Dependency Dashboard

[agntcy-automation]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Deprecations / Replacements

Warning

These dependencies are either deprecated or have replacements available:

Datasource	Package	Replacement PR?
npm	@types/uuid

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update dependency uuid to v11.1.1 [security]
• chore(deps): update dependency @buf/agntcy_dir.bufbuild_es to v2.9.0-20260507152241-c9094b58f0fe.1
• chore(deps): update dependency @microsoft/api-extractor to v7.58.7
• chore(deps): update dependency @rollup/rollup-linux-x64-gnu to v4.60.3
• chore(deps): update dependency @types/node to v22.19.18
• chore(deps): update dependency workerpool to v10.0.2
• chore(deps): update github actions (actions/cache, actions/checkout, actions/create-github-app-token, actions/dependency-review-action, actions/setup-node, github/codeql-action, step-security/harden-runner, super-linter/super-linter, webiny/action-conventional-commits)
• chore(deps): update dependency @bufbuild/protobuf to v2.12.0
• chore(deps): update dependency typescript-eslint to v8.59.2
• chore(deps): update npm to v11.14.0
• chore(deps): lock file maintenance
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Important

1/1 CVEs have Renovate fixes.

npm

package.json

uuid

• GHSA-w5hq-g745-h8pq (fixed in >= 11.1.1)

Detected Dependencies

github-actions (8)

.github/workflows/ci.yaml (2)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• dorny/paths-filter v4.0.1@fbd0ab8f3e69293af611ebaee6363fc25e6d187d

.github/workflows/codeql.yml (5)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6.3.0@53b83947a5a98c8d113130e565377fae1a50d02f → [Updates: v6.4.0]
• github/codeql-action v4.35.1@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4.35.4]
• github/codeql-action v4.35.1@c10b8064de6f491fea524254123dbe5e09572f13 → [Updates: v4.35.4]
• node 24.x

.github/workflows/conventional_commits.yml (3)

• step-security/harden-runner v2.11.0@4d991eb9b905ef189e4c376166672c3f2f230481 → [Updates: v2.19.1]
• actions/checkout v4 → [Updates: v4.3.1, v6.0.2, v4]
• webiny/action-conventional-commits v1.3.0 → [Updates: v1.4.2, v1.3.0]

.github/workflows/dependencies.yaml (5)

• actions/create-github-app-token v3.0.0@f8d387b68d61c58ab83c6c016672934102569859 → [Updates: v3.1.1]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• go-task/setup-task v2.0.0@3be4020d41929789a01026e0e427a4321ce0ad44
• actions/setup-node v6.3.0@53b83947a5a98c8d113130e565377fae1a50d02f → [Updates: v6.4.0]
• node 24.x

.github/workflows/dependency.yml (3)

• step-security/harden-runner v2.11.0@4d991eb9b905ef189e4c376166672c3f2f230481 → [Updates: v2.19.1]
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332 → [Updates: v4.3.1, v6.0.2]
• actions/dependency-review-action v4.5.0@3b139cfc5fae8b618d3eae3675e383bb1769c019 → [Updates: v4.9.0, v5.0.0]

.github/workflows/lint.yml (3)

• step-security/harden-runner v2.11.0@4d991eb9b905ef189e4c376166672c3f2f230481 → [Updates: v2.19.1]
• actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332 → [Updates: v4.3.1, v6.0.2]
• super-linter/super-linter v7.2.1@85f7611e0f7b53c8573cca84aa0ed4344f6f6a4d → [Updates: v7.4.0, v8.6.0]

.github/workflows/reusable-release-sdk.yaml (4)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• go-task/setup-task v2.0.0@3be4020d41929789a01026e0e427a4321ce0ad44
• actions/setup-node v6.3.0@53b83947a5a98c8d113130e565377fae1a50d02f → [Updates: v6.4.0]
• node 24.x

.github/workflows/reusable-test-sdk.yaml (7)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/login-action v4.1.0@4907a6ddec9925e35a0a9e82d7399ccc52663121
• go-task/setup-task v2.0.0@3be4020d41929789a01026e0e427a4321ce0ad44
• actions/setup-node v6.3.0@53b83947a5a98c8d113130e565377fae1a50d02f → [Updates: v6.4.0]
• actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
• actions/cache v5.0.4@668228422ae6a00e4ad889ee87cd7109ec5666a7 → [Updates: v5.0.5]
• node 24.x

npm (1)

package.json (21)

• @buf/agntcy_dir.bufbuild_es 2.9.0-20260413212701-cb1fb6353ac1.1 → [Updates: 2.9.0-20260507152241-c9094b58f0fe.1]
• @bufbuild/protobuf ^2.9.0 → [Updates: ^2.9.0]
• @connectrpc/connect ^2.1.0
• @connectrpc/connect-node ^2.1.0
• @grpc/grpc-js ^1.13.4
• spiffe ^0.5.0
• @microsoft/api-extractor ^7.58.0 → [Updates: ^7.58.0]
• @rollup/plugin-json ^6.1.0
• @rollup/plugin-node-resolve ^16.0.1
• @types/node ^22.19.1 → [Updates: ^22.19.1, ^24.0.0]
• @types/uuid ^10.0.0 → [Updates: ^11.0.0]
• rollup-plugin-typescript2 ^0.37.0
• ts-node ^10.9.2
• typescript ^5.9.3 → [Updates: ^6.0.0]
• typescript-eslint ^8.58.0 → [Updates: ^8.58.0]
• uuid ^11.1.0 → [Updates: ^11.1.0]
• vitest ^3.2.4 → [Updates: ^4.0.0]
• workerpool ^10.0.1 → [Updates: ^10.0.1]
• @rollup/rollup-linux-x64-gnu 4.60.1 → [Updates: 4.60.3]
• node >=20.0.0
• npm 11.12.1 → [Updates: 11.14.0]