Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Repository Problems

These problems occurred while renovating this repository. View logs.

• ⚠️ WARN: Package lookup failures

Deprecations / Replacements

Warning

These dependencies are either deprecated or have replacements available:

Datasource	Package	Replacement PR?
npm	@material-ui/core
npm	@material-ui/icons
npm	@types/domutils

Abandoned Dependencies

Note

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

These dependencies have not received updates for an extended period and may be unmaintained:

View abandoned dependencies (21)

Datasource	Package	Last Updated
npm	classnames	2023-12-29
npm	clsx	2024-04-23
npm	escape-string-regexp	2021-04-17
npm	eslint-plugin-react	2025-04-03
npm	font-awesome	2016-10-24
npm	history	2022-02-22
npm	husky	2024-11-18
npm	load-plugin	2024-04-16
npm	lusca	2021-02-23
npm	material-design-icons	2016-09-02
npm	moment	2023-12-27
npm	parse-diff	2023-03-20
npm	passport	2023-11-27
npm	passport-activedirectory	2023-03-01
npm	passport-local	2014-03-08
npm	perfect-scrollbar	2024-10-29
npm	react-html-parser	2017-11-29
npm	react-social-media-embed	2025-02-18
npm	slick-carousel	2017-10-03

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update github-actions - workflows - .github/workflows/ci.yml (codecov/codecov-action, cypress-io/github-action, docker/login-action, docker/setup-buildx-action, docker/setup-compose-action, github/codeql-action, step-security/harden-runner)
• fix(deps): update dependency axios to ^1.14.0 - git-proxy-cli - packages/git-proxy-cli/package.json
• chore(deps): update codecov/codecov-action action to v6 - workflows - .github/workflows/ci.yml
• chore(deps): update crazy-max/ghaction-github-runtime action to v4 - workflows - .github/workflows/e2e.yml
• fix(deps): update dependency yargs to v18 - git-proxy-cli - packages/git-proxy-cli/package.json
• fix(deps): update npm to v6 - - package.json (major) (@vitejs/plugin-react, connect-mongo, eslint-plugin-cypress, mongodb, typescript, vite-tsconfig-paths)
• fix(deps): update npm to v17 - - package.json (major) (globals, react, react-dom)
• fix(deps): update npm to v18 - - package.json (major) (@types/react-dom, nyc, react, react-dom, yargs)
• fix(deps): update npm to v19 - - package.json (major) (@types/react-dom, react, react-dom)
• chore(deps): lock file maintenance - - package.json
• chore(deps): lock file maintenance - git-proxy-cli - packages/git-proxy-cli/package.json
• chore(deps): lock file maintenance - git-proxy-plugin-samples - plugins/git-proxy-plugin-samples/package.json
• chore(deps): lock file maintenance - test-package - test/fixtures/test-package/package.json
• chore(deps): lock file maintenance - website - website/package.json
• 🔐 Create all rate-limited PRs at once 🔐

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-digest package github/codeql-action), Could not determine new digest for update (github-tags package actions/dependency-review-action).

Files affected: .github/workflows/codeql.yml, .github/workflows/dependency-review.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• fix(deps): update npm - - package.json (@aws-sdk/credential-providers, @babel/core, @esbuild/darwin-arm64, @esbuild/darwin-x64, @esbuild/linux-x64, @esbuild/win32-x64, @eslint/compat, @eslint/js, @eslint/json, @fontsource/roboto, @primer/octicons-react, @types/lodash, @types/node, @vitejs/plugin-react, axios, cypress, eslint, eslint-plugin-cypress, express-rate-limit, fast-check, isomorphic-git, lint-staged, lodash, mongo, node, openid-client, simple-git, typescript-eslint)
• fix(deps): update npm - website - website/package.json (axios, eslint)
• chore(deps): update dependency @types/node to v24 - - package.json
• chore(deps): update dependency vite to v8 - - package.json
• chore(deps): update mongo docker tag to v8 - - docker-compose.yml
• chore(deps): update npm to v10 - - package.json (major) (@eslint/js, eslint)
• chore(deps): update npm to v20 - - package.json (major) (@commitlint/cli, @commitlint/config-conventional)
• fix(deps): update dependency eslint to v10 - website - website/package.json
• fix(deps): update npm to v4 - - package.json (major) (@vitest/coverage-v8, env-paths, vitest)
• fix(deps): update npm to v7 - - package.json (major) (@types/supertest, mongodb, react-router-dom)
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• fix(deps): replace dependency @material-ui/core with @mui/material ^5.0.0 - - package.json
• fix(deps): replace dependency @material-ui/icons with @mui/icons-material 5.0.0 - - package.json

