chore(deps): update go dependencies

[red-hat-konflux]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
github.com/ThalesGroup/crypto11	require	patch	v1.6.0 → v1.6.1
github.com/go-openapi/analysis	indirect	patch	v0.25.0 → v0.25.1
github.com/go-openapi/runtime	indirect	minor	v0.31.0 → v0.32.2
github.com/go-openapi/runtime/server-middleware	indirect	minor	v0.30.0 → v0.32.2
github.com/go-openapi/strfmt	indirect	patch	v0.26.2 → v0.26.3
github.com/jedisct1/go-minisign	indirect	digest	d2f9f49 → a09352b
github.com/sigstore/rekor	indirect	patch	v1.5.1 → v1.5.2
github.com/sigstore/sigstore	require	patch	v1.10.6 → v1.10.8
github.com/sigstore/timestamp-authority/v2	indirect	minor	v2.0.6 → v2.1.0
github.com/theupdateframework/go-tuf	indirect	major	v0.7.0 → v2.4.2
github.com/theupdateframework/go-tuf/v2	indirect	patch	v2.4.1 → v2.4.2
go.opentelemetry.io/otel	require	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	indirect	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	require	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/metric	indirect	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/sdk	require	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/trace	require	minor	v1.43.0 → v1.44.0
golang.org/x/crypto	require	minor	v0.51.0 → v0.52.0
golang.org/x/net	indirect	minor	v0.54.0 → v0.55.0
golang.org/x/sys	indirect	minor	v0.44.0 → v0.45.0
google.golang.org/genproto/googleapis/api	indirect	digest	aa98bba → 3dc84a4
google.golang.org/genproto/googleapis/rpc	indirect	digest	aa98bba → 3dc84a4

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

ThalesGroup/crypto11 (github.com/ThalesGroup/crypto11)

v1.6.1

Compare Source

go-openapi/analysis (github.com/go-openapi/analysis)

v0.25.1

Compare Source

0.25.1 - 2026-05-25

Full Changelog: go-openapi/analysis@v0.25.0...v0.25.1

16 commits in this release.

---

Implemented enhancements

• feat: added name mangler options to Spec analyzer and FlattenOpts by @​fredbi in #​183 ...

Documentation

• doc(mixin): clarify precedence rules and document limitations by @​fredbi in #​196 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​186 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​184 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​182 ...
• docs: update documentation to reflect the new diff package by @​fredbi in #​180 ...

Updates

• chore(deps): Bump github.com/go-openapi/testify/v2 from 2.5.0 to 2.5.1 in the go-openapi-dependencies group by @​dependabot[bot] in #​194 ...
• chore(deps): Bump golang.org/x/text from 0.36.0 to 0.37.0 in the golang-org-dependencies group by @​dependabot[bot] in #​193 ...
• chore(deps): Bump the go-openapi-dependencies group with 3 updates by @​dependabot[bot] in #​192 ...
• chore(deps): Bump the go-openapi-dependencies group with 2 updates by @​dependabot[bot] in #​191 ...
• chore(deps): Bump github.com/go-openapi/jsonpointer from 0.23.0 to 0.23.1 in the go-openapi-dependencies group by @​dependabot[bot] in #​190 ...
• chore(deps): Bump the go-openapi-dependencies group with 4 updates by @​dependabot[bot] in #​189 ...
• chore(deps): Bump the development-dependencies group with 9 updates by @​dependabot[bot] in #​188 ...
• chore(deps): Bump golang.org/x/text from 0.35.0 to 0.36.0 in the golang-org-dependencies group by @​dependabot[bot] in #​187 ...
• chore(deps): Bump actions/setup-go from 6.3.0 to 6.4.0 in the development-dependencies group by @​dependabot[bot] in #​185 ...
• chore(deps): Bump github.com/go-openapi/testify/v2 from 2.4.1 to 2.4.2 in the go-openapi-dependencies group by @​dependabot[bot] in #​181 ...

---

People who contributed to this release

• @​fredbi

---

analysis license terms

Per-module changes

---

internal/testintegration (0.25.1)

Implemented enhancements

• feat: added name mangler options to Spec analyzer and FlattenOpts by @​fredbi in #​183 ...

