This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.View this repository on the Mend.io Web Portal .
Awaiting Schedule
The following updates are awaiting their schedule. To get an update now, click on a checkbox below.
Rate-Limited
The following updates are currently rate-limited. To force their creation now, click on a checkbox below.
Open
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
fix(deps): update dependency werkzeug to v3.1.6 [security] chore(deps): update dependency webpack to v5.104.1 [security] fix(deps): update dependency requests to v2.33.0 [security] fix(deps): update module github.com/go-git/go-git/v5 to v5.17.1 [security] chore(deps): update gcr.io/distroless/base-debian12 docker digest to 9dce90e chore(deps): update gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine docker digest to 30b3a54 chore(deps): update ubuntu:22.04 docker digest to eb29ed2 fix(deps): update github.com/ossf/osv-schema/bindings/go digest to 2a6a0b9 chore(deps): update website-frontend (html-webpack-plugin, mini-css-extract-plugin, sass)chore(deps): update golang docker tag to v1.26.2 chore(deps): update node.js to v20.20.2 chore(deps): update workflows (actions/checkout, actions/setup-go, actions/setup-node, actions/setup-python, github/codeql-action, ossf/scorecard-action, pypa/gh-action-pypi-publish, python)fix(deps): update api (google-cloud-logging, google-cloud-ndb, mypy-protobuf, pylint)fix(deps): update docs (github.com/grpc-ecosystem/grpc-gateway/v2, google.golang.org/grpc/cmd/protoc-gen-go-grpc, google.golang.org/protobuf, http_parser.rb, webrick)fix(deps): update functions (google-cloud-secret-manager, osv)fix(deps): update indexer (cloud.google.com/go/datastore, cloud.google.com/go/pubsub, cloud.google.com/go/storage, github.com/golang/glog, golang.org/x/sync, google.golang.org/api)fix(deps): update module golang.org/x/sync to v0.20.0 fix(deps): update osv-lib (attrs, google-cloud-logging, google-cloud-ndb, google-cloud-storage, grpcio, grpcio-tools, jsonschema, mypy-protobuf, packageurl-python, pygit2, pylint, pyyaml)fix(deps): update tools (cloud.google.com/go/datastore, google-cloud-ndb, google-cloud-pubsub, google.golang.org/api, pylint, pyyaml)fix(deps): update vulnfeeds (cloud.google.com/go/logging, cloud.google.com/go/secretmanager, github.com/atombender/go-jsonschema, golang, golang.org/x/exp, pandas, pylint)fix(deps): update website-backend (Flask-Compress, cvss, google-auth, google-cloud-logging, google-cloud-ndb, markdown2, packageurl-python, pylint, whitenoise)Click on this checkbox to rebase all open PRs at once
PR Closed (Blocked)
The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.
Detected Dependencies
bundler (1)
docs/Gemfile (6)
github-pages lock file @ 232jekyll-feed "~> 0.12"tzinfo ">= 1", "< 3"wdm "~> 0.2.0"http_parser.rb "~> 0.6.0" → [Updates: "~> 0.8.0"]webrick "~> 1.7" → [Updates: "~> 1.7"]
cloudbuild (4)
cloudbuild.yaml
docker/terraform/cloudbuild.yaml
vulnfeeds/cloudbuild.yaml
vulnfeeds/pypi/cloudbuild.yaml
dockerfile (23)
actions/analyze/Dockerfile
docker/ci/Dockerfile
docker/deployment/Dockerfile (1)
ubuntu 22.04@sha256:ed1544e454989078f5dec1bfdabd8c5cc9c48e0705d07b678ab6ae3fb61952d2 → [Updates: 24.04, 22.04]
docker/terraform/Dockerfile (2)
