This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. ## Repository problems Renovate tried to run on this repository, but found these problems. - WARN: Package lookup failures ## Rate-Limited These updates are currently rate-limited. Click on a checkbox below to force their creation now. - [ ] <!-- unlimit-branch=renovate/build-harbor.alauda.cn-devops-nonroot-builder-go-latest -->chore(deps): update build-harbor.alauda.cn/devops/nonroot/builder-go:latest docker digest to 08c4f58 - [ ] <!-- unlimit-branch=renovate/alpine-3.x -->chore(deps): update alpine docker tag to v3.24 - [ ] <!-- create-all-rate-limited-prs -->🔐 **Create all rate-limited PRs at once** 🔐 --- > [!WARNING] > Renovate failed to look up the following dependencies: `Could not determine new digest for update (go package github.com/go-task/slim-sprig)`. > > Files affected: `dependabot/go.mod` --- ## Open These updates have all been created already. Click a checkbox below to force a retry/rebase of any. - [ ] <!-- rebase-branch=renovate/go-golang.org-x-sys-vulnerability -->[chore(deps): update module golang.org/x/sys to v0.44.0 [security]](../pull/199) - [ ] <!-- rebase-branch=renovate/go-github.com-containerd-containerd-vulnerability -->[chore(deps): update module github.com/containerd/containerd to v2 [security]](../pull/198) - [ ] <!-- rebase-branch=renovate/patch-patch-upgrades -->[chore(deps): update all patch dependencies (patch)](../pull/200) (`build-harbor.alauda.cn/ops/alpine`, `build-harbor.alauda.cn/ops/photon`, `golang`, `kubectl`) - [ ] <!-- rebase-all-open-prs -->**Click on this checkbox to rebase all open PRs at once** ## Vulnerabilities `54`/`60` CVEs have Renovate fixes. <details><summary>gomod</summary> <blockquote> <details><summary>artifact-scanner/go.mod</summary> <blockquote> <details><summary>github.com/containerd/containerd</summary> <blockquote> - [GHSA-fqw6-gf59-qr4w](https://osv.dev/vulnerability/GHSA-fqw6-gf59-qr4w) (fixed in >= 1.7.32) </blockquote> </details> <details><summary>github.com/docker/docker</summary> <blockquote> - [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-qrqr-3x5j-2xw9](https://osv.dev/vulnerability/GHSA-qrqr-3x5j-2xw9) - [GHSA-pxq6-2prw-chj9](https://osv.dev/vulnerability/GHSA-pxq6-2prw-chj9) - [GO-2026-4883](https://osv.dev/vulnerability/GO-2026-4883) - [GHSA-vp62-88p7-qqf5](https://osv.dev/vulnerability/GHSA-vp62-88p7-qqf5) (fixed in > 28.5.2) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv) - [GHSA-x86f-5xw2-fm2r](https://osv.dev/vulnerability/GHSA-x86f-5xw2-fm2r) (fixed in > 28.5.2) - [GO-2026-4887](https://osv.dev/vulnerability/GO-2026-4887) - [GHSA-x744-4wpc-v9h2](https://osv.dev/vulnerability/GHSA-x744-4wpc-v9h2) (fixed in >= 29.3.1) - [GHSA-rg2x-37c3-w2rh](https://osv.dev/vulnerability/GHSA-rg2x-37c3-w2rh) (fixed in > 28.5.2) </blockquote> </details> <details><summary>golang.org/x/net</summary> <blockquote> - [GO-2026-5026](https://osv.dev/vulnerability/GO-2026-5026) (fixed in >= 0.55.0) - [GO-2026-5028](https://osv.dev/vulnerability/GO-2026-5028) (fixed in >= 0.55.0) - [GO-2026-5025](https://osv.dev/vulnerability/GO-2026-5025) (fixed in >= 0.55.0) - [GO-2026-5027](https://osv.dev/vulnerability/GO-2026-5027) (fixed in >= 0.55.0) - [GO-2026-5030](https://osv.dev/vulnerability/GO-2026-5030) (fixed in >= 0.55.0) - [GO-2026-5029](https://osv.dev/vulnerability/GO-2026-5029) (fixed in >= 0.55.0) </blockquote> </details> <details><summary>golang.org/x/sys</summary> <blockquote> - [GO-2026-5024](https://osv.dev/vulnerability/GO-2026-5024) (fixed