Dependency Dashboard

[alaudaa-renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

Renovate tried to run on this repository, but found these problems.

• WARN: Cannot access vulnerability alerts. Please ensure permissions have been granted.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• chore(deps): update dependency go to v1.26.4 (alauda-v0.65.0)
• chore(deps): update dependency go to v1.26.4 (alauda-v0.70.0)
• 🔐 Create all rate-limited PRs at once 🔐

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• chore(deps): update module golang.org/x/text to v0.3.8 [security] (alauda-v0.65.0)
• fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.7 [security] (alauda-v0.65.0)
• chore(deps): update module google.golang.org/grpc to v1.79.3 [security] (alauda-v0.65.0)
• chore(deps): update module google.golang.org/protobuf to v1.33.0 [security] (alauda-v0.65.0)
• fix(deps): update module github.com/docker/distribution to v2.8.2+incompatible [security] (alauda-v0.65.0)
• fix(deps): update module github.com/open-policy-agent/opa to v1 [security] (alauda-v0.65.0)
• chore(deps): update module golang.org/x/text to v0.3.8 [security] (alauda-v0.68.2)
• chore(deps): update module google.golang.org/grpc to v1.79.3 [security] (alauda-v0.68.2)
• chore(deps): update module google.golang.org/protobuf to v1.33.0 [security] (alauda-v0.68.2)
• fix(deps): update module github.com/docker/distribution to v2.8.2+incompatible [security] (alauda-v0.68.2)
• fix(deps): update module github.com/open-policy-agent/opa to v1 [security] (alauda-v0.68.2)
• chore(deps): update module golang.org/x/text to v0.3.8 [security] (alauda-v0.70.0)
• chore(deps): update module google.golang.org/grpc to v1.79.3 [security] (alauda-v0.70.0)
• chore(deps): update module google.golang.org/protobuf to v1.33.0 [security] (alauda-v0.70.0)
• fix(deps): update module github.com/docker/distribution to v2.8.2+incompatible [security] (alauda-v0.70.0)
• fix(deps): update module github.com/open-policy-agent/opa to v1 [security] (alauda-v0.70.0)

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update module github.com/go-git/go-billy/v5 to v5.9.0 [security] (alauda-v0.65.0)
• chore(deps): update module golang.org/x/sys to v0.44.0 [security] (alauda-v0.65.0)
• fix(deps): update module github.com/containerd/containerd/v2 to v2.3.0 [security] (alauda-v0.65.0)
• chore(deps): update module github.com/containerd/containerd to v2 [security] (alauda-v0.65.0)
• chore(deps): update module golang.org/x/sys to v0.44.0 [security] (alauda-v0.68.2)
• chore(deps): update dependency go to v1.26.4 (alauda-v0.68.2)
• chore(deps): update module golang.org/x/sys to v0.44.0 [security] (alauda-v0.70.0)
• chore(deps): update dependency go to v1.22.12 (alauda-v0.70.0)
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

217/233 CVEs have Renovate fixes.

gomod

go.mod

github.com/containerd/containerd/v2

• GHSA-fqw6-gf59-qr4w (fixed in >= 2.2.4)

github.com/go-git/go-git/v5

• GHSA-w5pp-99ch-qj29 (fixed in >= 5.19.1)
• GHSA-m7cr-m3pv-hgrp (fixed in >= 5.19.1)
• GHSA-crhj-59gh-8x96 (fixed in >= 5.19.1)
• GHSA-389r-gv7p-r3rp (fixed in >= 5.19.0)

golang.org/x/crypto

• GO-2026-5021 (fixed in >= 0.52.0)
• GO-2026-5017 (fixed in >= 0.52.0)
• GO-2026-5020 (fixed in >= 0.52.0)
• GO-2026-5013 (fixed in >= 0.52.0)
• GO-2026-5019 (fixed in >= 0.52.0)
• GO-2026-5023 (fixed in >= 0.52.0)
• GO-2026-5033 (fixed in >= 0.52.0)
• GO-2026-5018 (fixed in >= 0.52.0)
• GO-2026-5005 (fixed in >= 0.52.0)
• GO-2026-5015 (fixed in >= 0.52.0)
• GO-2026-5014 (fixed in >= 0.52.0)
• GO-2026-5016 (fixed in >= 0.52.0)
• GO-2026-5006 (fixed in >= 0.52.0)

golang.org/x/net

• GO-2026-5026 (fixed in >= 0.55.0)
• GO-2026-5028 (fixed in >= 0.55.0)
• GO-2026-5025 (fixed in >= 0.55.0)
• GO-2026-5027 (fixed in >= 0.55.0)
• GO-2026-5030 (fixed in >= 0.55.0)
• GO-2026-5029 (fixed in >= 0.55.0)

github.com/docker/docker

• GHSA-6hwg-w5jg-9c6x
• GHSA-qrqr-3x5j-2xw9
• GHSA-pxq6-2prw-chj9
• GO-2026-4883
• GHSA-vp62-88p7-qqf5 (fixed in > 28.5.2)
• GHSA-j249-ghv5-7mxv
• GHSA-x86f-5xw2-fm2r (fixed in > 28.5.2)
• GO-2026-4887
• GHSA-x744-4wpc-v9h2 (fixed in >= 29.3.1)
• GHSA-rg2x-37c3-w2rh (fixed in > 28.5.2)

github.com/containerd/containerd

• GHSA-fqw6-gf59-qr4w (fixed in >= 1.7.32)

github.com/go-git/go-billy/v5

• GHSA-m3xc-h892-ggx6 (fixed in >= 5.9.0)
• GHSA-qw64-3x98-g7q2 (fixed in >= 5.9.0)

github.com/quic-go/quic-go

• GHSA-vvgj-x9jq-8cj9 (fixed in >= 0.59.1)

github.com/sigstore/cosign/v2

• GO-2026-4529

golang.org/x/sys

• GO-2026-5024 (fixed in >= 0.44.0)

github.com/moby/moby

• GHSA-pxq6-2prw-chj9
• GO-2026-4883
• GO-2026-4887
• GHSA-x744-4wpc-v9h2 (fixed in >= 29.3.1)

