Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Pending Approval

The following branches are pending approval. To create them, click on a checkbox below.

• chore(deps): update actions/checkout action to v6
• chore(deps): update aws-actions/configure-aws-credentials action to v6
• chore(deps): update cds-snc/security-tools action to v4
• chore(deps): update cds-snc/terraform-plan action to v5
• chore(deps): update dorny/paths-filter action to v4
• 🔐 Create all pending approval PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): update dependency uvicorn to v0.43.0

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update dependency cryptography to v46.0.6 [security]
• chore(deps): update dependency requests to v2.33.0 [security]
• chore(deps): update all patch dependencies (boto3, coverage, fastapi)
• chore(deps): update all non-major github action dependencies (aws-actions/amazon-ecr-login, cds-snc/security-tools, github/codeql-action)
• chore(deps): lock file maintenance
• Click on this checkbox to rebase all open PRs at once

Detected Dependencies

devcontainer (1)

.devcontainer/devcontainer.json (1)

• mcr.microsoft.com/devcontainers/python 3.14@sha256:1af48f9bd555f7972b14424def113c166dab9c5027bd9d9f5cc57704a42974f2

dockerfile (1)

api/Dockerfile (2)

• python 3.13-alpine3.19@sha256:8287ca207e905649e9f399b5f91a119e5e9051d8cd110d5f8c3b4bd9458ebd1d
• python 3.13-alpine3.19@sha256:8287ca207e905649e9f399b5f91a119e5e9051d8cd110d5f8c3b4bd9458ebd1d

github-actions (11)

.github/workflows/ci-code.yml (3)

• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405
• python 3.14

.github/workflows/code-scanning.yml (3)

• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• github/codeql-action v4.33.0@b1bff81932f5cdfc8695c7752dcee935dcd061c8 → [Updates: v4.35.1]
• github/codeql-action v4.33.0@b1bff81932f5cdfc8695c7752dcee935dcd061c8 → [Updates: v4.35.1]

.github/workflows/dependency-review.yml (2)

• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• actions/dependency-review-action v4.9.0@2031cfc080254a8a887f58cffee85186f0e49e48

.github/workflows/docker-build-push-production.yml (6)

• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• dorny/paths-filter v3.0.3@d1c1ffe0248fe513906c8e24db8ea791d46f8590 → [Updates: v4.0.1]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• aws-actions/configure-aws-credentials v5.1.1@61815dcd50bd041e203e49132bacad1fd04d2708 → [Updates: v6.0.0]
• aws-actions/amazon-ecr-login v2.0.2@c962da2960ed15f492addc26fffa274485265950 → [Updates: v2.1.1]
• cds-snc/security-tools v4.0.2@8d2322011f6b68da2fc47e60f23b41c1907e33e8 → [Updates: v4.0.3]

.github/workflows/docker-build.yml (3)

• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• dorny/paths-filter v3.0.3@d1c1ffe0248fe513906c8e24db8ea791d46f8590 → [Updates: v4.0.1]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]

.github/workflows/docker-vulnerability-scan.yml (4)

• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• aws-actions/configure-aws-credentials v5.1.1@61815dcd50bd041e203e49132bacad1fd04d2708 → [Updates: v6.0.0]
• aws-actions/amazon-ecr-login v2.0.2@c962da2960ed15f492addc26fffa274485265950 → [Updates: v2.1.1]
• cds-snc/security-tools v3.2.1@5a93d1deec72d4cb2737cb8418364fedba1c695c → [Updates: v4.0.3]

.github/workflows/labels.yml (1)

• cds-snc/labels v1

.github/workflows/shellcheck.yml (1)

• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]

.github/workflows/terraform-security-scan.yml (1)

• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]

.github/workflows/tf_apply_production.yml (3)

• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• cds-snc/terraform-tools-setup v1.2.0@5a19984bcb888600ad646e0caf5c6f4d0a54c165 → [Updates: v1.3.0]
• aws-actions/configure-aws-credentials v5.1.1@61815dcd50bd041e203e49132bacad1fd04d2708 → [Updates: v6.0.0]

.github/workflows/tf_plan_production.yml (4)

• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• cds-snc/terraform-tools-setup v1.2.0@5a19984bcb888600ad646e0caf5c6f4d0a54c165 → [Updates: v1.3.0]
• aws-actions/configure-aws-credentials v5.1.1@61815dcd50bd041e203e49132bacad1fd04d2708 → [Updates: v6.0.0]
• cds-snc/terraform-plan v3.7.0@39b0058bcf977fbd8b067b84d5a9f6165e356c32 → [Updates: v5.0.1]

pip_requirements (3)

api/requirements_dev.txt (7)

• black ==26.3.1
• coverage ==7.13.4 → [Updates: ==7.13.5]
• flake8 ==7.3.0
• httpx ==0.28.1
• pytest ==9.0.2
• pytest-env ==1.6.0
• uvicorn ==0.42.0 → [Updates: ==0.43.0]

api/requirements.txt (7)

• boto3 ==1.42.68 → [Updates: ==1.42.78]
• cryptography ==46.0.5 → [Updates: ==46.0.6]
• fastapi ==0.135.1 → [Updates: ==0.135.2]
• mangum ==0.21.0
• python-dotenv ==1.2.2
• requests ==2.32.5 → [Updates: ==2.33.0]
• urllib3 ==2.6.3

terragrunt/aws/alert_compromise/functions/requirements_dev.txt (4)

• black ==26.3.1
• boto3 ==1.42.68 → [Updates: ==1.42.78]
• flake8 ==7.3.0
• pytest ==9.0.2

renovate-config-presets (1)

renovate.json

terraform (3)

terragrunt/aws/api/lambda.tf (1)

• github.com/cds-snc/terraform-modules v10.11.0 → [Updates: v10.11.3]

terragrunt/aws/api/sentinel.tf (1)

• github.com/cds-snc/terraform-modules v10.11.0 → [Updates: v10.11.3]

terragrunt/env/common/provider.tf (1)

• aws ~> 6.0

terragrunt (10)

terragrunt/env/production/alarms/terragrunt.hcl

terragrunt/env/production/alert_compromise/terragrunt.hcl

terragrunt/env/production/api/terragrunt.hcl

terragrunt/env/production/cloudfront/terragrunt.hcl

terragrunt/env/production/hosted_zone/terragrunt.hcl

terragrunt/env/staging/alarms/terragrunt.hcl

terragrunt/env/staging/alert_compromise/terragrunt.hcl

terragrunt/env/staging/api/terragrunt.hcl

terragrunt/env/staging/cloudfront/terragrunt.hcl

terragrunt/env/staging/hosted_zone/terragrunt.hcl

---

• Check this box to trigger a request for Renovate to run again on this repository