Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Config Migration Needed

• Select this checkbox to let Renovate create an automated Config Migration PR.

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): update ghcr.io/doodlescheduling/keycloak-controller docker tag to v2.6.1
• chore(deps): update quay.io/brancz/kube-rbac-proxy docker tag to v0.21.2

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update module go.opentelemetry.io/otel/sdk to v1.43.0 [security]
• chore(deps): update module google.golang.org/grpc to v1.79.3 [security]
• chore(deps-dev): update actions/checkout digest to 34e1148
• chore(deps): update gcr.io/distroless/static:nonroot docker digest to e3f9456
• chore(deps-dev): update anchore/sbom-action action to v0.24.0
• chore(deps-dev): update aquasecurity/trivy-action action to v0.35.0
• chore(deps-dev): update dependency go to 1.26.x
• chore(deps-dev): update github/codeql-action action to v3.35.1
• chore(deps-dev): update helm/kind-action action to v1.14.0
• chore(deps-dev): update shogo82148/actions-goveralls action to v1.11.0
• chore(deps-dev): update step-security/harden-runner action to v2.17.0
• chore(deps): update kubernetes monorepo to v0.35.3 (k8s.io/api, k8s.io/apiextensions-apiserver, k8s.io/apimachinery, k8s.io/client-go)
• chore(deps): update module github.com/fluxcd/pkg/runtime to v0.103.0
• chore(deps): update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.68.0
• chore(deps): update module sigs.k8s.io/controller-runtime to v0.23.3
• chore(deps): update opentelemetry-go monorepo to v1.43.0 (go.opentelemetry.io/otel, go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc)
• chore(deps-dev): update actions/checkout action to v6
• chore(deps-dev): update actions/setup-go action to v6
• chore(deps-dev): update actions/setup-python action to v6
• chore(deps-dev): update actions/stale action to v10
• chore(deps-dev): update docker/login-action action to v4
• chore(deps-dev): update github artifact actions (major) (actions/download-artifact, actions/upload-artifact)
• chore(deps-dev): update github/codeql-action action to v4.35.1
• chore(deps-dev): update goreleaser/goreleaser-action action to v7
• chore(deps-dev): update imranismail/setup-kustomize action to v3
• chore(deps-dev): update sigstore/cosign-installer action to v4
• chore(deps-dev): update zgosalvez/github-actions-ensure-sha-pinned-actions action to v5
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• chore(deps-dev): update aquasecurity/trivy-action digest to 91e7c2c

Detected Dependencies

dockerfile (2)

Dockerfile (1)

• gcr.io/distroless/static nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02 → [Updates: nonroot]

proxy/Dockerfile (1)

• gcr.io/distroless/static nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02 → [Updates: nonroot]

github-actions (12)

.github/workflows/main.yaml (5)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• actions/setup-go v5.6.0@40f1582b2485089dde7abd97c1529aa768e1baff → [Updates: v6.4.0]
• shogo82148/actions-goveralls v1.10.0@25f5320d970fb565100cf1993ada29be1bb196a1 → [Updates: v1.11.0]
• go 1.25.x → [Updates: 1.26.x]

.github/workflows/pr-actions.yaml (3)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.2]
• zgosalvez/github-actions-ensure-sha-pinned-actions v3.0.25@fc87bb5b5a97953d987372e74478de634726b3e5 → [Updates: v5.0.4]

.github/workflows/pr-build.yaml (32)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• azure/setup-helm v3.5@5119fcb9089d432beecbf79bb2c7915207344b78
• actions/setup-python v5.6.0@a26af69be951a213d495a4c3e4e4022e16d87065 → [Updates: v6.2.0]
• helm/chart-testing-action v2.8.0@6ec842c01de15ebb84c8627d2744a0c2f2755c9f
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• actions/setup-go v5.6.0@40f1582b2485089dde7abd97c1529aa768e1baff → [Updates: v6.4.0]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• actions/setup-go v5.6.0@40f1582b2485089dde7abd97c1529aa768e1baff → [Updates: v6.4.0]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• actions/setup-go v5.6.0@40f1582b2485089dde7abd97c1529aa768e1baff → [Updates: v6.4.0]
• actions/upload-artifact v4.6.2@ea165f8d65b6e75b540449e92b4886f43607fa02 → [Updates: v7.0.1]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• engineerd/setup-kind v0.5.0@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0
• actions/download-artifact v4.3.0@d3f86a106a0bac45b974a628896c90dbdf5c8093 → [Updates: v8.0.1]
• imranismail/setup-kustomize v2.1.0@2ba527d4d055ab63514ba50a99456fc35684947f → [Updates: v3.0.0]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• azure/setup-helm v3.5@5119fcb9089d432beecbf79bb2c7915207344b78
• actions/setup-python v5.6.0@a26af69be951a213d495a4c3e4e4022e16d87065 → [Updates: v6.2.0]
• helm/chart-testing-action v2.8.0@6ec842c01de15ebb84c8627d2744a0c2f2755c9f
• helm/kind-action v1.13.0@92086f6be054225fa813e0a4b13787fc9088faab → [Updates: v1.14.0]
• actions/download-artifact v4.3.0@d3f86a106a0bac45b974a628896c90dbdf5c8093 → [Updates: v8.0.1]
• python 3.14
• go 1.25.x → [Updates: 1.26.x]
• go 1.25.x → [Updates: 1.26.x]
• go 1.25.x → [Updates: 1.26.x]
• python 3.14