in >= 0.44.0) </blockquote> </details> </blockquote> </details> <details><summary>dependabot/go.mod</summary> <blockquote> <details><summary>golang.org/x/net</summary> <blockquote> - [GO-2026-5026](https://osv.dev/vulnerability/GO-2026-5026) (fixed in >= 0.55.0) - [GO-2026-5028](https://osv.dev/vulnerability/GO-2026-5028) (fixed in >= 0.55.0) - [GO-2026-5025](https://osv.dev/vulnerability/GO-2026-5025) (fixed in >= 0.55.0) - [GO-2026-5027](https://osv.dev/vulnerability/GO-2026-5027) (fixed in >= 0.55.0) - [GO-2026-5030](https://osv.dev/vulnerability/GO-2026-5030) (fixed in >= 0.55.0) - [GO-2026-5029](https://osv.dev/vulnerability/GO-2026-5029) (fixed in >= 0.55.0) </blockquote> </details> <details><summary>golang.org/x/sys</summary> <blockquote> - [GO-2026-5024](https://osv.dev/vulnerability/GO-2026-5024) (fixed in >= 0.44.0) </blockquote> </details> </blockquote> </details> <details><summary>plugin-releaser/go.mod</summary> <blockquote> <details><summary>golang.org/x/net</summary> <blockquote> - [GO-2026-5026](https://osv.dev/vulnerability/GO-2026-5026) (fixed in >= 0.55.0) - [GO-2026-5028](https://osv.dev/vulnerability/GO-2026-5028) (fixed in >= 0.55.0) - [GO-2026-5025](https://osv.dev/vulnerability/GO-2026-5025) (fixed in >= 0.55.0) - [GO-2026-5027](https://osv.dev/vulnerability/GO-2026-5027) (fixed in >= 0.55.0) - [GO-2026-5030](https://osv.dev/vulnerability/GO-2026-5030) (fixed in >= 0.55.0) - [GO-2026-5029](https://osv.dev/vulnerability/GO-2026-5029) (fixed in >= 0.55.0) </blockquote> </details> <details><summary>golang.org/x/sys</summary> <blockquote> - [GO-2026-5024](https://osv.dev/vulnerability/GO-2026-5024) (fixed in >= 0.44.0) </blockquote> </details> </blockquote> </details> <details><summary>pr-cli/go.mod</summary> <blockquote> <details><summary>golang.org/x/net</summary> <blockquote> - [GO-2026-5026](https://osv.dev/vulnerability/GO-2026-5026) (fixed in >= 0.55.0) - [GO-2026-5028](https://osv.dev/vulnerability/GO-2026-5028) (fixed in >= 0.55.0) - [GO-2026-5025](https://osv.dev/vulnerability/GO-2026-5025) (fixed in >= 0.55.0) - [GO-2026-5027](https://osv.dev/vulnerability/GO-2026-5027) (fixed in >= 0.55.0) - [GO-2026-5030](https://osv.dev/vulnerability/GO-2026-5030) (fixed in >= 0.55.0) - [GO-2026-5029](https://osv.dev/vulnerability/GO-2026-5029) (fixed in >= 0.55.0) </blockquote> </details> <details><summary>golang.org/x/sys</summary> <blockquote> - [GO-2026-5024](https://osv.dev/vulnerability/GO-2026-5024) (fixed in >= 0.44.0) </blockquote> </details> </blockquote> </details> <details><summary>roadmap-planner/backend/go.mod</summary> <blockquote> <details><summary>golang.org/x/crypto</summary> <blockquote> - [GO-2026-5021](https://osv.dev/vulnerability/GO-2026-5021) (fixed in >= 0.52.0) - [GO-2026-5017](https://osv.dev/vulnerability/GO-2026-5017) (fixed in >= 0.52.0) - [GO-2026-5020](https://osv.dev/vulnerability/GO-2026-5020) (fixed in >= 0.52.0) - [GO-2026-5013](https://osv.dev/vulnerability/GO-2026-5013) (fixed in >= 0.52.0) - [GO-2026-5019](https://osv.dev/vulnerability/GO-2026-5019) (fixed in >= 0.52.0) - [GO-2026-5023](https://osv.dev/vulnerability/GO-2026-5023) (fixed in >= 0.52.0) - [GO-2026-5033](https://osv.dev/vulnerability/GO-2026-5033) (fixed in >= 0.52.0) - [GO-2026-5018](https://osv.dev/vulnerability/GO-2026-5018) (fixed in >= 0.52.0) - [GO-2026-5005](https://osv.dev/vulnerability/GO-2026-5005) (fixed in >= 