Configure Renovate

[renovate-bot]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• Dockerfile (dockerfile)
• Dockerfile.debug (dockerfile)
• .github/actions/bootstrap/action.yaml (github-actions)
• .github/workflows/codeql-analysis.yml (github-actions)
• .github/workflows/release.yaml (github-actions)
• .github/workflows/scorecards.yml (github-actions)
• go.mod (gomod)
• govulners/pkg/test-fixtures/image-simple/package.json (npm)
• govulners/pkg/test-fixtures/image-simple/target/nested/package.json (npm)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 45 Pull Requests:

Update module github.com/docker/docker to v24.0.9+incompatible [SECURITY]

• Branch name: renovate/go-github.com/docker/docker-vulnerability
• Merge into: main
• Upgrade github.com/docker/docker to v24.0.9+incompatible

Update module github.com/hashicorp/go-getter to v1.7.5 [SECURITY]

• Branch name: renovate/go-github.com/hashicorp/go-getter-vulnerability
• Merge into: main
• Upgrade github.com/hashicorp/go-getter to v1.7.5

Update actions/checkout digest

• Schedule: ["at any time"]
• Branch name: renovate/actions-checkout-digest
• Merge into: main
• Upgrade actions/checkout to a12a3943b4bdde767164f792f33f40b04645d846
• Upgrade actions/checkout to e2f20e631ae6d7dd3b768f56a5d2af784dd54791

Update github.com/nextlinux/stereoscope digest to 293e5de

• Schedule: ["at any time"]
• Branch name: renovate/github.com-nextlinux-stereoscope-digest
• Merge into: main
• Upgrade github.com/nextlinux/stereoscope to 293e5dee5d55

Update github.com/wagoodman/go-progress digest to 07e42b3

• Schedule: ["at any time"]
• Branch name: renovate/github.com-wagoodman-go-progress-digest
• Merge into: main
• Upgrade github.com/wagoodman/go-progress to 07e42b3cdba0

Update github/codeql-action digest to 5f53256

• Schedule: ["at any time"]
• Branch name: renovate/github-codeql-action-digest
• Merge into: main
• Upgrade github/codeql-action to 5f532563584d71fdef14ee64d17bafb34f751ce5

Update actions/cache action to v3.3.3

• Schedule: ["at any time"]
• Branch name: renovate/actions-cache-3.x
• Merge into: main
• Upgrade actions/cache to e12d46a63a90f2fae62d114769bbf2a179198b5c

Update actions/upload-artifact action to v3.1.3

• Schedule: ["at any time"]
• Branch name: renovate/actions-upload-artifact-3.x
• Merge into: main
• Upgrade actions/upload-artifact to a8a3f3ad30e3422c9c7b888a15615d19a852ae32

Update module github.com/gabriel-vasile/mimetype to v1.4.4

• Schedule: ["at any time"]
• Branch name: renovate/github.com-gabriel-vasile-mimetype-1.x
• Merge into: main
• Upgrade github.com/gabriel-vasile/mimetype to v1.4.4

Update module github.com/go-test/deep to v1.1.1

• Schedule: ["at any time"]
• Branch name: renovate/github.com-go-test-deep-1.x
• Merge into: main
• Upgrade github.com/go-test/deep to v1.1.1

Update module github.com/gookit/color to v1.5.4

• Schedule: ["at any time"]
• Branch name: renovate/github.com-gookit-color-1.x
• Merge into: main
• Upgrade github.com/gookit/color to v1.5.4

Update module gorm.io/gorm to v1.25.11

• Schedule: ["at any time"]
• Branch name: renovate/gorm.io-gorm-1.x
• Merge into: main
• Upgrade gorm.io/gorm to v1.25.11

Update 8398a7/action-slack action to v3.16.2

• Schedule: ["at any time"]
• Branch name: renovate/8398a7-action-slack-3.x
• Merge into: main
• Upgrade 8398a7/action-slack to 28ba43ae48961b90635b50953d216767a6bea486

Update actions/checkout action to v2.7.0

• Schedule: ["at any time"]
• Branch name: renovate/actions-checkout-2.x
• Merge into: main
• Upgrade actions/checkout to ee0669bd1cc54295c223e0bb666b733df41de1c5

Update actions/checkout action to v3.6.0

• Schedule: ["at any time"]
• Branch name: renovate/actions-checkout-3.x
• Merge into: main
• Upgrade actions/checkout to f43a0e5ff2bd294095638e18286ca9a3d1956744

Update actions/setup-go action to v4.1.0

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-go-4.x
• Merge into: main
• Upgrade actions/setup-go to 93397bea11091df50f3d7e59dc26a7711a8bcfbe

Update actions/setup-python action to v4.8.0

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-python-4.x
• Merge into: main
• Upgrade actions/setup-python to b64ffcaf5b410884ad320a9cfac8866006a109aa

Update anchore/sbom-action action to v0.17.0

• Schedule: ["at any time"]
• Branch name: renovate/anchore-sbom-action-0.x
• Merge into: main
• Upgrade anchore/sbom-action to d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5

Update fountainhead/action-wait-for-check action to v1.2.0

• Schedule: ["at any time"]
• Branch name: renovate/fountainhead-action-wait-for-check-1.x
• Merge into: main
• Upgrade fountainhead/action-wait-for-check to 5a908a24814494009c4bb27c242ea38c93c593be

Update github/codeql-action action to v1.1.39

• Schedule: ["at any time"]
• Branch name: renovate/github-codeql-action-1.x
• Merge into: main
• Upgrade github/codeql-action to 231aa2c8a89117b126725a0e11897209b7118144

Update github/codeql-action action to v2.25.13

• Schedule: ["at any time"]
• Branch name: renovate/github-codeql-action-2.x
• Merge into: main
• Upgrade github/codeql-action to 563dcafdfe28a0bb82e2c272d84924f17b628540

