This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. ## Repository problems Renovate tried to run on this repository, but found these problems. - WARN: Cannot access vulnerability alerts. Please ensure permissions have been granted. This repository currently has no open or pending branches. ## Vulnerabilities `19`/`21` CVEs have Renovate fixes. <details><summary>gomod</summary> <blockquote> <details><summary>go.mod</summary> <blockquote> <details><summary>github.com/aws/aws-sdk-go</summary> <blockquote> - [GO-2022-0646](https://osv.dev/vulnerability/GO-2022-0646) - [GO-2022-0635](https://osv.dev/vulnerability/GO-2022-0635) </blockquote> </details> <details><summary>golang.org/x/crypto</summary> <blockquote> - [GO-2026-5021](https://osv.dev/vulnerability/GO-2026-5021) (fixed in >= 0.52.0) - [GO-2026-5017](https://osv.dev/vulnerability/GO-2026-5017) (fixed in >= 0.52.0) - [GO-2026-5020](https://osv.dev/vulnerability/GO-2026-5020) (fixed in >= 0.52.0) - [GO-2026-5013](https://osv.dev/vulnerability/GO-2026-5013) (fixed in >= 0.52.0) - [GO-2026-5019](https://osv.dev/vulnerability/GO-2026-5019) (fixed in >= 0.52.0) - [GO-2026-5023](https://osv.dev/vulnerability/GO-2026-5023) (fixed in >= 0.52.0) - [GO-2026-5033](https://osv.dev/vulnerability/GO-2026-5033) (fixed in >= 0.52.0) - [GO-2026-5018](https://osv.dev/vulnerability/GO-2026-5018) (fixed in >= 0.52.0) - [GO-2026-5005](https://osv.dev/vulnerability/GO-2026-5005) (fixed in >= 0.52.0) - [GO-2026-5015](https://osv.dev/vulnerability/GO-2026-5015) (fixed in >= 0.52.0) - [GO-2026-5014](https://osv.dev/vulnerability/GO-2026-5014) (fixed in >= 0.52.0) - [GO-2026-5016](https://osv.dev/vulnerability/GO-2026-5016) (fixed in >= 0.52.0) - [GO-2026-5006](https://osv.dev/vulnerability/GO-2026-5006) (fixed in >= 0.52.0) </blockquote> </details> <details><summary>golang.org/x/net</summary> <blockquote> - [GO-2026-5026](https://osv.dev/vulnerability/GO-2026-5026) (fixed in >= 0.55.0) - [GO-2026-5028](https://osv.dev/vulnerability/GO-2026-5028) (fixed in >= 0.55.0) - [GO-2026-5025](https://osv.dev/vulnerability/GO-2026-5025) (fixed in >= 0.55.0) - [GO-2026-5027](https://osv.dev/vulnerability/GO-2026-5027) (fixed in >= 0.55.0) - [GO-2026-5030](https://osv.dev/vulnerability/GO-2026-5030) (fixed in >= 0.55.0) - [GO-2026-5029](https://osv.dev/vulnerability/GO-2026-5029) (fixed in >= 0.55.0) </blockquote> </details> </blockquote> </details> </blockquote> </details> ## Detected dependencies <details><summary>dockerfile</summary> <blockquote> <details><summary>Dockerfile</summary> - `docker/dockerfile 1.24-labs` - `golang 1.26-alpine` - `alpine 3.24` </details> <details><summary>Dockerfile.integration</summary> - `vault 1.13.3` - `consul 1.15.4` - `golang 1.26-alpine` </details> </blockquote> </details> <details><summary>gomod</summary> <blockquote> <details><summary>docs/go.mod</summary> - `go 1.26.3` </details> <details><summary>go.mod</summary> - `go 1.26.4` - `cuelang.org/go v0.13.2` - `github.com/Masterminds/goutils v1.1.1` - `github.com/Masterminds/semver/v3 v3.4.0` - `github.com/Shopify/ejson v1.5.4` - `github.com/aws/aws-sdk-go v1.55.7` - `github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa@d7302db945fa` - `github.com/google/uuid v1.6.0` - `github.com/gosimple/slug v1.15.0` - `github.com/hack-pad/hackpadfs v0.2.4` - `github.com/hairyhenderson/go-fsimpl v0.3.1` - `github.com/hairyhenderson/toml v0.4.2-0.20210923231440-40456b8e66cf@40456b8e66cf` - `github.com/hashicorp/go-sockaddr v1.0.7` - `github.com/hashicorp/vault/api v1.20.0` - `github.com/hashicorp/vault/api/auth/aws v0.10.0` - `github.com/itchyny/gojq v0.12.17` - `github.com/johannesboyne/gofakes3 v0.0.0-20250106100439-5c39aecd6999@5c39aecd6999` - `github.com/joho/godotenv v1.5.1` - `github.com/lmittmann/tint v1.1.2` - `github.com/spf13/cobra v1.9.1` - `github.com/stretchr/testify v1.11.1` - `github.com/ugorji/go/codec v1.3.0` - `go4.org/netipx v0.0.0-20231129151722-fdeea329fbba@fdeea329fbba` - `golang.org/x/crypto