integration/testdata/fixtures/repo/gomod/go.mod

github.com/open-policy-agent/opa

• GHSA-2m4x-4q9j-w97g (fixed in >= 0.42.0)
• GHSA-6m8w-jc87-6cr7 (fixed in >= 1.4.0)
• GO-2022-0316 (fixed in >= 0.37.2)
• GO-2022-0574 (fixed in >= 0.42.0)
• GHSA-hcw3-j74m-qc58 (fixed in >= 0.37.2)
• GHSA-x7f3-62pm-9p38 (fixed in >= 0.40.0)
• GO-2024-3141 (fixed in >= 0.68.0)
• GO-2022-0587 (fixed in >= 0.40.0)
• GO-2025-3660 (fixed in >= 1.4.0)
• GHSA-c77r-fh37-x2px (fixed in >= 0.68.0)

golang.org/x/net

• GHSA-xrjj-mj9h-534m (fixed in >= 0.4.0)
• GO-2026-5026 (fixed in >= 0.55.0)
• GO-2026-4440 (fixed in >= 0.45.0)
• GO-2022-1144 (fixed in >= 0.4.0)
• GO-2026-4918 (fixed in >= 0.53.0)
• GO-2023-2102 (fixed in >= 0.17.0)
• GO-2026-4441 (fixed in >= 0.45.0)
• GO-2022-0288 (fixed in >= 0.0.0-20211209124913-491a49abca63)
• GHSA-vvpx-j8f3-3w6h (fixed in >= 0.7.0)
• GO-2023-1988 (fixed in >= 0.13.0)
• GHSA-qppj-fm5r-hxr3 (fixed in >= 0.17.0)
• GHSA-vvgc-356p-c3xw (fixed in >= 0.38.0)
• GHSA-4v7x-pqxf-cx7m (fixed in >= 0.23.0)
• GO-2025-3595 (fixed in >= 0.38.0)
• GO-2024-2687 (fixed in >= 0.23.0)
• GHSA-2wrh-6pvc-2jm9 (fixed in >= 0.13.0)
• GO-2026-5028 (fixed in >= 0.55.0)
• GHSA-4374-p667-p6c8 (fixed in >= 0.17.0)
• GHSA-qxp5-gwg8-xv66 (fixed in >= 0.36.0)
• GO-2026-5025 (fixed in >= 0.55.0)
• GO-2023-1571 (fixed in >= 0.7.0)
• GO-2024-3333 (fixed in >= 0.33.0)
• GO-2026-5027 (fixed in >= 0.55.0)
• GO-2026-5030 (fixed in >= 0.55.0)
• GO-2026-5029 (fixed in >= 0.55.0)
• GO-2025-3503 (fixed in >= 0.36.0)
• GHSA-69cg-p879-7622 (fixed in >= 0.0.0-20220906165146-f3363e06e74c)
• GO-2022-0969 (fixed in >= 0.0.0-20220906165146-f3363e06e74c)

golang.org/x/sys

• GHSA-p782-xgp4-8hr8 (fixed in >= 0.0.0-20220412211240-33da011f77ad)
• GO-2022-0493 (fixed in >= 0.0.0-20220412211240-33da011f77ad)
• GO-2026-5024 (fixed in >= 0.44.0)

github.com/docker/distribution

• GHSA-qq97-vm5h-rrhg (fixed in >= 2.8.0)
• GO-2022-0379 (fixed in >= 2.8.0+incompatible)
• GHSA-hqxw-f8mx-cpmw (fixed in >= 2.8.2-beta.1)

github.com/docker/docker

• GHSA-jq35-85cj-fj4p (fixed in >= 20.10.27)
• GHSA-2mm7-x5h6-5pvq (fixed in >= 20.10.14)
• GHSA-6hwg-w5jg-9c6x
• GHSA-33pg-m6jh-5237 (fixed in >= 20.10.24)
• GHSA-qrqr-3x5j-2xw9
• GHSA-vp35-85q5-9f25 (fixed in >= 20.10.20)
• GHSA-rc4r-wh2q-q6c4 (fixed in >= 20.10.18)
• GO-2022-0985 (fixed in >= 20.10.18+incompatible)
• GO-2023-1701 (fixed in >= 20.10.24+incompatible)
• GO-2024-2512 (fixed in >= 24.0.9+incompatible)
• GHSA-4vq8-7jfc-9cvp (fixed in >= 25.0.13)
• GHSA-pxq6-2prw-chj9
• GO-2026-4883
• GHSA-232p-vwff-86mp (fixed in >= 20.10.24)
• GHSA-vp62-88p7-qqf5 (fixed in > 28.5.2)
• GHSA-j249-ghv5-7mxv
• GHSA-x86f-5xw2-fm2r (fixed in > 28.5.2)
• GO-2025-3829 (fixed in >= 25.0.13+incompatible)
• GO-2022-0390 (fixed in >= 20.10.14+incompatible)
• GO-2023-1699 (fixed in >= 20.10.24+incompatible)
• GO-2026-4887
• GHSA-x744-4wpc-v9h2 (fixed in >= 29.3.1)
• GO-2023-1700 (fixed in >= 20.10.24+incompatible)
• GO-2024-3005 (fixed in >= 25.0.6+incompatible)
• GHSA-mq39-4gv4-mvpx (fixed in >= 23.0.11)
• GHSA-xw73-rw38-6vjc (fixed in >= 24.0.9)
• GHSA-6wrf-mxfj-pf5p (fixed in >= 20.10.24)
• GO-2022-1107 (fixed in >= 20.10.20+incompatible)
• GHSA-rg2x-37c3-w2rh (fixed in > 28.5.2)

