Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Config Migration Needed

• Select this checkbox to let Renovate create an automated Config Migration PR.

Repository problems

These problems occurred while renovating this repository. View logs.

• WARN: Found renovate config warnings

Warning

These dependencies are deprecated:

Datasource	Name	Replacement PR?
npm	@types/uuid

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update dependency @faker-js/faker to v10
• chore(deps): update dependency @types/uuid to v11
• chore(deps): update dependency jsdom to v27
• chore(deps): update github actions all dependencies (major) (actions/github-script, actions/setup-node)
• fix(deps): update dependency uuid to v13
• fix(deps): update dependency zod to v4
• chore(deps): lock file maintenance
• 🔐 Create all rate-limited PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update dependency vite to v7.0.7 [security]
• chore(deps): update dependency axios to v1.12.0 [security]
• chore(deps): update github actions all dependencies (aquasecurity/trivy-action, bcgov/action-builder-ghcr, bcgov/action-oc-runner, bcgov/action-test-and-analyse)
• fix(deps): update all non-major dependencies (@vue/tsconfig, prisma-mock, registry.access.redhat.com/ubi9/ubi, typescript)
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• chore(deps): update jest monorepo to v30 (major) (@types/jest, jest)

Detected dependencies

docker-compose

docker-compose.yml

• postgres 17
• flyway/flyway 10-alpine

dockerfile

admin-frontend/Dockerfile

• node 22-alpine
• caddy 2.10-alpine

backend-external/Dockerfile

• node 22-bullseye-slim
• node 22-bullseye-slim

backend/db/Dockerfile

• flyway/flyway 10-alpine

backend/Dockerfile

• node 22-bullseye-slim
• node 22-bullseye-slim

clamav-service/clamav/Dockerfile

• registry.access.redhat.com/ubi9/ubi 9.6-1752625787

clamav-service/Dockerfile

• node 22-bullseye-slim
• node 22-bullseye-slim

doc-gen-service/Dockerfile

• node 22-alpine

frontend/Dockerfile

• node 22-alpine
• caddy 2.10-alpine

maintenance/Dockerfile

• caddy 2.10-alpine

github-actions

.github/workflows/.build.yml

• actions/checkout v5
• bcgov/action-builder-ghcr v4.0.0
• ubuntu 24.04

.github/workflows/.deploy.yml

• actions/checkout v5
• bcgov/action-oc-runner v1.2.3@10033668ef4374d9bb78149faa73e4ccda0e93dd
• ubuntu 24.04

.github/workflows/.e2e-admin.yml

• actions/checkout v5
• actions/setup-node v4
• actions/upload-artifact v4
• ubuntu 24.04
• node 22

.github/workflows/.e2e-visual.yml

• actions/checkout v5
• actions/setup-node v4
• actions/upload-artifact v4
• ubuntu 24.04
• node 22

.github/workflows/.e2e.yml

• actions/checkout v5
• actions/setup-node v4
• actions/upload-artifact v4
• ubuntu 24.04
• node 22

.github/workflows/.integration.yml

• actions/checkout v5
• actions/setup-node v4
• ubuntu 24.04
• node 22

.github/workflows/analysis.yml

• bcgov/action-test-and-analyse v1.3.0
• actions/checkout v5
• aquasecurity/trivy-action 0.32.0
• github/codeql-action v3
• ubuntu 24.04
• ubuntu 24.04
• ubuntu 24.04

.github/workflows/auto-approve-renovate.yaml

• actions/github-script v7
• hmarr/auto-approve-action v3
• actions-ecosystem/action-add-labels v1

.github/workflows/build-deploy-clamav-to-tools.yml

• actions/checkout v5
• bcgov/action-builder-ghcr v4.0.0
• actions/checkout v5
• bcgov/action-oc-runner v1.2.3@10033668ef4374d9bb78149faa73e4ccda0e93dd
• ubuntu 24.04
• ubuntu 24.04

.github/workflows/cd-to-prod-on-workflow-dispatch.yml

• shrink/actions-docker-registry-tag v4
• zaproxy/action-full-scan v0.12.0
• ubuntu 24.04
• ubuntu 24.04

.github/workflows/cd-to-test-on-workflow-dispatch.yml

• shrink/actions-docker-registry-tag v4
• ubuntu 24.04

.github/workflows/ci_cd_on_pr_hotfix.yml

• actions/checkout v5
• ubuntu 24.04

.github/workflows/cleanup_tag_hotfix-pr-close.yml

• bcgov/action-oc-runner v1.2.3@10033668ef4374d9bb78149faa73e4ccda0e93dd
• actions/checkout v5
• actions/checkout v5
• shrink/actions-docker-registry-tag v4
• ubuntu 24.04
• ubuntu 24.04
• ubuntu 24.04

