Dependency Dashboard

[renovate-sh-app]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Package lookup failures

Abandoned Dependencies

The following dependencies have not received updates for an extended period and may be unmaintained.

View abandoned dependencies (9)

[!NOTE]
Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Datasource	Package	Last Updated
gomod	github.com/acarl005/stripansi	2018-01-16
gomod	github.com/golang/snappy	2023-12-25
gomod	github.com/google/go-cmp	2025-01-14
gomod	github.com/grafana/k6pack	2025-01-14
gomod	github.com/hairyhenderson/go-codeowners	2024-12-07
gomod	github.com/joho/godotenv	2024-12-16
gomod	github.com/julienschmidt/httprouter	2019-09-29
gomod	github.com/prometheus/client_model	2025-04-11
gomod	gopkg.in/yaml.v3	2022-05-27

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update grafana/grafana docker tag to v12.4.3
• chore(deps): update peter-evans/create-pull-request action to v8.1.1
• chore(deps): update softprops/action-gh-release action to v2.6.2
• chore(deps): update dependency @grafana/plugin-e2e to ^3.5.1
• fix(deps): update module github.com/testcontainers/testcontainers-go to v0.42.0
• chore(deps): update actions/github-script action to v9
• chore(deps): update grafana/grafana docker tag to v13
• chore(deps): update softprops/action-gh-release action to v3
• 🔐 Create all rate-limited PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): update mcr.microsoft.com/playwright docker tag to v1.59.1

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package grafana/shared-workflows).

Files affected: .github/workflows/build-base-image.yml, .github/workflows/build-playwright-image.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): pin dependencies (@grafana/plugin-e2e, actions/github-script, actions/setup-go, alpine, golang, grafana/k6, grafana/shared-workflows, mcr.microsoft.com/playwright)
• chore(deps): update actions/setup-go digest to 4a36011
• chore(deps): update registry:3 docker digest to 8a7c1aa
• fix(deps): update golang.org/x/exp digest to 746e56f
• chore(deps): update docker/build-push-action action to v7.1.0
• chore(deps): update docker/login-action action to v4.1.0
• chore(deps): update playwright monorepo to v1.59.1 (@playwright/test, playwright)
• fix(deps): update module github.com/slack-go/slack to v0.22.0
• fix(deps): update module golang.org/x/text to v0.36.0
• chore(deps): lock file maintenance
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Important

0/7 CVEs have Renovate fixes.

gomod

go.mod

github.com/docker/docker

• GHSA-6hwg-w5jg-9c6x
• GHSA-j249-ghv5-7mxv
• GHSA-pxq6-2prw-chj9
• GHSA-qrqr-3x5j-2xw9
• GHSA-x744-4wpc-v9h2
• GO-2026-4883
• GO-2026-4887

Detected Dependencies

dockerfile (4)

Dockerfile (4)

• docker/dockerfile 1.23.0-labs@sha256:7eca9451d94f9b8ad22e44988b92d595d3e4d65163794237949a8c3413fbed5d
• golang 1.26-alpine → [Updates: 1.26-alpine]
• grafana/k6 latest → [Updates: latest]
• alpine 3.23 → [Updates: 3.23]

Dockerfile-playwright (4)

• docker/dockerfile 1.23.0-labs@sha256:7eca9451d94f9b8ad22e44988b92d595d3e4d65163794237949a8c3413fbed5d
• golang 1.26-alpine → [Updates: 1.26-alpine]
• grafana/k6 latest → [Updates: latest]
• mcr.microsoft.com/playwright v1.58.2-noble → [Updates: v1.59.1-noble, v1.58.2-noble]

Dockerfile-playwright.dev (4)

• docker/dockerfile 1.23.0-labs@sha256:7eca9451d94f9b8ad22e44988b92d595d3e4d65163794237949a8c3413fbed5d
• golang 1.26-alpine → [Updates: 1.26-alpine]
• grafana/k6 latest → [Updates: latest]
• mcr.microsoft.com/playwright v1.58.2-noble → [Updates: v1.59.1-noble, v1.58.2-noble]

Dockerfile.dev (4)

• docker/dockerfile 1.23.0-labs@sha256:7eca9451d94f9b8ad22e44988b92d595d3e4d65163794237949a8c3413fbed5d
• golang 1.26-alpine → [Updates: 1.26-alpine]
• grafana/k6 latest → [Updates: latest]
• alpine 3.23 → [Updates: 3.23]

github-actions (11)

.github/actions/setup-grafana-bench/action.yml (2)

• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• go >=1.23.x

.github/workflows/build-base-image.yml (13)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/build-push-action v7.0.0@d08e5c354a6adb9ed34480a06d141179aa583294 → [Updates: v7.1.0]
• docker/build-push-action v7.0.0@d08e5c354a6adb9ed34480a06d141179aa583294 → [Updates: v7.1.0]
• docker/login-action v4.0.0@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 → [Updates: v4.1.0]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/setup-qemu-action v4.0.0@ce360397dd3f832beb865e1373c09c0e9f86d70a
• grafana/shared-workflows v0.4.1@de81a07e6f6718fb289c7a4612c9c514c28bd798
• docker/login-action v4.0.0@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 → [Updates: v4.1.0]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/setup-qemu-action v4.0.0@ce360397dd3f832beb865e1373c09c0e9f86d70a
• grafana/shared-workflows v0.4.1@de81a07e6f6718fb289c7a4612c9c514c28bd798
• registry 3@sha256:6c5666b861f3505b116bb9aa9b25175e71210414bd010d92035ff64018f9457e → [Updates: 3]
• grafana/grafana 12.4.2@sha256:83749231c3835e390a3144e5e940203e42b9589761f20ef3169c716e734ad505 → [Updates: 12.4.3, 13.0.1]