golang.org/x/crypto

• GHSA-v778-237x-gjrc (fixed in >= 0.31.0)
• GO-2021-0227 (fixed in >= 0.0.0-20201216223049-8b5274cf687f)
• GO-2024-3321 (fixed in >= 0.31.0)
• GHSA-j5w8-q4qc-rx2x (fixed in >= 0.45.0)
• GHSA-hcg3-q754-cr77 (fixed in >= 0.35.0)
• GO-2026-5021 (fixed in >= 0.52.0)
• GO-2024-2961 (fixed in >= 0.0.0-20220525230936-793ad666bf5e)
• GO-2021-0356 (fixed in >= 0.0.0-20220314234659-1baeb1ce4c0b)
• GO-2026-5017 (fixed in >= 0.52.0)
• GO-2026-5020 (fixed in >= 0.52.0)
• GHSA-3vm4-22fp-5rfm (fixed in >= 0.0.0-20201216223049-8b5274cf687f)
• GO-2026-5013 (fixed in >= 0.52.0)
• GO-2026-5019 (fixed in >= 0.52.0)
• GO-2025-3487 (fixed in >= 0.35.0)
• GO-2023-2402 (fixed in >= 0.17.0)
• GO-2026-5023 (fixed in >= 0.52.0)
• GO-2026-5033 (fixed in >= 0.52.0)
• GO-2026-5018 (fixed in >= 0.52.0)
• GO-2026-5005 (fixed in >= 0.52.0)
• GO-2025-4116 (fixed in >= 0.43.0)
• GO-2026-5015 (fixed in >= 0.52.0)
• GO-2025-4134 (fixed in >= 0.45.0)
• GHSA-f6x5-jh6r-wrfv (fixed in >= 0.45.0)
• GHSA-gwc9-m7rh-j2ww (fixed in >= 0.0.0-20211202192323-5770296d904e)
• GHSA-45x7-px36-x8w8 (fixed in >= 0.0.0-20231218163308-9d2ee975ef9f)
• GO-2026-5014 (fixed in >= 0.52.0)
• GO-2025-4135 (fixed in >= 0.45.0)
• GO-2022-0968 (fixed in >= 0.0.0-20211202192323-5770296d904e)
• GO-2026-5016 (fixed in >= 0.52.0)
• GHSA-8c26-wmh5-6g9v (fixed in >= 0.0.0-20220314234659-1baeb1ce4c0b)
• GO-2026-5006 (fixed in >= 0.52.0)

golang.org/x/text

• GO-2021-0113 (fixed in >= 0.3.7)
• GO-2022-1059 (fixed in >= 0.3.8)
• GHSA-ppp9-7jff-5vj2 (fixed in >= 0.3.7)
• GHSA-69ch-w2m2-3vjp (fixed in >= 0.3.8)

google.golang.org/grpc

• GHSA-m425-mq94-257g (fixed in >= 1.56.3)
• GO-2023-2153 (fixed in >= 1.56.3)
• GHSA-p77j-4mvh-x3m3 (fixed in >= 1.79.3)
• GO-2026-4762 (fixed in >= 1.79.3)

google.golang.org/protobuf

• GHSA-8r3f-844c-mc37 (fixed in >= 1.33.0)
• GO-2024-2611 (fixed in >= 1.33.0)

gopkg.in/yaml.v3

• GO-2022-0603 (fixed in >= 3.0.0-20220521103104-8f96da9f5d5e)
• GHSA-hp87-p4gw-j4gq (fixed in >= 3.0.1)

integration/testdata/fixtures/repo/gomod/submod/go.mod

github.com/docker/distribution

• GHSA-qq97-vm5h-rrhg (fixed in >= 2.8.0)
• GO-2022-0379 (fixed in >= 2.8.0+incompatible)
• GHSA-hqxw-f8mx-cpmw (fixed in >= 2.8.2-beta.1)

pkg/dependency/parser/golang/mod/testdata/go116/go.mod

gopkg.in/yaml.v3

• GO-2022-0603 (fixed in >= 3.0.0-20220521103104-8f96da9f5d5e)
• GHSA-hp87-p4gw-j4gq (fixed in >= 3.0.1)

pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path-and-version-mismatch/go.mod

gopkg.in/yaml.v3

• GO-2022-0603 (fixed in >= 3.0.0-20220521103104-8f96da9f5d5e)
• GHSA-hp87-p4gw-j4gq (fixed in >= 3.0.1)

pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path-and-version/go.mod

gopkg.in/yaml.v3

• GO-2022-0603 (fixed in >= 3.0.0-20220521103104-8f96da9f5d5e)
• GHSA-hp87-p4gw-j4gq (fixed in >= 3.0.1)

pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path/go.mod

gopkg.in/yaml.v3

• GO-2022-0603 (fixed in >= 3.0.0-20220521103104-8f96da9f5d5e)
• GHSA-hp87-p4gw-j4gq (fixed in >= 3.0.1)

pkg/dependency/parser/golang/mod/testdata/replaced-with-version-mismatch/go.mod

gopkg.in/yaml.v3

• GO-2022-0603 (fixed in >= 3.0.0-20220521103104-8f96da9f5d5e)
• GHSA-hp87-p4gw-j4gq (fixed in >= 3.0.1)

pkg/fanal/analyzer/language/golang/mod/testdata/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220406074731-71021a481237/go.mod

github.com/hashicorp/go-retryablehttp

• GHSA-v6v8-xj6m-xwqh (fixed in >= 0.7.7)
• GO-2024-2947 (fixed in >= 0.7.7)

golang.org/x/net

• GHSA-xrjj-mj9h-534m (fixed in >= 0.4.0)
• GO-2026-5026 (fixed in >= 0.55.0)
• GO-2026-4440 (fixed in >= 0.45.0)
• GO-2022-1144 (fixed in >= 0.4.0)
• GO-2026-4918 (fixed in >= 0.53.0)
• GO-2023-2102 (fixed in >= 0.17.0)
• GO-2026-4441 (fixed in >= 0.45.0)
• GO-2022-0288 (fixed in >= 0.0.0-20211209124913-491a49abca63)
• GHSA-vvpx-j8f3-3w6h (fixed in >= 0.7.0)
• GO-2023-1988 (fixed in >= 0.13.0)
• GHSA-qppj-fm5r-hxr3 (fixed in >= 0.17.0)
• GHSA-vvgc-356p-c3xw (fixed in >= 0.38.0)
• GHSA-4v7x-pqxf-cx7m (fixed in >= 0.23.0)
• GO-2025-3595 (fixed in >= 0.38.0)
• GO-2024-2687 (fixed in >= 0.23.0)
• GHSA-2wrh-6pvc-2jm9 (fixed in >= 0.13.0)
• GO-2026-5028 (fixed in >= 0.55.0)
• GHSA-4374-p667-p6c8 (fixed in >= 0.17.0)
• GHSA-qxp5-gwg8-xv66 (fixed in >= 0.36.0)
• GO-2026-5025 (fixed in >= 0.55.0)
• GO-2023-1571 (fixed in >= 0.7.0)
• GO-2024-3333 (fixed in >= 0.33.0)
• GO-2026-5027 (fixed in >= 0.55.0)
• GO-2026-5030 (fixed in >= 0.55.0)
• GO-2026-5029 (fixed in >= 0.55.0)
• GO-2025-3503 (fixed in >= 0.36.0)
• GHSA-69cg-p879-7622 (fixed in >= 0.0.0-20220906165146-f3363e06e74c)
• GO-2022-0969 (fixed in >= 0.0.0-20220906165146-f3363e06e74c)