Updates

• chore(deps): Bump github.com/go-openapi/testify/v2 from 2.5.0 to 2.5.1 in the go-openapi-dependencies group by @​dependabot[bot] in #​194 ...
• chore(deps): Bump golang.org/x/text from 0.36.0 to 0.37.0 in the golang-org-dependencies group by @​dependabot[bot] in #​193 ...
• chore(deps): Bump the go-openapi-dependencies group with 3 updates by @​dependabot[bot] in #​192 ...

go-openapi/runtime (github.com/go-openapi/runtime)

v0.32.2

Compare Source

0.32.2 - 2026-05-27

Full Changelog: go-openapi/runtime@v0.32.1...v0.32.2

2 commits in this release.

---

Fixed bugs

• fix(client): added a guard to avoid the client to panic by @​fredbi in #​474 ...

Miscellaneous tasks

• chore: prepare release v0.32.2 by @​bot-go-openapi[bot] in #​475 ...

---

People who contributed to this release

• @​fredbi

---

runtime license terms

Per-module changes

---

client-middleware/opentracing (0.32.2)

Miscellaneous tasks

• chore: prepare release v0.32.2 by @​bot-go-openapi[bot] in #​475 ...

v0.32.1

Compare Source

0.32.1 - 2026-05-25

Full Changelog: go-openapi/runtime@v0.32.0...v0.32.1

3 commits in this release.

---

Documentation

• doc: documented SkipAuth feature with build tag by @​fredbi in #​472 ...

Code quality

• refactor(client): promote ContextualTransport to runtime package by @​fredbi in #​471 ...

Miscellaneous tasks

• chore: prepare release v0.32.1 by @​bot-go-openapi[bot] in #​473 ...

---

People who contributed to this release

• @​fredbi

---

runtime license terms

Per-module changes

---

client-middleware/opentracing (0.32.1)

Miscellaneous tasks

• chore: prepare release v0.32.1 by @​bot-go-openapi[bot] in #​473 ...

v0.32.0

Compare Source

0.32.0 - 2026-05-25

Full Changelog: go-openapi/runtime@v0.31.0...v0.32.0

8 commits in this release.

---

Fixed bugs

• refactor(client/otel): pivot OpenTelemetry transport to SubmitContext by @​fredbi ...
• fix(middleware): bind formData file params from urlencoded bodies by @​fredbi ...

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #​468 ...

Code quality

• ci: add unsafe-skipauth tagged-build workflow with coverage by @​fredbi ...
• feat(middleware): build-tag-gated SetSkipAuth for dev-mode auth bypass by @​fredbi ...

Miscellaneous tasks

• chore: prepare release v0.32.0 by @​bot-go-openapi[bot] in #​470 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 4 directories with 2 updates by @​dependabot[bot] in #​467 ...

Other (technical)

• Fix/3113 file urlencoded by @​fredbi in #​469 ...

---

People who contributed to this release

• @​fredbi

---

runtime license terms

Per-module changes

---

client-middleware/opentracing (0.32.0)

Miscellaneous tasks

• chore: prepare release v0.32.0 by @​bot-go-openapi[bot] in #​470 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 4 directories with 2 updates by @​dependabot[bot] in #​467 ...

---

docs/examples (0.32.0)

Miscellaneous tasks

• chore: prepare release v0.32.0 by @​bot-go-openapi[bot] in #​470 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 4 directories with 2 updates by @​dependabot[bot] in #​467 ...

---

server-middleware (0.32.0)

Updates

• build(deps): bump the go-openapi-dependencies group across 4 directories with 2 updates by @​dependabot[bot] in #​467 ...

go-openapi/strfmt (github.com/go-openapi/strfmt)

v0.26.3

0.26.3 - 2026-05-31

Full Changelog: go-openapi/strfmt@v0.26.2...v0.26.3

15 commits in this release.

---

Documentation

• fix(ci): typo in sha by @​fredbi ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​258 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​251 ...

Miscellaneous tasks

• chore: prepare release v0.26.3 by @​bot-go-openapi[bot] in #​260 ...
• fix(ci): monitor - work around dependabot identity requirements by @​fredbi ...
• fix(ci): updated shared ci worflows (fix monitor-bot identity) by @​fredbi ...
• fix(ci): updated shared ci worflows (fix monitor-bot permissions) by @​fredbi ...
• fix(ci): updated shared ci worflows (fix monitor-bot filter) by @​fredbi in #​259 ...
• ci: schedule bot PR monitoring by @​fredbi in #​257 ...