.github/workflows/cleanup-on-pr-close.yml

• bcgov/action-oc-runner v1.2.3@10033668ef4374d9bb78149faa73e4ccda0e93dd
• ubuntu 24.04

.github/workflows/codeql.yml

• actions/checkout v5
• github/codeql-action v3
• github/codeql-action v3

.github/workflows/maintenance.yml

• bcgov/action-oc-runner v1.2.3@10033668ef4374d9bb78149faa73e4ccda0e93dd
• bcgov/action-oc-runner v1.2.3@10033668ef4374d9bb78149faa73e4ccda0e93dd
• ubuntu 24.04
• ubuntu 24.04

.github/workflows/merge.yml

• bcgov/action-get-pr v0.0.1
• actions/checkout v5
• github/codeql-action v3
• github/codeql-action v3
• github/codeql-action v3
• actions/checkout v5
• TriPSs/conventional-changelog-action v6
• shrink/actions-docker-registry-tag v4
• ubuntu 24.04
• ubuntu 24.04
• ubuntu 24.04
• ubuntu 24.04

.github/workflows/pr-validate.yml

• bcgov/quickstart-openshift-helpers v1.0.0
• ubuntu 24.04

.github/workflows/scheduled.yml

• zaproxy/action-full-scan v0.12.0
• ubuntu 24.04

.github/workflows/schemaspy.yml

• actions/checkout v5
• joshuaavalon/flyway-action v3.0.0
• JamesIves/github-pages-deploy-action v4
• ubuntu 24.04

.github/workflows/sysdig.yml

• actions/checkout v5
• bcgov/action-oc-runner v1.2.3@10033668ef4374d9bb78149faa73e4ccda0e93dd
• ubuntu 24.04

helm-values

charts/fin-pay-transparency/values.yaml

clamav-service/charts/clamav-service/values.yaml

helmv3

charts/fin-pay-transparency/Chart.yaml

npm

admin-frontend/package.json

• @bcgov/bc-sans ^2.1.0
• @braintree/sanitize-url ^7.0.0
• @fortawesome/fontawesome-free ^7.0.0
• @js-joda/core ^5.6.1
• @js-joda/locale ^4.8.12
• @js-joda/locale_en ^4.8.11
• @mdi/font ^7.1.96
• @types/papaparse ^5.3.14
• @vee-validate/zod ^4.13.2
• @vue/tsconfig ^0.7.0
• @vuepic/vue-datepicker ^11.0.0
• axios ^1.6.7
• dotenv ^17.2.0
• file-saver ^2.0.5
• otplib ^12.0.1
• papaparse ^5.4.1
• pinia ^3.0.0
• powerbi-client ^2.23.1
• powerbi-client-vue-js ^1.1.1
• quill ^2.0.2
• regenerator-runtime ^0.14.0
• resize-observer-polyfill ^1.5.1
• rfdc ^1.3.0
• sass ^1.58.3
• tiny-emitter ^2.1.0
• uuid ^11.0.0
• v-viewer ^3.0.11
• vee-validate ^4.13.1
• vue ^3.3.13
• vue-dompurify-html ^5.2.0
• vue-meta ^3.0.0-alpha.10
• vue-router ^4.2.5
• vuetify ^3.6.9
• zod ^3.23.8
• @eslint/js ^9.17.0
• @faker-js/faker ^9.0.0
• @pinia/testing ^1.0.0
• @playwright/test ^1.43.1
• @testing-library/jest-dom ^6.4.2
• @testing-library/user-event ^14.5.2
• @testing-library/vue ^8.0.2
• @types/file-saver ^2.0.7
• @types/node ^22.0.0
• @types/uuid ^10.0.0
• @vitejs/plugin-vue ^6.0.1
• @vitest/coverage-v8 ^3.2.4
• @vitest/ui ^3.2.4
• @vue/test-utils ^2.4.3
• axios-mock-adapter ^2.0.0
• eslint ^9.17.0
• eslint-config-prettier ^10.0.0
• eslint-plugin-vue ^10.0.0
• flush-promises ^1.0.2
• globals ^16.0.0
• jsdom ^26.0.0
• lodash ^4.17.21
• playwright ^1.43.1
• postcss ^8.4.32
• prettier ^3.1.1
• stylus ^0.64.0
• stylus-loader ^8.0.0
• typescript-eslint ^8.31.0
• vite ^7.0.6
• vitest ^3.2.4
• vue-template-compiler ^2.7.15
• node >= 6.0.0
• npm >= 3.0.0
• axios 1.11.0

