This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. ## Repository problems Renovate tried to run on this repository, but found these problems. - WARN: Cannot access vulnerability alerts. Please ensure permissions have been granted. --- > [!WARNING] > Renovate failed to look up the following dependencies: `Could not determine new digest for update (go package github.com/charmbracelet/x/cellbuf)`. > > Files affected: `go.mod` --- ## Open These updates have all been created already. Click a checkbox below to force a retry/rebase of any. - [ ] <!-- rebase-branch=renovate/alauda-v1.28.0-go-golang.org-x-sys-vulnerability -->[chore(deps): update module golang.org/x/sys to v0.44.0 [security] (alauda-v1.28.0)](../pull/48) - [ ] <!-- rebase-branch=renovate/alauda-v1.28.0-go-github.com-go-git-go-billy-v5-vulnerability -->[fix(deps): update module github.com/go-git/go-billy/v5 to v5.9.0 [security] (alauda-v1.28.0)](../pull/41) - [ ] <!-- rebase-branch=renovate/alauda-v1.28.0-go-github.com-containerd-containerd-vulnerability -->[chore(deps): update module github.com/containerd/containerd to v2 [security] (alauda-v1.28.0)](../pull/45) - [ ] <!-- rebase-branch=renovate/alauda-v1.42.3-go-golang.org-x-sys-vulnerability -->[chore(deps): update module golang.org/x/sys to v0.44.0 [security] (alauda-v1.42.3)](../pull/47) - [ ] <!-- rebase-all-open-prs -->**Click on this checkbox to rebase all open PRs at once** ## Vulnerabilities `32`/`41` CVEs have Renovate fixes. <details><summary>gomod</summary> <blockquote> <details><summary>go.mod</summary> <blockquote> <details><summary>github.com/go-git/go-billy/v5</summary> <blockquote> - [GHSA-m3xc-h892-ggx6](https://osv.dev/vulnerability/GHSA-m3xc-h892-ggx6) (fixed in >= 5.9.0) - [GHSA-qw64-3x98-g7q2](https://osv.dev/vulnerability/GHSA-qw64-3x98-g7q2) (fixed in >= 5.9.0) </blockquote> </details> <details><summary>github.com/go-git/go-git/v5</summary> <blockquote> - [GHSA-389r-gv7p-r3rp](https://osv.dev/vulnerability/GHSA-389r-gv7p-r3rp) (fixed in >= 5.19.0) - [GHSA-crhj-59gh-8x96](https://osv.dev/vulnerability/GHSA-crhj-59gh-8x96) (fixed in >= 5.19.1) - [GHSA-m7cr-m3pv-hgrp](https://osv.dev/vulnerability/GHSA-m7cr-m3pv-hgrp) (fixed in >= 5.19.1) - [GHSA-w5pp-99ch-qj29](https://osv.dev/vulnerability/GHSA-w5pp-99ch-qj29) (fixed in >= 5.19.1) </blockquote> </details> <details><summary>golang.org/x/net</summary> <blockquote> - [GO-2026-5028](https://osv.dev/vulnerability/GO-2026-5028) (fixed in >= 0.55.0) - [GO-2026-5029](https://osv.dev/vulnerability/GO-2026-5029) (fixed in >= 0.55.0) - [GO-2026-5026](https://osv.dev/vulnerability/GO-2026-5026) (fixed in >= 0.55.0) - [GO-2026-5030](https://osv.dev/vulnerability/GO-2026-5030) (fixed in >= 0.55.0) - [GO-2026-5025](https://osv.dev/vulnerability/GO-2026-5025) (fixed in >= 0.55.0) - [GO-2026-5027](https://osv.dev/vulnerability/GO-2026-5027) (fixed in >= 0.55.0) </blockquote> </details> <details><summary>github.com/containerd/containerd</summary> <blockquote> - [GHSA-fqw6-gf59-qr4w](https://osv.dev/vulnerability/GHSA-fqw6-gf59-qr4w) (fixed in >= 1.7.32) </blockquote> </details> <details><summary>github.com/docker/docker</summary> <blockquote> - [GHSA-qrqr-3x5j-2xw9](https://osv.dev/vulnerability/GHSA-qrqr-3x5j-2xw9) - [GO-2026-4887](https://osv.dev/vulnerability/GO-2026-4887) - [GO-2026-4883](https://osv.dev/vulnerability/GO-2026-4883) - [GHSA-pxq6-2prw-chj9](https://osv.dev/vulnerability/GHSA-pxq6-2prw-chj9) - [GHSA-x744-4wpc-v9h2](https://osv.dev/vulnerability/GHSA-x744-4wpc-v9h2) (fixed in >= 29.3.1) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv) - [GHSA-rg2x-37c3-w2rh](https://osv.dev/vulnerability/GHSA-rg2x-37c3-w2rh) (fixed in > 28.5.2) - [GHSA-vp62-88p7-qqf5](https://osv.dev/vulnerability/GHSA-vp62-88p7-qqf5) (fixed in > 28.5.2) - [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-x86f-5xw2-fm2r](https://osv.dev/vulnerability/GHSA-x86f-5xw2-fm2r) (fixed in > 28.5.2) </blockquote> </details> <details><summary>golang.org/x/crypto</summary> <blockquote> - [GO-2026-5015](https://osv.dev/vulnerability/GO-2026-5015) (fixed in >= 0.52.0) - [GO-2026-5013](https://osv.dev/vulnerability/GO-2026-5013) (fixed in >= 0.52.0) - [GO-2026-5005](https://osv.dev/vulnerability/GO-2026-5005) (fixed in >= 0.52.0) - [GO-2026-5033](https://osv.dev/vulnerability/GO-2026-5033) (fixed in >= 0.52.0) - [GO-2026-5021](https://osv.dev/vulnerability/GO-2026-5021) (fixed in >= 0.52.0) - [GO-2026-5023](https://osv.dev/vulnerability/GO-2026-5023) (fixed in >= 0.52.0) - [GO-2026-5019](https://osv.dev/vulnerability/GO-2026-5019) (fixed in >= 0.52.0) - [GO-2026-5016](https://osv.dev/vulnerability/GO-2026-5016) (fixed in >= 0.52.0) - [GO-2026-5020](https://osv.dev/vulnerability/GO-2026-5020) (fixed in >= 0.52.0) - [GO-2026-5014](https://osv.dev/vulnerability/GO-2026-5014) (fixed in >= 