Updates

• build(deps): bump the other-dependencies group across 3 directories with 2 updates by @​dependabot[bot] in #​252 ...
• build(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 in the golang-org-dependencies group across 1 directory by @​dependabot[bot] in #​255 ...
• build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​256 ...
• build(deps): bump the development-dependencies group with 8 updates by @​dependabot[bot] in #​254 ...
• build(deps): bump golang.org/x/net from 0.53.0 to 0.54.0 in the golang-org-dependencies group across 1 directory by @​dependabot[bot] in #​253 ...
• build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​249 ...

---

People who contributed to this release

• @​fredbi

---

strfmt license terms

Per-module changes

---

enable/mongodb (0.26.3)

Miscellaneous tasks

• chore: prepare release v0.26.3 by @​bot-go-openapi[bot] in #​260 ...

Updates

• build(deps): bump the other-dependencies group across 3 directories with 2 updates by @​dependabot[bot] in #​252 ...

---

internal/testintegration (0.26.3)

Miscellaneous tasks

• chore: prepare release v0.26.3 by @​bot-go-openapi[bot] in #​260 ...

Updates

• build(deps): bump the other-dependencies group across 3 directories with 2 updates by @​dependabot[bot] in #​252 ...
• build(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 in the golang-org-dependencies group across 1 directory by @​dependabot[bot] in #​255 ...
• build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​256 ...
• build(deps): bump golang.org/x/net from 0.53.0 to 0.54.0 in the golang-org-dependencies group across 1 directory by @​dependabot[bot] in #​253 ...
• build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​249 ...

sigstore/rekor (github.com/sigstore/rekor)

v1.5.2

Compare Source

Changelog

• 759b98e alpine: Enforce max size limit on decompression (#​2831)
• c7e77ee Support restricting kinds on insertion (#​2814)
• a10818a fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#​2812)
• 8a2f3a2 add checks to ensure returned entries match client inputs to rekor-cli (#​2799)
• 0e88bac add nil pointer check to resolve fuzzing crash (#​2807)
• 93da954 client: surface last-response details after retries are exhausted (#​2796)
• 4d67ecd Fix internal error detail leakage in 500 responses (#​2801)
• b34ca94 add defensive check to ensure tid is in config ahead of getting client (#​2795)
• 656c832 restapi: include inactiveShards in the homepage total count (#​2797)

Thanks for all contributors!

sigstore/sigstore (github.com/sigstore/sigstore)

v1.10.8

Compare Source

What's Changed

• Support standard PKCS#8 encrypted private key decryption in #​2333

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

Compare Source

What's Changed

• add functional options to DSSE to improve memory usage, validation in #​2326
• Extend PEM private key unmarshalling to support legacy format in #​2332

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

sigstore/timestamp-authority (github.com/sigstore/timestamp-authority/v2)

v2.1.0

Compare Source

What's Changed

• Bound path and HTTP method metric label cardinality to prevent OOM in #​1374
• Fix spec violations in policy, EKU, and hash verification in #​1375

Full Changelog: sigstore/timestamp-authority@v2.0.6...v2.1.0

theupdateframework/go-tuf (github.com/theupdateframework/go-tuf)

v2.4.2

Compare Source

What's Changed

• Do not allow empty hashes for the Target role by @​rdimitrov in #​721
• Decouple CI Go version from module minimum by @​rdimitrov in #​726
• chore(deps): bump github.com/sigstore/sigstore from 1.10.4 to 1.10.5 by @​dependabot[bot] in #​727
• chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.10.0 to 0.11.0 by @​dependabot[bot] in #​729
• Fix log line to not be fmt-styled by @​abayer in #​730
• chore(deps): bump github.com/sigstore/sigstore from 1.10.5 to 1.10.6 by @​dependabot[bot] in #​732
• Fix threshold counting for duplicate public keys by @​rdimitrov in #​733

New Contributors

• @​abayer made their first contribution in #​730

Full Changelog: theupdateframework/go-tuf@v2.4.1...v2.4.2

v2.4.1

Compare Source

What's Changed

• chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 by @​dependabot[bot] in #​718
• Enforce a stricter validation on the repo name for TAP 4 by @​rdimitrov in #​720

