x
• Merge into: main
• Upgrade click to ==8.3.0

Update dependency jwt to v1.4.0

• Schedule: ["at any time"]
• Branch name: renovate/jwt-1.x
• Merge into: main
• Upgrade jwt to ==1.4.0

Update pmeier/pytest-results-action action to v0.7.2

• Schedule: ["at any time"]
• Branch name: renovate/pmeier-pytest-results-action-0.x
• Merge into: main
• Upgrade pmeier/pytest-results-action to 20b595761ba9bf89e115e875f8bc863f913bc8ad

Update python Docker tag to v3.14

• Schedule: ["at any time"]
• Branch name: renovate/python-3.x
• Merge into: main
• Upgrade python to 3.14
• Upgrade python to 3.14

Update Terraform restful to v0.23.0

• Schedule: ["at any time"]
• Branch name: renovate/restful-0.x
• Merge into: main
• Upgrade restful to 0.23.0

Update actions/checkout action to v5

• Schedule: ["at any time"]
• Branch name: renovate/actions-checkout-5.x
• Merge into: main
• Upgrade actions/checkout to v5

Update actions/download-artifact action to v5

• Schedule: ["at any time"]
• Branch name: renovate/major-github-artifact-actions
• Merge into: main
• Upgrade actions/download-artifact to v5

Update actions/github-script action to v8

• Schedule: ["at any time"]
• Branch name: renovate/actions-github-script-8.x
• Merge into: main
• Upgrade actions/github-script to v8

Update actions/setup-python action to v6

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-python-6.x
• Merge into: main
• Upgrade actions/setup-python to v6

Update google-github-actions/auth action to v3

• Schedule: ["at any time"]
• Branch name: renovate/google-github-actions-auth-3.x
• Merge into: main
• Upgrade google-github-actions/auth to v3

Update google-github-actions/setup-gcloud action to v3

• Schedule: ["at any time"]
• Branch name: renovate/google-github-actions-setup-gcloud-3.x
• Merge into: main
• Upgrade google-github-actions/setup-gcloud to v3

Update hashicorp/setup-terraform action to v3

• Schedule: ["at any time"]
• Branch name: renovate/hashicorp-setup-terraform-3.x
• Merge into: main
• Upgrade hashicorp/setup-terraform to v3.1.2

Update Terraform github to v6

• Schedule: ["at any time"]
• Branch name: renovate/github-6.x
• Merge into: main
• Upgrade github to ~> 6.0

Update Terraform google to v7

• Schedule: ["at any time"]
• Branch name: renovate/google-7.x
• Merge into: main
• Upgrade google to < 8.0.0

Update Terraform google-beta to v7

• Schedule: ["at any time"]
• Branch name: renovate/google-beta-7.x
• Merge into: main
• Upgrade google-beta to < 8.0.0

Update Terraform mongodbatlas to v2

• Schedule: ["at any time"]
• Branch name: renovate/mongodbatlas-2.x
• Merge into: main
• Upgrade mongodbatlas to ~> 2.0

Update terraform-linters/setup-tflint action to v6

• Schedule: ["at any time"]
• Branch name: renovate/terraform-linters-setup-tflint-6.x
• Merge into: main
• Upgrade terraform-linters/setup-tflint to v6

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.