Update module github.com/CycloneDX/cyclonedx-go to v0.9.0

• Schedule: ["at any time"]
• Branch name: renovate/github.com-cyclonedx-cyclonedx-go-0.x
• Merge into: main
• Upgrade github.com/CycloneDX/cyclonedx-go to v0.9.0

Update module github.com/adrg/xdg to v0.5.0

• Schedule: ["at any time"]
• Branch name: renovate/github.com-adrg-xdg-0.x
• Merge into: main
• Upgrade github.com/adrg/xdg to v0.5.0

Update module github.com/anchore/syft to v0.105.1

• Schedule: ["at any time"]
• Branch name: renovate/github.com-anchore-syft-0.x
• Merge into: main
• Upgrade github.com/anchore/syft to v0.105.1

Update module github.com/google/go-cmp to v0.6.0

• Schedule: ["at any time"]
• Branch name: renovate/github.com-google-go-cmp-0.x
• Merge into: main
• Upgrade github.com/google/go-cmp to v0.6.0

Update module github.com/google/uuid to v1.6.0

• Schedule: ["at any time"]
• Branch name: renovate/github.com-google-uuid-1.x
• Merge into: main
• Upgrade github.com/google/uuid to v1.6.0

Update module github.com/hashicorp/go-version to v1.7.0

• Schedule: ["at any time"]
• Branch name: renovate/github.com-hashicorp-go-version-1.x
• Merge into: main
• Upgrade github.com/hashicorp/go-version to v1.7.0

Update module github.com/spf13/afero to v1.11.0

• Schedule: ["at any time"]
• Branch name: renovate/github.com-spf13-afero-1.x
• Merge into: main
• Upgrade github.com/spf13/afero to v1.11.0

Update module github.com/spf13/cobra to v1.8.1

• Schedule: ["at any time"]
• Branch name: renovate/github.com-spf13-cobra-1.x
• Merge into: main
• Upgrade github.com/spf13/cobra to v1.8.1

Update module github.com/spf13/viper to v1.19.0

• Schedule: ["at any time"]
• Branch name: renovate/github.com-spf13-viper-1.x
• Merge into: main
• Upgrade github.com/spf13/viper to v1.19.0

Update module github.com/stretchr/testify to v1.9.0

• Schedule: ["at any time"]
• Branch name: renovate/github.com-stretchr-testify-1.x
• Merge into: main
• Upgrade github.com/stretchr/testify to v1.9.0

Update module golang.org/x/term to v0.22.0

• Schedule: ["at any time"]
• Branch name: renovate/golang.org-x-term-0.x
• Merge into: main
• Upgrade golang.org/x/term to v0.22.0

Update ossf/scorecard-action action to v2.3.3

• Schedule: ["at any time"]
• Branch name: renovate/ossf-scorecard-action-2.x
• Merge into: main
• Upgrade ossf/scorecard-action to dc50aa9510b46c811795eb24b2f1ba02a914e534

Update actions/cache action to v4

• Schedule: ["at any time"]
• Branch name: renovate/actions-cache-4.x
• Merge into: main
• Upgrade actions/cache to 0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
• Upgrade actions/cache to v4

Update actions/checkout action to v4

• Schedule: ["at any time"]
• Branch name: renovate/actions-checkout-4.x
• Merge into: main
• Upgrade actions/checkout to 692973e3d937129bcbf40652eb9f2f61becf3332
• Upgrade actions/checkout to v4

Update actions/setup-go action to v5

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-go-5.x
• Merge into: main
• Upgrade actions/setup-go to 0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
• Upgrade actions/setup-go to v5

Update actions/setup-python action to v5

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-python-5.x
• Merge into: main
• Upgrade actions/setup-python to 39cd14951b08e74b54015e9e001cdefcf80e669f

Update actions/upload-artifact action to v4

• Schedule: ["at any time"]
• Branch name: renovate/major-github-artifact-actions
• Merge into: main
• Upgrade actions/upload-artifact to 0b2256b8c012f0828dc542b3febcab082c67f72b

Update dependency ubuntu to v22

• Schedule: ["at any time"]
• Branch name: renovate/ubuntu-22.x
• Merge into: main
• Upgrade ubuntu to 22.04

Update docker/login-action action to v3

• Schedule: ["at any time"]
• Branch name: renovate/docker-login-action-3.x
• Merge into: main
• Upgrade docker/login-action to v3

Update github/codeql-action action to v3

• Schedule: ["at any time"]
• Branch name: renovate/github-codeql-action-3.x
• Merge into: main
• Upgrade github/codeql-action to 2d790406f505036ef40ecba973cc774a50395aac

Update module github.com/anchore/syft to v1

• Schedule: ["at any time"]
• Branch name: renovate/github.com-anchore-syft-1.x
• Merge into: main
• Upgrade github.com/anchore/syft to v1.9.0

Update module github.com/bmatcuk/doublestar/v2 to v4

• Schedule: ["at any time"]
• Branch name: renovate/github.com-bmatcuk-doublestar-v2-4.x
• Merge into: main
• Upgrade github.com/bmatcuk/doublestar/v2 to v4.6.1

Update module github.com/owenrumney/go-sarif to v2

• Schedule: ["at any time"]
• Branch name: renovate/github.com-owenrumney-go-sarif-2.x
• Merge into: main
• Upgrade github.com/owenrumney/go-sarif to v2.3.3

Update module gopkg.in/yaml.v2 to v3

• Schedule: ["at any time"]
• Branch name: renovate/gopkg.in-yaml.v2-3.x
• Merge into: main
• Upgrade gopkg.in/yaml.v2 to v3.0.1

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.