0.52.0) - [GO-2026-5006](https://osv.dev/vulnerability/GO-2026-5006) (fixed in >= 0.52.0) - [GO-2026-5018](https://osv.dev/vulnerability/GO-2026-5018) (fixed in >= 0.52.0) - [GO-2026-5017](https://osv.dev/vulnerability/GO-2026-5017) (fixed in >= 0.52.0) </blockquote> </details> <details><summary>golang.org/x/sys</summary> <blockquote> - [GO-2026-5024](https://osv.dev/vulnerability/GO-2026-5024) (fixed in >= 0.44.0) </blockquote> </details> <details><summary>github.com/moby/moby</summary> <blockquote> - [GO-2026-4887](https://osv.dev/vulnerability/GO-2026-4887) - [GO-2026-4883](https://osv.dev/vulnerability/GO-2026-4883) - [GHSA-pxq6-2prw-chj9](https://osv.dev/vulnerability/GHSA-pxq6-2prw-chj9) - [GHSA-x744-4wpc-v9h2](https://osv.dev/vulnerability/GHSA-x744-4wpc-v9h2) (fixed in >= 29.3.1) </blockquote> </details> </blockquote> </details> </blockquote> </details> ## Detected dependencies <details><summary>Branch alauda-v1.28.0</summary> <blockquote> <details><summary>dockerfile</summary> <blockquote> <details><summary>Dockerfile</summary> </details> <details><summary>Dockerfile.debug</summary> </details> <details><summary>Dockerfile.nonroot</summary> </details> </blockquote> </details> <details><summary>gomod</summary> <blockquote> <details><summary>go.mod</summary> - `go 1.26.1` - `github.com/BurntSushi/toml v1.5.0` - `github.com/CycloneDX/cyclonedx-go v0.9.2` - `github.com/Masterminds/semver/v3 v3.4.0` - `github.com/Masterminds/sprig/v3 v3.3.0` - `github.com/OneOfOne/xxhash v1.2.8` - `github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d@5a71ef0e047d` - `github.com/acobaugh/osrelease v0.1.0` - `github.com/adrg/xdg v0.5.3` - `github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9@def0aba654a9` - `github.com/anchore/clio v0.0.0-20250319180342-2cfe4b0cb716@2cfe4b0cb716` - `github.com/anchore/fangs v0.0.0-20250319222917-446a1e748ec2@446a1e748ec2` - `github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537@9321230ce537` - `github.com/anchore/go-homedir v0.0.0-20250319154043-c29668562e4d@c29668562e4d` - `github.com/anchore/go-logger v0.0.0-20250318195838-07ae343dd722@07ae343dd722` - `github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb@53e6d0aaf6fb` - `github.com/anchore/go-rpmdb v0.0.0-20250516171929-f77691e1faec@f77691e1faec` - `github.com/anchore/go-sync v0.0.0-20250326131806-4eda43a485b6@4eda43a485b6` - `github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04@d5f45b0d3c04` - `github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b@18adb9c92b9b` - `github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115@d62adb6e1115` - `github.com/anchore/stereoscope v0.1.6` - `github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be@38f4b401e2be` - `github.com/aquasecurity/go-pep440-version v0.0.1` - `github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef@b1f57a8634ef` - `github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb@809d4375e1fb` - `github.com/bmatcuk/doublestar/v4 v4.8.1` - `github.com/charmbracelet/bubbles v0.21.0` - `github.com/charmbracelet/bubbletea v1.3.5` - `github.com/charmbracelet/lipgloss v1.1.0` - `github.com/dave/jennifer v1.7.1` - `github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da@1ff89d7342da` - `github.com/diskfs/go-diskfs v1.6.1-0.20250601133945-2af1c7ece24c@2af1c7ece24c` - `github.com/distribution/reference v0.6.0` - `github.com/dustin/go-humanize v1.0.1` - `github.com/elliotchance/phpserialize v1.4.0` - `github.com/facebookincubator/nvdtools v0.1.5` - `github.com/github/go-spdx/v2 v2.3.3` - `github.com/gkampitakis/go-snaps v0.5.13` - `github.com/go-git/go-billy/v5 v5.8.0` - `github.com/go-git/go-git/v5 v5.18.0` - `github.com/go-test/deep v1.1.1` - `github.com/go-viper/mapstructure/v2 v2.4.0` - `github.com/gohugoio/hashstructure v0.5.0` - `github.com/google/go-cmp v0.7.0` - `github.com/google/go-containerregistry v0.20.6` - `github.com/google/licensecheck v0.3.1` - `github.com/google/uuid v1.6.0` - `github.com/gookit/color v1.5.4` - `github.com/hashicorp/go-cleanhttp v0.5.2` - `github.com/hashicorp/go-getter v1.8.6` - `github.com/hashicorp/go-multierror v1.1.1` - `github.com/hashicorp/hcl/v2 v2.23.0` - `github.com/iancoleman/strcase v0.3.0` - `github.com/invopop/jsonschema v0.7.0` - `github.com/jedib0t/go-pretty/v6 v6.6.7` - `github.com/jinzhu/copier v0.4.0` - `github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953@93b2f8823953` - `github.com/magiconair/properties v1.8.10` - `github.com/mholt/archives v0.1.3` - `github.com/moby/sys/mountinfo v0.7.2` - `github.com/nix-community/go-nix v0.0.0-20250101154619-4bdde671e0a1@4bdde671e0a1` - `github.com/olekukonko/tablewriter v1.0.7` - `github.com/opencontainers/go-digest v1.0.0` - `github.com/pelletier/go-toml v1.9.5` - `github.com/quasilyte/go-ruleguard/dsl v0.3.22` - `github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c@e20ec32e963c` - `github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d@5e3ef4b5456d` - `github.com/sanity-io/litter