0.52.0) - [GO-2026-5015](https://osv.dev/vulnerability/GO-2026-5015) (fixed in >= 0.52.0) - [GO-2026-5014](https://osv.dev/vulnerability/GO-2026-5014) (fixed in >= 0.52.0) - [GO-2026-5016](https://osv.dev/vulnerability/GO-2026-5016) (fixed in >= 0.52.0) - [GO-2026-5006](https://osv.dev/vulnerability/GO-2026-5006) (fixed in >= 0.52.0) </blockquote> </details> <details><summary>golang.org/x/net</summary> <blockquote> - [GO-2026-5026](https://osv.dev/vulnerability/GO-2026-5026) (fixed in >= 0.55.0) - [GO-2026-5028](https://osv.dev/vulnerability/GO-2026-5028) (fixed in >= 0.55.0) - [GO-2026-5025](https://osv.dev/vulnerability/GO-2026-5025) (fixed in >= 0.55.0) - [GO-2026-5027](https://osv.dev/vulnerability/GO-2026-5027) (fixed in >= 0.55.0) - [GO-2026-5030](https://osv.dev/vulnerability/GO-2026-5030) (fixed in >= 0.55.0) - [GO-2026-5029](https://osv.dev/vulnerability/GO-2026-5029) (fixed in >= 0.55.0) </blockquote> </details> <details><summary>golang.org/x/sys</summary> <blockquote> - [GO-2026-5024](https://osv.dev/vulnerability/GO-2026-5024) (fixed in >= 0.44.0) </blockquote> </details> </blockquote> </details> <details><summary>syncfiles/go.mod</summary> <blockquote> <details><summary>golang.org/x/sys</summary> <blockquote> - [GO-2026-5024](https://osv.dev/vulnerability/GO-2026-5024) (fixed in >= 0.44.0) </blockquote> </details> </blockquote> </details> </blockquote> </details> ## Detected dependencies <details><summary>dockerfile</summary> <blockquote> <details><summary>artifact-scanner/Dockerfile</summary> - `build-harbor.alauda.cn/devops/nonroot/builder-go latest@sha256:4f740d7c64d43e955f2ab8d02b462ec940e3ba88d9134514f4318c3a82c300e7` - `build-harbor.alauda.cn/ops/alpine 3.23.3-alauda-202605061100` </details> <details><summary>pr-cli/Dockerfile</summary> - `build-harbor.alauda.cn/ops/alpine 3.23.3-alauda-202605061100` </details> <details><summary>pr-watcher/images/Dockerfile</summary> - `alpine 3.23` </details> <details><summary>roadmap-planner/Dockerfile</summary> - `node 24-alpine` - `golang 1.26.3-alpine` </details> <details><summary>roadmap-planner/backend/Dockerfile</summary> - `golang 1.26.3-alpine` </details> <details><summary>roadmap-planner/frontend/Dockerfile</summary> - `node 24-alpine` </details> <details><summary>tekton/cleanup-runs-pvc/Dockerfile</summary> - `build-harbor.alauda.cn/ops/photon 5-alauda-202604171100` - `build-harbor.alauda.cn/ops/alpine 3.23.3-alauda-202605061100` </details> </blockquote> </details> <details><summary>gomod</summary> <blockquote> <details><summary>artifact-scanner/go.mod</summary> - `go 1.25.4` - `github.com/AlaudaDevops/pkg v0.13.1-0.20250411092507-24e8b46d5269@24e8b46d5269` - `github.com/andygrunwald/go-jira v1.16.1` - `github.com/ankitpokhrel/jira-cli v1.5.2` - `github.com/distribution/reference v0.6.0` - `github.com/onsi/gomega v1.36.3` - `github.com/operator-framework/operator-registry v1.51.0` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/cobra v1.9.1` - `github.com/spf13/pflag v1.0.10` - `github.com/trivago/tgo v1.0.7` - `go.uber.org/zap v1.27.1` - `gopkg.in/yaml.v3 v3.0.1` - `knative.dev/pkg v0.0.0-20250331013832-c5a13b15ccdb@c5a13b15ccdb` - `cel.dev/expr v0.25.1` - `github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6@e8a1dd7889d6` - `github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c@faa5f7b0171c` - `github.com/BurntSushi/toml v1.4.0` - `github.com/Microsoft/go-winio v0.6.2` - `github.com/Microsoft/hcsshim v0.13.0` - `github.com/antlr4-go/antlr/v4 