Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• Pin dependencies (aqua:BurntSushi/ripgrep, aqua:aquasecurity/trivy, aqua:astral-sh/uv, aqua:cargo-bins/cargo-binstall, aqua:crate-ci/typos, aqua:gitleaks/gitleaks, aqua:google/yamlfmt, aqua:hadolint/hadolint, aqua:koalaman/shellcheck, aqua:mikefarah/yq, aqua:mvdan/sh, aqua:rhysd/actionlint)
• Update dependency github:taiki-e/cargo-llvm-cov to v0.6.24
• Update dependency ruff to v0.14.14
• Update github/codeql-action action to v4.31.11
• Update vitest monorepo to v4.0.18 (@vitest/coverage-istanbul, vitest)
• Update dependency @playwright/test to v1.58.0
• Update Docker dependencies (docker/dockerfile, quay.io/pypa/manylinux_2_28)
• 🔐 Create all awaiting schedule PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• Update dependency aqua:astral-sh/uv to v0.9.28
• Update dependency aqua:crate-ci/typos to v1.42.3
• Update dependency github:nextest-rs/nextest to v0.9.124
• Update dependency jdx/mise to v2026.1.9
• Update dependency undici to v7.19.2
• Update pnpm to v10.28.2
• Update dependency aqua:aquasecurity/trivy to v0.69.0
• Update dependency aqua:cargo-bins/cargo-binstall to v1.17.4
• Update dependency electron to v40.1.0
• Update dependency pyrefly to v0.50.1
• Update dependency rollup to v4.57.1
• Update dependency semgrep to v1.150.0
• Update oxlint monorepo (oxfmt, oxlint)
• Update Rust crate reqwest-websocket to 0.6.0

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package aquasecurity/trivy-action).

Files affected: .github/workflows/regular.yaml

---

Detected Dependencies

cargo (4)

Cargo.toml (25)

• anyhow 1.0.100
• async-stream 0.3.6
• async-trait 0.1.89
• bytes 1.10.1
• chrono 0.4.42
• futures 0.3.31
• futures-util 0.3.31
• indoc 2.0.7
• mimalloc 0.1.48
• neon 1.1.1
• neon-build 0.10.1
• pretty_assertions 1.4.1
• reqwest 0.13.1
• reqwest-websocket 0.5.1 → [Updates: 0.6.0]
• serde 1.0.228
• serde_json 1.0.148
• tauri-winres 0.3.5
• tempfile 3.24.0
• thiserror 2.0.18
• tokio 1.49.0
• tokio-stream 0.1.17
• tokio-test 0.4.4
• tokio-util 0.7.17
• wiremock 0.6.4
• with_dir 0.1.4

packages/core/Cargo.toml

packages/meta/Cargo.toml

packages/node/Cargo.toml

docker-compose (2)

docker-compose.proxied.yaml (1)

• mitmproxy/mitmproxy sha256:743b6cdc817211d64bc269f5defacca8d14e76e647fc474e5c7244dbcb645141

docker-compose.yml

dockerfile (1)

Dockerfile (2)

• docker/dockerfile 1.20@sha256:26147acbda4f14c5add9946e2fd2ed543fc402884fd75146bd342a7f6271dc1d → [Updates: 1.21]
• quay.io/pypa/manylinux_2_28 sha256:553fe81d74eb4f2be0901928c4c3af50ca6562b75741f45911770a00630650f0 → [Updates: undefined]

github-actions (7)

.github/actions/setup-docker/action.yaml (5)

• actions/cache v5.0.2@8b402f58fbc84540c8b491a91e594a4576fec3d7 → [Updates: v5.0.3]
• docker/login-action v3.6.0@5e57cd118135c172c3672efd75eb46360885c0ef → [Updates: v3.7.0]
• docker/setup-buildx-action v3.12.0@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f
• docker/build-push-action v6.18.0@263435318d21b8e681c14492fe198d362a7d2c83
• hoverkraft-tech/compose-action v2.4.3@05da55b2bb8a5a759d1c4732095044bd9018c050

.github/actions/setup-native/action.yaml (3)

• actions/cache v5.0.2@8b402f58fbc84540c8b491a91e594a4576fec3d7 → [Updates: v5.0.3]
• ilammy/msvc-dev-cmd v1.13.0@0b201ec74fa43914dc39ae48a89fd1d8cb592756
• jdx/mise-action v3.6.1@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8

.github/actions/setup/action.yaml (1)

• actions/cache v5.0.2@8b402f58fbc84540c8b491a91e594a4576fec3d7 → [Updates: v5.0.3]

.github/actions/sign-notarize/action.yaml (1)

• apple-actions/import-codesign-certs v6.0.0@b610f78488812c1e56b20e6df63ec42d833f2d14

.github/actions/upload-reports/action.yaml (4)

• actions/setup-node v6.2.0@6044e13b5dc448c55e2357c09f80417699197238
• codecov/codecov-action v5.5.2@671740ac38dd9b0130fbe1cec585b89eea48d3de
• codecov/codecov-action v5.5.2@671740ac38dd9b0130fbe1cec585b89eea48d3de
• node latest