golang 1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386 → [Updates: 1.26.2-alpine]gcr.io/google.com/cloudsdktool/google-cloud-cli alpine@sha256:5b9ce432f4f2230e7bfd02f51d6c97ec952456a6910c33c1542dc7cffbb80dcf → [Updates: alpine]
docker/worker-base/Dockerfile (1)
ubuntu 20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b → [Updates: 24.04, 20.04]
gcp/api/Dockerfile
gcp/api/Dockerfile.esp (1)
gcr.io/endpoints-release/endpoints-runtime 2
gcp/indexer/Dockerfile (2)
golang 1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386 → [Updates: 1.26.2-alpine]gcr.io/distroless/base-debian12 sha256:74ddbf52d93fafbdd21b399271b0b4aac1babf8fa98cab59e5692e01169a1348 → [Updates: undefined]
gcp/website/Dockerfile (1)
node 20.18@sha256:bcf90f85634194bc51e92f8add1221c7fdeeff94b7f1ff360aeaa7498086d641 → [Updates: 20.20, 24.14]
gcp/workers/alias/Dockerfile
gcp/workers/cron/Dockerfile
gcp/workers/exporter/Dockerfile
gcp/workers/importer/Dockerfile
gcp/workers/staging_api_test/Dockerfile
gcp/workers/worker/Dockerfile
vulnfeeds/cmd/alpine/Dockerfile (2)
golang 1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386 → [Updates: 1.26.2-alpine]gcr.io/google.com/cloudsdktool/google-cloud-cli 485.0.0-alpine@sha256:d5da0344b23d03a6f2728657732c7a60300a91acaad9b8076c6fd30b1dfe1ff4 → [Updates: 565.0.0-alpine]
vulnfeeds/cmd/combine-to-osv/Dockerfile (2)
golang 1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386 → [Updates: 1.26.2-alpine]gcr.io/google.com/cloudsdktool/google-cloud-cli 485.0.0-alpine@sha256:d5da0344b23d03a6f2728657732c7a60300a91acaad9b8076c6fd30b1dfe1ff4 → [Updates: 565.0.0-alpine]
vulnfeeds/cmd/cpe-repo-gen/Dockerfile (2)
golang 1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386 → [Updates: 1.26.2-alpine]gcr.io/google.com/cloudsdktool/google-cloud-cli 485.0.0-alpine@sha256:d5da0344b23d03a6f2728657732c7a60300a91acaad9b8076c6fd30b1dfe1ff4 → [Updates: 565.0.0-alpine]
vulnfeeds/cmd/debian-copyright-mirror/Dockerfile (1)
gcr.io/google.com/cloudsdktool/google-cloud-cli 485.0.0-alpine@sha256:d5da0344b23d03a6f2728657732c7a60300a91acaad9b8076c6fd30b1dfe1ff4 → [Updates: 565.0.0-alpine]
vulnfeeds/cmd/debian/Dockerfile (2)
golang 1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386 → [Updates: 1.26.2-alpine]gcr.io/google.com/cloudsdktool/google-cloud-cli 485.0.0-alpine@sha256:d5da0344b23d03a6f2728657732c7a60300a91acaad9b8076c6fd30b1dfe1ff4 → [Updates: 565.0.0-alpine]
vulnfeeds/cmd/download-cves/Dockerfile (2)
golang 1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386 → [Updates: 1.26.2-alpine]gcr.io/google.com/cloudsdktool/google-cloud-cli 485.0.0-alpine@sha256:d5da0344b23d03a6f2728657732c7a60300a91acaad9b8076c6fd30b1dfe1ff4 → [Updates: 565.0.0-alpine]
vulnfeeds/cmd/nvd-cve-osv/Dockerfile (2)
golang 1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386 → [Updates: 1.26.2-alpine]gcr.io/google.com/cloudsdktool/google-cloud-cli 485.0.0-alpine@sha256:d5da0344b23d03a6f2728657732c7a60300a91acaad9b8076c6fd30b1dfe1ff4 → [Updates: 565.0.0-alpine]
vulnfeeds/tools/debian/Dockerfile (1)
gcr.io/google.com/cloudsdktool/google-cloud-cli 485.0.0-alpine@sha256:d5da0344b23d03a6f2728657732c7a60300a91acaad9b8076c6fd30b1dfe1ff4 → [Updates: 565.0.0-alpine]
github-actions (11)
.github/workflows/codeql-analysis.yml (4)
actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v4.3.1, v6.0.2]github/codeql-action v3.28.12@5f8171a638ada777af81d42b55959a643bb29017 → [Updates: v3.35.1, v4.35.2]github/codeql-action v3.28.12@5f8171a638ada777af81d42b55959a643bb29017 → [Updates: v3.35.1, v4.35.2]github/codeql-action v3.28.12@5f8171a638ada777af81d42b55959a643bb29017 → [Updates: v3.35.1, v4.35.2]
.github/workflows/issue-signposting.yml
.github/workflows/link-checker-on-push.yml (1)
actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v4.3.1, v6.0.2]
.github/workflows/link-checker.yml (1)
actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v4.3.1, v6.0.2]
.github/workflows/lint.yaml (6)
actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v4.3.1, v6.0.2]actions/setup-python v5.4.0@42375524e23c412d93fb67b49958b491fce71c38 → [Updates: v5.6.0, v6.2.0]actions/setup-go v5.4.0@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b → [Updates: v5.6.0, v6.4.0]hashicorp/setup-terraform v3.1.2@b9cd54a3c349d3f38e8881555d616ced269862dd → [Updates: v4.0.0]python 3.13 → [Updates: 3.14]go >=1.23.6
.github/workflows/osv-scanner-unified.yml (2)
google/osv-scanner-action maingoogle/osv-scanner-action main
.github/workflows/pr-check.yml (1)
amannn/action-semantic-pull-request v5.5.3@0723387faaf9b38adef4775cd42cfd5155ed6017 → [Updates: v6.1.1]
.github/workflows/publish-to-pypi.yaml (4)
actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v4.3.1, v6.0.2]actions/setup-python v5.4.0@42375524e23c412d93fb67b49958b491fce71c38 → [Updates: v5.6.0, v6.2.0]pypa/gh-action-pypi-publish v1.12.4@76f52bc884231f62b9a034ebfe128415bbaabdfc → [Updates: v1.14.0]python 3.11 → [Updates: 3.14]
.github/workflows/renovate-validator.yml (2)
actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v4.3.1, v6.0.2]actions/setup-node v4.3.0@cdca7365b2dadb8aad0a33bc7601856ffabcc48e → [Updates: v4.4.0, v6.3.0]
.github/workflows/scorecards.yml (4)
actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v4.3.1, v6.0.2]ossf/scorecard-action v2.4.1@f49aabe0b5af0936a0987cfb85d86b75731b0186 → [Updates: v2.4.3]actions/upload-artifact v4.6.2@ea165f8d65b6e75b540449e92b4886f43607fa02 → [Updates: v7.0.1]github/codeql-action v2.28.1@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 → [Updates: v4.35.2]
.github/workflows/staleness.yml (1)
actions/stale v9.1.0@5bef64f19d7facfb25b37b414482c7164d639639 → [Updates: v10.2.0]
gomod (6)
docs/go.mod (4)
go 1.23.6github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 → [Updates: v2.28.0]google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 → [Updates: v1.6.1]google.golang.org/protobuf v1.36.5 → [Updates: v1.36.11]
gcp/indexer/go.mod (10)
go 1.23.6cloud.google.com/go/datastore v1.20.0 → [Updates: v1.22.0]cloud.google.com/go/pubsub v1.47.0 → [Updates: v1.50.2, v2.6.0]cloud.google.com/go/storage v1.50.0 → [Updates: v1.62.1]github.com/go-git/go-git/v5 v5.14.0 → [Updates: v5.17.1]github.com/golang/glog v1.2.4 → [Updates: v1.2.5]github.com/google/go-cmp v0.7.0golang.org/x/sync v0.12.0 → [Updates: v0.20.0]google.golang.org/api v0.225.0 → [Updates: v0.276.0]gopkg.in/yaml.v3 v3.0.1
go/go.mod (4)
go 1.23.7github.com/google/go-cmp v0.7.0github.com/ossf/osv-schema/bindings/go v0.0.0-20250318011049-e4c58d9a4a9e@e4c58d9a4a9e → [Updates: v0.0.0-20260331231022-2a6a0b9b0ccd]golang.org/x/sync v0.12.0 → [Updates: v0.20.0]
tools/datastore-remover/go.mod (3)
go 1.23.6cloud.google.com/go/datastore v1.20.0 → [Updates: v1.22.0]google.golang.org/api v0.225.0 → [Updates: v0.276.0]
tools/indexer-api-caller/go.mod (1)
vulnfeeds/go.mod (12)
