Dependency Dashboard

[renovate-sh-app]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: File contents are invalid JSONC but parse using JSON5. Support for this will be removed in a future release so please change to a support .json5 file name or ensure correct JSON syntax.

Deprecations / Replacements

Warning

These dependencies are either deprecated or have replacements available:

Datasource	Package	Replacement PR?
nuget	OpenTracing

Abandoned Dependencies

Note

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

These dependencies have not received updates for an extended period and may be unmaintained:

View abandoned dependencies (2)

Datasource	Package	Last Updated
gomod	github.com/dennwc/varint	2019-06-16
nuget	StyleCop.Analyzers	2023-12-20

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• chore(deps): lock file maintenance

PR Edited (Blocked)

The following updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox below.

• fix(deps): update module github.com/grafana/pyroscope/api to v1.4.0

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): pin alpine docker tag to de0eb0b
• chore(deps): update debian:11 docker digest to bf53eff
• chore(deps): update debian docker tag to bullseye-20260406
• chore(deps): update dependency opentelemetry to 1.15.2
• chore(deps): update dotnet monorepo (Microsoft.CodeAnalysis.CSharp.CodeStyle, dotnet-sdk)
• chore(deps): update softprops/action-gh-release action to v2.6.2
• fix(deps): update module github.com/docker/docker to v28.5.2+incompatible
• fix(deps): update module github.com/testcontainers/testcontainers-go to v0.42.0
• chore(deps): update docker/login-action action to v4
• chore(deps): update softprops/action-gh-release action to v3
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• chore(deps): update alpine docker tag to v3.23
• chore(deps): update debian docker tag to v13

Vulnerabilities

Important

0/7 CVEs have Renovate fixes.

gomod

itest/go.mod

github.com/docker/docker

• GHSA-6hwg-w5jg-9c6x
• GHSA-j249-ghv5-7mxv
• GHSA-pxq6-2prw-chj9
• GHSA-qrqr-3x5j-2xw9
• GHSA-x744-4wpc-v9h2
• GO-2026-4883
• GO-2026-4887

Detected Dependencies

dockerfile (4)

itest-with-otel.Dockerfile

itest.Dockerfile

Pyroscope.Dockerfile (2)

• debian 11@sha256:a50c3ed0200d2f58736c3bb02b4a9f174f3d6d3bd866f2f640375f1e82c61348 → [Updates: bullseye-20260406, trixie-20260406, 11]
• busybox 1.37.0-glibc@sha256:3f9777e7e82e8591542f72b965ec7db7e8b3bdb59692976af1bb9b2850b05a4e

Pyroscope.musl.Dockerfile (2)

• alpine 3.18 → [Updates: 3.23, 3.18]
• busybox 1.37.0-musl@sha256:19b646668802469d968a05342a601e78da4322a414a7c09b1c9ee25165042138

github-actions (9)

.github/workflows/build_linux_profiler.yml (2)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/build_managed_helper.yml (2)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

.github/workflows/build_tracing_packages.yml (4)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

.github/workflows/integration_test.yml (9)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4a3601121dd01d1626a1e23e37211e3254c1c06c
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4a3601121dd01d1626a1e23e37211e3254c1c06c
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-go v6@4a3601121dd01d1626a1e23e37211e3254c1c06c
• go stable
• go stable
• go stable

.github/workflows/tag_linux.yml (8)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/login-action v3.7.0@c94ce9fb468520275223c153574b00df6fe4bcc9 → [Updates: v4.1.0]
• softprops/action-gh-release v2.5.0@a06a81a03ee405af7f2048a818ed3f03bbf83c7b → [Updates: v2.6.2, v3.0.0]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/login-action v3.7.0@c94ce9fb468520275223c153574b00df6fe4bcc9 → [Updates: v4.1.0]
• softprops/action-gh-release v2.5.0@a06a81a03ee405af7f2048a818ed3f03bbf83c7b → [Updates: v2.6.2, v3.0.0]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/login-action v3.7.0@c94ce9fb468520275223c153574b00df6fe4bcc9 → [Updates: v4.1.0]

.github/workflows/tag_managed_helper.yml (3)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• softprops/action-gh-release v2.5.0@a06a81a03ee405af7f2048a818ed3f03bbf83c7b → [Updates: v2.6.2, v3.0.0]

.github/workflows/tag_tracing_opentelemetry_helper.yml (3)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• softprops/action-gh-release v2.5.0@a06a81a03ee405af7f2048a818ed3f03bbf83c7b → [Updates: v2.6.2, v3.0.0]

.github/workflows/tag_tracing_opentracing_helper.yml (3)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• softprops/action-gh-release v2.5.0@a06a81a03ee405af7f2048a818ed3f03bbf83c7b → [Updates: v2.6.2, v3.0.0]

.github/workflows/test_cpp_profiler.yml (1)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd

gomod (1)

itest/go.mod (8)

• go 1.24.6
• go 1.26.2
• connectrpc.com/connect v1.19.1
• github.com/dennwc/varint v1.0.0
• github.com/docker/docker v28.0.1+incompatible → [Updates: v28.5.2+incompatible]
• github.com/grafana/pyroscope/api v1.3.0 → [Updates: v1.4.0]
• github.com/stretchr/testify v1.11.1
• github.com/testcontainers/testcontainers-go v0.37.0 → [Updates: v0.42.0]

nuget (5)

global.json (1)

• dotnet-sdk 10.0.102 → [Updates: 10.0.202]

profiler/Directory.Build.props (1)

• StyleCop.Analyzers 1.2.0-beta.556

Pyroscope/Pyroscope.OpenTelemetry/Pyroscope.OpenTelemetry.csproj (1)

• OpenTelemetry 1.8.0 → [Updates: 1.15.2]

Pyroscope/Pyroscope.OpenTracing/Pyroscope.OpenTracing.csproj (1)

• OpenTracing 0.12.1

shared/CodeAnalysis.props (1)

• Microsoft.CodeAnalysis.CSharp.CodeStyle 5.0.0 → [Updates: 5.3.0]

regex (2)

Pyroscope.Dockerfile (1)

• openssl/openssl 3.5.6 → [Updates: 3.6.2, 4.0.0]

Pyroscope.musl.Dockerfile (1)

• openssl/openssl 3.5.6 → [Updates: 3.6.2, 4.0.0]

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.