.github/workflows/build-playwright-image.yml (13)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/build-push-action v7.0.0@d08e5c354a6adb9ed34480a06d141179aa583294 → [Updates: v7.1.0]
• docker/build-push-action v7.0.0@d08e5c354a6adb9ed34480a06d141179aa583294 → [Updates: v7.1.0]
• docker/login-action v4.0.0@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 → [Updates: v4.1.0]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/setup-qemu-action v4.0.0@ce360397dd3f832beb865e1373c09c0e9f86d70a
• grafana/shared-workflows v0.4.1@de81a07e6f6718fb289c7a4612c9c514c28bd798
• docker/login-action v4.0.0@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 → [Updates: v4.1.0]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/setup-qemu-action v4.0.0@ce360397dd3f832beb865e1373c09c0e9f86d70a
• grafana/shared-workflows v0.4.1@de81a07e6f6718fb289c7a4612c9c514c28bd798
• registry 3@sha256:6c5666b861f3505b116bb9aa9b25175e71210414bd010d92035ff64018f9457e → [Updates: 3]
• grafana/grafana 12.4.2@sha256:83749231c3835e390a3144e5e940203e42b9589761f20ef3169c716e734ad505 → [Updates: 12.4.3, 13.0.1]

.github/workflows/ci.yml (19)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• grafana/shared-workflows get-vault-secrets/v1.3.1@f1614b210386ac420af6807a997ac7f6d96e477a
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• grafana/shared-workflows get-vault-secrets/v1.3.1@f1614b210386ac420af6807a997ac7f6d96e477a
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• grafana/grafana 12.4.2@sha256:83749231c3835e390a3144e5e940203e42b9589761f20ef3169c716e734ad505 → [Updates: 12.4.3, 13.0.1]
• grafana/grafana 12.4.2@sha256:83749231c3835e390a3144e5e940203e42b9589761f20ef3169c716e734ad505 → [Updates: 12.4.3, 13.0.1]

.github/workflows/manual-argo-trigger.yml (1)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/manual-libsonnet-test.yml (2)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]

.github/workflows/manual-prometheus-poll.yml (1)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/release-binaries.yml (3)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]
• softprops/action-gh-release v2.6.1@153bb8e04406b158c6c84fc1615b65b24149a1fe → [Updates: v2.6.2, v3.0.0]

.github/workflows/release-docs.yml (4)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6 → [Updates: v6]
• grafana/shared-workflows create-github-app-token/v0.2.2@ae92934a14a48b94494dbc06d74a81d47fe08a40
• peter-evans/create-pull-request v8.1.0@c0f553fe549906ede9cf27b5156039d195d2ece0 → [Updates: v8.1.1]

.github/workflows/update-libsonnet.yml (2)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4b73464bb391d4059bd26b0524d20df3927bd417 → [Updates: v6]

.github/workflows/validate-docs.yml (4)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6 → [Updates: v6]
• actions/github-script v8 → [Updates: v9, v8]
• grafana/shared-workflows main → [Updates: main]

gomod (1)

go.mod (24)

• go 1.25.8
• buf.build/gen/go/prometheus/prometheus/protocolbuffers/go v1.36.11-20260331160422-eae785f0a21d.1@eae785f0a21d
• github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d@5a71ef0e047d
• github.com/go-git/go-git/v5 v5.18.0
• github.com/golang/snappy v1.0.0
• github.com/grafana/nanogit v0.13.1
• github.com/joho/godotenv v1.5.1
• github.com/olekukonko/tablewriter v1.1.4
• github.com/prometheus/client_golang v1.23.2
• github.com/prometheus/client_model v0.6.2
• github.com/slack-go/slack v0.20.0 → [Updates: v0.22.0]
• github.com/spf13/pflag v1.0.10
• golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90@7ab1446f8b90 → [Updates: v0.0.0-20260410095643-746e56fc9e2f]
• golang.org/x/text v0.35.0 → [Updates: v0.36.0]
• google.golang.org/protobuf v1.36.11
• gopkg.in/yaml.v3 v3.0.1
• github.com/go-playground/validator/v10 v10.30.2
• github.com/google/go-cmp v0.7.0
• github.com/grafana/k6pack v0.2.4
• github.com/hairyhenderson/go-codeowners v0.7.0
• github.com/julienschmidt/httprouter v1.3.0
• github.com/spf13/cobra v1.10.2
• github.com/spf13/viper v1.21.0
• github.com/testcontainers/testcontainers-go v0.41.0 → [Updates: v0.42.0]

npm (2)

CI/playwright/package.json (2)

• @playwright/test ^1.56.1 → [Updates: ^1.56.1]
• playwright ^1.56.1 → [Updates: ^1.56.1]

CI/plugin-e2e/package.json (3)

• @playwright/test ^1.42.1 → [Updates: ^1.42.1]
• playwright ^1.42.1 → [Updates: ^1.42.1]
• @grafana/plugin-e2e ^3.4.12 → [Updates: 3.4.13, ^3.5.1]

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.