Full Changelog: theupdateframework/go-tuf@v2.4.0...v2.4.1

v2.4.0

Compare Source

What's Changed

• Add BitLength validation for SuccinctRoles by @​rdimitrov in #​716
• Add thread safety documentation for key types by @​rdimitrov in #​715
• Use restrictive permissions (0700) for cache directories by @​rdimitrov in #​714
• Breaking change: Replace panic with error return in Key.ID() by @​rdimitrov in #​713

Full Changelog: theupdateframework/go-tuf@v2.3.1...v2.4.0

v2.3.1

Compare Source

What's Changed

• chore(deps): bump golang.org/x/crypto from 0.40.0 to 0.45.0 by @​dependabot[bot] in #​702
• Resolve govulncheck errors by bumping go to 1.24.11 by @​rdimitrov in #​707
• chore(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by @​dependabot[bot] in #​704
• modern go (1.20+) improvements by @​udf2457 in #​705
• chore(deps): bump github.com/sigstore/sigstore from 1.9.5 to 1.10.3 by @​dependabot[bot] in #​706
• chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.9.1 to 0.10.0 by @​dependabot[bot] in #​708
• Perform type assertion by @​kommendorkapten in #​710
• Add tests for failing type assertions by @​rdimitrov in #​711
• Verify threshold is valid by @​kommendorkapten in #​712

Full Changelog: theupdateframework/go-tuf@v2.3.0...v2.3.1

v2.3.0

Compare Source

What's Changed

• Update the config for govulncheck by @​rdimitrov in #​697
• Bump Go to 1.24.9 by @​rdimitrov in #​698

Full Changelog: theupdateframework/go-tuf@v2.2.0...v2.3.0

v2.2.0

Compare Source

What's Changed

• fix: treat http 403 as an updater error by @​MDr164 in #​687
• chore(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.7 by @​dependabot[bot] in #​646
• chore(deps): bump github.com/cenkalti/backoff/v5 from 5.0.2 to 5.0.3 by @​dependabot[bot] in #​690
• chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.9.0 to 0.9.1 by @​dependabot[bot] in #​691
• chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @​dependabot[bot] in #​692
• chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @​dependabot[bot] in #​693
• chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by @​dependabot[bot] in #​694

Full Changelog: theupdateframework/go-tuf@v2.1.1...v2.2.0

v2.1.1

Compare Source

What's Changed

Fixed a regression that can fail clients using the DefaultFetcher{} directly without using the constructor.

• Set a default HTTP client for DefaultFetcher in DownloadFile method if none is set by @​malancas in #​686

Full Changelog: theupdateframework/go-tuf@v2.1.0...v2.1.1

v2.1.0

Compare Source

What's Changed

• Move the repository package under examples/repository by @​rdimitrov in #​656
• docs: Joshua retiring as a maintainer by @​joshuagl in #​657
• fix: multirepo potential nil pointer dereference by @​MrDan4es in #​658
• chore(deps): bump golang.org/x/crypto from 0.23.0 to 0.31.0 by @​dependabot in #​661
• chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @​dependabot in #​662
• chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.8.0 to 0.9.0 by @​dependabot in #​663
• Use the correct verifier for RSA PSS scheme keys by @​rdimitrov in #​625
• updater.go: replace os.WriteFile with file.Write() by @​udf2457 in #​669
• Remove readFile() and reverseSlice() in favour of stdlib by @​udf2457 in #​671
• updater.go: replace url.QueryEscape() with url.PathEscape() by @​udf2457 in #​675
• Bump Go to 1.22 by @​rdimitrov in #​677
• chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @​dependabot in #​679
• chore: make function comment match function name by @​suchsoon in #​680
• Update README.md by @​trishankatdatadog in #​681
• chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.35.0 by @​dependabot in #​683
• Allow users to configure custom http.Client or http.RoundTripper in DefaultFetcher by @​malancas in #​682
• Allow users to configure retry behavior in DefaultFetcher by @​malancas in #​684
• Added back timeout to the fetcher DownloadFile method to avoid a breaking change. by @​kommendorkapten in #​685

New Contributors

• @​MrDan4es made their first contribution in #​658
• @​suchsoon made their first contribution in #​680

Full Changelog: theupdateframework/go-tuf@v2.0.2...v2.1.0

v2.0.2

Compare Source

What's Changed

• Error in case the delegated role is missing from the snapshot by @​rdimitrov in #​652