.github/workflows/pr-goreleaser.yaml (3)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.2]
• goreleaser/goreleaser-action v6.4.0@e435ccd777264be153ace6237001ef4d979d3a7a → [Updates: v7.0.0]

.github/workflows/pr-label.yaml (1)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]

.github/workflows/pr-stale.yaml (1)

• actions/stale v9.1.0@5bef64f19d7facfb25b37b414482c7164d639639 → [Updates: v10.2.0]

.github/workflows/pr-trivy.yaml (3)

• step-security/harden-runner v2.16.0@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 → [Updates: v2.17.0]
• aquasecurity/trivy-action 0.35.0@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
• github/codeql-action v4.33.0@b1bff81932f5cdfc8695c7752dcee935dcd061c8 → [Updates: v4.35.1]

.github/workflows/rebase.yaml (3)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• cirrus-actions/rebase 1.8@b87d48154a87a85666003575337e27b8cd65f691

.github/workflows/release.yaml (12)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• actions/setup-go v5.6.0@40f1582b2485089dde7abd97c1529aa768e1baff → [Updates: v6.4.0]
• docker/login-action v3.7.0@c94ce9fb468520275223c153574b00df6fe4bcc9 → [Updates: v4.1.0]
• sigstore/cosign-installer v3.10.1@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 → [Updates: v4.1.1]
• anchore/sbom-action v0.22.2@28d71544de8eaf1b958d335707167c5f783590ad → [Updates: v0.24.0]
• goreleaser/goreleaser-action v6.4.0@e435ccd777264be153ace6237001ef4d979d3a7a → [Updates: v7.0.0]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• azure/setup-helm v3.5@5119fcb9089d432beecbf79bb2c7915207344b78
• sigstore/cosign-installer v3.10.1@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 → [Updates: v4.1.1]
• go 1.25.x → [Updates: 1.26.x]

.github/workflows/report-on-vulnerabilities.yaml (7)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• aquasecurity/trivy-action 0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 → [Updates: v0.35.0, 0.33.1]
• actions/upload-artifact v4.6.2@ea165f8d65b6e75b540449e92b4886f43607fa02 → [Updates: v7.0.1]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.2]
• actions/download-artifact v4.3.0@d3f86a106a0bac45b974a628896c90dbdf5c8093 → [Updates: v8.0.1]
• JasonEtco/create-an-issue v2.9.2@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5

.github/workflows/scan.yaml (5)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683 → [Updates: v6, v4]
• github/codeql-action codeql-bundle-20221020@f0a12816612c7306b485a22cb164feb43c6df818
• github/codeql-action codeql-bundle-20221020@f0a12816612c7306b485a22cb164feb43c6df818
• github/codeql-action codeql-bundle-20221020@f0a12816612c7306b485a22cb164feb43c6df818

.github/workflows/scorecard.yaml (5)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.17.0]
• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.2]
• ossf/scorecard-action v2.4.3@4eaacf0543bb3f2c246792bd56e8cdeffafb205a
• actions/upload-artifact v4.6.2@ea165f8d65b6e75b540449e92b4886f43607fa02 → [Updates: v7.0.1]
• github/codeql-action v3.32.2@b5ebac6f4c00c8ccddb7cdcd45fdb248329f808a → [Updates: v3.35.1, v4.35.1]

gomod (1)

go.mod (19)

• go 1.25.0
• github.com/fluxcd/pkg/runtime v0.80.0 → [Updates: v0.103.0]
• github.com/go-logr/logr v1.4.3
• github.com/kylelemons/godebug v1.1.0
• github.com/onsi/ginkgo/v2 v2.28.1
• github.com/onsi/gomega v1.39.1
• github.com/spf13/pflag v1.0.10
• github.com/stretchr/testify v1.11.1
• github.com/tj/assert v0.0.3
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 → [Updates: v0.68.0]
• go.opentelemetry.io/otel v1.40.0 → [Updates: v1.43.0]
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0 → [Updates: v1.43.0]
• go.opentelemetry.io/otel/sdk v1.40.0 → [Updates: v1.43.0]
• google.golang.org/grpc v1.78.0 → [Updates: v1.79.3]
• k8s.io/api v0.34.3 → [Updates: v0.35.3]
• k8s.io/apiextensions-apiserver v0.34.3 → [Updates: v0.35.3]
• k8s.io/apimachinery v0.34.3 → [Updates: v0.35.3]
• k8s.io/client-go v0.34.3 → [Updates: v0.35.3]
• sigs.k8s.io/controller-runtime v0.22.4 → [Updates: v0.23.3]

helm-values (1)

chart/keycloak-controller/values.yaml (1)

• quay.io/brancz/kube-rbac-proxy v0.20.0 → [Updates: v0.21.2]

kustomize (1)

config/base/manager/kustomization.yaml (1)

• ghcr.io/doodlescheduling/keycloak-controller v2.6.0 → [Updates: v2.6.1]

renovate-config-presets (1)

renovate.json

---

• Check this box to trigger a request for Renovate to run again on this repository