Detected Dependencies

docker-compose (2)

docker-compose.ci.yml

docker-compose.yml (1)

• mongo 7@sha256:606f8e029603330411a7dd10b5ffd50eefc297fc80cee89f10a455e496a76ae7 → [Updates: 8, 7]

dockerfile (2)

Dockerfile (2)

• node 24@sha256:5a593d74b632d1c6f816457477b6819760e13624455d587eef0fa418c8d0777b → [Updates: 24]
• node 24@sha256:5a593d74b632d1c6f816457477b6819760e13624455d587eef0fa418c8d0777b → [Updates: 24]

localgit/Dockerfile (1)

• httpd 2.4@sha256:331548c5249bdeced0f048bc2fb8c6b6427d2ec6508bed9c1fec6c57d0b27a60

github-actions (14)

.github/workflows/ci.yml (10)

• step-security/harden-runner v2.16.0@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 → [Updates: v2.16.1]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6.3.0@53b83947a5a98c8d113130e565377fae1a50d02f
• supercharge/mongodb-github-action 1.12.1@315db7fe45ac2880b7758f1933e6e5d59afd5e94
• codecov/codecov-action v5.5.3@1af58845a975a7985b0beb0cbe6fbbb71a41dbad → [Updates: v5.5.4, v6.0.0]
• cypress-io/github-action v7.1.8@4c06c48f3ffea349b7189aa06dfcda47a9fa7b92 → [Updates: v7.1.9]
• step-security/harden-runner v2.16.0@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 → [Updates: v2.16.1]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6.3.0@53b83947a5a98c8d113130e565377fae1a50d02f
• node 24.x

.github/workflows/codeql.yml (5)

• step-security/harden-runner v2@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• github/codeql-action ratchet:github/codeql-action/init@v4@72c0b0efb7def5141326c5e13760acdda431379d
• github/codeql-action ratchet:github/codeql-action/autobuild@v4@72c0b0efb7def5141326c5e13760acdda431379d
• github/codeql-action ratchet:github/codeql-action/analyze@v4@72c0b0efb7def5141326c5e13760acdda431379d

.github/workflows/dependency-review.yml (3)

• step-security/harden-runner v2@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/dependency-review-action v4@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261

.github/workflows/docker-publish.yml (4)

• docker/setup-buildx-action v4@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/login-action v4@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 → [Updates: v4]
• docker/build-push-action v7@d08e5c354a6adb9ed34480a06d141179aa583294

.github/workflows/e2e.yml (7)

• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• docker/setup-buildx-action d91f340399fb2345e3e45f5461e116862b08261d → [Updates: undefined]
• crazy-max/ghaction-github-runtime v3@3cb05d89e1f492524af3d41a1c98c83bc3025124 → [Updates: v4]
• docker/setup-compose-action e29e0ecd235838be5f2e823f8f512a72dc55f662 → [Updates: undefined]
• actions/setup-node v6@53b83947a5a98c8d113130e565377fae1a50d02f
• actions/upload-artifact v7@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
• node 24

.github/workflows/experimental-inventory-ci.yml (4)

• step-security/harden-runner v2.16.0@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 → [Updates: v2.16.1]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6@53b83947a5a98c8d113130e565377fae1a50d02f
• supercharge/mongodb-github-action 1.12.1@315db7fe45ac2880b7758f1933e6e5d59afd5e94

.github/workflows/experimental-inventory-cli-publish.yml (4)

• step-security/harden-runner v2.16.0@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 → [Updates: v2.16.1]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6@53b83947a5a98c8d113130e565377fae1a50d02f
• node 24.x

.github/workflows/experimental-inventory-publish.yml (4)

• step-security/harden-runner v2.16.0@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 → [Updates: v2.16.1]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6@53b83947a5a98c8d113130e565377fae1a50d02f
• node 24.x

