Dependency Dashboard

[cachekit-renovate-bot]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Cannot access vulnerability alerts. Please ensure permissions have been granted.
• ⚠️ WARN: Package lookup failures

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• chore(deps): pin python docker tag to 090ba77
• chore(deps): update actions/attest-build-provenance digest to e8998f9
• chore(deps): update actions/attest-sbom digest to bd218ad
• chore(deps): update actions/upload-artifact digest to 043fb46
• chore(deps): update codecov/codecov-action digest to 75cd116
• chore(deps): update github/codeql-action digest to 03e4368
• chore(deps): update googleapis/release-please-action digest to 5c625bf
• chore(deps): update pyo3/maturin-action digest to e83996d
• chore(deps): update pypa/gh-action-pypi-publish digest to cef2210
• chore(deps): update all non-major dependencies (cachekit-core, cachekit_storage, numpy, pyo3, rayon, simd-json)
• chore(deps): update dependency python to 3.14
• chore(deps): update rust-dev-deps (criterion, ctor, fastrand, iai-callgrind, proptest)
• chore(deps): update actions/attest-build-provenance action to v4
• chore(deps): update actions/attest-sbom action to v4
• chore(deps): update actions/create-github-app-token action to v3
• chore(deps): update actions/setup-python action to v6
• chore(deps): update codecov/codecov-action action to v6
• chore(deps): update github/codeql-action action to v4
• chore(deps): update googleapis/release-please-action action to v5
• chore(deps): update rust crate bincode to v3
• chore(deps): update rust crate ctor to v1
• chore(deps): lock file maintenance
• 🔐 Create all awaiting schedule PRs at once 🔐

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package rustsec/audit-check).

Files affected: .github/workflows/security-fast.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update dependency pyarrow to v23 [security]

Detected Dependencies

cargo (3)

Cargo.toml (9)

• pyo3 0.25 → [Updates: 0.28]
• serde 1.0
• serde_json 1.0 → [Updates: 1.0]
• bincode 1.3 → [Updates: 3.0]
• numpy 0.25 → [Updates: 0.28]
• rayon 1.8 → [Updates: 1.8]
• simd-json 0.13 → [Updates: 0.17]
• lz4 1.24
• memmap2 0.9

rust/Cargo.toml (8)

• cachekit-core =0.1.1 → [Updates: =0.2.0]
• criterion 0.5 → [Updates: 0.8]
• ctor 0.4.2 → [Updates: 0.13.0, 1.0.0]
• pprof 0.15
• iai-callgrind 0.14 → [Updates: 0.16]
• divan 0.1
• fastrand 2.1 → [Updates: 2.1]
• proptest 1.4 → [Updates: 1.4]

rust/fuzz/Cargo.toml (4)

• libfuzzer-sys 0.4
• arbitrary 1
• rmp-serde 1
• cachekit_storage =0.1.1 → [Updates: =0.2.0]

dockerfile (1)

Dockerfile (2)

• python 3.12-slim → [Updates: 3.14-slim, 3.12-slim]
• python 3.12-slim → [Updates: 3.14-slim, 3.12-slim]

github-actions (8)

.github/workflows/attestation-check.yml

.github/workflows/ci.yml (5)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• codecov/codecov-action v5@1af58845a975a7985b0beb0cbe6fbbb71a41dbad → [Updates: v6, v5]
• codecov/codecov-action v5@1af58845a975a7985b0beb0cbe6fbbb71a41dbad → [Updates: v6, v5]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/codeql.yml (7)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v5@a26af69be951a213d495a4c3e4e4022e16d87065 → [Updates: v6]
• github/codeql-action v3@603b797f8b14b413fe025cd935a91c16c4782713 → [Updates: v4, v3]
• github/codeql-action v3@603b797f8b14b413fe025cd935a91c16c4782713 → [Updates: v4, v3]
• github/codeql-action v3@603b797f8b14b413fe025cd935a91c16c4782713 → [Updates: v4, v3]
• actions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f → [Updates: v7]
• python 3.12 → [Updates: 3.14]

.github/workflows/fuzz-smoke.yml (2)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f → [Updates: v7]

.github/workflows/release-please.yml (19)

• actions/create-github-app-token v2@fee1f7d63c2ff003460e3d139729b119787bc349 → [Updates: v3]
• googleapis/release-please-action v4@c3fc4de07084f75a2b61a5b933069bda6edf3d5c → [Updates: v5, v4]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v5@a26af69be951a213d495a4c3e4e4022e16d87065 → [Updates: v6]
• PyO3/maturin-action v1@04ac600d27cdf7a9a280dadf7147097c42b757ad → [Updates: v1]
• actions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f → [Updates: v7]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• PyO3/maturin-action v1@04ac600d27cdf7a9a280dadf7147097c42b757ad → [Updates: v1]
• actions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f → [Updates: v7]
• actions/download-artifact v8@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/download-artifact v8@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/attest-build-provenance v2@96b4a1ef7235a096b17240c259729fdd70c83d45 → [Updates: v4, v2]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-python v5@a26af69be951a213d495a4c3e4e4022e16d87065 → [Updates: v6]
• actions/attest-sbom v2@10926c72720ffc3f7b666661c8e55b1344e2a365 → [Updates: v4, v2]
• actions/download-artifact v8@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/download-artifact v8@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• pypa/gh-action-pypi-publish release/v1@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e → [Updates: release/v1]
• python 3.12 → [Updates: 3.14]

.github/workflows/security-deep.yml (8)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f → [Updates: v7]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f → [Updates: v7]

.github/workflows/security-fast.yml (7)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• rustsec/audit-check v2@69366f33c96575abad1ee0dba8212993eecbe998
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f → [Updates: v7]

.github/workflows/security-medium.yml (3)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f → [Updates: v7]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd

pep621 (1)

pyproject.toml (42)

• python >=3.9
• redis >=4.0.0
• pydantic >=2.0.0
• pydantic-settings >=2.0.0
• tenacity >=8.0.0
• prometheus-client >=0.22.1
• psutil >=7.0.0
• blake3 >=1.0.5
• msgpack >=1.1.2
• orjson >=3.9.0
• xxhash >=3.5.0
• httpx >=0.28.1
• fakeredis >=2.21.0
• pytest >=7.0.0
• pytest-asyncio >=0.21.0
• pytest-benchmark >=4.0.0
• pytest-cov >=7.0.0
• pytest-markdown-docs >=0.6.0
• pytest-redis >=3.0.0
• pymemcache >=4.0.0
• basedpyright >=1.32.1
• ruff >=0.6.0
• bashlex >=0.18
• faker >=20.0.0
• httpx >=0.28.1
• hypothesis >=6.0.0
• pip-audit >=2.7.0
• requests >=2.33.0
• psutil >=5.9.0
• python-dotenv >=1.0.0
• pyyaml >=6.0.3
• numpy >=2.0.2
• pandas >=1.3.0
• pyarrow >=21.0.0 → [Updates: >=21.0.0]
• pytest-xdist >=3.8.0
• time-machine >=2.19.0
• atheris >=2.3.0
• numpy >=2.0.2
• pandas >=1.3.0
• pyarrow >=21.0.0 → [Updates: >=21.0.0]
• pymemcache >=4.0.0
• maturin >=1.0,<2.0