Dependency Dashboard

[renovate-sh-app]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Package lookup failures
• ⚠️ WARN: Error updating branch: update failure

Abandoned Dependencies

The following dependencies have not received updates for an extended period and may be unmaintained.

View abandoned dependencies (5)

[!NOTE]
Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Datasource	Package	Last Updated
gomod	github.com/go-kit/log	2022-04-27
gomod	github.com/gogo/protobuf	2021-01-10
gomod	github.com/golang/snappy	2023-12-25
gomod	github.com/grafana/memberlist	2021-11-12
gomod	github.com/pkg/errors	2020-01-14

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• chore(deps): lock file maintenance

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update github/codeql-action action to v4.36.0
• fix(deps): update module github.com/grafana/loki/pkg/push to v0.4.0
• fix(deps): update module github.com/grafana/loki/v3 to v3.7.2
• fix(deps): update module github.com/grafana/loki/pkg/push to v3
• 🔐 Create all rate-limited PRs at once 🔐

Errored

The following updates encountered an error and will be retried. To force a retry now, click on a checkbox below.

• chore(deps): pin dependencies (golangci/golangci-lint, grafana/writers-toolkit)

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• fix(deps): update module github.com/aws/smithy-go to v1.26.0

---

Warning

Renovate failed to look up the following dependencies: Failed to look up github-tags package aquasecurity/trivy-action: no-result.

Files affected: .github/workflows/docker.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• fix(security/high): update module github.com/prometheus/prometheus to v0.311.3 [security]
• fix(security/unknown): update module golang.org/x/crypto to v0.52.0 [security]
• fix(security/unknown): update module golang.org/x/net to v0.55.0 [security]
• fix(security/unknown): update module golang.org/x/sys to v0.44.0 [security]
• chore(deps): update actions/setup-go digest to 4a36011
• chore(deps): update github.com/grafana/memberlist digest to 1798cf4
• chore(deps): update golangci/golangci-lint-action digest to 82606bf
• fix(deps): update github.com/grafana/dskit digest to 24e8e0c
• fix(deps): update aws-sdk-go-v2 monorepo (github.com/aws/aws-sdk-go-v2/config, github.com/aws/aws-sdk-go-v2/service/s3)
• chore(deps): update dependency golangci/golangci-lint to v2.12.2
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Important

24/24 CVEs have Renovate fixes.

gomod

go.mod

github.com/prometheus/prometheus

• GHSA-8rm2-7qqf-34qm (fixed in >= 0.311.3)
• GHSA-fw8g-cg8f-9j28 (fixed in >= 0.311.3)
• GHSA-vffh-x6r8-xx99 (fixed in >= 0.311.2-0.20260410083055-07c6232d159b)
• GHSA-wg65-39gg-5wfj (fixed in >= 0.311.3)

golang.org/x/crypto

• GO-2026-5005 (fixed in >= 0.52.0)
• GO-2026-5006 (fixed in >= 0.52.0)
• GO-2026-5013 (fixed in >= 0.52.0)
• GO-2026-5014 (fixed in >= 0.52.0)
• GO-2026-5015 (fixed in >= 0.52.0)
• GO-2026-5016 (fixed in >= 0.52.0)
• GO-2026-5017 (fixed in >= 0.52.0)
• GO-2026-5018 (fixed in >= 0.52.0)
• GO-2026-5019 (fixed in >= 0.52.0)
• GO-2026-5020 (fixed in >= 0.52.0)
• GO-2026-5021 (fixed in >= 0.52.0)
• GO-2026-5023 (fixed in >= 0.52.0)
• GO-2026-5033 (fixed in >= 0.52.0)

golang.org/x/net

• GO-2026-5025 (fixed in >= 0.55.0)
• GO-2026-5026 (fixed in >= 0.55.0)
• GO-2026-5027 (fixed in >= 0.55.0)
• GO-2026-5028 (fixed in >= 0.55.0)
• GO-2026-5029 (fixed in >= 0.55.0)
• GO-2026-5030 (fixed in >= 0.55.0)

golang.org/x/sys

• GO-2026-5024 (fixed in >= 0.44.0)