.github/workflows/regular.yaml (7)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• zizmorcore/zizmor-action v0.4.1@135698455da5c3b3e55f73f4419e481ab68cdd95
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• aquasecurity/trivy-action v0.33.1@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
• github/codeql-action v4.31.10@cdefb33c0f6224e58673d9004f47f7cb3e328b89 → [Updates: v4.31.11]

.github/workflows/release.yaml (12)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/attest-build-provenance v3.1.0@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 → [Updates: v3.2.0]
• softprops/action-gh-release v2.5.0@a06a81a03ee405af7f2048a818ed3f03bbf83c7b
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/attest-build-provenance v3.1.0@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 → [Updates: v3.2.0]
• softprops/action-gh-release v2.5.0@a06a81a03ee405af7f2048a818ed3f03bbf83c7b
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6.2.0@6044e13b5dc448c55e2357c09f80417699197238
• actions/setup-node v6.2.0@6044e13b5dc448c55e2357c09f80417699197238
• node latest
• node latest

mise (1)

mise.toml (15)

• node 24.13.0
• rust nightly-2026-01-15
• aqua:jqlang/jq 1.8.1
• aqua:mikefarah/yq 4.50.1 → [Updates: 4.50.1]
• aqua:BurntSushi/ripgrep 15.1.0 → [Updates: 15.1.0]
• aqua:aquasecurity/trivy 0.68.2 → [Updates: 0.69.0, 0.68.2]
• aqua:google/yamlfmt 0.21.0 → [Updates: 0.21.0]
• aqua:koalaman/shellcheck 0.11.0 → [Updates: 0.11.0]
• aqua:gitleaks/gitleaks 8.30.0 → [Updates: 8.30.0]
• aqua:rhysd/actionlint 1.7.10 → [Updates: 1.7.10]
• aqua:astral-sh/uv 0.9.26 → [Updates: 0.9.28, 0.9.26]
• aqua:cargo-bins/cargo-binstall 1.16.7 → [Updates: 1.17.4, 1.16.7]
• aqua:hadolint/hadolint 2.14.0 → [Updates: 2.14.0]
• aqua:crate-ci/typos 1.42.1 → [Updates: 1.42.3, 1.42.1]
• aqua:mvdan/sh 3.12.0 → [Updates: 3.12.0]

npm (5)

package.json (3)

• node ^22.18.0 || ^24.11.0
• pnpm ^10.26.0
• pnpm 10.28.1+sha512.7d7dbbca9e99447b7c3bf7a73286afaaf6be99251eb9498baefa7d406892f67b879adb3a1d7e687fc4ccc1a388c7175fbaae567a26ab44d1067b54fcb0d6a316 → [Updates: 10.28.2]

packages/core/package.json

packages/meta/package.json

packages/node/package.json

pnpm-workspace.yaml (21)

• @codecov/vite-plugin ^1.9.1
• @mapbox/node-pre-gyp ^2.0.3
• @playwright/test 1.57.0 → [Updates: 1.58.0]
• @rollup/plugin-node-resolve ^16.0.3
• @taplo/cli ^0.7.0
• @types/node ^24.10.9
• @vitest/coverage-istanbul ^4.0.17 → [Updates: ^4.0.17]
• electron ^40.0.0 → [Updates: ^40.0.0]
• fd-lock ^2.1.1
• husky ^9.1.7
• markdownlint-cli2 ^0.20.0
• monocart-reporter ^2.9.23
• oxfmt ^0.26.0 → [Updates: ^0.27.0]
• oxlint ^1.41.0 → [Updates: ^1.41.0]
• rollup ^4.56.0 → [Updates: ^4.56.0]
• rollup-plugin-node-externals ^8.1.2
• typescript ^5.9.3
• undici ^7.19.0 → [Updates: ^7.19.0]
• vite ^7.3.1
• vite-plugin-dts ^4.5.4
• vitest ^4.0.17 → [Updates: ^4.0.17]

pep621 (1)

pyproject.toml (5)

• mitmproxy ==12.2.1
• pyrefly ==0.49.0 → [Updates: ==0.50.1]
• ruff ==0.14.13 → [Updates: ==0.14.14]
• semgrep ==1.149.0 → [Updates: ==1.150.0]
• zizmor ==1.22.0

pyenv (1)

.python-version (1)

• python 3.14.2

regex (4)

.mise-version (1)

• jdx/mise v2026.1.6 → [Updates: v2026.1.9]

mise.toml (1)

• rustlang/rust nightly-2026-01-15

mise.toml (4)

• github:nextest-rs/nextest 0.9.122 → [Updates: 0.9.124]
• github:mstange/samply 0.13.1
• github:EmbarkStudios/cargo-deny 0.19.0
• github:taiki-e/cargo-llvm-cov 0.6.23 → [Updates: 0.6.24]

rust-toolchain.toml (1)

• rustlang/rust nightly-2026-01-15

---

• Check this box to trigger a request for Renovate to run again on this repository