v1.5.8` - `github.com/sassoftware/go-rpmutils v0.4.0` - `github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e@cc7b2070d91e` - `github.com/sergi/go-diff v1.4.0` - `github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb@7098f93598fb` - `github.com/spdx/tools-golang v0.5.5` - `github.com/spf13/afero v1.14.0` - `github.com/spf13/cobra v1.9.1` - `github.com/stretchr/testify v1.11.1` - `github.com/vbatts/go-mtree v0.5.4` - `github.com/vifraa/gopom v1.0.0` - `github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651@8ccac152c651` - `github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0@07e42b3cdba0` - `github.com/xeipuuv/gojsonschema v1.2.0` - `github.com/zyedidia/generic v1.2.2-0.20230320175451-4410d2372cb1@4410d2372cb1` - `go.uber.org/goleak v1.3.0` - `golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0@7e4ce0ab07d0` - `golang.org/x/mod v0.34.0` - `golang.org/x/net v0.53.0` - `gopkg.in/yaml.v3 v3.0.1` - `modernc.org/sqlite v1.38.0` - `cloud.google.com/go v0.123.0` - `cloud.google.com/go/auth v0.18.2` - `cloud.google.com/go/auth/oauth2adapt v0.2.8` - `cloud.google.com/go/compute/metadata v0.9.0` - `cloud.google.com/go/iam v1.5.3` - `cloud.google.com/go/storage v1.61.3` - `dario.cat/mergo v1.0.1` - `github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24@ced1acdcaa24` - `github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0@8075edf89bb0` - `github.com/DataDog/zstd v1.5.5` - `github.com/Masterminds/goutils v1.1.1` - `github.com/Microsoft/go-winio v0.6.2` - `github.com/Microsoft/hcsshim v0.11.7` - `github.com/ProtonMail/go-crypto v1.2.0` - `github.com/STARRY-S/zip v0.2.1` - `github.com/anchore/go-lzo v0.1.0` - `github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092@c68fdcfa2092` - `github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3@453214e765f3` - `github.com/apparentlymart/go-textseg/v13 v13.0.0` - `github.com/apparentlymart/go-textseg/v15 v15.0.0` - `github.com/aquasecurity/go-version v0.0.1` - `github.com/atotto/clipboard v0.1.4` - `github.com/aymanbagabas/go-osc52/v2 v2.0.1` - `github.com/becheran/wildmatch-go v1.0.0` - `github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d@9fd32a8b3d3d` - `github.com/bodgit/plumbing v1.3.0` - `github.com/bodgit/sevenzip v1.6.0` - `github.com/bodgit/windows v1.0.1` - `github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc@f60798e515dc` - `github.com/charmbracelet/harmonica v0.2.0` - `github.com/charmbracelet/x/ansi v0.8.0` - `github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd@2c3ea96c31dd` - `github.com/charmbracelet/x/term v0.2.1` - `github.com/cloudflare/circl v1.6.3` - `github.com/containerd/cgroups v1.1.0` - `github.com/containerd/containerd v1.7.29` - `github.com/containerd/containerd/api v1.8.0` - `github.com/containerd/continuity v0.4.4` - `github.com/containerd/errdefs v1.0.0` - `github.com/containerd/errdefs/pkg v0.3.0` - `github.com/containerd/fifo v1.1.0` - `github.com/containerd/log v0.1.0` - `github.com/containerd/platforms v0.2.1` - `github.com/containerd/stargz-snapshotter/estargz v0.16.3` - `github.com/containerd/ttrpc v1.2.7` - `github.com/containerd/typeurl/v2 v2.2.0` - `github.com/cyphar/filepath-securejoin v0.5.1` - `github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc@d8f796af33cc` - `github.com/docker/cli v29.2.0+incompatible` - `github.com/docker/distribution v2.8.3+incompatible` - `github.com/docker/docker v28.3.3+incompatible` - `github.com/docker/docker-credential-helpers v0.9.3` - `github.com/docker/go-connections v0.5.0` - `github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c@e31b211e4f1c` - `github.com/docker/go-units v0.5.0` - `github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707@39efe44ab707` - `github.com/emirpasic/gods v1.18.1` - `github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f@1c3628e74d0f` - `github.com/fatih/color v1.18.0` - `github.com/felixge/fgprof v0.9.5` - `github.com/felixge/httpsnoop v1.0.4` - `github.com/fsnotify/fsnotify v1.8.0` - `github.com/gabriel-vasile/mimetype v1.4.9` - `github.com/gkampitakis/ciinfo v0.3.2` - `github.com/gkampitakis/go-diff v1.3.2` - `github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376@3a3c6141e376` - `github.com/go-logr/logr v1.4.3` - `github.com/go-logr/stdr v1.2.2` - `github.com/go-restruct/restruct v1.2.0-alpha` - `github.com/goccy/go-yaml v1.18.0` - `github.com/gogo/protobuf v1.3.2` - `github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8@2c02b8208cf8` - `github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e@a4b03ec1a45e` - `github.com/google/s2a-go v0.1.9` - `github.com/googleapis/enterprise-certificate-proxy v0.3.14` - `github.com/googleapis/gax-go/v2 v2.17.0` - `github.com/hashicorp/errwrap v1.1.0` - `github.com/hashicorp/go-version