v4.13.1` - `github.com/blang/semver/v4 v4.0.0` - `github.com/blendle/zapdriver v1.3.1` - `github.com/cespare/xxhash/v2 v2.3.0` - `github.com/containerd/cgroups/v3 v3.0.5` - `github.com/containerd/containerd v1.7.29` - `github.com/containerd/containerd/api v1.9.0` - `github.com/containerd/continuity v0.4.5` - `github.com/containerd/errdefs v1.0.0` - `github.com/containerd/errdefs/pkg v0.3.0` - `github.com/containerd/log v0.1.0` - `github.com/containerd/platforms v1.0.0-rc.2` - `github.com/containerd/ttrpc v1.2.7` - `github.com/containerd/typeurl/v2 v2.2.3` - `github.com/containers/common v0.62.3` - `github.com/containers/image/v5 v5.34.3` - `github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01@c1716e8a8d01` - `github.com/containers/ocicrypt v1.2.1` - `github.com/containers/storage v1.57.2` - `github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc@d8f796af33cc` - `github.com/docker/cli v29.2.0+incompatible` - `github.com/docker/distribution v2.8.3+incompatible` - `github.com/docker/docker v28.0.4+incompatible` - `github.com/docker/docker-credential-helpers v0.8.2` - `github.com/docker/go-connections v0.5.0` - `github.com/docker/go-units v0.5.0` - `github.com/emicklei/go-restful/v3 v3.12.2` - `github.com/fatih/structs v1.1.0` - `github.com/felixge/httpsnoop v1.0.4` - `github.com/fxamacker/cbor/v2 v2.7.1` - `github.com/go-errors/errors v1.4.2` - `github.com/go-logr/logr v1.4.3` - `github.com/go-logr/stdr v1.2.2` - `github.com/go-openapi/jsonpointer v0.22.3` - `github.com/go-openapi/jsonreference v0.21.3` - `github.com/go-openapi/swag v0.23.1` - `github.com/go-openapi/swag/jsonname v0.25.3` - `github.com/gogo/protobuf v1.3.2` - `github.com/golang-jwt/jwt/v4 v4.5.2` - `github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da@41bb18bfe9da` - `github.com/golang/protobuf v1.5.4` - `github.com/google/btree v1.0.1` - `github.com/google/cel-go v0.22.1` - `github.com/google/gnostic-models v0.6.9` - `github.com/google/go-cmp v0.7.0` - `github.com/google/go-querystring v1.1.0` - `github.com/google/gofuzz v1.2.0` - `github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510@e7afc7fbc510` - `github.com/google/uuid v1.6.0` - `github.com/gorilla/mux v1.8.1` - `github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79@901d90724c79` - `github.com/h2non/filetype v1.1.3` - `github.com/h2non/go-is-svg v0.0.0-20160927212452-35e8c4b0612c@35e8c4b0612c` - `github.com/inconshreveable/mousetrap v1.1.0` - `github.com/josharian/intern v1.0.0` - `github.com/json-iterator/go v1.1.12` - `github.com/klauspost/compress v1.18.1` - `github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de@89fcab3d43de` - `github.com/mailru/easyjson v0.9.1` - `github.com/moby/locker v1.0.1` - `github.com/moby/sys/capability v0.4.0` - `github.com/moby/sys/mountinfo v0.7.2` - `github.com/moby/sys/sequential v0.6.0` - `github.com/moby/sys/user v0.4.0` - `github.com/moby/sys/userns v0.1.0` - `github.com/moby/term v0.5.2` - `github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd@bacd9c7ef1dd` - `github.com/modern-go/reflect2 v1.0.2` - `github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00@205db1a8cc00` - `github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822@a7dc8b61c822` - `github.com/opencontainers/go-digest v1.0.0` - `github.com/opencontainers/image-spec v1.1.1` - `github.com/opencontainers/runtime-spec v1.2.1` - `github.com/operator-framework/api v0.29.0` - `github.com/peterbourgon/diskv v2.0.1+incompatible` - `github.com/pkg/errors