Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• Update dependency mcp to >=1.27.1
• Update dependency pydantic to >=2.13.4
• Update dependency python-multipart to >=0.0.27
• Update dependency ruff to >=0.15.12
• Update dependency ty to >=0.0.34
• Update sigstore/cosign-installer action to v4.1.2
• Update anchore/scan-action action to v7.4.0
• Update astral-sh/setup-uv action to v7.6
• Update docker/build-push-action action to v6.19.2
• Update docker/login-action action to v3.7.0
• Update docker/setup-buildx-action action to v3.12.0
• Update Python to >=3.14.4
• Update actions/create-github-app-token action to v3
• Update actions/github-script action to v9
• Update actions/upload-artifact action to v7
• Update astral-sh/setup-uv action to v8
• Update dependency cryptography to v48
• Update docker/build-push-action action to v7
• Update docker/login-action action to v4
• Update docker/metadata-action action to v6
• Update docker/setup-buildx-action action to v4
• 🔐 Create all awaiting schedule PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• Update dependency fastapi to >=0.136.1
• Update dependency pydantic-settings to >=2.14.1
• Click on this checkbox to rebase all open PRs at once

Detected Dependencies

docker-compose (1)

docker-compose.yml

dockerfile (1)

Dockerfile

github-actions (8)

.github/workflows/code-quality.yml (4)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• astral-sh/setup-uv v7.1.3@5a7eac68fb9809dea845d802897dc5c723910fa3 → [Updates: v7.6, v8.1.0]
• arduino/setup-task v2.0.0@b91d5d2c96a56797b48ac1e0e89220bf64044611
• actions/upload-artifact v6.0.0@b7c566a772e6b6bfb58ed0dc250532a479d7789f → [Updates: v7.0.1]

.github/workflows/create-release.yml (2)

• actions/create-github-app-token v2.2.2@fee1f7d63c2ff003460e3d139729b119787bc349 → [Updates: v3.1.1]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/image-build.yml (4)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/setup-buildx-action v3.11.1@e468171a9de216ec08956ac3ada2f0791b6bd435 → [Updates: v3.12.0, v4]
• docker/login-action v3.6.0@5e57cd118135c172c3672efd75eb46360885c0ef → [Updates: v3.7.0, v4.1.0]
• docker/build-push-action v6.18.0@263435318d21b8e681c14492fe198d362a7d2c83 → [Updates: v6.19.2, v7.1.0]

.github/workflows/lint-pr-title.yml (1)

• actions/github-script v8@ed597411d8f924073f98dfc5c65a23a2325f34cd → [Updates: v9]

.github/workflows/patch-release.yml (2)

• actions/create-github-app-token v2.2.2@fee1f7d63c2ff003460e3d139729b119787bc349 → [Updates: v3.1.1]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/pr-size-labeler.yml (2)

• actions/github-script v8@ed597411d8f924073f98dfc5c65a23a2325f34cd → [Updates: v9]
• actions/github-script v8@ed597411d8f924073f98dfc5c65a23a2325f34cd → [Updates: v9]

.github/workflows/release.yml (9)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/setup-buildx-action v3.11.1@e468171a9de216ec08956ac3ada2f0791b6bd435 → [Updates: v3.12.0, v4]
• docker/login-action v3.6.0@5e57cd118135c172c3672efd75eb46360885c0ef → [Updates: v3.7.0, v4.1.0]
• docker/login-action v3.6.0@5e57cd118135c172c3672efd75eb46360885c0ef → [Updates: v3.7.0, v4.1.0]
• docker/metadata-action v5.10.0@c299e40c65443455700f0fdfc63efafe5b349051 → [Updates: v6]
• docker/build-push-action v6.18.0@263435318d21b8e681c14492fe198d362a7d2c83 → [Updates: v6.19.2, v7.1.0]
• actions/attest-build-provenance v4.1.0@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
• sigstore/cosign-installer v4.1.0@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 → [Updates: v4.1.2]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/security.yml (7)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• anchore/scan-action v7.3.2@7037fa011853d5a11690026fb85feee79f4c946c → [Updates: v7.4.0]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/setup-buildx-action v3.11.1@e468171a9de216ec08956ac3ada2f0791b6bd435 → [Updates: v3.12.0, v4]
• docker/login-action v3.6.0@5e57cd118135c172c3672efd75eb46360885c0ef → [Updates: v3.7.0, v4.1.0]
• docker/build-push-action v6.18.0@263435318d21b8e681c14492fe198d362a7d2c83 → [Updates: v6.19.2, v7.1.0]
• anchore/scan-action v7.3.2@7037fa011853d5a11690026fb85feee79f4c946c → [Updates: v7.4.0]

pep621 (1)

pyproject.toml (18)

• python >=3.13 → [Updates: >=3.14.4]
• cryptography >=46.0.7 → [Updates: >=48.0.0]
• fastapi >=0.135.3 → [Updates: >=0.136.1]
• mcp >=1.27.0 → [Updates: >=1.27.1]
• pydantic >=2.13.2 → [Updates: >=2.13.4]
• pydantic-settings >=2.13.1 → [Updates: >=2.14.1]
• python-dotenv >=1.2.2
• python-multipart >=0.0.26 → [Updates: >=0.0.27]
• structlog >=25.5.0
• pytest >=9.0.3
• pytest-asyncio >=1.3.0
• ruff >=0.15.9 → [Updates: >=0.15.12]
• ty >=0.0.31 → [Updates: >=0.0.34]
• pytest-cov >=7.1.0
• bandit >=1.9.4
• pip-audit >=2.10.0
• cyclonedx-bom >=7.3.0
• lxml >=6.1.0

pyenv (1)

.python-version (1)

• python 3.13 → [Updates: 3.14]

---

• Check this box to trigger a request for Renovate to run again on this repository