backend-external/package.json

• @js-joda/core ^5.6.2
• @js-joda/locale_en ^4.11.0
• axios ^1.6.7
• dotenv ^17.2.0
• express ^5.0.0
• express-prom-bundle ^8.0.0
• express-rate-limit ^8.0.0
• express-validator ^7.1.0
• helmet ^8.0.0
• http-status-codes ^2.3.0
• lodash ^4.17.21
• memory-cache ^0.2.0
• morgan ^1.10.0
• nconf ^0.13.0
• nocache ^4.0.0
• pg ^8.11.3
• prom-client ^15.1.0
• swagger-jsdoc ^6.2.8
• swagger-ui-express ^5.0.0
• winston ^3.11.0
• @eslint/js ^9.17.0
• @types/express ^5.0.0
• @types/jest ^29.5.11
• @types/lodash ^4.14.202
• @types/morgan ^1.9.9
• @types/node ^22.0.0
• @types/supertest ^6.0.2
• @types/swagger-jsdoc ^6.0.4
• eslint ^9.17.0
• eslint-config-prettier ^10.0.0
• eslint-plugin-jest ^29.0.1
• globals ^16.0.0
• jest ^30.0.5
• jest-badges ^0.1.3
• jest-sonar-reporter ^2.0.0
• lint-staged ^16.0.0
• mock-req-res ^1.2.1
• nodemon ^3.0.2
• prettier ^3.1.1
• supertest ^7.1.4
• ts-jest ^29.4.1
• ts-loader ^9.5.1
• ts-node ^10.9.2
• typescript 5.8.3
• typescript-eslint ^8.31.0

backend/package.json

• @aws-sdk/client-s3 ^3.631.0
• @azure/msal-node ^3.6.0
• @js-joda/core ^5.6.1
• @js-joda/locale_en ^4.8.11
• @js-joda/timezone ^2.21.1
• @prisma/client ^6.13.0
• @prisma/extension-read-replicas ^0.4.1
• @types/express-form-data ^2.0.5
• advisory-lock ^2.0.0
• async-retry ^1.3.3
• axios ^1.6.2
• axios-oauth-client ^2.0.4
• axios-token-interceptor ^0.2.0
• body-parser ^2.2.0
• cron ^4.3.0
• csv-parse ^6.0.0
• dotenv ^17.2.0
• easy-soap-request ^5.5.0
• express ^5.0.0
• express-form-data ^3.0.0
• express-prom-bundle ^8.0.0
• express-rate-limit ^8.0.0
• express-session ^1.17.3
• express-validator ^7.0.1
• fast-safe-stringify ^2.1.1
• helmet ^8.0.0
• http-status-codes ^2.3.0
• jsonwebtoken ^9.0.2
• lodash ^4.17.21
• memory-cache ^0.2.0
• morgan ^1.10.0
• nconf ^0.13.0
• nocache ^4.0.0
• node-html-parser ^7.0.0
• papaparse ^5.4.1
• passport ^0.7.0
• passport-jwt ^4.0.1
• passport-openidconnect-keycloak-idp ^0.1.6
• pg ^8.11.3
• prom-client ^15.1.0
• reflect-metadata ^0.2.1
• session-file-store ^1.5.0
• uuid ^11.0.0
• wait-for-expect ^4.0.0
• winston ^3.11.0
• xml2js ^0.6.2
• zod ^3.23.8
• @eslint/js ^9.17.0
• @faker-js/faker ^9.0.0
• @types/async-retry ^1.4.8
• @types/axios-token-interceptor ^0.2.8
• @types/express ^5.0.0
• @types/express-session ^1.17.10
• @types/jest ^29.5.11
• @types/jsonwebtoken ^9.0.5
• @types/lodash ^4.17.7
• @types/morgan ^1.9.9
• @types/node ^22.0.0
• @types/passport ^1.0.16
• @types/passport-jwt ^4.0.0
• @types/session-file-store ^1.2.5
• @types/supertest ^6.0.2
• @types/uuid ^10.0.0
• copyfiles ^2.4.1
• eslint ^9.17.0
• eslint-config-prettier ^10.0.0
• eslint-plugin-jest ^29.0.1
• globals ^16.0.0
• jest ^29.7.0
• jest-badges ^0.1.3
• jest-sonar-reporter ^2.0.0
• lint-staged ^16.0.0
• mock-req-res ^1.2.1
• nodemon ^3.0.2
• prettier ^3.1.1
• prisma ^6.13.0
• prisma-mock ^0.11.1
• supertest ^7.1.4
• ts-jest ^29.4.1
• ts-loader ^9.5.1
• ts-node ^10.9.2
• typescript 5.8.3
• typescript-eslint ^8.31.0