v1.8.0` - `github.com/hashicorp/golang-lru/v2 v2.0.7` - `github.com/huandu/xstrings v1.5.0` - `github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0@ac98e3ecb4b0` - `github.com/inconshreveable/mousetrap v1.1.0` - `github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99@d14ea06fba99` - `github.com/kevinburke/ssh_config v1.2.0` - `github.com/klauspost/compress v1.18.5` - `github.com/klauspost/pgzip v1.2.6` - `github.com/kr/pretty v0.3.1` - `github.com/kr/text v0.2.0` - `github.com/logrusorgru/aurora v2.0.3+incompatible` - `github.com/lucasb-eyer/go-colorful v1.2.0` - `github.com/maruel/natural v1.1.1` - `github.com/mattn/go-colorable v0.1.14` - `github.com/mattn/go-isatty v0.0.20` - `github.com/mattn/go-localereader v0.0.2-0.20220822084749-2491eb6c1c75@2491eb6c1c75` - `github.com/mattn/go-runewidth v0.0.16` - `github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d@d51e80ef957d` - `github.com/mikelolasagasti/xz v1.0.1` - `github.com/minio/minlz v1.0.0` - `github.com/mitchellh/copystructure v1.2.0` - `github.com/mitchellh/go-homedir v1.1.0` - `github.com/mitchellh/go-wordwrap v1.0.1` - `github.com/mitchellh/reflectwalk v1.0.2` - `github.com/moby/docker-image-spec v1.3.1` - `github.com/moby/locker v1.0.1` - `github.com/moby/sys/sequential v0.6.0` - `github.com/moby/sys/signal v0.7.0` - `github.com/moby/sys/user v0.3.0` - `github.com/moby/sys/userns v0.1.0` - `github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6@276c6243b2f6` - `github.com/muesli/cancelreader v0.2.2` - `github.com/muesli/termenv v0.16.0` - `github.com/ncruces/go-strftime v0.1.9` - `github.com/opencontainers/image-spec v1.1.1` - `github.com/opencontainers/runtime-spec v1.1.0` - `github.com/opencontainers/selinux v1.13.1` - `github.com/pborman/indent v1.2.1` - `github.com/pelletier/go-toml/v2 v2.2.3` - `github.com/pierrec/lz4/v4 v4.1.22` - `github.com/pjbgf/sha1cd v0.3.2` - `github.com/pkg/errors v0.9.1` - `github.com/pkg/profile v1.7.0` - `github.com/pkg/xattr v0.4.9` - `github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2@5d4384ee4fb2` - `github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec@24d4a6f8daec` - `github.com/rivo/uniseg v0.4.7` - `github.com/rogpeppe/go-internal v1.14.1` - `github.com/sagikazarmark/locafero v0.7.0` - `github.com/sahilm/fuzzy v0.1.1` - `github.com/shopspring/decimal v1.4.0` - `github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af@dd1b4c2e81af` - `github.com/skeema/knownhosts v1.3.1` - `github.com/sorairolake/lzip-go v0.3.5` - `github.com/sourcegraph/conc v0.3.0` - `github.com/spf13/cast v1.7.1` - `github.com/spf13/pflag v1.0.6` - `github.com/spf13/viper v1.20.0` - `github.com/stretchr/objx v0.5.2` - `github.com/subosito/gotenv v1.6.0` - `github.com/sylabs/sif/v2 v2.21.1` - `github.com/sylabs/squashfs v1.0.6` - `github.com/therootcompany/xz v1.0.1` - `github.com/tidwall/gjson v1.18.0` - `github.com/tidwall/match v1.1.1` - `github.com/tidwall/pretty v1.2.1` - `github.com/tidwall/sjson v1.2.5` - `github.com/ulikunitz/xz v0.5.15` - `github.com/vbatts/tar-split v0.12.1` - `github.com/xanzy/ssh-agent v0.3.3` - `github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb@02993c407bfb` - `github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415@bd5ef7bd5415` - `github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8@48954b6210f8` - `github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e@abceb7e1c41e` - `github.com/zclconf/go-cty v1.13.0` - `go.opencensus.io v0.24.0` - `go.opentelemetry.io/auto/sdk v1.2.1` - `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0` - `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0` - `go.opentelemetry.io/otel v1.43.0` - `go.opentelemetry.io/otel/metric v1.43.0` - `go.opentelemetry.io/otel/trace v1.43.0` - `go.uber.org/atomic v1.9.0` - `go.uber.org/multierr v1.9.0` - `go4.org v0.0.0-20230225012048-214862532bf5@214862532bf5` - `golang.org/x/crypto v0.50.0` - `golang.org/x/oauth2 v0.36.0` - `golang.org/x/sync v0.20.0` - `golang.org/x/sys v0.43.0` - `golang.org/x/term v0.42.0` - `golang.org/x/text v0.36.0` - `golang.org/x/time v0.15.0` - `golang.org/x/tools v0.43.0` - `golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028@104605ab7028` - `google.golang.org/api v0.271.0` - `google.golang.org/genproto v0.0.0-20260128011058-8636f8732409@8636f8732409` - `google.golang.org/genproto/googleapis/api v0.0.0-20260203192932-546029d2fa20@546029d2fa20` - `google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171@a57be14db171` - `google.golang.org/grpc v1.79.3` - `google.golang.org/protobuf v1.36.11` - `gopkg.in/warnings.v0 v0.1.2` - `modernc.org/libc v1.65.10` - `modernc.org/mathutil v1.7.1` - `modernc.org/memory v1.11.0` - `cel.dev/expr v0.25.1` - `cloud.google.com/go/monitoring