v0.9.1` - `github.com/prometheus/client_golang v1.22.0` - `github.com/stoewer/go-strcase v1.3.1` - `github.com/x448/float16 v0.8.4` - `github.com/xlab/treeprint v1.2.0` - `go.etcd.io/bbolt v1.4.3` - `go.opencensus.io v0.24.0` - `go.opentelemetry.io/auto/sdk v1.2.1` - `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0` - `go.opentelemetry.io/otel v1.43.0` - `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0` - `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0` - `go.opentelemetry.io/otel/metric v1.43.0` - `go.opentelemetry.io/otel/sdk v1.43.0` - `go.opentelemetry.io/otel/sdk/metric v1.43.0` - `go.opentelemetry.io/otel/trace v1.43.0` - `go.uber.org/multierr v1.11.0` - `golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac@939b2ce775ac` - `golang.org/x/net v0.53.0` - `golang.org/x/oauth2 v0.34.0` - `golang.org/x/sync v0.20.0` - `golang.org/x/sys v0.43.0` - `golang.org/x/term v0.42.0` - `golang.org/x/text v0.36.0` - `golang.org/x/time v0.14.0` - `google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1@8af14fe29dc1` - `google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9@9d38bb4040a9` - `google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9@9d38bb4040a9` - `google.golang.org/grpc v1.80.0` - `google.golang.org/protobuf v1.36.11` - `gopkg.in/evanphx/json-patch.v4 v4.12.0` - `gopkg.in/inf.v0 v0.9.1` - `k8s.io/api v0.32.11` - `k8s.io/apiextensions-apiserver v0.32.11` - `k8s.io/apimachinery v0.32.11` - `k8s.io/cli-runtime v0.32.11` - `k8s.io/client-go v0.32.11` - `k8s.io/klog/v2 v2.130.1` - `k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7@2c72e554b1e7` - `k8s.io/utils v0.0.0-20241210054802-24370beab758@24370beab758` - `sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8@cfa47c3a1cc8` - `sigs.k8s.io/kustomize/api v0.18.0` - `sigs.k8s.io/kustomize/kyaml v0.18.1` - `sigs.k8s.io/structured-merge-diff/v4 v4.5.0` - `sigs.k8s.io/yaml v1.4.0` </details> <details><summary>dependabot/go.mod</summary> - `go 1.25.4` - `github.com/Masterminds/semver/v3 v3.3.1` - `github.com/aquasecurity/trivy v0.51.4` - `github.com/google/go-cmp v0.7.0` - `github.com/google/go-github/v58 v58.0.0` - `github.com/onsi/ginkgo/v2 v2.13.2` - `github.com/onsi/gomega v1.29.0` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/cobra v1.8.1` - `github.com/spf13/viper v1.20.1` - `github.com/stretchr/testify v1.10.0` - `gitlab.com/gitlab-org/api/client-go v0.130.1` - `gopkg.in/yaml.v3 v3.0.1` - `sigs.k8s.io/yaml v1.4.0` - `github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d@4fc651f7ac8d` - `github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc@d8f796af33cc` - `github.com/fsnotify/fsnotify v1.8.0` - `github.com/go-logr/logr v1.4.3` - `github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572@52ccab3ef572` - `github.com/go-viper/mapstructure/v2 v2.4.0` - `github.com/google/go-containerregistry v0.19.2` - `github.com/google/go-querystring v1.1.0` - `github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38@94a9f03dee38` - `github.com/google/uuid v1.6.0` - `github.com/hashicorp/go-cleanhttp v0.5.2` - `github.com/hashicorp/go-retryablehttp v0.7.8` - `github.com/inconshreveable/mousetrap v1.1.0` - `github.com/package-url/packageurl-go v0.1.3` - `github.com/pelletier/go-toml/v2 v2.2.4` - `github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2@5d4384ee4fb2` - `github.com/sagikazarmark/locafero v0.7.0` - `github.com/samber/lo v1.39.0` - `github.com/sourcegraph/conc v0.3.0` - `github.com/spf13/afero