pkg/fanal/analyzer/language/golang/mod/testdata/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20230219131432-590b1dfb6edd/go.mod

github.com/hashicorp/go-retryablehttp

• GHSA-v6v8-xj6m-xwqh (fixed in >= 0.7.7)
• GO-2024-2947 (fixed in >= 0.7.7)

golang.org/x/net

• GHSA-xrjj-mj9h-534m (fixed in >= 0.4.0)
• GO-2026-5026 (fixed in >= 0.55.0)
• GO-2026-4440 (fixed in >= 0.45.0)
• GO-2022-1144 (fixed in >= 0.4.0)
• GO-2026-4918 (fixed in >= 0.53.0)
• GO-2023-2102 (fixed in >= 0.17.0)
• GO-2026-4441 (fixed in >= 0.45.0)
• GO-2022-0288 (fixed in >= 0.0.0-20211209124913-491a49abca63)
• GHSA-vvpx-j8f3-3w6h (fixed in >= 0.7.0)
• GO-2023-1988 (fixed in >= 0.13.0)
• GHSA-qppj-fm5r-hxr3 (fixed in >= 0.17.0)
• GHSA-vvgc-356p-c3xw (fixed in >= 0.38.0)
• GHSA-4v7x-pqxf-cx7m (fixed in >= 0.23.0)
• GO-2025-3595 (fixed in >= 0.38.0)
• GO-2024-2687 (fixed in >= 0.23.0)
• GHSA-2wrh-6pvc-2jm9 (fixed in >= 0.13.0)
• GO-2026-5028 (fixed in >= 0.55.0)
• GHSA-4374-p667-p6c8 (fixed in >= 0.17.0)
• GHSA-qxp5-gwg8-xv66 (fixed in >= 0.36.0)
• GO-2026-5025 (fixed in >= 0.55.0)
• GO-2023-1571 (fixed in >= 0.7.0)
• GO-2024-3333 (fixed in >= 0.33.0)
• GO-2026-5027 (fixed in >= 0.55.0)
• GO-2026-5030 (fixed in >= 0.55.0)
• GO-2026-5029 (fixed in >= 0.55.0)
• GO-2025-3503 (fixed in >= 0.36.0)
• GHSA-69cg-p879-7622 (fixed in >= 0.0.0-20220906165146-f3363e06e74c)
• GO-2022-0969 (fixed in >= 0.0.0-20220906165146-f3363e06e74c)

