Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Repository Problems

These problems occurred while renovating this repository. View logs.

• ⚠️ WARN: Error updating package.json
• ⚠️ WARN: Could not re-extract the packageFile after updating it

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• Pin dependencies (aqua:BurntSushi/ripgrep, aqua:aquasecurity/trivy, aqua:astral-sh/uv, aqua:cargo-bins/cargo-binstall, aqua:cli/cli, aqua:crate-ci/typos, aqua:gitleaks/gitleaks, aqua:google/yamlfmt, aqua:hadolint/hadolint, aqua:koalaman/shellcheck, aqua:mvdan/sh, aqua:rhysd/actionlint, github:EmbarkStudios/cargo-deny)

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• Update all dependencies (@vitest/coverage-istanbul, aqua:cli/cli, aquasecurity/trivy-action, electron, markdownlint-cli2, mimalloc, mitmproxy/mitmproxy, oxfmt, oxlint, pnpm, pyrefly, python, quay.io/pypa/manylinux_2_28, semgrep, vite, vitest)
• Update all major dependencies to v7 (major) (actions/upload-artifact, apple-actions/import-codesign-certs)
• Click on this checkbox to rebase all open PRs at once

Detected Dependencies

cargo (4)

Cargo.toml (25)

• anyhow 1.0.102
• async-stream 0.3.6
• async-trait 0.1.89
• bytes 1.11.1
• chrono 0.4.44
• futures 0.3.32
• futures-util 0.3.32
• indoc 2.0.7
• mimalloc 0.1.48 → [Updates: 0.1.48]
• neon 1.1.1
• neon-build 0.10.1
• pretty_assertions 1.4.1
• reqwest 0.13.2 → [Updates: 0.13.2]
• reqwest-websocket 0.6.0
• serde 1.0.228
• serde_json 1.0.149
• tauri-winres 0.3.5 → [Updates: 0.3.5]
• tempfile 3.27.0
• thiserror 2.0.18
• tokio 1.52.1
• tokio-stream 0.1.18
• tokio-test 0.4.5
• tokio-util 0.7.18
• wiremock 0.6.5
• with_dir 0.1.4

packages/core/Cargo.toml

packages/meta/Cargo.toml

packages/node/Cargo.toml

docker-compose (2)

docker-compose.proxied.yaml (1)

• mitmproxy/mitmproxy sha256:743b6cdc817211d64bc269f5defacca8d14e76e647fc474e5c7244dbcb645141 → [Updates: undefined]

docker-compose.yml

dockerfile (1)

Dockerfile (2)

• docker/dockerfile 1.23@sha256:2780b5c3bab67f1f76c781860de469442999ed1a0d7992a5efdf2cffc0e3d769
• quay.io/pypa/manylinux_2_28 sha256:55cfe5bec4a121ad587d61ea44c9209452aeaa7cc84f8ff805d769cf14a5b997 → [Updates: undefined]

github-actions (7)

.github/actions/setup-docker/action.yaml (5)

• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• docker/login-action v4.1.0@4907a6ddec9925e35a0a9e82d7399ccc52663121
• docker/setup-buildx-action v4.0.0@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
• docker/build-push-action v7.1.0@bcafcacb16a39f128d818304e6c9c0c18556b85f
• hoverkraft-tech/compose-action v2.6.0@d2bee4f07e8ca410d6b196d00f90c12e7d48c33a

.github/actions/setup-native/action.yaml (3)

• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae
• ilammy/msvc-dev-cmd v1.13.0@0b201ec74fa43914dc39ae48a89fd1d8cb592756
• jdx/mise-action v4.0.1@1648a7812b9aeae629881980618f079932869151

.github/actions/setup/action.yaml (1)

• actions/cache v5.0.5@27d5ce7f107fe9357f9df03efb73ab90386fccae

.github/actions/sign-notarize/action.yaml (1)

• apple-actions/import-codesign-certs v6.1.0@fe74d46e82474f87e1ba79832ad28a4013d0e33a → [Updates: v7]

.github/actions/upload-reports/action.yaml (4)

• actions/setup-node v6.4.0@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
• codecov/codecov-action v6.0.0@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2
• codecov/codecov-action v6.0.0@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2
• node latest

.github/workflows/regular.yaml (7)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• zizmorcore/zizmor-action v0.5.3@b1d7e1fb5de872772f31590499237e7cce841e8e
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• aquasecurity/trivy-action v0.35.0@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 → [Updates: v0.36.0]
• github/codeql-action v4.35.2@95e58e9a2cdfd71adc6e0353d5c52f41a045d225

.github/workflows/release.yaml (11)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• vadimpiven/node-addon-slsa v0.11.2@61100a0963f4fc8ffc8bcd3c2ea7a98cb2959439
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/attest-build-provenance v4.1.0@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
• actions/upload-artifact v5.0.0@330a01c490aca151604b8cf639adc76d48f6c5d4 → [Updates: v7.0.1]
• actions/upload-pages-artifact v5.0.0@fc324d3547104276b827a68afc52ff2a11cc49c9
• vadimpiven/node-addon-slsa v0.11.2@61100a0963f4fc8ffc8bcd3c2ea7a98cb2959439
• actions/deploy-pages v5.0.0@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128
• actions/setup-node v6.4.0@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
• node latest

mise (1)

mise.toml (20)

• node 24.15.0
• rust nightly-2026-04-20
• aqua:jqlang/jq 1.8.1
• github:mikefarah/yq 4.53.2
• aqua:BurntSushi/ripgrep 15.1.0 → [Updates: 15.1.0]
• aqua:aquasecurity/trivy 0.70.0 → [Updates: 0.70.0]
• aqua:google/yamlfmt 0.21.0 → [Updates: 0.21.0]
• aqua:koalaman/shellcheck 0.11.0 → [Updates: 0.11.0]
• aqua:gitleaks/gitleaks 8.30.1 → [Updates: 8.30.1]
• aqua:rhysd/actionlint 1.7.12 → [Updates: 1.7.12]
• aqua:astral-sh/uv 0.11.7 → [Updates: 0.11.8, 0.11.7]
• aqua:cli/cli 2.88.1 → [Updates: 2.91.0, 2.88.1]
• aqua:cargo-bins/cargo-binstall 1.18.1 → [Updates: 1.18.1]
• github:nextest-rs/nextest 0.9.133
• github:mstange/samply 0.13.1
• aqua:hadolint/hadolint 2.14.0 → [Updates: 2.14.0]
• github:EmbarkStudios/cargo-deny 0.19.4 → [Updates: 0.19.4]
• aqua:crate-ci/typos 1.45.1 → [Updates: 1.45.2, 1.45.1]
• github:taiki-e/cargo-llvm-cov 0.8.5
• aqua:mvdan/sh 3.13.1 → [Updates: 3.13.1]

npm (5)

package.json (4)

• node ^22.18.0 || ^24.11.0
• pnpm ^10.26.0
• pnpm 10.28.2+sha512.41872f037ad22f7348e3b1debbaf7e867cfd448f2726d9cf74c08f19507c31d2c8e7a11525b983febc2df640b5438dee6023ebb1f84ed43cc2d654d2bc326264 → [Updates: 10.33.1]
• @isaacs/brace-expansion >=5.0.1

packages/core/package.json

packages/meta/package.json

packages/node/package.json (3)

• node-addon-slsa 0.11.1 → [Updates: 0.11.2]
• undici >=7.0.0
• node ^20.19.0 || >=22.12.0

pnpm-workspace.yaml (20)

• @codecov/vite-plugin 2.0.1
• @playwright/test 1.59.1
• @taplo/cli 0.7.0
• @types/node 25.6.0
• @vitest/coverage-istanbul 4.1.4 → [Updates: 4.1.5]
• electron 41.2.1 → [Updates: 41.2.2]
• fd-lock 2.1.1
• husky 9.1.7
• markdownlint-cli2 0.22.0 → [Updates: 0.22.1]
• monocart-reporter 2.10.1
• oxfmt 0.45.0 → [Updates: 0.46.0]
• oxlint 1.60.0 → [Updates: 1.61.0]
• typedoc 0.28.19
• typedoc-theme-oxide 0.3.0
• typescript 6.0.3
• undici 8.1.0
• vite 8.0.8 → [Updates: 8.0.9]
• vite-plugin-dts 5.0.0-beta.6
• vitest 4.1.4 → [Updates: 4.1.5]
• undici@<6.23.0 >=6.23.0

pep621 (1)

pyproject.toml (5)

• mitmproxy ==12.2.2
• pyrefly ==0.61.1 → [Updates: ==0.62.0]
• ruff ==0.15.11 → [Updates: ==0.15.12]
• semgrep ==1.151.0 → [Updates: ==1.161.0]
• zizmor ==1.24.1

pyenv (1)

.python-version (1)

• python 3.14.2 → [Updates: 3.14.3]

regex (4)

.mise-version (1)

• jdx/mise v2026.4.18 → [Updates: v2026.4.27]

mise.toml (1)

• rustlang/rust nightly-2026-04-20

mise.toml (5)

• github:mikefarah/yq 4.53.2
• github:nextest-rs/nextest 0.9.133
• github:mstange/samply 0.13.1
• github:EmbarkStudios/cargo-deny 0.19.4
• github:taiki-e/cargo-llvm-cov 0.8.5

rust-toolchain.toml (1)

• rustlang/rust nightly-2026-04-20

---

• Check this box to trigger a request for Renovate to run again on this repository