Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• Renovate: Update github.com/ironcore-dev/gardener-extension-provider-ironcore-metal digest to 54da673
• Renovate: Update k8s.io/utils digest to 28399d8
• Renovate: Update External dependencies (github.com/gardener/gardener, github.com/onsi/ginkgo/v2, github.com/onsi/gomega, golang.org/x/sync, sigs.k8s.io/controller-runtime)
• 🔐 Create all awaiting schedule PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• Renovate: Update module github.com/distribution/distribution/v3 to v3.1.0 [SECURITY]

Vulnerabilities

Important

10/10 CVEs have Renovate fixes.

gomod

go.mod

github.com/distribution/distribution/v3

• GHSA-3p65-76g6-3w7r (fixed in >= 3.1.0)
• GHSA-f2g3-hh2r-cwgc (fixed in >= 3.1.0)

go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp

• GHSA-w8rr-5gcm-pp58 (fixed in >= 0.19.0)

go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp

• GHSA-w8rr-5gcm-pp58 (fixed in >= 1.43.0)

go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp

• GHSA-w8rr-5gcm-pp58 (fixed in >= 1.43.0)

go.opentelemetry.io/otel/sdk

• GHSA-9h8m-3fm2-qjrq (fixed in >= 1.40.0)
• GHSA-hfvc-g4fc-pqhx (fixed in >= 1.43.0)
• GO-2026-4394 (fixed in >= 1.40.0)

google.golang.org/grpc

• GHSA-p77j-4mvh-x3m3 (fixed in >= 1.79.3)
• GO-2026-4762 (fixed in >= 1.79.3)

Detected Dependencies

github-actions (4)

.github/workflows/checks.yaml (6)

• actions/checkout v6
• actions/setup-go v6
• golangci/golangci-lint-action v9
• crate-ci/typos v1
• fsfe/reuse-action v6
• go 1.26.2

.github/workflows/ci.yaml (9)

• actions/checkout v6
• actions/setup-go v6
• actions/checkout v6
• fgrosse/go-coverage-report v1.3.0
• actions/checkout v6
• actions/setup-go v6
• actions/upload-artifact v7
• go 1.26.2
• go 1.26.2

.github/workflows/codeql.yaml (6)

• actions/checkout v6
• actions/setup-go v6
• github/codeql-action v4
• github/codeql-action v4
• github/codeql-action v4
• go 1.26.2

.github/workflows/container-registry-ghcr.yaml (6)

• actions/checkout v6
• docker/login-action v4
• docker/metadata-action v6
• docker/setup-qemu-action v4
• docker/setup-buildx-action v4
• docker/build-push-action v7

gomod (1)

go.mod (18)

• go 1.26
• github.com/blang/semver/v4 v4.0.0
• github.com/distribution/distribution/v3 v3.0.0 → [Updates: v3.1.0]
• github.com/gardener/gardener v1.133.0 → [Updates: v1.140.1]
• github.com/go-logr/logr v1.4.3
• github.com/ironcore-dev/gardener-extension-provider-ironcore-metal v0.0.0-20251201164657-4e9433a44917@4e9433a44917 → [Updates: v0.0.0-20260401144517-54da6736edf6]
• github.com/onsi/ginkgo/v2 v2.27.2 → [Updates: v2.28.1]
• github.com/onsi/gomega v1.38.2 → [Updates: v1.39.1]
• github.com/opencontainers/image-spec v1.1.1
• go.uber.org/zap v1.27.1
• golang.org/x/sync v0.18.0 → [Updates: v0.20.0]
• k8s.io/api v0.34.2
• k8s.io/apiextensions-apiserver v0.34.2
• k8s.io/apimachinery v0.34.2
• k8s.io/client-go v0.34.2
• k8s.io/utils v0.0.0-20251002143259-bc988d571ff4@bc988d571ff4 → [Updates: v0.0.0-20251002143259-bc988d571ff4]
• oras.land/oras-go/v2 v2.6.0
• sigs.k8s.io/controller-runtime v0.22.4 → [Updates: v0.23.3]

---

• Check this box to trigger a request for Renovate to run again on this repository