Detected dependencies

Note

Detected dependencies section has been truncated

gomod

go.mod

• go 1.26.3
• github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1
• github.com/BurntSushi/toml v1.6.0
• github.com/CycloneDX/cyclonedx-go v0.9.2
• github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible
• github.com/Masterminds/sprig/v3 v3.3.0
• github.com/NYTimes/gziphandler v1.1.1
• github.com/alecthomas/chroma v0.10.0
• github.com/alicebob/miniredis/v2 v2.35.0
• github.com/apparentlymart/go-cidr v1.1.0
• github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986@d34e7f983986
• github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce@8eed6fe000ce
• github.com/aquasecurity/go-npm-version v0.0.2
• github.com/aquasecurity/go-pep440-version v0.0.1
• github.com/aquasecurity/go-version v0.0.1
• github.com/aquasecurity/iamgo v0.0.10
• github.com/aquasecurity/table v1.11.0
• github.com/aquasecurity/testdocker v0.0.0-20250616060700-ba6845ac6d17@ba6845ac6d17
• github.com/aquasecurity/tml v0.6.1
• github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169@9a7efa7c9169
• github.com/aquasecurity/trivy-db v0.0.0-20250723062229-56ec1e482238@56ec1e482238
• github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48@184bd7481d48
• github.com/aquasecurity/trivy-kubernetes v0.9.1
• github.com/aws/aws-sdk-go-v2 v1.41.5
• github.com/aws/aws-sdk-go-v2/config v1.32.12
• github.com/aws/aws-sdk-go-v2/credentials v1.19.12
• github.com/aws/aws-sdk-go-v2/service/ec2 v1.234.0
• github.com/aws/aws-sdk-go-v2/service/ecr v1.45.2
• github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3
• github.com/aws/smithy-go v1.24.2
• github.com/bitnami/go-version v0.0.0-20231130084017-bb00604d650c@bb00604d650c
• github.com/bmatcuk/doublestar/v4 v4.9.1
• github.com/cenkalti/backoff/v4 v4.3.0
• github.com/cheggaaa/pb/v3 v3.1.7
• github.com/containerd/containerd/v2 v2.2.1
• github.com/containerd/platforms v1.0.0-rc.2
• github.com/distribution/reference v0.6.0
• github.com/docker/cli v29.2.1+incompatible
• github.com/docker/go-connections v0.6.0
• github.com/docker/go-units v0.5.0
• github.com/fatih/color v1.18.0
• github.com/go-git/go-git/v5 v5.18.0
• github.com/go-redis/redis/v8 v8.11.5
• github.com/gocsaf/csaf/v3 v3.3.0
• github.com/golang-jwt/jwt/v5 v5.3.0
• github.com/google/go-containerregistry v0.20.7
• github.com/google/go-github/v62 v62.0.0
• github.com/google/licenseclassifier/v2 v2.0.0
• github.com/google/uuid v1.6.0
• github.com/google/wire v0.6.0
• github.com/hashicorp/go-getter v1.8.6
• github.com/hashicorp/go-multierror v1.1.1
• github.com/hashicorp/go-retryablehttp v0.7.8
• github.com/hashicorp/go-uuid v1.0.3
• github.com/hashicorp/go-version v1.8.0
• github.com/hashicorp/golang-lru/v2 v2.0.7
• github.com/hashicorp/hc-install v0.9.2
• github.com/hashicorp/hcl/v2 v2.24.0
• github.com/hashicorp/terraform-exec v0.23.0
• github.com/in-toto/in-toto-golang v0.11.0
• github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f@041fdbb8563f
• github.com/knqyf263/go-deb-version v0.0.0-20241115132648-6f4aee6ccd23@6f4aee6ccd23
• github.com/knqyf263/go-rpm-version v0.0.0-20220614171824-631e686d1075@631e686d1075
• github.com/knqyf263/go-rpmdb v0.1.1
• github.com/knqyf263/nested v0.0.1
• github.com/kylelemons/godebug v1.1.0
• github.com/liamg/memoryfs v1.6.0
• github.com/magefile/mage v1.15.0
• github.com/masahiro331/go-disk v0.0.0-20240625071113-56c933208fee@56c933208fee
• github.com/masahiro331/go-ebs-file v0.0.0-20240917043618-e6d2bea5c32e@e6d2bea5c32e
• github.com/masahiro331/go-ext4-filesystem v0.0.0-20240620024024-ca14e6327bbd@ca14e6327bbd
• github.com/masahiro331/go-mvn-version v0.0.0-20250131095131-f4974fa13b8a@f4974fa13b8a
• github.com/masahiro331/go-vmdk-parser v0.0.0-20221225061455-612096e4bbbd@612096e4bbbd
• github.com/masahiro331/go-xfs-filesystem v0.0.0-20231205045356-1b22259a6c44@1b22259a6c44
• github.com/mattn/go-shellwords v1.0.12
• github.com/mitchellh/go-homedir v1.1.0
• github.com/mitchellh/hashstructure/v2 v2.0.2
• github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c@8508981c8b6c
• github.com/moby/buildkit v0.28.1
• github.com/moby/docker-image-spec v1.3.1
• github.com/open-policy-agent/opa v1.8.0
• github.com/opencontainers/go-digest v1.0.0
• github.com/opencontainers/image-spec v1.1.1
• github.com/openvex/discovery v0.1.1-0.20240802171711-7c54efc57553@7c54efc57553
• github.com/openvex/go-vex v0.2.5
• github.com/owenrumney/go-sarif/v2 v2.3.3
• github.com/package-url/packageurl-go v0.1.3
• github.com/quasilyte/go-ruleguard/dsl v0.3.22
• github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c@e20ec32e963c
• github.com/samber/lo v1.51.0
• github.com/sassoftware/go-rpmutils v0.4.0
• github.com/secure-systems-lab/go-securesystemslib v0.10.0
• github.com/sigstore/rekor v1.5.0
• github.com/sirupsen/logrus v1.9.4
• github.com/sosedoff/gitkit v0.4.0
• github.com/spf13/cast v1.10.0
• github.com/spf13/cobra v1.10.2
• github.com/spf13/pflag v1.0.10
• github.com/spf13/viper v1.21.0
• github.com/stretchr/testify v1.11.1
• github.com/testcontainers/testcontainers-go v0.38.0
• github.com/testcontainers/testcontainers-go/modules/localstack v0.38.0
• github.com/tetratelabs/wazero v1.11.0
• github.com/twitchtv/twirp v8.1.3+incompatible
• github.com/xeipuuv/gojsonschema v1.2.0
• github.com/xlab/treeprint v1.2.0
• github.com/zclconf/go-cty v1.16.3
• github.com/zclconf/go-cty-yaml v1.1.0
• go.etcd.io/bbolt v1.4.3
• golang.org/x/crypto v0.50.0
• golang.org/x/mod v0.34.0
• golang.org/x/net v0.53.0
• golang.org/x/sync v0.20.0
• golang.org/x/term v0.42.0
• golang.org/x/text v0.36.0
• golang.org/x/vuln v1.1.4
• golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9@93cc26a95ae9
• google.golang.org/protobuf v1.36.11
• gopkg.in/yaml.v3 v3.0.1
• helm.sh/helm/v3 v3.20.2
• k8s.io/api v0.35.1
• k8s.io/utils v0.0.0-20251002143259-bc988d571ff4@bc988d571ff4
• modernc.org/sqlite v1.38.0
• github.com/docker/docker v28.5.2+incompatible
• github.com/moby/moby/api v1.54.0
• github.com/moby/moby/client v0.3.0
• github.com/rogpeppe/go-internal v1.14.1
• buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.36.10-20250718181942-e35f9b667443.1@e35f9b667443
• buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1@52f32327d4b0
• buf.build/gen/go/bufbuild/registry/connectrpc/go v1.19.1-20250924144421-cb55f06efbd2.2@cb55f06efbd2
• buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.36.10-20250924144421-cb55f06efbd2.1@cb55f06efbd2
• buf.build/gen/go/pluginrpc/pluginrpc/protocolbuffers/go v1.36.10-20241007202033-cf42259fcbfc.1@cf42259fcbfc
• buf.build/go/app v0.1.0
• buf.build/go/bufplugin v0.9.0
• buf.build/go/interrupt v1.1.0
• buf.build/go/protovalidate v1.0.0
• buf.build/go/protoyaml v0.6.0
• buf.build/go/spdx v0.2.0
• buf.build/go/standard v0.1.0
• cel.dev/expr v0.25.1
• cloud.google.com/go v0.123.0
• cloud.google.com/go/auth v0.18.2
• cloud.google.com/go/auth/oauth2adapt v0.2.8
• cloud.google.com/go/compute/metadata v0.9.0
• cloud.google.com/go/iam v1.5.3
• cloud.google.com/go/monitoring v1.24.3
• cloud.google.com/go/storage v1.61.3
• connectrpc.com/connect v1.19.1
• connectrpc.com/otelconnect v0.8.0
• cyphar.com/go-pathrs v0.2.1
• dario.cat/mergo v1.0.2
• github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2
• github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c@faa5f7b0171c
• github.com/Azure/go-autorest v14.2.0+incompatible
• github.com/Azure/go-autorest/autorest v0.11.29
• github.com/Azure/go-autorest/autorest/adal v0.9.23
• github.com/Azure/go-autorest/autorest/date v0.3.0
• github.com/Azure/go-autorest/logger v0.2.1