v1.24.3` - `github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0` - `github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0` - `github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0` - `github.com/aws/aws-sdk-go-v2 v1.41.5` - `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8` - `github.com/aws/aws-sdk-go-v2/config v1.32.12` - `github.com/aws/aws-sdk-go-v2/credentials v1.19.12` - `github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20` - `github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21` - `github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21` - `github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6` - `github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22` - `github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7` - `github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13` - `github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21` - `github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21` - `github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3` - `github.com/aws/aws-sdk-go-v2/service/signin v1.0.8` - `github.com/aws/aws-sdk-go-v2/service/sso v1.30.13` - `github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.17` - `github.com/aws/aws-sdk-go-v2/service/sts v1.41.9` - `github.com/aws/smithy-go v1.24.2` - `github.com/cespare/xxhash/v2 v2.3.0` - `github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5@ee656c7534f5` - `github.com/envoyproxy/go-control-plane/envoy v1.36.0` - `github.com/envoyproxy/protoc-gen-validate v1.3.0` - `github.com/go-jose/go-jose/v4 v4.1.4` - `github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.72` - `github.com/nwaples/rardecode/v2 v2.2.1` - `github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6@50322a0618f6` - `github.com/olekukonko/errors v1.1.0` - `github.com/olekukonko/ll v0.1.2` - `github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10@0393e58bdf10` - `github.com/spiffe/go-spiffe/v2 v2.6.0` - `go.opentelemetry.io/contrib/detectors/gcp v1.39.0` - `go.opentelemetry.io/otel/sdk v1.43.0` - `go.opentelemetry.io/otel/sdk/metric v1.43.0` </details> </blockquote> </details> </blockquote> </details> <details><summary>Branch alauda-v1.42.3</summary> <blockquote> <details><summary>dockerfile</summary> <blockquote> <details><summary>Dockerfile</summary> </details> <details><summary>Dockerfile.debug</summary> </details> <details><summary>Dockerfile.nonroot</summary> </details> </blockquote> </details> <details><summary>gomod</summary> <blockquote> <details><summary>go.mod</summary> - `go 1.26.4` - `github.com/BurntSushi/toml v1.6.0` - `github.com/CycloneDX/cyclonedx-go v0.10.0` - `github.com/Masterminds/semver/v3 v3.4.0` - `github.com/Masterminds/sprig/v3 v3.3.0` - `github.com/OneOfOne/xxhash v1.2.8` - `github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d@5a71ef0e047d` - `github.com/adrg/xdg v0.5.3` - `github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9@def0aba654a9` - `github.com/anchore/clio v0.0.0-20250319180342-2cfe4b0cb716@2cfe4b0cb716` - `github.com/anchore/fangs v0.0.0-20250319222917-446a1e748ec2@446a1e748ec2` - `github.com/anchore/go-collections v0.0.0-20251016125210-a3c352120e8c@a3c352120e8c` - `github.com/anchore/go-homedir v0.0.0-20250319154043-c29668562e4d@c29668562e4d` - `github.com/anchore/go-logger v0.0.0-20250318195838-07ae343dd722@07ae343dd722` - `github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb@53e6d0aaf6fb` - `github.com/anchore/go-rpmdb v0.0.0-20250516171929-f77691e1faec@f77691e1faec` - `github.com/anchore/go-sync v0.0.0-20250326131806-4eda43a485b6@4eda43a485b6` - `github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b@18adb9c92b9b` - `github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115@d62adb6e1115` - `github.com/anchore/stereoscope v0.1.22` - `github.com/aquasecurity/go-pep440-version v0.0.1` - `github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef@b1f57a8634ef` - `github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb@809d4375e1fb` - `github.com/bmatcuk/doublestar/v4 v4.10.0` - `github.com/charmbracelet/bubbles v1.0.0` - `github.com/charmbracelet/bubbletea v1.3.10` - `github.com/charmbracelet/lipgloss v1.1.0` - `github.com/dave/jennifer v1.7.1` - `github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da@1ff89d7342da` - `github.com/diskfs/go-diskfs v1.7.0` - `github.com/distribution/reference v0.6.0` - `github.com/dustin/go-humanize v1.0.1` - `github.com/elliotchance/phpserialize v1.4.0` - `github.com/facebookincubator/nvdtools v0.1.5` - `github.com/github/go-spdx/v2 v2.4.0` - `github.com/gkampitakis/go-snaps v0.5.20` - `github.com/go-git/go-billy/v5 v5.9.0` - `github.com/go-git/go-git/v5 v5.19.1` - `github.com/go-test/deep v1.1.1` - `github.com/go-viper/mapstructure/v2 v2.5.0` - `github.com/gohugoio/hashstructure v0.6.0` - `github.com/google/go-cmp v0.7.0` - `github.com/google/go-containerregistry v0.21.2` - `github.com/google/licensecheck