v1.12.0` - `github.com/spf13/cast v1.7.1` - `github.com/spf13/pflag v1.0.10` - `github.com/subosito/gotenv v1.6.0` - `go.uber.org/multierr v1.11.0` - `golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa@9a3e6036ecaa` - `golang.org/x/net v0.53.0` - `golang.org/x/oauth2 v0.33.0` - `golang.org/x/sys v0.43.0` - `golang.org/x/text v0.36.0` - `golang.org/x/time v0.14.0` - `golang.org/x/tools v0.43.0` - `golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028@104605ab7028` </details> <details><summary>kube-bench-report/go.mod</summary> - `go 1.25.4` - `github.com/spf13/cobra v1.8.1` - `github.com/inconshreveable/mousetrap v1.1.0` - `github.com/spf13/pflag v1.0.10` </details> <details><summary>plugin-releaser/go.mod</summary> - `go 1.25.4` - `github.com/andygrunwald/go-jira v1.16.1` - `github.com/ankitpokhrel/jira-cli v1.5.2` - `github.com/onsi/ginkgo/v2 v2.23.4` - `github.com/onsi/gomega v1.37.0` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/cast v1.9.2` - `github.com/spf13/cobra v1.8.1` - `github.com/trivago/tgo v1.0.7` - `gopkg.in/yaml.v3 v3.0.1` - `github.com/fatih/structs v1.1.0` - `github.com/go-logr/logr v1.4.3` - `github.com/go-task/slim-sprig/v3 v3.0.0` - `github.com/golang-jwt/jwt/v4 v4.5.2` - `github.com/google/go-cmp v0.7.0` - `github.com/google/go-querystring v1.1.0` - `github.com/google/pprof v0.0.0-20250403155104-27863c87afa6@27863c87afa6` - `github.com/inconshreveable/mousetrap v1.1.0` - `github.com/pkg/errors v0.9.1` - `github.com/spf13/pflag v1.0.10` - `go.uber.org/automaxprocs v1.6.0` - `golang.org/x/net v0.53.0` - `golang.org/x/sys v0.43.0` - `golang.org/x/text v0.36.0` - `golang.org/x/tools v0.43.0` </details> <details><summary>pr-cli/go.mod</summary> - `go 1.25.4` - `github.com/AlaudaDevops/pkg v0.14.0` - `github.com/golang/mock v1.6.0` - `github.com/google/go-cmp v0.7.0` - `github.com/google/go-github/v74 v74.0.0` - `github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510@e7afc7fbc510` - `github.com/google/uuid v1.6.0` - `github.com/onsi/ginkgo/v2 v2.25.3` - `github.com/onsi/gomega v1.38.2` - `github.com/prometheus/client_golang v1.23.2` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/cobra v1.8.1` - `github.com/spf13/pflag v1.0.10` - `github.com/spf13/viper v1.20.1` - `github.com/stretchr/testify v1.11.1` - `golang.org/x/oauth2 v0.33.0` - `golang.org/x/time v0.14.0` - `github.com/Masterminds/semver/v3 v3.4.0` - `github.com/beorn7/perks v1.0.1` - `github.com/cespare/xxhash/v2 v2.3.0` - `github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc@d8f796af33cc` - `github.com/emicklei/go-restful/v3 v3.12.2` - `github.com/evanphx/json-patch/v5 v5.9.11` - `github.com/fsnotify/fsnotify v1.8.0` - `github.com/fxamacker/cbor/v2 v2.7.1` - `github.com/go-logr/logr v1.4.3` - `github.com/go-logr/zapr v1.3.0` - `github.com/go-openapi/jsonpointer v0.22.3` - `github.com/go-openapi/jsonreference v0.21.3` - `github.com/go-openapi/swag v0.23.1` - `github.com/go-openapi/swag/jsonname v0.25.3` - `github.com/go-task/slim-sprig/v3 v3.0.0` - `github.com/go-viper/mapstructure/v2 v2.4.0` - `github.com/gogo/protobuf v1.3.2` - `github.com/golang/protobuf v1.5.4` - `github.com/google/gnostic-models v0.6.9` - `github.com/google/go-querystring v1.1.0` - `github.com/google/gofuzz v1.2.0` - `github.com/google/pprof v0.0.0-20250403155104-27863c87afa6@27863c87afa6` - `github.com/inconshreveable/mousetrap v1.1.0` - `github.com/josharian/intern v1.0.0` - `github.com/json-iterator/go