• github.com/Azure/go-autorest/tracing v0.6.0
• github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0
• github.com/DataDog/zstd v1.5.5
• github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0
• github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0
• github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0
• github.com/Intevation/gval v1.3.0
• github.com/Intevation/jsonpath v0.2.1
• github.com/MakeNowJust/heredoc v1.0.0
• github.com/Masterminds/goutils v1.1.1
• github.com/Masterminds/semver/v3 v3.4.0
• github.com/Masterminds/squirrel v1.5.4
• github.com/Microsoft/go-winio v0.6.2
• github.com/Microsoft/hcsshim v0.14.0-rc.1
• github.com/ProtonMail/go-crypto v1.3.0
• github.com/VividCortex/ewma v1.2.0
• github.com/agext/levenshtein v1.2.3
• github.com/agnivade/levenshtein v1.2.1
• github.com/alessio/shellescape v1.4.1
• github.com/anchore/go-struct-converter v0.1.0
• github.com/antlr4-go/antlr/v4 v4.13.1
• github.com/apparentlymart/go-textseg/v15 v15.0.0
• github.com/aquasecurity/jfather v0.0.8
• github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2@a9d515a09cc2
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21
• github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6
• github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22
• github.com/aws/aws-sdk-go-v2/service/ebs v1.22.1
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7
• github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21
• github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21
• github.com/aws/aws-sdk-go-v2/service/signin v1.0.8
• github.com/aws/aws-sdk-go-v2/service/sso v1.30.13
• github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.17
• github.com/aws/aws-sdk-go-v2/service/sts v1.41.9
• github.com/beorn7/perks v1.0.1
• github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d@9fd32a8b3d3d
• github.com/blang/semver v3.5.1+incompatible
• github.com/blang/semver/v4 v4.0.0
• github.com/briandowns/spinner v1.23.0
• github.com/bufbuild/buf v1.56.0
• github.com/bufbuild/protocompile v0.14.1
• github.com/bufbuild/protoplugin v0.0.0-20250218205857-750e09ce93e1@750e09ce93e1
• github.com/cenkalti/backoff/v5 v5.0.3
• github.com/cespare/xxhash/v2 v2.3.0
• github.com/chai2010/gettext-go v1.0.2
• github.com/cloudflare/circl v1.6.3
• github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5@ee656c7534f5
• github.com/containerd/cgroups/v3 v3.1.3
• github.com/containerd/containerd v1.7.30
• github.com/containerd/containerd/api v1.10.0
• github.com/containerd/continuity v0.4.5
• github.com/containerd/errdefs v1.0.0
• github.com/containerd/errdefs/pkg v0.3.0
• github.com/containerd/fifo v1.1.0
• github.com/containerd/log v0.1.0
• github.com/containerd/plugin v1.0.0
• github.com/containerd/stargz-snapshotter/estargz v0.18.2
• github.com/containerd/ttrpc v1.2.8
• github.com/containerd/typeurl/v2 v2.2.3
• github.com/coreos/go-oidc/v3 v3.17.0
• github.com/cpuguy83/dockercfg v0.3.2
• github.com/cpuguy83/go-md2man/v2 v2.0.7
• github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467@19d51d7fe467
• github.com/cyphar/filepath-securejoin v0.6.1
• github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc@d8f796af33cc
• github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0
• github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f@9f7001d12a5f
• github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352@3a137a874352
• github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7@220c5c2851b7
• github.com/dlclark/regexp2 v1.11.0
• github.com/docker/distribution v2.8.3+incompatible
• github.com/docker/docker-credential-helpers v0.9.5
• github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707@39efe44ab707
• github.com/dustin/go-humanize v1.0.1
• github.com/ebitengine/purego v0.8.4
• github.com/emicklei/go-restful/v3 v3.13.0
• github.com/emirpasic/gods v1.18.1
• github.com/envoyproxy/go-control-plane/envoy v1.36.0
• github.com/envoyproxy/protoc-gen-validate v1.3.0
• github.com/evanphx/json-patch v5.9.11+incompatible
• github.com/evanphx/json-patch/v5 v5.6.0
• github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f@1de76d718b3f
• github.com/felixge/httpsnoop v1.0.4
• github.com/fsnotify/fsnotify v1.9.0
• github.com/fvbommel/sortorder v1.1.0
• github.com/fxamacker/cbor/v2 v2.9.0
• github.com/go-chi/chi/v5 v5.2.5
• github.com/go-errors/errors v1.4.2
• github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376@3a3c6141e376
• github.com/go-git/go-billy/v5 v5.8.0
• github.com/go-gorp/gorp/v3 v3.1.0
• github.com/go-ini/ini v1.67.0
• github.com/go-jose/go-jose/v4 v4.1.4
• github.com/go-logr/logr v1.4.3
• github.com/go-logr/stdr v1.2.2
• github.com/go-ole/go-ole v1.3.0
• github.com/go-openapi/analysis v0.24.3
• github.com/go-openapi/errors v0.22.7
• github.com/go-openapi/jsonpointer v0.22.5
• github.com/go-openapi/jsonreference v0.21.5
• github.com/go-openapi/loads v0.23.3
• github.com/go-openapi/runtime v0.29.3
• github.com/go-openapi/spec v0.22.4
• github.com/go-openapi/strfmt v0.26.1
• github.com/go-openapi/swag v0.25.5
• github.com/go-openapi/swag/cmdutils v0.25.5
• github.com/go-openapi/swag/conv v0.25.5
• github.com/go-openapi/swag/fileutils v0.25.5
• github.com/go-openapi/swag/jsonname v0.25.5
• github.com/go-openapi/swag/jsonutils v0.25.5
• github.com/go-openapi/swag/loading v0.25.5
• github.com/go-openapi/swag/mangling v0.25.5
• github.com/go-openapi/swag/netutils v0.25.5
• github.com/go-openapi/swag/stringutils v0.25.5
• github.com/go-openapi/swag/typeutils v0.25.5
• github.com/go-openapi/swag/yamlutils v0.25.5
• github.com/go-openapi/validate v0.25.2
• github.com/go-viper/mapstructure/v2 v2.5.0
• github.com/gobwas/glob v0.2.3
• github.com/goccy/go-json v0.10.3
• github.com/goccy/go-yaml v1.18.0
• github.com/gofrs/flock v0.13.0
• github.com/gofrs/uuid v4.3.1+incompatible
• github.com/gogo/protobuf v1.3.2
• github.com/golang-jwt/jwt/v4 v4.5.2
• github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8@2c02b8208cf8
• github.com/golang/snappy v0.0.4
• github.com/google/btree v1.1.3
• github.com/google/cel-go v0.26.1
• github.com/google/certificate-transparency-go v1.3.2
• github.com/google/gnostic-models v0.7.0
• github.com/google/go-cmp v0.7.0
• github.com/google/go-github/v31 v31.0.0
• github.com/google/go-querystring v1.1.0
• github.com/google/s2a-go v0.1.9
• github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2@b49f7bc46da2
• github.com/google/subcommands v1.2.0
• github.com/googleapis/enterprise-certificate-proxy v0.3.14
• github.com/googleapis/gax-go/v2 v2.19.0
• github.com/gorilla/mux v1.8.1
• github.com/gosuri/uitable v0.0.4
• github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79@901d90724c79
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7
• github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.72
• github.com/hashicorp/errwrap v1.1.0
• github.com/hashicorp/go-cleanhttp v0.5.2
• github.com/hashicorp/terraform-json v0.24.0
• github.com/huandu/xstrings v1.5.0
• github.com/in-toto/attestation v1.1.2
• github.com/inconshreveable/mousetrap v1.1.0
• github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99@d14ea06fba99
• github.com/jdx/go-netrc v1.0.0
• github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267@661be99b8267
• github.com/jmoiron/sqlx v1.4.0
• github.com/json-iterator/go v1.1.12
• github.com/kevinburke/ssh_config v1.2.0
• github.com/klauspost/compress v1.18.5
• github.com/klauspost/pgzip v1.2.6
• github.com/knqyf263/labeler v0.0.0-20200423181506-7a6e545148c3@7a6e545148c3
• github.com/lann/builder v0.0.0-20180802200727-47ae307949d0@47ae307949d0
