Dependency Dashboard #4

New issue

Open

opened 2025-05-20 04:31:59 -04:00 by Renovate · 0 comments

Renovate commented

2025-05-20 04:31:59 -04:00

Collaborator

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository Problems

Renovate tried to run on this repository, but found these problems.

⚠️ WARN: Merging of PR failed

Abandoned Dependencies

The following dependencies have not received updates for an extended period and may be unmaintained.

View abandoned dependencies (1)

ℹ️ Note

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Datasource	Package	Last Updated
pep621	lxml-stubs	`2024-01-10`

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

Update dependency aiohttp to v3.14.0 [SECURITY]
Update actions/checkout digest to 93cb6ef
Update catthehacker/ubuntu:act-latest Docker digest to c2fb744
Update dependency ipython to ~=9.14.1
Update dependency pytest to ~=9.1.0
Update dependency typer to ~=0.26.7
Update actions/checkout action to v6
Update actions/setup-uv action to v8
Update GitHub Artifact Actions to v5
Lock file maintenance
Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

Update actions/setup-uv digest to d0cc045

Vulnerabilities

❗ Important

4/4 CVEs have Renovate fixes.

pep621

pyproject.toml

aiohttp

GHSA-hg6j-4rv6-33pg (fixed in >= 3.14.0)

GHSA-jg22-mg44-37j8 (fixed in >= 3.14.0)

GHSA-hg6j-4rv6-33pg (fixed in >= 3.14.0)

GHSA-jg22-mg44-37j8 (fixed in >= 3.14.0)

Detected Dependencies

github-actions (1)

.forgejo/workflows/actions.yaml (11)

actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]

actions/setup-uv v6@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 → [Updates: v8.2.0, v6]

actions/upload-artifact v4@16871d9e8cfcf27ff31822cac382bbb5450f1e1e → [Updates: v5]

actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]

actions/setup-uv v6@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 → [Updates: v8.2.0, v6]

actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]

actions/setup-uv v6@7edac99f961f18b581bbd960d59d049f04c0002f → [Updates: v8.2.0, v6]

actions/upload-artifact v4@16871d9e8cfcf27ff31822cac382bbb5450f1e1e → [Updates: v5]

catthehacker/ubuntu act-latest@sha256:ee77eaa905d10ad76345b58b0803d698ea63faa9a27047898530cbcd47f90eb9 → [Updates: act-latest]

catthehacker/ubuntu act-latest@sha256:ee77eaa905d10ad76345b58b0803d698ea63faa9a27047898530cbcd47f90eb9 → [Updates: act-latest]

catthehacker/ubuntu act-latest@sha256:ee77eaa905d10ad76345b58b0803d698ea63faa9a27047898530cbcd47f90eb9 → [Updates: act-latest]

pep621 (1)

pyproject.toml (16)

python <4.0,>=3.11

aiohttp ~=3.13 → [Updates: ~=3.13]

lxml ~=6.0

pydantic >=2.11.10

ruff ~=0.15.3

basedpyright ~=1.39.3

pytest ~=9.0.2 → [Updates: ~=9.1.0]

pytest-cov ~=7.1.0

zensical ~=0.0.16

mkdocstrings-python ~=2.0.1

ipython ~=9.13.0 → [Updates: ~=9.14.1]

rich ~=15.0.0

lxml-stubs >=0.5.1

typer ~=0.25.0 → [Updates: ~=0.26.7]

aiohttp ~=3.13 → [Updates: ~=3.13]

orjson ~=3.11

renovate-config (1)