v0.3.1` - `github.com/google/uuid v1.6.0` - `github.com/gookit/color v1.6.0` - `github.com/hashicorp/go-cleanhttp v0.5.2` - `github.com/hashicorp/go-getter v1.8.6` - `github.com/hashicorp/go-multierror v1.1.1` - `github.com/hashicorp/hcl/v2 v2.24.0` - `github.com/iancoleman/strcase v0.3.0` - `github.com/invopop/jsonschema v0.13.0` - `github.com/jedib0t/go-pretty/v6 v6.7.8` - `github.com/jinzhu/copier v0.4.0` - `github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953@93b2f8823953` - `github.com/magiconair/properties v1.8.10` - `github.com/mholt/archives v0.1.5` - `github.com/moby/sys/mountinfo v0.7.2` - `github.com/nix-community/go-nix v0.0.0-20250101154619-4bdde671e0a1@4bdde671e0a1` - `github.com/olekukonko/tablewriter v1.1.4` - `github.com/opencontainers/go-digest v1.0.0` - `github.com/pelletier/go-toml v1.9.5` - `github.com/quasilyte/go-ruleguard/dsl v0.3.23` - `github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c@e20ec32e963c` - `github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d@5e3ef4b5456d` - `github.com/sanity-io/litter v1.5.8` - `github.com/sassoftware/go-rpmutils v0.4.0` - `github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e@cc7b2070d91e` - `github.com/sergi/go-diff v1.4.0` - `github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb@7098f93598fb` - `github.com/spdx/tools-golang v0.5.7` - `github.com/spf13/afero v1.15.0` - `github.com/spf13/cobra v1.10.2` - `github.com/stretchr/testify v1.11.1` - `github.com/vbatts/go-mtree v0.7.0` - `github.com/vifraa/gopom v1.0.0` - `github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651@8ccac152c651` - `github.com/wagoodman/go-progress v0.0.0-20260303201901-10176f79b2c0@10176f79b2c0` - `github.com/xeipuuv/gojsonschema v1.2.0` - `github.com/zyedidia/generic v1.2.2-0.20230320175451-4410d2372cb1@4410d2372cb1` - `go.uber.org/goleak v1.3.0` - `go.yaml.in/yaml/v3 v3.0.4` - `golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f@746e56fc9e2f` - `golang.org/x/mod v0.35.0` - `golang.org/x/net v0.53.0` - `modernc.org/sqlite v1.46.1` - `cloud.google.com/go v0.123.0` - `cloud.google.com/go/auth v0.18.2` - `cloud.google.com/go/auth/oauth2adapt v0.2.8` - `cloud.google.com/go/compute/metadata v0.9.0` - `cloud.google.com/go/iam v1.5.3` - `cloud.google.com/go/storage v1.61.3` - `dario.cat/mergo v1.0.2` - `github.com/DataDog/zstd v1.5.5` - `github.com/Masterminds/goutils v1.1.1` - `github.com/Microsoft/go-winio v0.6.2` - `github.com/Microsoft/hcsshim v0.14.1` - `github.com/ProtonMail/go-crypto v1.4.0` - `github.com/STARRY-S/zip v0.2.3` - `github.com/anchore/go-lzo v0.1.0` - `github.com/anchore/go-struct-converter v0.1.0` - `github.com/andybalholm/brotli v1.2.0` - `github.com/apparentlymart/go-textseg/v15 v15.0.0` - `github.com/aquasecurity/go-version v0.0.1` - `github.com/atotto/clipboard v0.1.4` - `github.com/aymanbagabas/go-osc52/v2 v2.0.1` - `github.com/becheran/wildmatch-go v1.0.0` - `github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d@9fd32a8b3d3d` - `github.com/bodgit/plumbing v1.3.0` - `github.com/bodgit/sevenzip v1.6.1` - `github.com/bodgit/windows v1.0.1` - `github.com/charmbracelet/colorprofile v0.4.1` - `github.com/charmbracelet/harmonica v0.2.0` - `github.com/charmbracelet/x/ansi v0.11.6` - `github.com/charmbracelet/x/cellbuf v0.0.15` - `github.com/charmbracelet/x/term v0.2.2` - `github.com/cloudflare/circl v1.6.3` - `github.com/containerd/containerd/api v1.10.0` - `github.com/containerd/continuity v0.4.5` - `github.com/containerd/errdefs v1.0.0` - `github.com/containerd/errdefs/pkg v0.3.0` - `github.com/containerd/fifo v1.1.0` - `github.com/containerd/log v0.1.0` - `github.com/containerd/platforms v1.0.0-rc.2` - `github.com/containerd/stargz-snapshotter/estargz v0.18.2` - `github.com/containerd/ttrpc v1.2.7` - `github.com/containerd/typeurl/v2 v2.2.3` - `github.com/cyphar/filepath-securejoin v0.6.1` - `github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc@d8f796af33cc` - `github.com/docker/cli v29.3.0+incompatible` - `github.com/docker/distribution v2.8.3+incompatible` - `github.com/docker/docker-credential-helpers v0.9.5` - `github.com/docker/go-connections v0.6.0` - `github.com/docker/go-units v0.5.0` - `github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707@39efe44ab707` - `github.com/emirpasic/gods v1.18.1` - `github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f@1c3628e74d0f` - `github.com/fatih/color v1.18.0` - `github.com/felixge/fgprof v0.9.5` - `github.com/felixge/httpsnoop v1.0.4` - `github.com/fsnotify/fsnotify v1.9.0` - `github.com/gabriel-vasile/mimetype v1.4.13` - `github.com/gkampitakis/ciinfo v0.3.2` - `github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376@3a3c6141e376` - `github.com/go-logr/logr v1.4.3` - `github.com/go-logr/stdr v1.2.2` - `github.com/go-restruct/restruct v1.2.0-alpha` - `github.com/goccy/go-yaml