Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Config Migration Needed

• Select this checkbox to let Renovate create an automated Config Migration PR.

Repository Problems

These problems occurred while renovating this repository. View logs.

• ⚠️ WARN: Package lookup failures

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package aquasecurity/trivy-action).

Files affected: .github/workflows/docker-build.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• fix(deps): update module github.com/grafana/loki/v3 to v3.6.4 [security]
• fix(deps): update module github.com/prometheus/prometheus to v0.311.2 [security]
• chore(deps): update azure/setup-helm digest to 1a275c3
• fix(deps): update k8s.io/utils digest to 28399d8
• chore(deps): update all-ci-dependencies (actions/checkout, actions/setup-go, aquasecurity/trivy-action, codecov/codecov-action, grafana, kube-prometheus-stack, loki, mimir-distributed, pyroscope, securego/gosec, sigstore/cosign-installer, tempo-distributed)
• chore(deps): update dependency b1nary-gr0up/nwa to v0.7.7
• chore(deps): update dependency google/ko to v0.18.1
• fix(deps): update module github.com/kimmachinegun/automemlimit to v0.7.5
• fix(deps): update module github.com/prometheus/client_golang to v1.23.2
• chore(deps): update dependency adrienverge/yamllint to v1.38.0
• chore(deps): update dependency alessandrojcm/commitlint-pre-commit-hook to v9.24.0
• chore(deps): update dependency golangci/golangci-lint to v2.11.4
• chore(deps): update dependency helm/chart-testing to v3.14.0
• chore(deps): update dependency kubernetes-sigs/kind to v0.31.0
• fix(deps): update kubernetes monorepo to v0.36.0 (k8s.io/api, k8s.io/apimachinery, k8s.io/client-go, k8s.io/kubectl)
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.28.1
• fix(deps): update module github.com/onsi/gomega to v1.39.1
• fix(deps): update module github.com/projectcapsule/capsule to v0.12.4
• fix(deps): update module github.com/stretchr/testify to v1.11.1
• fix(deps): update module github.com/valyala/fasthttp to v1.70.0
• fix(deps): update module sigs.k8s.io/controller-runtime to v0.23.3
• chore(deps): update all-ci-dependencies (major) (actions/checkout, actions/setup-go, azure/setup-helm, codecov/codecov-action, goreleaser/goreleaser-action, grafana, kube-prometheus-stack, loki, mimir-distributed, pyroscope, sigstore/cosign-installer, zgosalvez/github-actions-ensure-sha-pinned-actions)
• fix(deps): update module github.com/caarlos0/env/v8 to v11
• fix(deps): update module gopkg.in/yaml.v2 to v3
• Click on this checkbox to rebase all open PRs at once

Detected Dependencies

flux (7)

e2e/manifests/distro/grafana.flux.yaml (1)

• grafana 9.3.2 → [Updates: 9.4.5, 10.5.15]

e2e/manifests/distro/loki.flux.yaml (1)

• loki 6.36.1 → [Updates: 6.55.0, 7.0.0]

e2e/manifests/distro/mimir.flux.yaml (1)

• mimir-distributed 5.7.0 → [Updates: 5.8.0, 6.0.6]

e2e/manifests/distro/minio.flux.yaml (1)

• minio 17.0.21

e2e/manifests/distro/prometheus.flux.yaml (1)

• kube-prometheus-stack 76.4.0 → [Updates: 76.5.1, 84.1.0]

e2e/manifests/distro/pyroscope.flux.yaml (1)

• pyroscope 1.14.1 → [Updates: 1.21.0, 2.0.1]

e2e/manifests/distro/tempo.flux.yaml (1)

• tempo-distributed 1.46.4 → [Updates: 1.61.3]

github-actions (10)

.github/workflows/check-actions.yaml (2)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• zgosalvez/github-actions-ensure-sha-pinned-actions v3.0.25@fc87bb5b5a97953d987372e74478de634726b3e5 → [Updates: v5.0.4]

.github/workflows/check-commit.yml (3)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• wagoid/commitlint-github-action v6.2.1@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed
• ubuntu 24.04

.github/workflows/check-pr.yml

.github/workflows/coverage.yml (8)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 → [Updates: v5.6.0, v6.4.0]
• securego/gosec v2.22.8@c9453023c4e81ebdb6dde29e22d9cd5e2285fb16 → [Updates: v2.25.0]
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 → [Updates: v5.6.0, v6.4.0]
• codecov/codecov-action v5.4.3@18283e04ce6e62d37312384ff67231eb8fd56d24 → [Updates: v5.5.4, v6]
• ubuntu 24.04
• ubuntu 24.04

.github/workflows/docker-build.yml (2)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• aquasecurity/trivy-action 0.32.0@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 → [Updates: v0.36.0]