clamav-service/package.json

• clamscan ^2.3.1
• dotenv ^17.2.0
• express ^5.0.0
• express-form-data ^3.0.0
• express-prom-bundle ^8.0.0
• express-rate-limit ^8.0.0
• express-validator ^7.1.0
• helmet ^8.0.0
• http-status-codes ^2.3.0
• morgan ^1.10.0
• nconf ^0.13.0
• winston ^3.14.2
• @eslint/js ^9.17.0
• @types/clamscan ^2.0.8
• @types/express ^5.0.0
• @types/express-form-data ^2.0.5
• @types/morgan ^1.9.9
• @types/nconf ^0.10.7
• @types/node ^22.0.0
• eslint ^9.17.0
• globals ^16.0.0
• nodemon ^3.0.2
• ts-loader ^9.0.0
• ts-node ^10.9.2
• typescript 5.8.3
• typescript-eslint ^8.31.0

doc-gen-service/package.json

• @bcgov/bc-sans ^2.1.0
• compression ^1.7.4
• d3 ^7.8.5
• dotenv ^17.2.0
• ejs ^3.1.9
• express ^5.0.0
• express-prom-bundle ^8.0.0
• express-rate-limit ^8.0.0
• helmet ^8.0.0
• lodash ^4.17.21
• morgan ^1.10.0
• nconf ^0.13.0
• nocache ^4.0.0
• puppeteer ^24.4.0
• winston ^3.11.0
• @eslint/js ^9.17.0
• @types/compression ^1.7.5
• @types/d3 ^7.4.3
• @types/ejs ^3.1.5
• @types/express ^5.0.0
• @types/jest ^29.5.11
• @types/lodash ^4.14.202
• @types/morgan ^1.9.9
• @types/nconf ^0.10.6
• @types/node ^22.0.0
• @types/supertest ^6.0.2
• copyfiles ^2.4.1
• eslint ^9.17.0
• eslint-config-prettier ^10.0.0
• eslint-plugin-jest ^29.0.1
• globals ^16.0.0
• jest ^30.0.5
• jest-badges ^0.1.3
• jest-sonar-reporter ^2.0.0
• lint-staged ^16.0.0
• mock-req-res ^1.2.1
• nodemon ^3.0.2
• prettier ^3.1.1
• supertest ^7.1.4
• ts-jest ^29.4.1
• ts-loader ^9.5.1
• ts-node ^10.4.0
• typescript ^5.3.3
• typescript-eslint ^8.31.0
• wait-for-expect ^4.0.0

frontend/package.json

• @bcgov/bc-sans ^2.1.0
• @braintree/sanitize-url ^7.0.0
• @fortawesome/fontawesome-free ^7.0.0
• @js-joda/core ^5.6.1
• @js-joda/locale ^4.8.12
• @js-joda/locale_en ^4.8.11
• @mdi/font ^7.1.96
• @types/papaparse ^5.3.14
• @vue/tsconfig ^0.7.0
• axios ^1.6.7
• dotenv ^17.2.0
• file-saver ^2.0.5
• papaparse ^5.4.1
• pinia ^3.0.0
• quill ^2.0.2
• regenerator-runtime ^0.14.0
• rfdc ^1.3.0
• sass ^1.58.3
• tiny-emitter ^2.1.0
• uuid ^11.0.0
• v-viewer ^3.0.11
• vue ^3.3.13
• vue-dompurify-html ^5.2.0
• vue-meta ^3.0.0-alpha.10
• vue-router ^4.2.5
• vuetify ^3.4.7
• @eslint/js ^9.17.0
• @faker-js/faker ^9.3.0
• @pinia/testing ^1.0.0
• @playwright/test ^1.43.1
• @testing-library/jest-dom ^6.4.2
• @testing-library/vue ^8.0.2
• @types/file-saver ^2.0.7
• @types/node ^22.0.0
• @vitejs/plugin-vue ^6.0.1
• @vitest/coverage-v8 ^3.2.4
• @vitest/ui ^3.2.4
• @vue/test-utils ^2.4.3
• axios-mock-adapter ^2.0.0
• eslint ^9.17.0
• eslint-config-prettier ^10.0.0
• eslint-plugin-vue ^10.0.0
• flush-promises ^1.0.2
• globals ^16.0.0
• jsdom ^26.0.0
• lodash ^4.17.21
• playwright ^1.43.1
• postcss ^8.4.32
• prettier ^3.1.1
• resize-observer-polyfill ^1.5.1
• stylus ^0.64.0
• stylus-loader ^8.0.0
• typescript-eslint ^8.31.0
• vite ^7.0.6
• vitest ^3.2.4
• vue-template-compiler ^2.7.15
• node >= 6.0.0
• npm >= 3.0.0
• axios 1.11.0

---

• Check this box to trigger a request for Renovate to run again on this repository