v1.19.2` - `github.com/gogo/protobuf v1.3.2` - `github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8@2c02b8208cf8` - `github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e@a4b03ec1a45e` - `github.com/google/s2a-go v0.1.9` - `github.com/googleapis/enterprise-certificate-proxy v0.3.14` - `github.com/googleapis/gax-go/v2 v2.17.0` - `github.com/hashicorp/errwrap v1.1.0` - `github.com/hashicorp/go-version v1.8.0` - `github.com/hashicorp/golang-lru/v2 v2.0.7` - `github.com/huandu/xstrings v1.5.0` - `github.com/inconshreveable/mousetrap v1.1.0` - `github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99@d14ea06fba99` - `github.com/kevinburke/ssh_config v1.2.0` - `github.com/klauspost/compress v1.18.5` - `github.com/klauspost/pgzip v1.2.6` - `github.com/kr/pretty v0.3.1` - `github.com/kr/text v0.2.0` - `github.com/lucasb-eyer/go-colorful v1.3.0` - `github.com/maruel/natural v1.1.1` - `github.com/mattn/go-colorable v0.1.14` - `github.com/mattn/go-isatty v0.0.20` - `github.com/mattn/go-localereader v0.0.2-0.20220822084749-2491eb6c1c75@2491eb6c1c75` - `github.com/mattn/go-runewidth v0.0.19` - `github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d@d51e80ef957d` - `github.com/mikelolasagasti/xz v1.0.1` - `github.com/minio/minlz v1.0.1` - `github.com/mitchellh/copystructure v1.2.0` - `github.com/mitchellh/go-homedir v1.1.0` - `github.com/mitchellh/go-wordwrap v1.0.1` - `github.com/mitchellh/reflectwalk v1.0.2` - `github.com/moby/docker-image-spec v1.3.1` - `github.com/moby/locker v1.0.1` - `github.com/moby/sys/sequential v0.6.0` - `github.com/moby/sys/signal v0.7.1` - `github.com/moby/sys/user v0.4.0` - `github.com/moby/sys/userns v0.1.0` - `github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6@276c6243b2f6` - `github.com/muesli/cancelreader v0.2.2` - `github.com/muesli/termenv v0.16.0` - `github.com/ncruces/go-strftime v1.0.0` - `github.com/opencontainers/image-spec v1.1.1` - `github.com/opencontainers/runtime-spec v1.3.0` - `github.com/opencontainers/selinux v1.13.1` - `github.com/pborman/indent v1.2.1` - `github.com/pelletier/go-toml/v2 v2.2.4` - `github.com/pierrec/lz4/v4 v4.1.22` - `github.com/pjbgf/sha1cd v0.6.0` - `github.com/pkg/errors v0.9.1` - `github.com/pkg/profile v1.7.0` - `github.com/pkg/xattr v0.4.9` - `github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2@5d4384ee4fb2` - `github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec@24d4a6f8daec` - `github.com/rivo/uniseg v0.4.7` - `github.com/rogpeppe/go-internal v1.14.1` - `github.com/sagikazarmark/locafero v0.7.0` - `github.com/sahilm/fuzzy v0.1.1` - `github.com/shopspring/decimal v1.4.0` - `github.com/sirupsen/logrus v1.9.4` - `github.com/skeema/knownhosts v1.3.1` - `github.com/sorairolake/lzip-go v0.3.8` - `github.com/sourcegraph/conc v0.3.0` - `github.com/spf13/cast v1.7.1` - `github.com/spf13/pflag v1.0.10` - `github.com/spf13/viper v1.20.0` - `github.com/stretchr/objx v0.5.2` - `github.com/subosito/gotenv v1.6.0` - `github.com/sylabs/sif/v2 v2.24.0` - `github.com/sylabs/squashfs v1.0.6` - `github.com/therootcompany/xz v1.0.1` - `github.com/tidwall/gjson v1.18.0` - `github.com/tidwall/match v1.1.1` - `github.com/tidwall/pretty v1.2.1` - `github.com/tidwall/sjson v1.2.5` - `github.com/ulikunitz/xz v0.5.15` - `github.com/vbatts/tar-split v0.12.2` - `github.com/xanzy/ssh-agent v0.3.3` - `github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb@02993c407bfb` - `github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415@bd5ef7bd5415` - `github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8@48954b6210f8` - `github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e@abceb7e1c41e` - `github.com/zclconf/go-cty v1.16.3` - `go.opencensus.io v0.24.0` - `go.opentelemetry.io/auto/sdk v1.2.1` - `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0` - `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0` - `go.opentelemetry.io/otel v1.43.0` - `go.opentelemetry.io/otel/metric v1.43.0` - `go.opentelemetry.io/otel/trace v1.43.0` - `go.uber.org/atomic v1.9.0` - `go.uber.org/multierr v1.9.0` - `go4.org v0.0.0-20230225012048-214862532bf5@214862532bf5` - `golang.org/x/crypto v0.50.0` - `golang.org/x/oauth2 v0.36.0` - `golang.org/x/sync v0.20.0` - `golang.org/x/sys v0.43.0` - `golang.org/x/term v0.42.0` - `golang.org/x/text v0.36.0` - `golang.org/x/time v0.15.0` - `golang.org/x/tools v0.44.0` - `golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028@104605ab7028` - `google.golang.org/api v0.271.0` - `google.golang.org/genproto v0.0.0-20260128011058-8636f8732409@8636f8732409` - `google.golang.org/genproto/googleapis/api v0.0.0-20260203192932-546029d2fa20@546029d2fa20` - `google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171@a57be14db171` - `google.golang.org/grpc v1.79.3` - `google.golang.org/protobuf v1.36.11` - `gopkg.in/warnings.v0 v0.1.2` - `gopkg.in/yaml.v3 