v0.50.0` - `golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f@746e56fc9e2f` - `golang.org/x/sys v0.44.0` - `golang.org/x/term v0.42.0` - `golang.org/x/text v0.36.0` - `gotest.tools/v3 v3.5.2` - `inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a@b8eac61e914a` - `k8s.io/client-go v0.33.2` - `github.com/hairyhenderson/yaml v0.0.0-20220618171115-2d35fca545ce@2d35fca545ce` - `cel.dev/expr v0.25.1` - `cloud.google.com/go v0.120.0` - `cloud.google.com/go/auth v0.15.0` - `cloud.google.com/go/auth/oauth2adapt v0.2.8` - `cloud.google.com/go/compute/metadata v0.9.0` - `cloud.google.com/go/iam v1.4.2` - `cloud.google.com/go/monitoring v1.24.1` - `cloud.google.com/go/storage v1.51.0` - `dario.cat/mergo v1.0.1` - `github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0` - `github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0` - `github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1` - `github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.1` - `github.com/Azure/go-autorest v14.2.0+incompatible` - `github.com/Azure/go-autorest/autorest/to v0.4.1` - `github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2` - `github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0` - `github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0` - `github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0` - `github.com/Microsoft/go-winio v0.6.2` - `github.com/ProtonMail/go-crypto v1.1.6` - `github.com/armon/go-metrics v0.4.1` - `github.com/aws/aws-sdk-go-v2 v1.41.5` - `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8` - `github.com/aws/aws-sdk-go-v2/config v1.29.14` - `github.com/aws/aws-sdk-go-v2/credentials v1.17.67` - `github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30` - `github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.69` - `github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21` - `github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21` - `github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3` - `github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22` - `github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7` - `github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13` - `github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21` - `github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21` - `github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3` - `github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.4` - `github.com/aws/aws-sdk-go-v2/service/ssm v1.59.0` - `github.com/aws/aws-sdk-go-v2/service/sso v1.25.3` - `github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1` - `github.com/aws/aws-sdk-go-v2/service/sts v1.33.19` - `github.com/aws/smithy-go v1.24.2` - `github.com/cenkalti/backoff/v4 v4.3.0` - `github.com/cespare/xxhash/v2 v2.3.0` - `github.com/cloudflare/circl v1.6.3` - `github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5@ee656c7534f5` - `github.com/cockroachdb/apd/v3 v3.2.1` - `github.com/cyphar/filepath-securejoin v0.6.1` - `github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc@d8f796af33cc` - `github.com/dustin/gojson v0.0.0-20160307161227-2e71ec9dd5ad@2e71ec9dd5ad` - `github.com/emirpasic/gods v1.18.1` - `github.com/envoyproxy/go-control-plane/envoy v1.36.0` - `github.com/envoyproxy/protoc-gen-validate v1.3.0` - `github.com/fatih/color v1.18.0` - `github.com/felixge/httpsnoop v1.0.4` - `github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376@3a3c6141e376` - `github.com/go-git/go-billy/v5 v5.9.0` - `github.com/go-git/go-git/v5 v5.19.1` - `github.com/go-jose/go-jose/v4 v4.1.4` - `github.com/go-logr/logr v1.4.3` - `github.com/go-logr/stdr v1.2.2` - `github.com/golang-jwt/jwt/v5 v5.2.2` - `github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8@2c02b8208cf8` - `github.com/google/go-cmp v0.7.0` - `github.com/google/s2a-go v0.1.9` - `github.com/google/wire v0.6.0` - `github.com/googleapis/enterprise-certificate-proxy