v1.1.12` - `github.com/mailru/easyjson v0.9.1` - `github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd@bacd9c7ef1dd` - `github.com/modern-go/reflect2 v1.0.2` - `github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822@a7dc8b61c822` - `github.com/pelletier/go-toml/v2 v2.2.4` - `github.com/pkg/errors v0.9.1` - `github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2@5d4384ee4fb2` - `github.com/prometheus/client_model v0.6.2` - `github.com/prometheus/common v0.66.1` - `github.com/prometheus/procfs v0.16.1` - `github.com/sagikazarmark/locafero v0.7.0` - `github.com/sourcegraph/conc v0.3.0` - `github.com/spf13/afero v1.12.0` - `github.com/spf13/cast v1.7.1` - `github.com/subosito/gotenv v1.6.0` - `github.com/x448/float16 v0.8.4` - `go.uber.org/automaxprocs v1.6.0` - `go.uber.org/multierr v1.11.0` - `go.uber.org/zap v1.27.1` - `go.yaml.in/yaml/v2 v2.4.3` - `go.yaml.in/yaml/v3 v3.0.4` - `golang.org/x/net v0.53.0` - `golang.org/x/sys v0.43.0` - `golang.org/x/term v0.42.0` - `golang.org/x/text v0.36.0` - `golang.org/x/tools v0.43.0` - `google.golang.org/protobuf v1.36.10` - `gopkg.in/inf.v0 v0.9.1` - `gopkg.in/yaml.v2 v2.4.0` - `gopkg.in/yaml.v3 v3.0.1` - `k8s.io/api v0.31.14` - `k8s.io/apimachinery v0.31.14` - `k8s.io/client-go v0.31.14` - `k8s.io/klog/v2 v2.130.1` - `k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8@8e686545bdb8` - `k8s.io/utils v0.0.0-20240711033017-18e509b52bc8@18e509b52bc8` - `knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626@56bfe0dd9626` - `sigs.k8s.io/controller-runtime v0.19.7` - `sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd@bc3834ca7abd` - `sigs.k8s.io/structured-merge-diff/v4 v4.4.3` - `sigs.k8s.io/yaml v1.4.0` - `yunion.io/x/pkg v0.0.0-20210218105412-13a69f60034c@13a69f60034c` </details> <details><summary>pr-watcher/go.mod</summary> - `go 1.25.4` - `github.com/spf13/cobra v1.9.1` - `github.com/inconshreveable/mousetrap v1.1.0` - `github.com/spf13/pflag v1.0.10` </details> <details><summary>roadmap-planner/backend/go.mod</summary> - `go 1.25.4` - `github.com/andygrunwald/go-jira v1.16.1` - `github.com/gin-gonic/gin v1.10.1` - `github.com/golang-jwt/jwt/v5 v5.3.1` - `github.com/google/go-cmp v0.7.0` - `github.com/jackc/pgx/v5 v5.9.2` - `github.com/prometheus/client_golang v1.23.2` - `github.com/spf13/viper v1.19.0` - `github.com/trivago/tgo v1.0.7` - `go.uber.org/zap v1.27.1` - `gopkg.in/yaml.v3 v3.0.1` - `modernc.org/sqlite v1.50.0` - `github.com/beorn7/perks v1.0.1` - `github.com/bytedance/sonic v1.11.9` - `github.com/bytedance/sonic/loader v0.3.0` - `github.com/cespare/xxhash/v2 v2.3.0` - `github.com/cloudwego/base64x v0.1.6` - `github.com/dustin/go-humanize v1.0.1` - `github.com/fatih/structs v1.1.0` - `github.com/fsnotify/fsnotify v1.7.0` - `github.com/gabriel-vasile/mimetype v1.4.11` - `github.com/gin-contrib/sse v0.1.0` - `github.com/go-playground/locales v0.14.1` - `github.com/go-playground/universal-translator v0.18.1` - `github.com/go-playground/validator/v10 v10.20.0` - `github.com/goccy/go-json v0.10.5` - `github.com/golang-jwt/jwt/v4 v4.5.2` - `github.com/google/go-querystring v1.1.0` - `github.com/google/uuid v1.6.0` - `github.com/hashicorp/hcl v1.0.0` - `github.com/jackc/pgpassfile v1.0.0` - `github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761@5a60cdf6a761` - `github.com/jackc/puddle/v2 v2.2.2` - `github.com/json-iterator/go v1.1.12` - `github.com/klauspost/cpuid/v2 v2.2.11` - `github.com/leodido/go-urn v1.4.0` - `github.com/magiconair/properties