• github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0@62de8c46ede0
• github.com/lestrrat-go/blackmagic v1.0.4
• github.com/lestrrat-go/httpcc v1.0.1
• github.com/lestrrat-go/httprc/v3 v3.0.0
• github.com/lestrrat-go/jwx/v3 v3.0.10
• github.com/lestrrat-go/option v1.0.1
• github.com/lestrrat-go/option/v2 v2.0.0
• github.com/letsencrypt/boulder v0.20260223.0
• github.com/lib/pq v1.10.9
• github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de@89fcab3d43de
• github.com/lufia/plan9stats v0.0.0-20240226150601-1dcf7310316a@1dcf7310316a
• github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40@784aaebc1d40
• github.com/magiconair/properties v1.8.10
• github.com/mattn/go-colorable v0.1.14
• github.com/mattn/go-isatty v0.0.20
• github.com/mattn/go-runewidth v0.0.16
• github.com/mitchellh/copystructure v1.2.0
• github.com/mitchellh/go-wordwrap v1.0.1
• github.com/mitchellh/reflectwalk v1.0.2
• github.com/moby/go-archive v0.2.0
• github.com/moby/locker v1.0.1
• github.com/moby/patternmatcher v0.6.1
• github.com/moby/sys/atomicwriter v0.1.0
• github.com/moby/sys/mountinfo v0.7.2
• github.com/moby/sys/sequential v0.6.0
• github.com/moby/sys/signal v0.7.1
• github.com/moby/sys/user v0.4.0
• github.com/moby/sys/userns v0.1.0
• github.com/moby/term v0.5.2
• github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd@bacd9c7ef1dd
• github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee@35a7c28c31ee
• github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00@205db1a8cc00
• github.com/morikuni/aec v1.1.0
• github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822@a7dc8b61c822
• github.com/ncruces/go-strftime v0.1.9
• github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481@2ea982251481
• github.com/oklog/ulid/v2 v2.1.1
• github.com/opencontainers/runtime-spec v1.3.0
• github.com/opencontainers/selinux v1.13.1
• github.com/owenrumney/squealer v1.2.11
• github.com/pelletier/go-toml v1.9.5
• github.com/pelletier/go-toml/v2 v2.2.4
• github.com/peterbourgon/diskv v2.0.1+incompatible
• github.com/pjbgf/sha1cd v0.3.2
• github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c@5ac0b6a4141c
• github.com/pkg/errors v0.9.1
• github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10@0393e58bdf10
• github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2@5d4384ee4fb2
• github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55@82ca36839d55
• github.com/prometheus/client_golang v1.23.2
• github.com/prometheus/client_model v0.6.2
• github.com/prometheus/common v0.67.4
• github.com/prometheus/procfs v0.17.0
• github.com/quic-go/qpack v0.6.0
• github.com/quic-go/quic-go v0.57.1
• github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475@cf1acfcdf475
• github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec@24d4a6f8daec
• github.com/rivo/uniseg v0.4.7
• github.com/rs/cors v1.11.1
• github.com/rubenv/sql-migrate v1.8.1
• github.com/russross/blackfriday/v2 v2.1.0
• github.com/sagikazarmark/locafero v0.11.0
• github.com/samber/oops v1.18.1
• github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
• github.com/sassoftware/relic v7.2.1+incompatible
• github.com/segmentio/asm v1.2.1
• github.com/segmentio/encoding v0.5.3
• github.com/sergi/go-diff v1.4.0
• github.com/shibumi/go-pathspec v1.3.0
• github.com/shirou/gopsutil/v4 v4.25.5
• github.com/shopspring/decimal v1.4.0
• github.com/sigstore/cosign/v2 v2.6.2
• github.com/sigstore/protobuf-specs v0.5.0
• github.com/sigstore/rekor-tiles/v2 v2.0.1
• github.com/sigstore/sigstore v1.10.5
• github.com/sigstore/sigstore-go v1.1.4
• github.com/sigstore/timestamp-authority/v2 v2.0.6
• github.com/skeema/knownhosts v1.3.1
• github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8@5f936abd7ae8
• github.com/spf13/afero v1.15.0
• github.com/spiffe/go-spiffe/v2 v2.6.0
• github.com/stoewer/go-strcase v1.3.1
• github.com/stretchr/objx v0.5.2
• github.com/subosito/gotenv v1.6.0
• github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d@126854af5e6d
• github.com/tchap/go-patricia/v2 v2.3.3
• github.com/theupdateframework/go-tuf v0.7.0
• github.com/theupdateframework/go-tuf/v2 v2.4.1
• github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399@afe73141d399
• github.com/tklauser/go-sysconf v0.3.13
• github.com/tklauser/numcpus v0.7.0
• github.com/tonglil/versioning v0.0.0-20170205083536-8b2a4334bd1d@8b2a4334bd1d
• github.com/tonistiigi/go-csvvalue v0.0.0-20240814133006-030d3b2625d0@030d3b2625d0
• github.com/transparency-dev/formats v0.0.0-20251017110053-404c0d5b696c@404c0d5b696c
• github.com/transparency-dev/merkle v0.0.2
• github.com/ulikunitz/xz v0.5.15
• github.com/valyala/fastjson v1.6.4
• github.com/vbatts/tar-split v0.12.2
• github.com/vektah/gqlparser/v2 v2.5.30
• github.com/vmihailenco/msgpack/v5 v5.4.1
• github.com/vmihailenco/tagparser/v2 v2.0.0
• github.com/x448/float16 v0.8.4
• github.com/xanzy/ssh-agent v0.3.3
• github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb@02993c407bfb
• github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415@bd5ef7bd5415
• github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8@48954b6210f8
• github.com/yashtewari/glob-intersection v0.2.0
• github.com/yuin/gopher-lua v1.1.1
• github.com/yusufpapurcu/wmi v1.2.4
• go.lsp.dev/jsonrpc2 v0.10.0
• go.lsp.dev/pkg v0.0.0-20210717090340-384b27a52fb2@384b27a52fb2
• go.lsp.dev/protocol v0.12.0
• go.lsp.dev/uri v0.3.0
• go.opencensus.io v0.24.0
• go.opentelemetry.io/auto/sdk v1.2.1
• go.opentelemetry.io/contrib/detectors/gcp v1.39.0
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0
• go.opentelemetry.io/otel v1.43.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0
• go.opentelemetry.io/otel/metric v1.43.0
• go.opentelemetry.io/otel/sdk v1.43.0
• go.opentelemetry.io/otel/sdk/metric v1.43.0
• go.opentelemetry.io/otel/trace v1.43.0
• go.opentelemetry.io/proto/otlp v1.9.0
• go.uber.org/multierr v1.11.0
• go.uber.org/zap v1.27.1
• go.yaml.in/yaml/v2 v2.4.3
• go.yaml.in/yaml/v3 v3.0.4
• golang.org/x/exp v0.0.0-20250911091902-df9299821621@df9299821621
• golang.org/x/oauth2 v0.36.0
• golang.org/x/sys v0.43.0
• golang.org/x/telemetry v0.0.0-20260311193753-579e4da9a98c@579e4da9a98c
• golang.org/x/time v0.15.0
• golang.org/x/tools v0.43.0
• google.golang.org/api v0.272.0
• google.golang.org/genproto v0.0.0-20260316180232-0b37fe3546d5@0b37fe3546d5
• google.golang.org/genproto/googleapis/api v0.0.0-20260316180232-0b37fe3546d5@0b37fe3546d5
• google.golang.org/genproto/googleapis/rpc v0.0.0-20260316180232-0b37fe3546d5@0b37fe3546d5
• google.golang.org/grpc v1.79.3
• gopkg.in/cheggaaa/pb.v1 v1.0.28
• gopkg.in/evanphx/json-patch.v4 v4.13.0
• gopkg.in/inf.v0 v0.9.1
• gopkg.in/warnings.v0 v0.1.2
• gopkg.in/yaml.v2 v2.4.0
• k8s.io/apiextensions-apiserver v0.35.1
• k8s.io/apimachinery v0.35.1
• k8s.io/apiserver v0.35.1
• k8s.io/cli-runtime v0.35.1
• k8s.io/client-go v0.35.1
• k8s.io/component-base v0.35.1
• k8s.io/klog/v2 v2.130.1
• k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912@589584f1c912
• k8s.io/kubectl v0.35.1
• modernc.org/libc v1.65.10
• modernc.org/mathutil v1.7.1
• modernc.org/memory v1.11.0
• mvdan.cc/sh/v3 v3.11.0
• oras.land/oras-go/v2 v2.6.0
• pluginrpc.com/pluginrpc v0.5.0
• sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730@2d320260d730
• sigs.k8s.io/kind v0.19.0
• sigs.k8s.io/kustomize/api v0.20.1
• sigs.k8s.io/kustomize/kyaml v0.20.1
• sigs.k8s.io/randfill v1.0.0
• sigs.k8s.io/structured-merge-diff/v6 v6.3.0
• sigs.k8s.io/yaml v1.6.0
• github.com/alaudadevops/timestamp-authority v1.2.10-alauda.1