renovate.json

This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. ## Repository Problems Renovate tried to run on this repository, but found these problems. - ⚠️ WARN: Merging of PR failed ## Abandoned Dependencies The following dependencies have not received updates for an extended period and may be unmaintained. <details> <summary>View abandoned dependencies (1)</summary> > ℹ️ **Note** > Packages are marked as abandoned when they exceed the [`abandonmentThreshold`](https://docs.renovatebot.com/configuration-options/#abandonmentthreshold) since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity. > | Datasource | Package | Last Updated | |------------|------|-------------| | pep621 | [lxml-stubs](https://github.com/lxml/lxml-stubs) | `2024-01-10` | </details> ## Open The following updates have all been created. To force a retry/rebase of any, click on a checkbox below. - [ ] [Update dependency aiohttp to v3.14.0 [SECURITY]](pulls/95) - [ ] [Update actions/checkout digest to 93cb6ef](pulls/86) - [ ] [Update catthehacker/ubuntu:act-latest Docker digest to c2fb744](pulls/92) - [ ] [Update dependency ipython to ~=9.14.1](pulls/94) - [ ] [Update dependency pytest to ~=9.1.0](pulls/96) - [ ] [Update dependency typer to ~=0.26.7](pulls/93) - [ ] [Update actions/checkout action to v6](pulls/87) - [ ] [Update actions/setup-uv action to v8](pulls/89) - [ ] [Update GitHub Artifact Actions to v5](pulls/90) - [ ] [Lock file maintenance](pulls/91) - [ ] **Click on this checkbox to rebase all open PRs at once** ## PR Closed (Blocked) The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below. - [ ] [Update actions/setup-uv digest to d0cc045](pulls/45) ## Vulnerabilities > ❗ **Important** > > `4`/`4` CVEs have Renovate fixes. <details><summary>pep621</summary> <blockquote> <details><summary>pyproject.toml</summary> <blockquote> <details><summary>aiohttp</summary> <blockquote> - [GHSA-hg6j-4rv6-33pg](https://osv.dev/vulnerability/GHSA-hg6j-4rv6-33pg) (fixed in >= 3.14.0) - [GHSA-jg22-mg44-37j8](https://osv.dev/vulnerability/GHSA-jg22-mg44-37j8) (fixed in >= 3.14.0) - [GHSA-hg6j-4rv6-33pg](https://osv.dev/vulnerability/GHSA-hg6j-4rv6-33pg) (fixed in >= 3.14.0) - [GHSA-jg22-mg44-37j8](https://osv.dev/vulnerability/GHSA-jg22-mg44-37j8) (fixed in >= 3.14.0) </blockquote> </details> </blockquote> </details> </blockquote> </details> ## Detected Dependencies <details><summary>github-actions (1)</summary> <blockquote> <details><summary>.forgejo/workflows/actions.yaml (11)</summary> - `actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8` → [Updates: `v6`, `v5`] - `actions/setup-uv v6@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1` → [Updates: `v8.2.0`, `v6`] - `actions/upload-artifact v4@16871d9e8cfcf27ff31822cac382bbb5450f1e1e` → [Updates: `v5`] - `actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8` → [Updates: `v6`, `v5`] - `actions/setup-uv v6@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1` → [Updates: `v8.2.0`, `v6`] - `actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8` → [Updates: `v6`, `v5`] - `actions/setup-uv v6@7edac99f961f18b581bbd960d59d049f04c0002f` → [Updates: `v8.2.0`, `v6`] - `actions/upload-artifact v4@16871d9e8cfcf27ff31822cac382bbb5450f1e1e` → [Updates: `v5`] - `catthehacker/ubuntu act-latest@sha256:ee77eaa905d10ad76345b58b0803d698ea63faa9a27047898530cbcd47f90eb9` → [Updates: `act-latest`] - `catthehacker/ubuntu act-latest@sha256:ee77eaa905d10ad76345b58b0803d698ea63faa9a27047898530cbcd47f90eb9` → [Updates: `act-latest`] - `catthehacker/ubuntu act-latest@sha256:ee77eaa905d10ad76345b58b0803d698ea63faa9a27047898530cbcd47f90eb9` → [Updates: `act-latest`] </details> </blockquote> </details> <details><summary>pep621 (1)</summary> <blockquote> <details><summary>pyproject.toml (16)</summary> - `python <4.0,>=3.11` - `aiohttp ~=3.13` → [Updates: `~=3.13`] - `lxml ~=6.0` - `pydantic >=2.11.10` - `ruff ~=0.15.3` - `basedpyright ~=1.39.3` - `pytest ~=9.0.2` → [Updates: `~=9.1.0`] - `pytest-cov ~=7.1.0` - `zensical ~=0.0.16` - `mkdocstrings-python ~=2.0.1` - `ipython ~=9.13.0` → [Updates: `~=9.14.1`] - `rich ~=15.0.0` - `lxml-stubs >=0.5.1` - `typer ~=0.25.0` → [Updates: `~=0.26.7`] - `aiohttp ~=3.13` → [Updates: `~=3.13`] - `orjson ~=3.11` </details> </blockquote> </details> <details><summary>renovate-config (1)</summary> <blockquote> <details><summary>renovate.json</summary> </details> </blockquote> </details>