Dependency Dashboard

[renovate-sh-app]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Note

These dependencies have not received updates for an extended period and may be unmaintained:

View abandoned dependencies (4)

Datasource	Name	Last Updated
github-actions	grafana/issue-team-scheduler	2024-08-09
gomod	github.com/go-kit/log	2022-04-27
gomod	github.com/google/go-github	2018-08-10
gomod	gopkg.in/yaml.v2	2022-05-27

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release.
Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update actions/checkout action to v3.6.0
• chore(deps): update docker/build-push-action action to v5.4.0
• chore(deps): update docker/login-action action to v3.6.0
• chore(deps): update docker/metadata-action action to v5.10.0
• chore(deps): update golang docker tag to v1.25
• chore(deps): update grafana/issue-team-scheduler action to v0.16
• fix(deps): update module github.com/stretchr/testify to v1.11.1
• fix(deps): update module google.golang.org/api to v0.257.0
• chore(deps): update actions/checkout action to v6
• chore(deps): update actions/setup-go action to v6
• chore(deps): update docker/build-push-action action to v6
• fix(deps): update module gopkg.in/yaml.v2 to v3
• 🔐 Create all rate-limited PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update module golang.org/x/crypto to v0.45.0 [security]
• chore(deps): update module golang.org/x/net to v0.38.0 [security]
• fix(deps): update module golang.org/x/oauth2 to v0.27.0 [security]
• chore(deps): pin dependencies (actions/checkout, actions/setup-go, docker/build-push-action, docker/login-action, docker/metadata-action, golang, grafana/issue-team-scheduler)
• fix(deps): update github.com/emersion/go-ical digest to 439c63c
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

16/16 CVEs have Renovate fixes.

gomod

go.mod

golang.org/x/oauth2

• GO-2025-3488 (fixed in >= 0.27.0)
• GHSA-6v2p-p543-phr9 (fixed in >= 0.27.0)

golang.org/x/crypto

• GO-2024-3321 (fixed in >= 0.31.0)
• GO-2025-3487 (fixed in >= 0.35.0)
• GHSA-hcg3-q754-cr77 (fixed in >= 0.35.0)
• GO-2025-4116 (fixed in >= 0.43.0)
• GHSA-f6x5-jh6r-wrfv (fixed in >= 0.45.0)
• GHSA-v778-237x-gjrc (fixed in >= 0.31.0)
• GO-2025-4134 (fixed in >= 0.45.0)
• GO-2025-4135 (fixed in >= 0.45.0)
• GHSA-j5w8-q4qc-rx2x (fixed in >= 0.45.0)

golang.org/x/net

• GO-2025-3595 (fixed in >= 0.38.0)
• GHSA-vvgc-356p-c3xw (fixed in >= 0.38.0)
• GO-2024-3333 (fixed in >= 0.33.0)
• GO-2025-3503 (fixed in >= 0.36.0)
• GHSA-qxp5-gwg8-xv66 (fixed in >= 0.36.0)

Detected Dependencies

dockerfile

Dockerfile.ic-assignment

• golang 1.22-alpine

Dockerfile.regex-labeler

• golang 1.22-alpine

github-actions

.github/workflows/label_issues.yml

• actions/checkout v3.3.0
• grafana/issue-team-scheduler v0.4

.github/workflows/publish.yml

• actions/checkout v3
• docker/login-action v3.1.0
• docker/metadata-action v5.5.1
• docker/build-push-action v5.3.0

.github/workflows/pull_request.yml

• actions/checkout v3
• actions/setup-go v4
• go 1.22

gomod

go.mod

• go 1.22.2
• github.com/go-kit/log v0.2.1
• github.com/google/go-github v17.0.0+incompatible
• github.com/stretchr/testify v1.9.0
• golang.org/x/oauth2 v0.19.0
• golang.org/x/crypto v0.22.0
• golang.org/x/net v0.24.0
• github.com/emersion/go-ical v0.0.0-20240127095438-fc1c9d8fb2b6@fc1c9d8fb2b6
• google.golang.org/api v0.176.1
• gopkg.in/yaml.v2 v2.4.0

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.