chore: Configure Renovate

[renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• .circleci/config.yml (circleci)
• tests/compose.git-ref.yaml (docker-compose)
• tests/compose.mysql.yaml (docker-compose)
• tests/compose.yaml (docker-compose)
• .github/actions/install-tools/action.yml (github-actions)
• .github/workflows/api-changes.yml (github-actions)
• .github/workflows/build.yml (github-actions)
• .github/workflows/gen-release-pr.yml (github-actions)
• .github/workflows/pr-preview-links.yml (github-actions)
• .github/workflows/scorecard.yml (github-actions)
• .github/workflows/tests.yml (github-actions)
• .github/workflows/zizmor.yml (github-actions)
• pyproject.toml (pep621)
• .pre-commit-config.yaml (pre-commit)
• .github/workflows/api-changes.yml (regex)
• .github/workflows/tests.yml (regex)
• .github/workflows/zizmor.yml (regex)
• .github/workflows/tests.yml (regex)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Hopefully safe environment variables to allow users to configure.
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Enable the pre-commit manager.
• Removes rate limit for PR creation per hour.
• Rebase existing PRs any time the base branch has been updated.
• Update _VERSION environment variables in GitHub Action files.
• Run Renovate on following schedule: before 5am on monday

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 12 Pull Requests:

chore(deps): update dependency zizmor to v1.2.2

• Schedule: ["before 5am on monday"]
• Branch name: renovate/zizmor-1.x
• Merge into: main
• Upgrade zizmor to 1.2.2

chore(deps): update github/codeql-action action to v3.28.3

• Schedule: ["before 5am on monday"]
• Branch name: renovate/github-codeql-action-3.x
• Merge into: main
• Upgrade github/codeql-action to dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7

chore(deps): update uv-version to v0.5.22

• Schedule: ["before 5am on monday"]
• Branch name: renovate/uv-version
• Merge into: main
• Upgrade astral-sh/uv-pre-commit to 0.5.22
• Upgrade uv to 0.5.22

chore(deps): update actions/attest-build-provenance action to v2.2.0

• Schedule: ["before 5am on monday"]
• Branch name: renovate/actions-attest-build-provenance-2.x
• Merge into: main
• Upgrade actions/attest-build-provenance to 520d128f165991a6c774bcb264f323e3d70747f4

chore(deps): update astral-sh/setup-uv action to v5.2.1

• Schedule: ["before 5am on monday"]
• Branch name: renovate/astral-sh-setup-uv-5.x
• Merge into: main
• Upgrade astral-sh/setup-uv to b5f58b2abc5763ade55e4e9d0fe52cd1ff7979ca

chore(deps): update cimg/python docker tag to v3.13.1

• Schedule: ["before 5am on monday"]
• Branch name: renovate/cimg-python-3.x
• Merge into: main
• Upgrade cimg/python to 3.13.1

chore(deps): update codecov/codecov-action action to v5.2.0

• Schedule: ["before 5am on monday"]
• Branch name: renovate/codecov-codecov-action-5.x
• Merge into: main
• Upgrade codecov/codecov-action to 5a605bd92782ce0810fa3b8acc235c921b497052

chore(deps): update dependency python to v2.2.0

• Schedule: ["before 5am on monday"]
• Branch name: renovate/python-2.x
• Merge into: main
• Upgrade python to 2.2.0

chore(deps): update hynek/build-and-inspect-python-package action to v2.12.0

• Schedule: ["before 5am on monday"]
• Branch name: renovate/hynek-build-and-inspect-python-package-2.x
• Merge into: main
• Upgrade hynek/build-and-inspect-python-package to b5076c307dc91924a82ad150cdd1533b444d3310

chore(deps): update pre-commit hook codespell-project/codespell to v2.4.0

• Schedule: ["before 5am on monday"]
• Branch name: renovate/codespell-project-codespell-2.x
• Merge into: main
• Upgrade codespell-project/codespell to v2.4.0

chore(deps): update dependency python to v3

• Schedule: ["before 5am on monday"]
• Branch name: renovate/python-3.x
• Merge into: main
• Upgrade python to 3.0.0

chore(deps): lock file maintenance

• Schedule: ["before 5am on monday"]
• Branch name: renovate/lock-file-maintenance
• Merge into: main
• Regenerate lock files to use latest dependency versions

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher

🚮 Removed packages: pypi/[email protected]

