Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Repository Problems

These problems occurred while renovating this repository. View logs.

• ⚠️ WARN: Package lookup failures

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• fix(deps): update github.com/aquasecurity/trivy-db digest to bd11dd4
• fix(deps): update k8s.io/kube-openapi digest to c903c40
• build(deps): update all dependencies updates (github.com/modelcontextprotocol/go-sdk, github.com/nats-io/nats-server/v2, github.com/stephenafamo/bob, release-drafter/release-drafter)
• build(deps): update github/codeql-action action to v4
• build(deps): lock file maintenance
• 🔐 Create all awaiting schedule PRs at once 🔐

---

Warning

Renovate failed to look up the following dependencies: Failed to look up go package github.com/avast/retry-go/v4: no-result, Failed to look up docker package kubewarden/sbomscanner/controller: no-result, Failed to look up docker package kubewarden/sbomscanner/storage: no-result, Failed to look up docker package kubewarden/sbomscanner/worker: no-result, Failed to look up docker package kubewarden/sbomscanner/mcp: no-result.

Files affected: go.mod, charts/sbomscanner/values.yaml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• build(deps): update kubernetes (k8s.io/api, k8s.io/apimachinery, k8s.io/apiserver, k8s.io/client-go, k8s.io/code-generator, k8s.io/component-base, sigs.k8s.io/controller-runtime)

Detected Dependencies

dockerfile (8)

Dockerfile.controller (1)

• golang 1.26.2

Dockerfile.mcp (1)

• golang 1.26.2

Dockerfile.storage (1)

• golang 1.26.2

Dockerfile.worker (1)

• golang 1.26.2

hack/Dockerfile.controller.tilt

hack/Dockerfile.mcp.tilt

hack/Dockerfile.storage.tilt

hack/Dockerfile.worker.tilt

github-actions (11)

.github/workflows/attestation.yml (4)

• sigstore/cosign-installer v4.1.1@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003
• docker/login-action v4.1.0@4907a6ddec9925e35a0a9e82d7399ccc52663121
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

.github/workflows/autolabeler.yaml (1)

• release-drafter/release-drafter v7.2.0@5de93583980a40bd78603b6dfdcda5b4df377b32 → [Updates: v7.2.1]

.github/workflows/ci.yml (13)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• codecov/codecov-action v6.0.0@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• azure/setup-helm v5.0.0@dda3372f752e03dde6b3237bc9431cdc2f7a02a2
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• golangci/golangci-lint-action v9.2.0@1e7e51e771db61008b38414a730f564565cf7c20
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• golangci/golangci-lint v2.11.4

.github/workflows/container-build.yml (11)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• sigstore/cosign-installer v4.1.1@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003
• docker/setup-buildx-action v4.0.0@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
• docker/login-action v4.1.0@4907a6ddec9925e35a0a9e82d7399ccc52663121
• docker/metadata-action v6.0.0@030e881283bb7a6894de51c315a6bfe6a94e05cf
• docker/build-push-action v7.1.0@bcafcacb16a39f128d818304e6c9c0c18556b85f
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• sigstore/cosign-installer v4.1.1@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003
• docker/login-action v4.1.0@4907a6ddec9925e35a0a9e82d7399ccc52663121
• docker/setup-buildx-action v4.0.0@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd

.github/workflows/e2e.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

.github/workflows/govulncheck.yml (4)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• golang/govulncheck-action v1.0.4@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee
• github/codeql-action v3.35.2@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a → [Updates: v4.35.2]
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

.github/workflows/release-drafter.yaml (1)

• release-drafter/release-drafter v7.2.0@5de93583980a40bd78603b6dfdcda5b4df377b32 → [Updates: v7.2.1]

.github/workflows/release.yml (4)

• actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3
• actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3

.github/workflows/update-charts.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• updatecli/updatecli-action v3.1.3@2c3221bc5f4499a99fec2c87d9de4a83cb30e990
• azure/setup-helm v5.0.0@dda3372f752e03dde6b3237bc9431cdc2f7a02a2

