Dependency Dashboard #4

New issue

Open

opened 2026-04-27 23:16:10 -04:00 by Renovate · 0 comments

Renovate commented 2026-04-27 23:16:10 -04:00

Member

Copy link

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Merging of PR failed

Abandoned Dependencies

The following dependencies have not received updates for an extended period and may be unmaintained.

View abandoned dependencies (1)

ℹ️ Note

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Datasource	Package	Last Updated
pep621	diskcache	2023-08-31

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• Update dependency gitpython to v3.1.50 [SECURITY]
• Update actions/checkout digest to df4cb1c
• Update dependency tomlkit to ~=0.15.0
• Update dependency typer to ~=0.26.7
• Update actions/setup-uv action to v8
• Update GitHub Artifact Actions to v5
• Lock file maintenance
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

❗ Important

6/6 CVEs have Renovate fixes.

pep621

pyproject.toml

diskcache

• GHSA-w8v5-vhqr-4h9v (fixed in > 5.6.3)

gitpython

• GHSA-7545-fcxq-7j24 (fixed in >= 3.1.48)
• GHSA-mv93-w799-cj2w (fixed in >= 3.1.50)
• GHSA-rpm5-65cw-6hj4 (fixed in >= 3.1.47)
• GHSA-v87r-6q3f-2j67 (fixed in >= 3.1.49)
• GHSA-x2qx-6953-8485 (fixed in >= 3.1.47)

Detected Dependencies

github-actions (1)

.forgejo/workflows/actions.yaml (5)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6]
• actions/setup-uv v6@d0cc045d04ccac9d8b7881df0226f9e82c39688e → [Updates: v8.2.0]
• actions/upload-artifact v4@16871d9e8cfcf27ff31822cac382bbb5450f1e1e → [Updates: v5]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6]
• actions/setup-uv v6@d0cc045d04ccac9d8b7881df0226f9e82c39688e → [Updates: v8.2.0]

pep621 (1)

pyproject.toml (9)

• python ~=3.14.0
• diskcache >=5.6.3
• gitpython ~=3.1.45 → [Updates: ~=3.1.45]
• pydantic >=2.13.2
• pyforgejo ~=2.0.5
• tomlkit ~=0.14.0 → [Updates: ~=0.15.0]
• typer ~=0.25.0 → [Updates: ~=0.26.7]
• basedpyright ~=1.39.3
• ruff ~=0.15.12

renovate-config (1)