Full Changelog: theupdateframework/go-tuf@v2.0.1...v2.0.2

v2.0.1

Compare Source

What's Changed

Security

• Fix incorrect delegation lookups that can make go-tuf download the wrong artifact by @​rdimitrov (Thanks to @​AdamKorcz for reporting it). This fixes CVE-2024-47534 GHSA-4f8r-qqr9-fq8j

Other

• Update MAINTAINERS.md by @​trishankatdatadog in #​647
• Update the staging TUF repo in the multi-repo example by @​rdimitrov in #​650
• Fix branch name in multi-repo client example by @​rdimitrov in #​651

Full Changelog: theupdateframework/go-tuf@v2.0.0...v2.0.1

v2.0.0

Compare Source

Breaking changes

• This is the first release of go-tuf v2 and it's a complete re-write indicated by the new major version.
• We also decided to leave go-tuf as a library only.

What's Changed

• chore: fixes the CI status badge and updates the README.md file by @​rdimitrov in #​569
• chore(deps): bump securesystemslib from 0.30.0 to 0.31.0 by @​dependabot in #​570
• docs: add Marvin Drees to the list of go-tuf maintainers by @​rdimitrov in #​571
• chore(deps): bump actions/setup-python from 4.7.1 to 5.0.0 by @​dependabot in #​572
• chore: enable grouping of minor and patch updates. by @​kommendorkapten in #​580
• fix: update tests.yml bumping golangci-lint by @​rdimitrov in #​582
• chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @​dependabot in #​573
• chore(deps): bump github/codeql-action from 2 to 3 by @​dependabot in #​574
• chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @​dependabot in #​575
• chore(deps): bump golang.org/x/term from 0.15.0 to 0.16.0 by @​dependabot in #​577
• chore(deps): bump the minor-patch group with 2 updates by @​dependabot in #​581
• feat!: move rdimitrov/go-tuf-metadata to github.com/theupdateframework/go-tuf/v2 by @​rdimitrov in #​583
• Update license from BSD-2-Clause to Apache-2.0 by @​rdimitrov in #​585
• chore(deps): bump github.com/sigstore/sigstore from 1.8.0 to 1.8.1 by @​dependabot in #​584
• Replace main with master in workflows by @​kipz in #​587
• Do not pin to minor Go versions in go.mod by @​rdimitrov in #​588
• Fixes for windows & enable in CI by @​kipz in #​586
• Bring back SECURITY.md by @​trishankatdatadog in #​591
• remove dependency on golang.org/x/exp by @​mikedanese in #​600
• Refactor errors to use pointer receivers by @​codysoyland in #​602
• move testutils under an ./internal/ directory by @​mikedanese in #​601
• Enable macos and windows runners for examples.yml and tests.yml by @​rdimitrov in #​604
• Do not run CI for all Go versions and use caching by @​rdimitrov in #​606
• chore(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 by @​dependabot in #​610
• Don't rename unless file is in same dir by @​jonnystoten in #​603
• Use filepath.Join when combining filesystem components by @​kommendorkapten in #​611
• Always use forward slash when splitting target names by @​kommendorkapten in #​612
• chore(deps): bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 by @​dependabot in #​614
• chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @​dependabot in #​615
• chore(deps): use stdlib ed25519 instead of x by @​MDr164 in #​620
• chore(deps): bump golang.org/x/crypto from 0.20.0 to 0.21.0 by @​dependabot in #​621
• chore(ci): bump action hashes by @​MDr164 in #​618
• chore(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by @​dependabot in #​622
• Silence govulncheck by @​MDr164 in #​619
• feat: replace logrus in sim with slog by @​MDr164 in #​617
• repository_simulator_setup.go: Use filepath.Join() instead of concatenation by @​udf2457 in #​624
• Fixes README references from rdimitrov/go-tuf-metadata to theupdateframework/go-tuf by @​rdimitrov in #​626
• fix: use SHA384 for ECDSA P384 by @​mrjoelkamp in #​629
• chore(deps): bump github.com/sigstore/sigstore from 1.8.2 to 1.8.3 by @​dependabot in #​627
• Remove nil error from being printed in "persist metadata" error message by @​malancas in #​633
• fix: deep targets file path by @​mrjoelkamp in #​632
• feat: add missing CODEOWNERS and MAINTAINERS file by @​MDr164 in #​635
• Update MAINTAINERS by @​trishankatdatadog in #​636
• chore(deps): bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 by [@​dependabot](https://redir

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.