.github/workflows/docker-publish.yml (8)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• sigstore/cosign-installer v3.9.2@d58896d6a1865668819e1d91763c7751a165e159 → [Updates: v3.10.1, v4.1.1]
• peak-scale/github-actions v0.2.0@a441cca016861c546ab7e065277e40ce41a3eb84
• slsa-framework/slsa-github-generator v2.1.0
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• sigstore/cosign-installer v3.9.2@d58896d6a1865668819e1d91763c7751a165e159 → [Updates: v3.10.1, v4.1.1]
• peak-scale/github-actions v0.2.0@a441cca016861c546ab7e065277e40ce41a3eb84
• slsa-framework/slsa-github-generator v2.1.0

.github/workflows/helm-publish.yml (10)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• sigstore/cosign-installer v3.9.2@d58896d6a1865668819e1d91763c7751a165e159 → [Updates: v3.10.1, v4.1.1]
• peak-scale/github-actions v0.2.0@a441cca016861c546ab7e065277e40ce41a3eb84
• slsa-framework/slsa-github-generator v2.1.0
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• sigstore/cosign-installer v3.9.2@d58896d6a1865668819e1d91763c7751a165e159 → [Updates: v3.10.1, v4.1.1]
• peak-scale/github-actions v0.2.0@a441cca016861c546ab7e065277e40ce41a3eb84
• slsa-framework/slsa-github-generator v2.1.0
• ubuntu 24.04
• ubuntu 24.04

.github/workflows/helm-test.yml (4)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• azure/setup-helm v4@b9e51907a09c216f16ebe8536097933489208112 → [Updates: v5, v4]
• ubuntu 24.04

.github/workflows/lint.yaml (5)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• actions/setup-go v5.5.0@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 → [Updates: v5.6.0, v6.4.0]
• ubuntu 24.04
• ubuntu 24.04

.github/workflows/releaser.yml (4)

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v5.0.1, v6.0.2]
• creekorful/goreportcard-action v1.0@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9
• sigstore/cosign-installer v3.9.2@d58896d6a1865668819e1d91763c7751a165e159 → [Updates: v3.10.1, v4.1.1]
• goreleaser/goreleaser-action v6.4.0@e435ccd777264be153ace6237001ef4d979d3a7a → [Updates: v7.1.0]

gomod (1)

go.mod (26)

• go 1.24.0
• github.com/KimMachineGun/automemlimit v0.7.4 → [Updates: v0.7.5]
• github.com/caarlos0/env/v8 v8.0.0 → [Updates: v11.4.0]
• github.com/creasty/defaults v1.8.0
• github.com/go-logr/logr v1.4.3
• github.com/gogo/protobuf v1.3.2
• github.com/golang/snappy v1.0.0
• github.com/google/uuid v1.6.0
• github.com/grafana/loki/v3 v3.4.2 → [Updates: v3.6.4]
• github.com/hashicorp/go-multierror v1.1.1
• github.com/onsi/ginkgo/v2 v2.24.0 → [Updates: v2.28.1]
• github.com/onsi/gomega v1.38.0 → [Updates: v1.39.1]
• github.com/pkg/errors v0.9.1
• github.com/projectcapsule/capsule v0.10.5 → [Updates: v0.12.4]
• github.com/prometheus/client_golang v1.23.0 → [Updates: v1.23.2]
• github.com/prometheus/prometheus v0.303.1 → [Updates: v0.311.2]
• github.com/stretchr/testify v1.10.0 → [Updates: v1.11.1]
• github.com/valyala/fasthttp v1.65.0 → [Updates: v1.70.0]
• go.uber.org/automaxprocs v1.6.0
• gopkg.in/yaml.v2 v2.4.0 → [Updates: v3.0.1]
• k8s.io/api v0.33.4 → [Updates: v0.36.0]
• k8s.io/apimachinery v0.33.4 → [Updates: v0.36.0]
• k8s.io/client-go v0.33.4 → [Updates: v0.36.0]
• k8s.io/kubectl v0.32.0 → [Updates: v0.36.0]
• k8s.io/utils v0.0.0-20250604170112-4c0f3b243397@4c0f3b243397 → [Updates: v0.0.0-20260319190234-28399d86e0b5]
• sigs.k8s.io/controller-runtime v0.21.0 → [Updates: v0.23.3]

helm-values (2)

charts/cortex-proxy/values.yaml

charts/loki-proxy/values.yaml

regex (2)

.pre-commit-config.yaml (3)

• alessandrojcm/commitlint-pre-commit-hook v9.22.0 → [Updates: v9.24.0]
• pre-commit/pre-commit-hooks v6.0.0
• adrienverge/yamllint v1.37.1 → [Updates: v1.38.0]

Makefile (6)

• norwoodj/helm-docs v1.33.0
• helm/chart-testing v3.13.0 → [Updates: v3.14.0]
• kubernetes-sigs/kind v0.29.0 → [Updates: v0.31.0]
• google/ko v0.18.0 → [Updates: v0.18.1]
• B1NARY-GR0UP/nwa v0.7.5 → [Updates: v0.7.7]
• golangci/golangci-lint v2.4.0 → [Updates: v2.11.4]

---

• Check this box to trigger a request for Renovate to run again on this repository