Detected Dependencies

dockerfile (1)

Dockerfile (2)

• golang 1.26-alpine@sha256:91eda9776261207ea25fd06b5b7fed8d397dd2c0a283e77f2ab6e91bfa71079d
• public.ecr.aws/lambda/provided al2023.2026.02.27.21@sha256:9ee3f032d4063febdf42a2a1f15149ce8358130753e48fcaf86eae731fab38ff

github-actions (7)

.github/workflows/cloudformation.yml (2)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• scottbrenner/cfn-lint-action v2.7.1@ed184e91f5085a2932501da8314e899e5e0ef5be

.github/workflows/docker.yml (3)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• aquasecurity/trivy-action 0.35.0@97e0b3872f55f89b95b2f65b3dbab56962816478
• github/codeql-action v4.35.2@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 → [Updates: v4.36.0]

.github/workflows/docs-ci.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• step-security/changed-files v47.0.5@2e07db73e5ccdb319b9a6c7766bd46d39d304bad
• grafana/writers-toolkit main → [Updates: main]

.github/workflows/go.yml (4)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• golangci/golangci-lint-action v9@1e7e51e771db61008b38414a730f564565cf7c20 → [Updates: v9]
• golangci/golangci-lint v2.11.4 → [Updates: v2.12.2, v2.11.4]

.github/workflows/issues.yml

.github/workflows/publish-technical-documentation-next.yml (2)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• grafana/writers-toolkit publish-technical-documentation/v1@9aed4f7c5b3caa1b58d72ee39232333407d4acbf

.github/workflows/release.yml (5)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• grafana/shared-workflows aws-auth/v1.0.3@85022085ed5314601c05d10e846de56bdd71e369
• grafana/shared-workflows aws-auth/v1.0.3@85022085ed5314601c05d10e846de56bdd71e369
• softprops/action-gh-release v3.0.0@b4309332981a82ec1c5618f44dd2e27cc8bfbfda

gomod (1)

go.mod (24)

• go 1.25.7
• github.com/aws/aws-lambda-go v1.54.0
• github.com/aws/aws-sdk-go-v2 v1.41.7
• github.com/aws/aws-sdk-go-v2/config v1.32.17 → [Updates: v1.32.18]
• github.com/aws/aws-sdk-go-v2/service/s3 v1.100.1 → [Updates: v1.101.0]
• github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.7
• github.com/aws/aws-sdk-go-v2/service/ssm v1.68.6
• github.com/aws/smithy-go v1.25.1 → [Updates: v1.26.0]
• github.com/go-kit/log v0.2.1
• github.com/gogo/protobuf v1.3.2
• github.com/golang/snappy v1.0.0
• github.com/grafana/dskit v0.0.0-20260324093927-3167f499dfc0@3167f499dfc0 → [Updates: v0.0.0-20260324093927-3167f499dfc0]
• github.com/grafana/loki/pkg/push v0.0.0-20260106103740-2203c1d8e8fa@2203c1d8e8fa → [Updates: v0.4.0, v3.7.2]
• github.com/grafana/loki/v3 v3.6.8 → [Updates: v3.7.2]
• github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853@f7b3be9d1853
• github.com/pkg/errors v0.9.1
• github.com/prometheus/client_golang v1.23.2
• github.com/prometheus/common v0.67.5
• github.com/prometheus/prometheus v0.308.1 → [Updates: v0.311.3]
• github.com/stretchr/testify v1.11.1
• golang.org/x/crypto v0.50.0 → [Updates: v0.52.0]
• golang.org/x/net v0.53.0 → [Updates: v0.55.0]
• golang.org/x/sys v0.43.0 → [Updates: v0.44.0]
• github.com/grafana/memberlist v0.3.1-0.20251126142931-6f9f62ab6f86@6f9f62ab6f86 → [Updates: v0.3.1-0.20251126142931-6f9f62ab6f86]

terraform (1)

versions.tf (1)

• hashicorp/terraform >= 0.15

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.