Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update docker/metadata-action action to v5.9.0
• chore(deps): update docker/setup-qemu-action action to v3.7.0
• chore(deps): update github artifact actions (major) (actions/download-artifact, actions/upload-artifact)
• chore(deps): update github/codeql-action action to v4
• 🔐 Create all rate-limited PRs at once 🔐

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package pypa/gh-action-pypi-publish).

Files affected: .github/workflows/publish_to_pypi.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update ossf/scorecard-action digest to 7b40bc5
• chore(deps): update step-security/harden-runner action to v2.13.2
• chore(deps): update actions/dependency-review-action action to v4.8.1
• chore(deps): update dependency python to v3.14.0
• chore(deps): update docker/login-action action to v3.6.0
• chore(deps): update github/codeql-action action to v3.31.2
• chore(deps): update actions/attest-build-provenance action to v3
• chore(deps): update actions/setup-python action to v6
• chore(deps): update actions/stale action to v10
• chore(deps): update aws-actions/configure-aws-credentials action to v5
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

docker-compose

compose.yml

dockerfile

Dockerfile

• python 3.13.5-slim@sha256:4c2cf9917bd1cbacc5e9b07320025bdb7cdf2df7b0ceaccb55e9dd7e30987419
• python 3.13.5-slim@sha256:4c2cf9917bd1cbacc5e9b07320025bdb7cdf2df7b0ceaccb55e9dd7e30987419

github-actions

.github/workflows/ci.yml

• step-security/harden-runner v2.13.0@ec9f2d5744a09debf3a187a3f4f675c53b671911
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• actions/setup-python v5.6.0@a26af69be951a213d495a4c3e4e4022e16d87065
• actions/cache v4
• pre-commit/action v3.0.1@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd

.github/workflows/codeql.yml

• step-security/harden-runner v2.13.0@ec9f2d5744a09debf3a187a3f4f675c53b671911
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• github/codeql-action v3.29.9@df559355d593797519d70b90fc8edd5db049e7a2
• github/codeql-action v3.29.9@df559355d593797519d70b90fc8edd5db049e7a2
• github/codeql-action v3.29.9@df559355d593797519d70b90fc8edd5db049e7a2

.github/workflows/dependency-review.yml

• step-security/harden-runner v2.13.0@ec9f2d5744a09debf3a187a3f4f675c53b671911
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• actions/dependency-review-action v4.7.1@da24556b548a50705dd671f47852072ea4c105d9

.github/workflows/deploy-pr.yml

• actions/create-github-app-token v2
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• thollander/actions-comment-pull-request v3
• actions/create-github-app-token v2
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• thollander/actions-comment-pull-request v3

.github/workflows/docker-build.ecr.yml

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• aws-actions/configure-aws-credentials v4
• aws-actions/amazon-ecr-login v2
• docker/metadata-action v5
• docker/setup-qemu-action v3
• docker/setup-buildx-action v3
• docker/build-push-action v6

.github/workflows/docker-build.ghcr.yml

• step-security/harden-runner v2.13.0@ec9f2d5744a09debf3a187a3f4f675c53b671911
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• docker/login-action v3.5.0@184bdaa0721073962dff0199f1fb9940f07167d1
• docker/metadata-action v5.8.0@c1e51972afc2121e065aed6d45c65596fe445f3f
• docker/setup-qemu-action v3.6.0@29109295f81e9208d7d86ff1c6c12d2833863392
• docker/setup-buildx-action v3.11.1@e468171a9de216ec08956ac3ada2f0791b6bd435
• docker/build-push-action v6.18.0@263435318d21b8e681c14492fe198d362a7d2c83
• actions/attest-build-provenance v2.4.0@e8998f949152b193b063cb0ec769d69d929409be

.github/workflows/pr-title-check.yml

• step-security/harden-runner v2.13.0@ec9f2d5744a09debf3a187a3f4f675c53b671911

.github/workflows/publish_to_pypi.yml

• step-security/harden-runner v2.13.0@ec9f2d5744a09debf3a187a3f4f675c53b671911
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• actions/setup-python v5.6.0@a26af69be951a213d495a4c3e4e4022e16d87065
• actions/upload-artifact v4.6.2@ea165f8d65b6e75b540449e92b4886f43607fa02
• step-security/harden-runner v2.13.0@ec9f2d5744a09debf3a187a3f4f675c53b671911
• actions/download-artifact v5.0.0@634f93cb2916e3fdff6788551b99b062d0335ce0
• pypa/gh-action-pypi-publish release/v1@76f52bc884231f62b9a034ebfe128415bbaabdfc
• python 3.13

.github/workflows/rebase-needed.yml

• eps1lon/actions-label-merge-conflict v3

.github/workflows/release-please.yml

• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• actions/create-github-app-token v2
• googleapis/release-please-action v4

.github/workflows/scorecard.yml

• step-security/harden-runner v2.13.0@ec9f2d5744a09debf3a187a3f4f675c53b671911
• actions/checkout v5.0.0@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• ossf/scorecard-action f35c64557cf912815708bb1126d9948f3e459487
• github/codeql-action v3.29.9@df559355d593797519d70b90fc8edd5db049e7a2

.github/workflows/stale.yml

• actions/stale v9

pip_requirements

requirements-dev.txt

requirements.txt

• boto3 >=1.28.0
• click >=8.0.0
• fastapi >=0.109.1
• loguru >=0.7.0
• pathspec >=0.12.1
• starlette >=0.40.0
• tiktoken >=0.7.0
• uvicorn >=0.11.7

poetry

pyproject.toml

• click >=8.0.0
• gitpython >=3.1.0
• loguru >=0.7.0
• pathspec >=0.12.1
• starlette >=0.40.0
• tiktoken >=0.7.0
• typing_extensions >= 4.0.0
• boto3 >=1.28.0
• fastapi >=0.109.1
• uvicorn >=0.11.7

---

• Check this box to trigger a request for Renovate to run again on this repository