v0.3.6` - `github.com/googleapis/gax-go/v2 v2.14.1` - `github.com/gosimple/unidecode v1.0.1` - `github.com/hashicorp/consul/api v1.32.1` - `github.com/hashicorp/errwrap v1.1.0` - `github.com/hashicorp/go-cleanhttp v0.5.2` - `github.com/hashicorp/go-hclog v1.6.3` - `github.com/hashicorp/go-immutable-radix v1.3.1` - `github.com/hashicorp/go-metrics v0.5.4` - `github.com/hashicorp/go-multierror v1.1.1` - `github.com/hashicorp/go-retryablehttp v0.7.7` - `github.com/hashicorp/go-rootcerts v1.0.2` - `github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0` - `github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0` - `github.com/hashicorp/go-secure-stdlib/strutil v0.1.2` - `github.com/hashicorp/go-uuid v1.0.3` - `github.com/hashicorp/golang-lru v1.0.2` - `github.com/hashicorp/hcl v1.0.1-vault-7` - `github.com/hashicorp/serf v0.10.2` - `github.com/hashicorp/vault/api/auth/approle v0.9.0` - `github.com/hashicorp/vault/api/auth/userpass v0.9.0` - `github.com/inconshreveable/mousetrap v1.1.0` - `github.com/itchyny/timefmt-go v0.1.6` - `github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99@d14ea06fba99` - `github.com/jmespath/go-jmespath v0.4.0` - `github.com/kevinburke/ssh_config v1.2.0` - `github.com/klauspost/cpuid/v2 v2.3.0` - `github.com/kylelemons/godebug v1.1.0` - `github.com/mattn/go-colorable v0.1.14` - `github.com/mattn/go-isatty v0.0.20` - `github.com/mitchellh/go-homedir v1.1.0` - `github.com/mitchellh/mapstructure v1.5.0` - `github.com/pelletier/go-toml/v2 v2.2.4` - `github.com/pjbgf/sha1cd v0.6.0` - `github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c@5ac0b6a4141c` - `github.com/pkg/errors v0.9.1` - `github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10@0393e58bdf10` - `github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2@5d4384ee4fb2` - `github.com/ryanuber/go-glob v1.0.0` - `github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46@2dfbae5fcf46` - `github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3@5b0b94c5c0d3` - `github.com/skeema/knownhosts v1.3.1` - `github.com/spf13/pflag v1.0.6` - `github.com/spiffe/go-spiffe/v2 v2.6.0` - `github.com/xanzy/ssh-agent v0.3.3` - `go.opencensus.io v0.24.0` - `go.opentelemetry.io/auto/sdk v1.2.1` - `go.opentelemetry.io/contrib/detectors/gcp v1.39.0` - `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0` - `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0` - `go.opentelemetry.io/otel v1.43.0` - `go.opentelemetry.io/otel/metric v1.43.0` - `go.opentelemetry.io/otel/sdk v1.43.0` - `go.opentelemetry.io/otel/sdk/metric v1.43.0` - `go.opentelemetry.io/otel/trace v1.43.0` - `go.shabbyrobe.org/gocovmerge v0.0.0-20230507111327-fa4f82cfbf4d@fa4f82cfbf4d` - `go4.org/intern v0.0.0-20230525184215-6c62f75575cb@6c62f75575cb` - `go4.org/unsafe/assume-no-moving-gc v0.0.0-20231121144256-b99613f794b6@b99613f794b6` - `gocloud.dev v0.41.0` - `golang.org/x/net v0.53.0` - `golang.org/x/oauth2 v0.34.0` - `golang.org/x/sync v0.20.0` - `golang.org/x/time v0.11.0` - `golang.org/x/tools v0.44.0` - `golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da@7835f813f4da` - `google.golang.org/api v0.228.0` - `google.golang.org/genproto v0.0.0-20250324211829-b45e905df463@b45e905df463` - `google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217@ff82c1b0f217` - `google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217@ff82c1b0f217` - `google.golang.org/grpc v1.79.3` - `google.golang.org/protobuf v1.36.10` - `gopkg.in/warnings.v0 v0.1.2` - `gopkg.in/yaml.v3 v3.0.1` </details> </blockquote> </details> --- - [ ] <!-- manual job -->Check this box to trigger a request for Renovate to run again on this repository
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Repository problems
Renovate tried to run on this repository, but found these problems.
This repository currently has no open or pending branches.
Vulnerabilities
19/21CVEs have Renovate fixes.gomod
Detected dependencies
dockerfile
gomod