Dependency Dashboard

[renovate-sh-app]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Package lookup failures

Abandoned Dependencies

The following dependencies have not received updates for an extended period and may be unmaintained.

View abandoned dependencies (5)

[!NOTE]
Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Datasource	Package	Last Updated
gomod	github.com/go-kit/log	2022-04-27
gomod	github.com/gogo/protobuf	2021-01-10
gomod	github.com/golang/snappy	2023-12-25
gomod	github.com/grafana/memberlist	2021-11-12
gomod	github.com/pkg/errors	2020-01-14

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): pin dependencies (golangci/golangci-lint, grafana/writers-toolkit)
• chore(deps): update actions/checkout action to v6.0.3
• chore(deps): lock file maintenance
• 🔐 Create all rate-limited PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): update grafana/shared-workflows/aws-auth action to v1.0.4

---

Warning

Renovate failed to look up the following dependencies: Failed to look up github-tags package aquasecurity/trivy-action: no-result.

Files affected: .github/workflows/docker.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• fix(security/high/): update security github.com/prometheus/prometheus to v0.311.3 [security]
• fix(security/unknown/): update security golang.org/x/crypto to v0.52.0 [security]
• fix(security/unknown/): update security golang.org/x/net to v0.55.0 [security]
• fix(security/unknown/): update security golang.org/x/sys to v0.44.0 [security]
• chore(deps): update actions/checkout digest to df4cb1c
• chore(deps): update actions/setup-go digest to 4a36011
• chore(deps): update golang:1.26-alpine docker digest to a6a091e
• chore(deps): update golangci/golangci-lint-action digest to 82606bf
• fix(deps): update github.com/grafana/dskit digest to a6e853f
• fix(deps): update aws-sdk-go-v2 monorepo (github.com/aws/aws-sdk-go-v2, github.com/aws/aws-sdk-go-v2/config, github.com/aws/aws-sdk-go-v2/service/s3, github.com/aws/aws-sdk-go-v2/service/secretsmanager, github.com/aws/aws-sdk-go-v2/service/ssm)
• chore(deps): update dependency golangci/golangci-lint to v2.12.2
• chore(deps): update github/codeql-action action to v4.36.2
• fix(deps): update module github.com/aws/smithy-go to v1.27.2
• fix(deps): update module github.com/prometheus/common to v0.68.1
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• chore(deps): update github.com/grafana/memberlist digest to 1798cf4
• fix(deps): update module github.com/grafana/loki/pkg/push to v0.4.0
• fix(deps): update module github.com/grafana/loki/v3 to v3.7.2
• fix(deps): update module github.com/grafana/loki/pkg/push to v3

Vulnerabilities

Important

24/24 CVEs have Renovate fixes.

gomod

go.mod

github.com/prometheus/prometheus

• GHSA-8rm2-7qqf-34qm (fixed in >= 0.311.3)
• GHSA-fw8g-cg8f-9j28 (fixed in >= 0.311.3)
• GHSA-vffh-x6r8-xx99 (fixed in >= 0.311.2-0.20260410083055-07c6232d159b)
• GHSA-wg65-39gg-5wfj (fixed in >= 0.311.3)

golang.org/x/crypto

• GO-2026-5005 (fixed in >= 0.52.0)
• GO-2026-5006 (fixed in >= 0.52.0)
• GO-2026-5013 (fixed in >= 0.52.0)
• GO-2026-5014 (fixed in >= 0.52.0)
• GO-2026-5015 (fixed in >= 0.52.0)
• GO-2026-5016 (fixed in >= 0.52.0)
• GO-2026-5017 (fixed in >= 0.52.0)
• GO-2026-5018 (fixed in >= 0.52.0)
• GO-2026-5019 (fixed in >= 0.52.0)
• GO-2026-5020 (fixed in >= 0.52.0)
• GO-2026-5021 (fixed in >= 0.52.0)
• GO-2026-5023 (fixed in >= 0.52.0)
• GO-2026-5033 (fixed in >= 0.52.0)

golang.org/x/net

• GO-2026-5025 (fixed in >= 0.55.0)
• GO-2026-5026 (fixed in >= 0.55.0)
• GO-2026-5027 (fixed in >= 0.55.0)
• GO-2026-5028 (fixed in >= 0.55.0)
• GO-2026-5029 (fixed in >= 0.55.0)
• GO-2026-5030 (fixed in >= 0.55.0)

golang.org/x/sys

• GO-2026-5024 (fixed in >= 0.44.0)