.github/workflows/lint.yml (3)

• step-security/harden-runner v2@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594
• actions/setup-node v6@53b83947a5a98c8d113130e565377fae1a50d02f
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd

.github/workflows/npm.yml (4)

• step-security/harden-runner v2.16.0@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 → [Updates: v2.16.1]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6@53b83947a5a98c8d113130e565377fae1a50d02f
• node 24

.github/workflows/pr-lint.yml (3)

• step-security/harden-runner v2.16.0@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 → [Updates: v2.16.1]
• amannn/action-semantic-pull-request v6@48f256284bd46cdaab1048c3721360e808335d50
• release-drafter/release-drafter v7@139054aeaa9adc52ab36ddf67437541f039b88e2

.github/workflows/sample-publish.yml (4)

• step-security/harden-runner v2.16.0@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 → [Updates: v2.16.1]
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6@53b83947a5a98c8d113130e565377fae1a50d02f
• node 24.x

.github/workflows/scorecard.yml (5)

• step-security/harden-runner v2.16.0@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 → [Updates: v2.16.1]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• ossf/scorecard-action v2.4.3@4eaacf0543bb3f2c246792bd56e8cdeffafb205a
• actions/upload-artifact v7.0.0@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
• github/codeql-action v4.34.1@38697555549f1db7851b81482ff19f1fa5c4fedc → [Updates: v4.35.1]

.github/workflows/unused-dependencies.yml (4)

• step-security/harden-runner v2@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594
• actions/checkout v6@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6@53b83947a5a98c8d113130e565377fae1a50d02f
• node 24.x

npm (5)

package.json (96)