go 1.23.6cloud.google.com/go/logging v1.13.0 → [Updates: v1.16.0]cloud.google.com/go/secretmanager v1.14.6 → [Updates: v1.19.0]github.com/aquasecurity/go-pep440-version v0.0.1github.com/atombender/go-jsonschema v0.18.0 → [Updates: v0.23.0]github.com/go-git/go-git/v5 v5.14.0 → [Updates: v5.17.1]github.com/google/go-cmp v0.7.0github.com/google/osv-scanner v1.9.2 → [Updates: v2.3.5]github.com/knqyf263/go-cpe v0.0.0-20230627041855-cb0794d06872@cb0794d06872github.com/sethvargo/go-retry v0.3.0golang.org/x/exp v0.0.0-20250305212735-054e65f0b394@054e65f0b394 → [Updates: v0.0.0-20260410095643-746e56fc9e2f]gopkg.in/yaml.v2 v2.4.0 → [Updates: v3.0.1]
npm (1)
gcp/website/frontend3/package.json (20)
@github/clipboard-copy-element 1.3.0@hotwired/turbo 7.3.0 → [Updates: 8.0.21]@material/data-table 13.0.0 → [Updates: 14.0.0]@material/layout-grid 13.0.0 → [Updates: 14.0.0]@material/theme 13.0.0 → [Updates: 14.0.0]@material/web ^1.5.0 → [Updates: ^2.0.0]lit 2.8.0 → [Updates: 3.3.2]spicy-sections c3aae99dbf1e627cdf03a35c913d7f6e970de22bcopy-webpack-plugin 10.2.4 → [Updates: 14.0.0]css-loader 6.11.0 → [Updates: 7.1.4]html-webpack-plugin 5.6.3 → [Updates: 5.6.6]mini-css-extract-plugin 2.9.2 → [Updates: 2.10.2]raw-loader 4.0.2sass 1.86.0 → [Updates: 1.99.0]sass-loader 12.6.0 → [Updates: 16.0.7]style-loader 3.3.4 → [Updates: 4.0.0]webpack 5.98.0 → [Updates: 5.104.1]webpack-bundle-analyzer 4.10.2 → [Updates: 5.3.0]webpack-cli 4.10.0 → [Updates: 7.0.2]webpack-dev-server 4.15.2 → [Updates: 5.2.1]
poetry (7)
gcp/api/pyproject.toml (9)
google-cloud-ndb ==2.3.2 → [Updates: ==2.4.2]google-cloud-logging ==3.11.4 → [Updates: ==3.15.0]packaging ==24.2 → [Updates: ==26.1]requests ==2.32.3 → [Updates: ==2.33.0]google-cloud-profiler ==4.1.0poetry-core >=2.0.0mypy-protobuf ^3.6.0 → [Updates: ^3.6.0, ^5.0.0]yapf *pylint * → [Updates: *]
gcp/functions/pypi/pyproject.toml (5)
cryptography ==44.0.2 → [Updates: ==46.0.6]google-cloud-secret-manager ==2.23.2 → [Updates: ==2.27.0]osv ==0.0.22 → [Updates: ==0.1.2]requests ==2.32.3 → [Updates: ==2.33.0]poetry-core >=2.0.0
gcp/website/pyproject.toml (19)
Flask ==2.3.3 → [Updates: ==3.1.3]Flask-Caching ==2.3.1Flask-Compress ==1.17 → [Updates: ==1.24]werkzeug ==3.1.3 → [Updates: ==3.1.6]google-auth ==2.38.0 → [Updates: ==2.49.2]google-cloud-ndb ==2.3.2 → [Updates: ==2.4.2]google-cloud-logging ==3.11.4 → [Updates: ==3.15.0]jinja2 ==3.1.6markdown2 ==2.5.3 → [Updates: ==2.5.5]markupsafe ==2.1.5 → [Updates: ==3.0.3]packageurl-python ==0.16.0 → [Updates: ==0.17.6]redis ==4.6.0 → [Updates: ==7.4.0]requests ==2.32.3 → [Updates: ==2.33.0]gunicorn ==22.0.0 → [Updates: ==25.3.0]whitenoise ==6.9.0 → [Updates: ==6.12.0]cvss ==3.4 → [Updates: ==3.6]poetry-core >=2.0.0yapf *pylint * → [Updates: *]
gcp/workers/worker/pyproject.toml (14)
google-auth-httplib2 ==0.2.0 → [Updates: ==0.3.1]google-api-python-client ==2.165.0 → [Updates: ==2.194.0]google-cloud-pubsub ==2.28.0 → [Updates: ==2.37.0]google-cloud-ndb ==2.3.2 → [Updates: ==2.4.2]google-cloud-storage ==2.19.0 → [Updates: ==3.10.1]pyyaml ==6.0.2 → [Updates: ==6.0.3]redis ==5.2.1 → [Updates: ==5.3.1, ==7.4.0]packageurl-python ==0.16.0 → [Updates: ==0.17.6]pygit2 ==1.17.0 → [Updates: ==1.19.2]requests ==2.32.3 → [Updates: ==2.33.0]jsonschema ==4.23.0 → [Updates: ==4.26.0]poetry-core >=2.0.0yapf *pylint * → [Updates: *]
pyproject.toml (17)