.github/workflows/updatecli.yaml (2)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• updatecli/updatecli-action v3.1.3@2c3221bc5f4499a99fec2c87d9de4a83cb30e990

.github/workflows/zizmor.yaml (2)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• zizmorcore/zizmor-action v0.5.3@b1d7e1fb5de872772f31590499237e7cce841e8e

gomod (1)

go.mod (42)

• go 1.26.2
• github.com/aquasecurity/trivy v0.70.0
• github.com/aquasecurity/trivy-db v0.0.0-20260421063530-722777bbcf5e@722777bbcf5e → [Updates: v0.0.0-20260429080452-bd11dd425d21]
• github.com/avast/retry-go/v4 v4.7.0
• github.com/aws/smithy-go v1.25.1
• github.com/docker/cli v29.4.1+incompatible
• github.com/docker/go-units v0.5.0
• github.com/go-logr/logr v1.4.3
• github.com/google/cel-go v0.28.0
• github.com/google/go-cmp v0.7.0
• github.com/google/go-containerregistry v0.21.5
• github.com/google/uuid v1.6.0
• github.com/jackc/pgx/v5 v5.9.2
• github.com/modelcontextprotocol/go-sdk v1.5.0 → [Updates: v1.6.0]
• github.com/nats-io/nats-server/v2 v2.12.8 → [Updates: v2.14.0]
• github.com/nats-io/nats.go v1.51.0
• github.com/onsi/ginkgo/v2 v2.28.3
• github.com/onsi/gomega v1.40.0
• github.com/spdx/tools-golang v0.5.7
• github.com/stephenafamo/bob v0.42.0 → [Updates: v0.43.0]
• github.com/stretchr/testify v1.11.1
• github.com/testcontainers/testcontainers-go v0.42.0
• github.com/testcontainers/testcontainers-go/modules/postgres v0.42.0
• github.com/testcontainers/testcontainers-go/modules/registry v0.42.0
• go.yaml.in/yaml/v3 v3.0.4
• golang.org/x/sync v0.20.0
• golang.org/x/time v0.15.0
• k8s.io/api v0.35.4 → [Updates: v0.36.0]
• k8s.io/apimachinery v0.35.4 → [Updates: v0.36.0]
• k8s.io/apiserver v0.35.4 → [Updates: v0.36.0]
• k8s.io/client-go v0.35.4 → [Updates: v0.36.0]
• k8s.io/code-generator v0.35.4 → [Updates: v0.36.0]
• k8s.io/component-base v0.35.4 → [Updates: v0.36.0]
• k8s.io/klog/v2 v2.140.0
• k8s.io/kube-openapi v0.0.0-20260414162039-ec9c827d403f@ec9c827d403f → [Updates: v0.0.0-20260430154526-c903c4073796]
• k8s.io/utils v0.0.0-20260319190234-28399d86e0b5@28399d86e0b5
• modernc.org/sqlite v1.50.0
• sigs.k8s.io/controller-runtime v0.23.3 → [Updates: v0.24.0]
• sigs.k8s.io/e2e-framework v0.7.0
• sigs.k8s.io/structured-merge-diff/v6 v6.4.0
• github.com/opencontainers/runtime-spec v1.3.0
• github.com/alegrey91/trivy v0.0.0-20260319044926-bda9710eb0c4@bda9710eb0c4

helm-values (1)

charts/sbomscanner/values.yaml (4)

• kubewarden/sbomscanner/controller v0.11.0-alpha1
• kubewarden/sbomscanner/storage v0.11.0-alpha1
• kubewarden/sbomscanner/worker v0.11.0-alpha1
• kubewarden/sbomscanner/mcp v0.11.0-alpha1

helmv3 (1)

charts/sbomscanner/Chart.yaml (1)

• nats 2.12.6

renovate-config (1)

renovate.json

---

• Check this box to trigger a request for Renovate to run again on this repository