• @aws-sdk/credential-providers ^3.980.0 → [Updates: ^3.1022.0]
• @fontsource/roboto ^5.2.9 → [Updates: ^5.2.10]
• @material-ui/core ^4.12.4 → [Updates: ^5.0.0]
• @material-ui/icons 4.11.3 → [Updates: 5.0.0]
• @primer/octicons-react ^19.21.2 → [Updates: ^19.23.1]
• @seald-io/nedb ^4.1.2
• axios ^1.13.4 → [Updates: ^1.14.0]
• bcryptjs ^3.0.3
• clsx ^2.1.1
• concurrently ^9.2.1
• connect-mongo ^5.1.0 → [Updates: ^6.0.0]
• cors ^2.8.6
• diff2html ^3.4.56
• env-paths ^3.0.0 → [Updates: ^4.0.0]
• escape-string-regexp ^5.0.0
• express ^5.2.1
• express-http-proxy ^2.1.2
• express-rate-limit ^8.2.1 → [Updates: ^8.3.2]
• express-session ^1.19.0
• font-awesome ^4.7.0
• history 5.3.0
• isomorphic-git ^1.36.3 → [Updates: ^1.37.4]
• jsonwebtoken ^9.0.3
• load-plugin ^6.0.3
• lodash ^4.17.23 → [Updates: ^4.18.1]
• lusca ^1.7.0
• material-design-icons ^3.0.1
• moment ^2.30.1
• mongodb ^5.9.2 → [Updates: ^6.21.0, ^7.1.1]
• openid-client ^6.8.1 → [Updates: ^6.8.2]
• parse-diff ^0.11.1
• passport ^0.7.0
• passport-activedirectory ^1.4.0
• passport-local ^1.0.0
• perfect-scrollbar ^1.5.6
• react ^16.14.0 → [Updates: ^17.0.2, ^18.3.1, ^19.2.4]
• react-dom ^16.14.0 → [Updates: ^17.0.2, ^18.3.1, ^19.2.4]
• react-html-parser ^2.0.2
• react-router-dom 6.30.3 → [Updates: 7.13.2]
• simple-git ^3.30.0 → [Updates: ^3.33.0]
• uuid ^13.0.0
• validator ^13.15.26 → [Updates: ^13.15.35]
• yargs ^17.7.2 → [Updates: ^18.0.0]
• @babel/core ^7.28.6 → [Updates: ^7.29.0]
• @babel/preset-react ^7.28.5
• @commitlint/cli ^19.8.1 → [Updates: ^20.5.0]
• @commitlint/config-conventional ^19.8.1 → [Updates: ^20.5.0]
• @eslint/compat ^2.0.2 → [Updates: ^2.0.3]
• @eslint/js ^9.39.2 → [Updates: ^9.39.4, ^10.0.1]
• @eslint/json ^1.0.1 → [Updates: ^1.2.0]
• @types/activedirectory2 ^1.2.6
• @types/cors ^2.8.19
• @types/domutils ^2.1.0
• @types/express ^5.0.6
• @types/express-http-proxy ^1.6.7
• @types/express-session ^1.18.2
• @types/jsonwebtoken ^9.0.10
• @types/lodash ^4.17.23 → [Updates: ^4.17.24]
• @types/lusca ^1.7.5
• @types/node ^22.19.7 → [Updates: ^22.19.15, ^24.12.0]
• @types/passport ^1.0.17
• @types/passport-local ^1.0.38
• @types/react-dom ^17.0.26 → [Updates: ^18.3.7, ^19.2.3]
• @types/react-html-parser ^2.0.7
• @types/supertest ^6.0.3 → [Updates: ^7.2.0]
• @types/validator ^13.15.10
• @types/yargs ^17.0.35
• @vitejs/plugin-react ^5.1.2 → [Updates: ^5.2.0, ^6.0.1]
• @vitest/coverage-v8 ^3.2.4 → [Updates: ^4.1.2]
• cross-env ^10.1.0
• cypress ^15.9.0 → [Updates: ^15.13.0]
• eslint ^9.39.2 → [Updates: ^9.39.4, ^10.1.0]
• eslint-config-prettier ^10.1.8
• eslint-plugin-cypress ^5.2.1 → [Updates: ^5.3.0, ^6.2.1]
• eslint-plugin-license-header ^0.9.0
• eslint-plugin-react ^7.37.5
• fast-check ^4.5.3 → [Updates: ^4.6.0]
• globals ^16.5.0 → [Updates: ^17.4.0]
• husky ^9.1.7
• lint-staged ^16.2.7 → [Updates: ^16.4.0]
• nyc ^17.1.0 → [Updates: ^18.0.0]
• prettier ^3.8.1
• quicktype ^23.2.6
• supertest ^7.2.2
• ts-node ^10.9.2
• tsx ^4.21.0
• typescript ^5.9.3 → [Updates: ^6.0.2]
• typescript-eslint ^8.54.0 → [Updates: ^8.58.0]
• vite ^7.3.1 → [Updates: ^8.0.3]
• vite-tsconfig-paths ^5.1.4 → [Updates: ^6.1.1]
• vitest ^3.2.4 → [Updates: ^4.1.2]
• @esbuild/darwin-arm64 ^0.27.2 → [Updates: ^0.27.5]
• @esbuild/darwin-x64 ^0.27.2 → [Updates: ^0.27.5]
• @esbuild/linux-x64 0.27.2 → [Updates: 0.27.5]
• @esbuild/win32-x64 0.27.2 → [Updates: 0.27.5]
• node >=22.13.1 || >=24.0.0

packages/git-proxy-cli/package.json (3)

• axios ^1.13.6 → [Updates: ^1.14.0]
• yargs ^17.7.2 → [Updates: ^18.0.0]
• @finos/git-proxy 2.0.0-rc.5

plugins/git-proxy-plugin-samples/package.json (2)

• express ^5.2.1
• @finos/git-proxy ^2.0.0-rc.5

test/fixtures/test-package/package.json

website/package.json (14)

• @docusaurus/core ^3.9.2
• @docusaurus/plugin-google-gtag ^3.9.2
• @docusaurus/preset-classic ^3.9.2
• axios ^1.13.4 → [Updates: ^1.14.0]
• classnames ^2.5.1
• clsx ^2.1.1
• eslint ^9.39.2 → [Updates: ^9.39.4, ^10.1.0]
• eslint-plugin-react ^7.37.5
• react ^19.2.4
• react-dom ^19.2.4
• react-player ^3.4.0
• react-slick ^0.31.0
• react-social-media-embed ^2.5.18
• slick-carousel ^1.8.1

---

• Check this box to trigger a request for Renovate to run again on this repository

[JamieSlome]

Closed this issue as it is not required to be open 👍