This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. ## Config Migration Needed - [ ] <!-- create-config-migration-pr --> Select this checkbox to let Renovate create an automated Config Migration PR. ## Rate-Limited The following updates are currently rate-limited. To force their creation now, click on a checkbox below. - [ ] <!-- unlimit-branch=renovate/main-github-codeql-action-digest -->chore(deps): update github/codeql-action digest to 54f647b (main) - [ ] <!-- unlimit-branch=renovate/main-korthout-backport-action-4.x -->chore(deps): update korthout/backport-action action to v4.6.0 (main) - [ ] <!-- unlimit-branch=renovate/main-github.com-google-ko-0.x -->fix(deps): update module github.com/google/ko to v0.19.1 (main) - [ ] <!-- unlimit-branch=renovate/main-github.com-masterminds-semver-v3-3.x -->fix(deps): update module github.com/masterminds/semver/v3 to v3.5.0 (main) - [ ] <!-- unlimit-branch=renovate/main-golang.org-x-tools-0.x -->fix(deps): update module golang.org/x/tools to v0.47.0 (main) - [ ] <!-- unlimit-branch=renovate/main-google.golang.org-grpc-1.x -->fix(deps): update module google.golang.org/grpc to v1.82.0 (main) - [ ] <!-- unlimit-branch=renovate/main-helm.sh-helm-v3-3.x -->fix(deps): update module helm.sh/helm/v3 to v3.21.2 (main) - [ ] <!-- unlimit-branch=renovate/main-actions-checkout-7.x -->chore(deps): update actions/checkout action to v7 (main) - [ ] <!-- unlimit-branch=renovate/main-actions-create-github-app-token-3.x -->chore(deps): update actions/create-github-app-token action to v3 (main) - [ ] <!-- unlimit-branch=renovate/main-cachix-cachix-action-17.x -->chore(deps): update cachix/cachix-action action to v17 (main) - [ ] <!-- unlimit-branch=renovate/main-codecov-codecov-action-7.x -->chore(deps): update codecov/codecov-action action to v7 (main) - [ ] <!-- unlimit-branch=renovate/main-major-github-artifact-actions -->chore(deps): update github artifact actions (main) (major) (`actions/download-artifact`, `actions/upload-artifact`) - [ ] <!-- unlimit-branch=renovate/main-peter-evans-create-pull-request-8.x -->chore(deps): update peter-evans/create-pull-request action to v8 (main) - [ ] <!-- unlimit-branch=renovate/main-github.com-charmbracelet-bubbles-2.x -->fix(deps): update module github.com/charmbracelet/bubbles to v2 (main) - [ ] <!-- unlimit-branch=renovate/main-github.com-charmbracelet-bubbletea-2.x -->fix(deps): update module github.com/charmbracelet/bubbletea to v2 (main) - [ ] <!-- unlimit-branch=renovate/main-github.com-charmbracelet-glamour-2.x -->fix(deps): update module github.com/charmbracelet/glamour to v2 (main) - [ ] <!-- unlimit-branch=renovate/main-github.com-charmbracelet-lipgloss-2.x -->fix(deps): update module github.com/charmbracelet/lipgloss to v2 (main) - [ ] <!-- unlimit-branch=renovate/main-github.com-posener-complete-2.x -->fix(deps): update module github.com/posener/complete to v2 (main) - [ ] <!-- unlimit-branch=renovate/main-helm.sh-helm-v3-4.x -->fix(deps): update module helm.sh/helm/v3 to v4 (main) - [ ] <!-- create-all-rate-limited-prs -->🔐 **Create all rate-limited PRs at once** 🔐 ## Open The following updates have all been created. To force a retry/rebase of any, click on a checkbox below. - [ ] <!-- rebase-branch=renovate/main-go-oras.land-oras-go-v2-vulnerability -->[chore(deps): update module oras.land/oras-go/v2 to v2.6.1 [security] (main)](../pull/178) - [ ] <!