renovate.json

This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. ## Repository Problems Renovate tried to run on this repository, but found these problems. - ⚠️ WARN: Merging of PR failed ## Abandoned Dependencies The following dependencies have not received updates for an extended period and may be unmaintained. <details> <summary>View abandoned dependencies (1)</summary> > ℹ️ **Note** > Packages are marked as abandoned when they exceed the [`abandonmentThreshold`](https://docs.renovatebot.com/configuration-options/#abandonmentthreshold) since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity. > | Datasource | Package | Last Updated | |------------|------|-------------| | pep621 | [diskcache](https://github.com/grantjenks/python-diskcache) | `2023-08-31` | </details> ## Open The following updates have all been created. To force a retry/rebase of any, click on a checkbox below. - [ ] <!-- rebase-branch=renovate/pypi-gitpython-vulnerability -->[Update dependency gitpython to v3.1.50 [SECURITY]](pulls/15) - [ ] <!-- rebase-branch=renovate/actions-checkout-digest -->[Update actions/checkout digest to df4cb1c](pulls/18) - [ ] <!-- rebase-branch=renovate/tomlkit-0.x -->[Update dependency tomlkit to ~=0.15.0](pulls/16) - [ ] <!-- rebase-branch=renovate/typer-0.x -->[Update dependency typer to ~=0.26.7](pulls/17) - [ ] <!-- rebase-branch=renovate/actions-setup-uv-8.x -->[Update actions/setup-uv action to v8](pulls/12) - [ ] <!-- rebase-branch=renovate/major-github-artifact-actions -->[Update GitHub Artifact Actions to v5](pulls/13) - [ ] <!-- rebase-branch=renovate/lock-file-maintenance -->[Lock file maintenance](pulls/14) - [ ] <!-- rebase-all-open-prs -->**Click on this checkbox to rebase all open PRs at once** ## Vulnerabilities > ❗ **Important** > > `6`/`6` CVEs have Renovate fixes. <details><summary>pep621</summary> <blockquote> <details><summary>pyproject.toml</summary> <blockquote> <details><summary>diskcache</summary> <blockquote> - [GHSA-w8v5-vhqr-4h9v](https://osv.dev/vulnerability/GHSA-w8v5-vhqr-4h9v) (fixed in > 5.6.3) </blockquote> </details> <details><summary>gitpython</summary> <blockquote> - [GHSA-7545-fcxq-7j24](https://osv.dev/vulnerability/GHSA-7545-fcxq-7j24) (fixed in >= 3.1.48) - [GHSA-mv93-w799-cj2w](https://osv.dev/vulnerability/GHSA-mv93-w799-cj2w) (fixed in >= 3.1.50) - [GHSA-rpm5-65cw-6hj4](https://osv.dev/vulnerability/GHSA-rpm5-65cw-6hj4) (fixed in >= 3.1.47) - [GHSA-v87r-6q3f-2j67](https://osv.dev/vulnerability/GHSA-v87r-6q3f-2j67) (fixed in >= 3.1.49) - [GHSA-x2qx-6953-8485](https://osv.dev/vulnerability/GHSA-x2qx-6953-8485) (fixed in >= 3.1.47) </blockquote> </details> </blockquote> </details> </blockquote> </details> ## Detected Dependencies <details><summary>github-actions (1)</summary> <blockquote> <details><summary>.forgejo/workflows/actions.yaml (5)</summary> - `actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd` → [Updates: `v6`] - `actions/setup-uv v6@d0cc045d04ccac9d8b7881df0226f9e82c39688e` → [Updates: `v8.2.0`] - `actions/upload-artifact v4@16871d9e8cfcf27ff31822cac382bbb5450f1e1e` → [Updates: `v5`] - `actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd` → [Updates: `v6`] - `actions/setup-uv v6@d0cc045d04ccac9d8b7881df0226f9e82c39688e` → [Updates: `v8.2.0`] </details> </blockquote> </details> <details><summary>pep621 (1)</summary> <blockquote> <details><summary>pyproject.toml (9)</summary> - `python ~=3.14.0` - `diskcache >=5.6.3` - `gitpython ~=3.1.45` → [Updates: `~=3.1.45`] - `pydantic >=2.13.2` - `pyforgejo ~=2.0.5` - `tomlkit ~=0.14.0` → [Updates: `~=0.15.0`] - `typer ~=0.25.0` → [Updates: `~=0.26.7`] - `basedpyright ~=1.39.3` - `ruff ~=0.15.12` </details> </blockquote> </details> <details><summary>renovate-config (1)</summary> <blockquote> <details><summary>renovate.json</summary> </details> </blockquote> </details>

cswimr pinned this 2026-04-27 23:17:28 -04:00

cswimr locked as Off-topic and limited conversation to collaborators 2026-04-27 23:17:33 -04:00

cswimr unlocked this conversation 2026-05-02 08:08:26 -04:00

cswimr locked as Comments unnecessary and limited conversation to collaborators 2026-05-02 08:08:30 -04:00

This discussion has been locked. Commenting is limited to contributors.

No Branch/Tag specified

Branches Tags

main

renovate/actions-setup-uv-8.x

renovate/actions-checkout-digest

renovate/typer-0.x

renovate/tomlkit-0.x

renovate/major-github-artifact-actions

renovate/pypi-gitpython-vulnerability

renovate/lock-file-maintenance

v2.1.0

v2.0.0

v1.1.2

v1.1.1

v1.1.0

v1.0.0

Labels

Clear labels

  

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

question

More information is needed

  

upstream

Issue is known, but is pending a fix from another entity

  

wontfix

This issue is known, but will not be fixed

No labels

bug

duplicate

question

upstream

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

GalacticFactory/GalacticFactoryUtils#4

No description provided.