v1.8.10` - `github.com/mattn/go-isatty v0.0.20` - `github.com/mitchellh/mapstructure v1.5.0` - `github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd@bacd9c7ef1dd` - `github.com/modern-go/reflect2 v1.0.2` - `github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822@a7dc8b61c822` - `github.com/ncruces/go-strftime v1.0.0` - `github.com/pelletier/go-toml/v2 v2.2.4` - `github.com/pkg/errors v0.9.1` - `github.com/prometheus/client_model v0.6.2` - `github.com/prometheus/common v0.66.1` - `github.com/prometheus/procfs v0.16.1` - `github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec@24d4a6f8daec` - `github.com/sagikazarmark/locafero v0.4.0` - `github.com/sagikazarmark/slog-shim v0.1.0` - `github.com/sourcegraph/conc v0.3.0` - `github.com/spf13/afero v1.11.0` - `github.com/spf13/cast v1.6.0` - `github.com/spf13/pflag v1.0.10` - `github.com/subosito/gotenv v1.6.0` - `github.com/twitchyliquid64/golang-asm v0.15.1` - `github.com/ugorji/go/codec v1.2.14` - `go.uber.org/multierr v1.11.0` - `go.yaml.in/yaml/v2 v2.4.2` - `golang.org/x/arch v0.23.0` - `golang.org/x/crypto v0.50.0` - `golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0@c0f41cb1a7a0` - `golang.org/x/net v0.53.0` - `golang.org/x/sync v0.20.0` - `golang.org/x/sys v0.43.0` - `golang.org/x/text v0.36.0` - `google.golang.org/protobuf v1.36.8` - `gopkg.in/ini.v1 v1.67.0` - `modernc.org/libc v1.72.0` - `modernc.org/mathutil v1.7.1` - `modernc.org/memory v1.11.0` </details> <details><summary>syncfiles/go.mod</summary> - `go 1.25.4` - `github.com/google/go-cmp v0.7.0` - `github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00@205db1a8cc00` - `github.com/spf13/cobra v1.9.1` - `github.com/spf13/viper v1.19.0` - `go.uber.org/zap v1.27.1` - `github.com/fsnotify/fsnotify v1.7.0` - `github.com/hashicorp/hcl v1.0.0` - `github.com/inconshreveable/mousetrap v1.1.0` - `github.com/magiconair/properties v1.8.10` - `github.com/mitchellh/mapstructure v1.5.0` - `github.com/pelletier/go-toml/v2 v2.2.4` - `github.com/sagikazarmark/locafero v0.4.0` - `github.com/sagikazarmark/slog-shim v0.1.0` - `github.com/sourcegraph/conc v0.3.0` - `github.com/spf13/afero v1.11.0` - `github.com/spf13/cast v1.6.0` - `github.com/spf13/pflag v1.0.10` - `github.com/stretchr/testify v1.10.0` - `github.com/subosito/gotenv v1.6.0` - `go.uber.org/multierr v1.11.0` - `golang.org/x/exp v0.0.0-20230905200255-921286631fa9@921286631fa9` - `golang.org/x/sys v0.38.0` - `golang.org/x/text v0.31.0` - `gopkg.in/ini.v1 v1.67.0` - `gopkg.in/yaml.v3 v3.0.1` </details> </blockquote> </details> <details><summary>regex</summary> <blockquote> <details><summary>tekton/cleanup-runs-pvc/Dockerfile</summary> - `kubectl v1.33.8-alauda-15` </details> </blockquote> </details> --- - [ ] <!-- manual job -->Check this box to trigger a request for Renovate to run again on this repository
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Repository problems
Renovate tried to run on this repository, but found these problems.
Rate-Limited
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
Warning
Renovate failed to look up the following dependencies:
Could not determine new digest for update (go package github.com/go-task/slim-sprig).Files affected:
dependabot/go.modOpen
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
build-harbor.alauda.cn/ops/alpine,build-harbor.alauda.cn/ops/photon,golang,kubectl)Vulnerabilities
54/60CVEs have Renovate fixes.gomod
Detected dependencies
dockerfile
gomod
regex