-- rebase-branch=renovate/main-go-github.com-sigstore-timestamp-authority-v2-vulnerability -->[chore(deps): update module github.com/sigstore/timestamp-authority/v2 to v2.1.0 [security] (main)](../pull/174) - [ ] <!-- rebase-branch=renovate/main-renovatebot-github-action-46.x -->[chore(deps): update renovatebot/github-action action to v46.1.17 (main)](../pull/175) - [ ] <!-- rebase-branch=renovate/main-github.com-getkin-kin-openapi-0.x -->[fix(deps): update module github.com/getkin/kin-openapi to v0.140.0 (main)](../pull/165) - [ ] <!-- rebase-branch=renovate/release-2.3-go-oras.land-oras-go-v2-vulnerability -->[chore(deps): update module oras.land/oras-go/v2 to v2.6.1 [security] (release-2.3)](../pull/179) - [ ] <!-- rebase-branch=renovate/release-2.3-go-github.com-sigstore-timestamp-authority-v2-vulnerability -->[chore(deps): update module github.com/sigstore/timestamp-authority/v2 to v2.1.0 [security] (release-2.3)](../pull/176) - [ ] <!-- rebase-branch=renovate/release-2.4-go-oras.land-oras-go-v2-vulnerability -->[chore(deps): update module oras.land/oras-go/v2 to v2.6.1 [security] (release-2.4)](../pull/180) - [ ] <!-- rebase-branch=renovate/release-2.4-go-github.com-sigstore-timestamp-authority-v2-vulnerability -->[chore(deps): update module github.com/sigstore/timestamp-authority/v2 to v2.1.0 [security] (release-2.4)](../pull/177) - [ ] <!-- rebase-all-open-prs -->**Click on this checkbox to rebase all open PRs at once** ## Detected Dependencies <details><summary>Branch main</summary> <blockquote> <details><summary>github-actions (8)</summary> <blockquote> <details><summary>.github/workflows/backport.yml (3)</summary> - `actions/checkout v6@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7`] - `korthout/backport-action v4.5.2@66065406958f46e82238fd59546f5a99e69e22aa` → [Updates: `v4.6.0`] - `ubuntu 24.04` </details> <details><summary>.github/workflows/ci.yml (32)</summary> - `actions/checkout v6@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7`] - `cachix/install-nix-action v31@8aa03977d8d733052d78f4e008a241fd1dbf36b3` - `cachix/cachix-action v16@3ba601ff5bbb07c7220846facfa2cd81eeee15a1` → [Updates: `v17`] - `actions/checkout v6@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7`] - `cachix/install-nix-action v31@8aa03977d8d733052d78f4e008a241fd1dbf36b3` - `cachix/cachix-action v16@3ba601ff5bbb07c7220846facfa2cd81eeee15a1` → [Updates: `v17`] - `actions/checkout v6@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7`] - `cachix/install-nix-action v31@8aa03977d8d733052d78f4e008a241fd1dbf36b3` - `cachix/cachix-action v16@3ba601ff5bbb07c7220846facfa2cd81eeee15a1` → [Updates: `v17`] - `nicknovitski/nix-develop v1@9be7cfb4b10451d3390a75dc18ad0465bed4932a` - `github/codeql-action v4@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` → [Updates: `v4`] - `github/codeql-action v4@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` → [Updates: `v4`] - `actions/checkout v6@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7`] - `cachix/install-nix-action v31@8aa03977d8d733052d78f4e008a241fd1dbf36b3` - `cachix/cachix-action v16@3ba601ff5bbb07c7220846facfa2cd81eeee15a1` → [Updates: `v17`] - `codecov/codecov-action v5@0fb7174895f61a3b6b78fc075e0cd60383518dac` → [Updates: `v7`] - `jlumbroso/free-disk-space v1.3.1@54081f138730dfa15788a46383842cd2f914a1be` - `actions/checkout v6@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7`] - `cachix/install-nix-action v31@8aa03977d8d733052d78f4e008a241fd1dbf36b3` - `cachix/cachix-action v16@3ba601ff5bbb07c7220846facfa2cd81eeee15a1` → [Updates: `v17`] - `actions/upload-artifact