integration/testdata/fixtures/repo/gomod/go.mod

• go 1.17
• github.com/open-policy-agent/opa v0.35.0
• github.com/docker/distribution v2.7.1+incompatible
• github.com/docker/docker v20.10.11+incompatible
• github.com/docker/go-connections v0.4.0
• github.com/docker/go-units v0.4.0
• go.opencensus.io v0.23.0
• go4.org/intern v0.0.0-20211027215823-ae77deb06f29@ae77deb06f29
• go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37@db492cf91b37
• golang.org/x/text v0.3.6
• golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac@1f47c861a9ac
• google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c@f16073e35f0c
• google.golang.org/grpc v1.38.0
• google.golang.org/protobuf v1.27.1
• gopkg.in/yaml.v2 v2.4.0

integration/testdata/fixtures/repo/gomod/submod/go.mod

• go 1.15
• github.com/docker/distribution v2.7.1+incompatible

integration/testdata/fixtures/repo/gomod/submod2/go.mod

• go 1.15
• github.com/davecgh/go-spew v1.1.0

pkg/dependency/parser/golang/mod/testdata/go116/go.mod

• go 1.16
• github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff@df43bca6b6ff

pkg/dependency/parser/golang/mod/testdata/normal/go.mod

• go 1.22.0
• go 1.26.3
• github.com/aquasecurity/go-version v0.0.0-20240603093900-cf8a8d29271d@cf8a8d29271d
• github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc@d8f796af33cc
• github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2@5d4384ee4fb2
• github.com/stretchr/testify v1.9.0
• golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028@104605ab7028

pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path-and-version-mismatch/go.mod

• go 1.17
• github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff@df43bca6b6ff
• golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1@5ec99f83aff1

pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path-and-version-mismatch/xerrors/go.mod

• go 1.12

pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path-and-version/go.mod

• go 1.17
• github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff@df43bca6b6ff
• golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1@5ec99f83aff1

pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path-and-version/xerrors/go.mod

• go 1.12

pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path/go.mod

• go 1.17
• github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff@df43bca6b6ff
• golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1@5ec99f83aff1

pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path/xerrors/go.mod

• go 1.12

pkg/dependency/parser/golang/mod/testdata/replaced-with-version-mismatch/go.mod

• go 1.17
• github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff@df43bca6b6ff
• golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1@5ec99f83aff1

pkg/dependency/parser/golang/mod/testdata/replaced-with-version/go.mod

• go 1.17

---

• Check this box to trigger a request for Renovate to run again on this repository