v3.0.1` - `modernc.org/libc v1.67.6` - `modernc.org/mathutil v1.7.1` - `modernc.org/memory v1.11.0` - `github.com/acobaugh/osrelease v0.1.0` - `github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be@38f4b401e2be` - `github.com/cespare/xxhash/v2 v2.3.0` - `github.com/gpustack/gguf-parser-go v0.24.0` - `github.com/wk8/go-ordered-map/v2 v2.1.8` - `cel.dev/expr v0.25.1` - `cloud.google.com/go/monitoring v1.24.3` - `cyphar.com/go-pathrs v0.2.1` - `github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0` - `github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0` - `github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0` - `github.com/aws/aws-sdk-go-v2 v1.41.5` - `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8` - `github.com/aws/aws-sdk-go-v2/config v1.32.12` - `github.com/aws/aws-sdk-go-v2/credentials v1.19.12` - `github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20` - `github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21` - `github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21` - `github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6` - `github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22` - `github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7` - `github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13` - `github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21` - `github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21` - `github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3` - `github.com/aws/aws-sdk-go-v2/service/signin v1.0.8` - `github.com/aws/aws-sdk-go-v2/service/sso v1.30.13` - `github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.17` - `github.com/aws/aws-sdk-go-v2/service/sts v1.41.9` - `github.com/aws/smithy-go v1.24.2` - `github.com/bahlo/generic-list-go v0.2.0` - `github.com/buger/jsonparser v1.1.2` - `github.com/clipperhouse/displaywidth v0.10.0` - `github.com/clipperhouse/uax29/v2 v2.6.0` - `github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5@ee656c7534f5` - `github.com/containerd/cgroups/v3 v3.1.2` - `github.com/containerd/containerd/v2 v2.2.4` - `github.com/containerd/plugin v1.0.0` - `github.com/envoyproxy/go-control-plane/envoy v1.36.0` - `github.com/envoyproxy/protoc-gen-validate v1.3.0` - `github.com/go-jose/go-jose/v4 v4.1.4` - `github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.72` - `github.com/henvic/httpretty v0.1.4` - `github.com/json-iterator/go v1.1.12` - `github.com/klauspost/cpuid/v2 v2.3.0` - `github.com/mailru/easyjson v0.7.7` - `github.com/moby/moby/api v1.54.0` - `github.com/moby/moby/client v0.3.0` - `github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd@bacd9c7ef1dd` - `github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee@35a7c28c31ee` - `github.com/nwaples/rardecode/v2 v2.2.0` - `github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6@50322a0618f6` - `github.com/olekukonko/errors v1.2.0` - `github.com/olekukonko/ll v0.1.6` - `github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10@0393e58bdf10` - `github.com/smallnest/ringbuffer v0.0.0-20241116012123-461381446e3d@461381446e3d` - `github.com/spiffe/go-spiffe/v2 v2.6.0` - `go.opentelemetry.io/contrib/detectors/gcp v1.39.0` - `go.opentelemetry.io/otel/sdk v1.43.0` - `go.opentelemetry.io/otel/sdk/metric v1.43.0` - `gonum.org/v1/gonum v0.16.0` </details> <details><summary>syft/pkg/cataloger/golang/internal/gotestdata/go-source/go.mod</summary> - `go 1.24.3` - `github.com/google/uuid v1.6.0` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/viper v1.20.1` - `github.com/stretchr/testify v1.10.0` - `go.uber.org/zap v1.27.0` - `github.com/davecgh/go-spew v1.1.1` - `github.com/fsnotify/fsnotify v1.8.0` - `github.com/go-viper/mapstructure/v2 v2.4.0` - `github.com/pelletier/go-toml/v2 v2.2.3` - `github.com/pmezard/go-difflib v1.0.0` - `github.com/sagikazarmark/locafero v0.7.0` - `github.com/sourcegraph/conc v0.3.0` - `github.com/spf13/afero v1.12.0` - `github.com/spf13/cast v1.7.1` - `github.com/spf13/pflag v1.0.6` - `github.com/subosito/gotenv v1.6.0` - `go.uber.org/multierr v1.10.0` - `golang.org/x/sys v0.33.0` - `golang.org/x/text v0.21.0` - `gopkg.in/yaml.v3 v3.0.1` </details> </blockquote> </details> </blockquote> </details> --- - [ ] <!-- manual job -->Check this box to trigger a request for Renovate to run again on this repository
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Repository problems
Renovate tried to run on this repository, but found these problems.
Warning
Renovate failed to look up the following dependencies:
Could not determine new digest for update (go package github.com/charmbracelet/x/cellbuf).Files affected:
go.modOpen
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
Vulnerabilities
32/41CVEs have Renovate fixes.gomod
Detected dependencies
Branch alauda-v1.28.0
Branch alauda-v1.42.3