google-cloud-ndb >=2.3 → [Updates: >=2.3]google-cloud-logging >=3.10 → [Updates: >=3.10]google-cloud-storage >=2.17 → [Updates: >=2.17]semver >=3.0packageurl-python ==0.16.0 → [Updates: ==0.17.6]pyyaml >=6.0 → [Updates: >=6.0]pygit2 >=1.14.0 → [Updates: >=1.14.0]attrs >=23.2 → [Updates: >=23.2]jsonschema >=4.0 → [Updates: >=4.0]grpcio >=1.0 → [Updates: >=1.0]packaging-legacy >=23.0.post0requests >=2.32 → [Updates: >=2.32]poetry-core >=2.0.0yapf *pylint * → [Updates: *]grpcio-tools * → [Updates: *]mypy-protobuf ^3.6.0 → [Updates: ^3.6.0, ^5.0.0]
tools/datafix/pyproject.toml (7)
google-cloud-ndb ==2.3.2 → [Updates: ==2.4.2]google-cloud-storage ==2.19.0 → [Updates: ==3.10.1]pyyaml ==6.0.2 → [Updates: ==6.0.3]google-cloud-pubsub >=2.25.2 → [Updates: >=2.25.2]poetry-core >=2.0.0yapf *pylint * → [Updates: *]
vulnfeeds/tools/debian/debian_converter/pyproject.toml (6)
markdownify ==0.14.1 → [Updates: ==1.2.2]pandas ==2.2.3 → [Updates: ==2.3.3, ==3.0.2]python-dateutil ==2.9.0.post0poetry-core >=2.0.0yapf *pylint * → [Updates: *]
terraform (3)
deployment/terraform/environments/oss-vdb-test/main.tf (4)
external ~> 2.3.3 → [Updates: ~> 2.3.3]google ~> 5.45.0 → [Updates: ~> 7.28.0]google-beta ~> 5.45.0 → [Updates: ~> 7.28.0]null ~> 3.2.2 → [Updates: ~> 3.2.2]
deployment/terraform/environments/oss-vdb/main.tf (4)
external ~> 2.3.3 → [Updates: ~> 2.3.3]google ~> 5.45.0 → [Updates: ~> 7.28.0]google-beta ~> 5.45.0 → [Updates: ~> 7.28.0]null ~> 3.2.2 → [Updates: ~> 3.2.2]
deployment/terraform/modules/osv/website.tf (1)
terraform-google-modules/lb-http/google ~> 10.0 → [Updates: ~> 14.0]
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.
Awaiting Schedule
The following updates are awaiting their schedule. To get an update now, click on a checkbox below.
external,null)Rate-Limited
The following updates are currently rate-limited. To force their creation now, click on a checkbox below.
google-api-python-client,google-auth-httplib2,google-cloud-ndb,google-cloud-pubsub,jsonschema,packageurl-python,pygit2,pylint,pyyaml,redis)Open
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
html-webpack-plugin,mini-css-extract-plugin,sass)actions/checkout,actions/setup-go,actions/setup-node,actions/setup-python,github/codeql-action,ossf/scorecard-action,pypa/gh-action-pypi-publish,python)google-cloud-logging,google-cloud-ndb,mypy-protobuf,pylint)github.com/grpc-ecosystem/grpc-gateway/v2,google.golang.org/grpc/cmd/protoc-gen-go-grpc,google.golang.org/protobuf,http_parser.rb,webrick)google-cloud-secret-manager,osv)cloud.google.com/go/datastore,cloud.google.com/go/pubsub,cloud.google.com/go/storage,github.com/golang/glog,golang.org/x/sync,google.golang.org/api)attrs,google-cloud-logging,google-cloud-ndb,google-cloud-storage,grpcio,grpcio-tools,jsonschema,mypy-protobuf,packageurl-python,pygit2,pylint,pyyaml)cloud.google.com/go/datastore,google-cloud-ndb,google-cloud-pubsub,google.golang.org/api,pylint,pyyaml)cloud.google.com/go/logging,cloud.google.com/go/secretmanager,github.com/atombender/go-jsonschema,golang,golang.org/x/exp,pandas,pylint)Flask-Compress,cvss,google-auth,google-cloud-logging,google-cloud-ndb,markdown2,packageurl-python,pylint,whitenoise)PR Closed (Blocked)
The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.
Detected Dependencies
bundler (1)
cloudbuild (4)
dockerfile (23)
github-actions (11)
gomod (6)
npm (1)
poetry (7)
terraform (3)