Detected Dependencies

dockerfile (1)

Dockerfile (2)

• golang 1.26-alpine@sha256:91eda9776261207ea25fd06b5b7fed8d397dd2c0a283e77f2ab6e91bfa71079d → [Updates: 1.26-alpine]
• public.ecr.aws/lambda/provided al2023.2026.02.27.21@sha256:9ee3f032d4063febdf42a2a1f15149ce8358130753e48fcaf86eae731fab38ff

github-actions (7)

.github/workflows/cloudformation.yml (2)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6]
• scottbrenner/cfn-lint-action v2.7.1@ed184e91f5085a2932501da8314e899e5e0ef5be

.github/workflows/docker.yml (3)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6]
• aquasecurity/trivy-action 0.35.0@97e0b3872f55f89b95b2f65b3dbab56962816478
• github/codeql-action v4.35.2@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 → [Updates: v4.36.2]

.github/workflows/docs-ci.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6.0.3]
• step-security/changed-files v47.0.5@2e07db73e5ccdb319b9a6c7766bd46d39d304bad
• grafana/writers-toolkit main → [Updates: main]

.github/workflows/go.yml (4)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6]
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• golangci/golangci-lint-action v9@1e7e51e771db61008b38414a730f564565cf7c20 → [Updates: v9]
• golangci/golangci-lint v2.11.4 → [Updates: v2.12.2, v2.11.4]

.github/workflows/issues.yml

.github/workflows/publish-technical-documentation-next.yml (2)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6]
• grafana/writers-toolkit publish-technical-documentation/v1@9aed4f7c5b3caa1b58d72ee39232333407d4acbf

.github/workflows/release.yml (5)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6]
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• grafana/shared-workflows aws-auth/v1.0.3@85022085ed5314601c05d10e846de56bdd71e369 → [Updates: aws-auth/v1.0.4]
• grafana/shared-workflows aws-auth/v1.0.3@85022085ed5314601c05d10e846de56bdd71e369 → [Updates: aws-auth/v1.0.4]
• softprops/action-gh-release v3.0.0@b4309332981a82ec1c5618f44dd2e27cc8bfbfda

gomod (1)

go.mod (24)

• go 1.25.7
• github.com/aws/aws-lambda-go v1.54.0
• github.com/aws/aws-sdk-go-v2 v1.41.7 → [Updates: v1.41.12]
• github.com/aws/aws-sdk-go-v2/config v1.32.17 → [Updates: v1.32.23]
• github.com/aws/aws-sdk-go-v2/service/s3 v1.100.1 → [Updates: v1.103.2]
• github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.7 → [Updates: v1.42.2]
• github.com/aws/aws-sdk-go-v2/service/ssm v1.68.6 → [Updates: v1.69.2]
• github.com/aws/smithy-go v1.25.1 → [Updates: v1.27.2]
• github.com/go-kit/log v0.2.1
• github.com/gogo/protobuf v1.3.2
• github.com/golang/snappy v1.0.0
• github.com/grafana/dskit v0.0.0-20260324093927-3167f499dfc0@3167f499dfc0 → [Updates: v0.0.0-20260324093927-3167f499dfc0]
• github.com/grafana/loki/pkg/push v0.0.0-20260106103740-2203c1d8e8fa@2203c1d8e8fa → [Updates: v0.4.0, v3.7.2]
• github.com/grafana/loki/v3 v3.6.8 → [Updates: v3.7.2]
• github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853@f7b3be9d1853
• github.com/pkg/errors v0.9.1
• github.com/prometheus/client_golang v1.23.2
• github.com/prometheus/common v0.67.5 → [Updates: v0.68.1]
• github.com/prometheus/prometheus v0.308.1 → [Updates: v0.311.3]
• github.com/stretchr/testify v1.11.1
• golang.org/x/crypto v0.50.0 → [Updates: v0.52.0]
• golang.org/x/net v0.53.0 → [Updates: v0.55.0]
• golang.org/x/sys v0.43.0 → [Updates: v0.44.0]
• github.com/grafana/memberlist v0.3.1-0.20251126142931-6f9f62ab6f86@6f9f62ab6f86 → [Updates: v0.3.1-0.20251126142931-6f9f62ab6f86]

terraform (1)

versions.tf (1)

• hashicorp/terraform >= 0.15

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.