v6@b7c566a772e6b6bfb58ed0dc250532a479d7789f` → [Updates: `v7`] - `actions/checkout v6@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7`] - `actions/download-artifact v4@d3f86a106a0bac45b974a628896c90dbdf5c8093` → [Updates: `v8`] - `vale-cli/vale-action 2.1.2@85f9f7f2c5f449ac0ae5b66662961bae3f77ca6a` - `actions/create-github-app-token v2@fee1f7d63c2ff003460e3d139729b119787bc349` → [Updates: `v3`] - `peter-evans/create-pull-request v7@22a9089034f40e5a961c8808d113e2c98fb63676` → [Updates: `v8`] - `ubuntu 24.04` - `ubuntu 24.04` - `ubuntu 24.04` - `ubuntu 24.04` - `ubuntu 24.04` - `ubuntu 24.04` </details> <details><summary>.github/workflows/commands.yml (7)</summary> - `xt0rted/slash-command-action v2@bf51f8f5f4ea3d58abc7eca58f77104182b23e88` - `actions/checkout v6@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7`] - `korthout/backport-action v4.5.2@66065406958f46e82238fd59546f5a99e69e22aa` → [Updates: `v4.6.0`] - `xt0rted/slash-command-action v2@bf51f8f5f4ea3d58abc7eca58f77104182b23e88` - `actions-ecosystem/action-remove-labels v1@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0` - `ubuntu 24.04` - `ubuntu 24.04` </details> <details><summary>.github/workflows/pr.yml (2)</summary> - `mheap/require-checklist-action v2@9c8100a52aa9726d4648e61aa92415f6c843c990` - `ubuntu 24.04` </details> <details><summary>.github/workflows/promote.yml (4)</summary> - `actions/checkout v6@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7`] - `cachix/install-nix-action v31@8aa03977d8d733052d78f4e008a241fd1dbf36b3` - `cachix/cachix-action v16@3ba601ff5bbb07c7220846facfa2cd81eeee15a1` → [Updates: `v17`] - `ubuntu 24.04` </details> <details><summary>.github/workflows/renovate.yml (3)</summary> - `actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7.0.0`] - `actions/create-github-app-token v2@fee1f7d63c2ff003460e3d139729b119787bc349` → [Updates: `v3`] - `renovatebot/github-action v46.1.16@6d859fc95779be83a0335ca704879b47e5d79641` → [Updates: `v46.1.17`] </details> <details><summary>.github/workflows/stale.yml (2)</summary> - `actions/stale v10@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899` - `ubuntu 24.04` </details> <details><summary>.github/workflows/tag.yml (3)</summary> - `actions/checkout v6@df4cb1c069e1874edd31b4311f1884172cec0e10` → [Updates: `v7`] - `negz/create-tag v1@39bae1e0932567a58c20dea5a1a0d18358503320` - `ubuntu 24.04` </details> </blockquote> </details> <details><summary>gomod (1)</summary> <blockquote> <details><summary>go.mod (42)</summary> - `go 1.26.0` - `dario.cat/mergo v1.0.2` - `github.com/Masterminds/semver/v3 v3.4.0` → [Updates: `v3.5.0`] - `github.com/alecthomas/kong v1.15.0` - `github.com/charmbracelet/bubbles v1.0.0` → [Updates: `v2.1.0`] - `github.com/charmbracelet/bubbletea v1.3.10` → [Updates: `v2.0.8`] - `github.com/charmbracelet/glamour v1.0.0` → [Updates: `v2.0.1`] - `github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834@76690c660834` → [Updates: `v2.0.5`] - `github.com/charmbracelet/x/term v0.2.2` - `github.com/containerd/errdefs v1.0.0` - `github.com/crossplane/crossplane-runtime/v2 v2.3.3` - `github.com/crossplane/crossplane/apis/v2 v2.3.3` - `github.com/crossplane/function-sdk-go v0.7.1` - `github.com/docker/cli v29.6.1+incompatible` - `github.com/docker/docker v28.5.2+incompatible` - `github.com/docker/go-connections v0.7.0` - `github.com/emicklei/dot v1.11.0` - `github.com/getkin/kin-openapi v0.137.0` → [Updates: `v0.140.0`] - `github.com/go-git/go-billy/v5 