View full report↗︎

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (cb7dd0c) to head (df70eba).
Report is 12 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff            @@
##              main     #1256   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           10        10           
  Lines          495       495           
  Branches        13        13           
=========================================
  Hits           495       495           

Flag	Coverage Δ
integration	91.51% <ø> (ø)
unit	93.33% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
License Policy Violation	pypi/[email protected]	License: BSD-3-Clause (enum/LICENSE) License: License :: OSI Approved :: BSD License (enum34-1.1.10.dist-info/METADATA) License: BSD License (enum34-1.1.10.dist-info/METADATA)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: BSD-3-Clause (enum/LICENSE) License: License :: OSI Approved :: BSD License (enum34-1.1.10.dist-info/METADATA) License: BSD License (enum34-1.1.10.dist-info/METADATA)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: BSD-3-Clause (enum34-1.1.10/enum/LICENSE) License: License :: OSI Approved :: BSD License (enum34-1.1.10/setup.py) License: BSD License (enum34-1.1.10/setup.py) License: License :: OSI Approved :: BSD License (enum34-1.1.10/enum34.egg-info/PKG-INFO) License: BSD License (enum34-1.1.10/enum34.egg-info/PKG-INFO) License: License :: OSI Approved :: BSD License (enum34-1.1.10/PKG-INFO) License: BSD License (enum34-1.1.10/PKG-INFO)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: Apache-2.0 (importlib_resources-6.5.2/LICENSE) License: License :: OSI Approved :: Apache Software License (importlib_resources-6.5.2/pyproject.toml) License: License :: OSI Approved :: Apache Software License (importlib_resources-6.5.2/importlib_resources.egg-info/PKG-INFO) License: License :: OSI Approved :: Apache Software License (importlib_resources-6.5.2/PKG-INFO)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: Apache-2.0 (importlib_resources-6.5.2.dist-info/LICENSE) License: License :: OSI Approved :: Apache Software License (importlib_resources-6.5.2.dist-info/METADATA)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: MIT (towncrier-24.7.0rc1/LICENSE) License: MIT (towncrier-24.7.0rc1/PKG-INFO) License: MIT (towncrier-24.7.0rc1/pyproject.toml) License: BSD-3-Clause (towncrier-24.7.0rc1/src/towncrier/click_default_group.py)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: MIT (towncrier-24.7.0rc1.dist-info/licenses/LICENSE) License: MIT (towncrier-24.7.0rc1.dist-info/METADATA) License: BSD-3-Clause (towncrier/click_default_group.py)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: Apache-2.0 (argcomplete-3.5.3/LICENSE.rst) License: OGL-Canada-2.0 (argcomplete-3.5.3/NOTICE) License: License :: OSI Approved :: Apache Software License (argcomplete-3.5.3/PKG-INFO) License: Apache Software License (argcomplete-3.5.3/PKG-INFO) License: License :: OSI Approved :: Apache Software License (argcomplete-3.5.3/pyproject.toml)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: Apache-2.0 (argcomplete-3.5.3.dist-info/licenses/LICENSE.rst) License: OGL-Canada-2.0 (argcomplete-3.5.3.dist-info/licenses/NOTICE) License: License :: OSI Approved :: Apache Software License (argcomplete-3.5.3.dist-info/METADATA) License: Apache Software License (argcomplete-3.5.3.dist-info/METADATA)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: MIT (virtualenv-20.29.1/PKG-INFO) License: MIT (virtualenv-20.29.1/pyproject.toml) License: MIT (virtualenv-20.29.1/LICENSE)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: MIT (virtualenv-20.29.1.dist-info/METADATA) License: MIT (virtualenv-20.29.1.dist-info/licenses/LICENSE)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: Unlicense (filelock-3.17.0/pyproject.toml) License: Unlicense (filelock-3.17.0/PKG-INFO) License: Unlicense (filelock-3.17.0/LICENSE)	pyproject.toml	⚠︎
License Policy Violation	pypi/[email protected]	License: Unlicense (filelock-3.17.0.dist-info/METADATA) License: Unlicense (filelock-3.17.0.dist-info/licenses/LICENSE)	pyproject.toml	⚠︎

View full report↗︎

Next steps

What is a license policy violation?

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore pypi/[email protected]
• @SocketSecurity ignore pypi/[email protected]
• @SocketSecurity ignore pypi/[email protected]
• @SocketSecurity ignore pypi/[email protected]
• @SocketSecurity ignore pypi/[email protected]
• @SocketSecurity ignore pypi/[email protected]

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud