Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Pending Approval

The following branches are pending approval. To create them, click on a checkbox below.

• Renovate: Update golang (minor)

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• Pin dependencies
• Renovate: Update External dependencies (github.com/onsi/ginkgo/v2, github.com/onsi/gomega, go.uber.org/zap, sigs.k8s.io/cluster-api, sigs.k8s.io/controller-runtime)
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Important

8/8 CVEs have Renovate fixes.

gomod

go.mod

golang.org/x/net

• GO-2026-4918 (fixed in >= 0.53.0)
• GO-2026-5025 (fixed in >= 0.55.0)
• GO-2026-5026 (fixed in >= 0.55.0)
• GO-2026-5027 (fixed in >= 0.55.0)
• GO-2026-5028 (fixed in >= 0.55.0)
• GO-2026-5029 (fixed in >= 0.55.0)
• GO-2026-5030 (fixed in >= 0.55.0)

golang.org/x/sys

• GO-2026-5024 (fixed in >= 0.44.0)

Detected Dependencies

dockerfile (1)

Dockerfile (2)

• golang 1.25-alpine → [Updates: 1.26-alpine, 1.25-alpine]
• gcr.io/distroless/static nonroot → [Updates: nonroot]

github-actions (3)

.github/workflows/checks.yaml

.github/workflows/ci.yaml

.github/workflows/codeql.yaml

gomod (1)

go.mod (11)

• go 1.26
• github.com/evanphx/json-patch v5.9.11+incompatible
• github.com/go-logr/logr v1.4.3
• github.com/onsi/ginkgo/v2 v2.28.1 → [Updates: v2.32.0]
• github.com/onsi/gomega v1.39.1 → [Updates: v1.42.1]
• go.uber.org/zap v1.27.1 → [Updates: v1.28.0]
• k8s.io/api v0.35.0
• k8s.io/apimachinery v0.35.0
• k8s.io/client-go v0.35.0
• sigs.k8s.io/cluster-api v1.12.3 → [Updates: v1.13.3]
• sigs.k8s.io/controller-runtime v0.23.1 → [Updates: v0.24.1]

renovate-config (1)

.github/renovate.json

---

• Check this box to trigger a request for Renovate to run again on this repository