v5.9.0` - `github.com/go-git/go-git/v5 v5.19.1` - `github.com/gobuffalo/flect v1.0.3` - `github.com/google/go-cmp v0.7.0` - `github.com/google/go-containerregistry v0.21.7` - `github.com/google/ko v0.18.1` → [Updates: `v0.19.1`] - `github.com/invopop/jsonschema v0.14.0` - `github.com/kubernetes-sigs/kro v0.9.2` - `github.com/muesli/termenv v0.16.0` - `github.com/oapi-codegen/oapi-codegen/v2 v2.7.1` - `github.com/pkg/errors v0.9.1` - `github.com/posener/complete v1.2.3` → [Updates: `v2.1.0`] - `github.com/spf13/afero v1.15.0` - `github.com/willabides/kongplete v0.4.0` - `golang.org/x/mod v0.37.0` - `golang.org/x/sync v0.21.0` - `golang.org/x/text v0.38.0` - `golang.org/x/tools v0.46.0` → [Updates: `v0.47.0`] - `google.golang.org/grpc v1.81.1` → [Updates: `v1.82.0`] - `google.golang.org/protobuf v1.36.11` - `gopkg.in/yaml.v3 v3.0.1` - `helm.sh/helm/v3 v3.20.2` → [Updates: `v3.21.2`, `v4.2.2`] - `github.com/sigstore/timestamp-authority/v2 v2.0.6` → [Updates: `v2.1.0`] - `oras.land/oras-go/v2 v2.6.0` → [Updates: `v2.6.1`] </details> </blockquote> </details> </blockquote> </details> <details><summary>Branch release-2.3</summary> <blockquote> <details><summary>github-actions (8)</summary> <blockquote> <details><summary>.github/workflows/backport.yml</summary> </details> <details><summary>.github/workflows/ci.yml</summary> </details> <details><summary>.github/workflows/commands.yml</summary> </details> <details><summary>.github/workflows/pr.yml</summary> </details> <details><summary>.github/workflows/promote.yml</summary> </details> <details><summary>.github/workflows/renovate.yml</summary> </details> <details><summary>.github/workflows/stale.yml</summary> </details> <details><summary>.github/workflows/tag.yml</summary> </details> </blockquote> </details> <details><summary>gomod (1)</summary> <blockquote> <details><summary>go.mod (3)</summary> - `github.com/docker/docker v28.5.2+incompatible` - `github.com/sigstore/timestamp-authority/v2 v2.0.6` → [Updates: `v2.1.0`] - `oras.land/oras-go/v2 v2.6.0` → [Updates: `v2.6.1`] </details> </blockquote> </details> </blockquote> </details> <details><summary>Branch release-2.4</summary> <blockquote> <details><summary>github-actions (8)</summary> <blockquote> <details><summary>.github/workflows/backport.yml</summary> </details> <details><summary>.github/workflows/ci.yml</summary> </details> <details><summary>.github/workflows/commands.yml</summary> </details> <details><summary>.github/workflows/pr.yml</summary> </details> <details><summary>.github/workflows/promote.yml</summary> </details> <details><summary>.github/workflows/renovate.yml</summary> </details> <details><summary>.github/workflows/stale.yml</summary> </details> <details><summary>.github/workflows/tag.yml</summary> </details> </blockquote> </details> <details><summary>gomod (1)</summary> <blockquote> <details><summary>go.mod (3)</summary> - `github.com/docker/docker v28.5.2+incompatible` - `github.com/sigstore/timestamp-authority/v2 v2.0.6` → [Updates: `v2.1.0`] - `oras.land/oras-go/v2 v2.6.0` → [Updates: `v2.6.1`] </details> </blockquote> </details> </blockquote> </details>
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Config Migration Needed
Rate-Limited
The following updates are currently rate-limited. To force their creation now, click on a checkbox below.
actions/download-artifact,actions/upload-artifact)Open
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
Detected Dependencies
Branch main
Branch release-2.3
Branch release-2.4