chore: Configure Renovate

[renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

📚 See our Reading List for relevant documentation you may be interested in reading.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

Detected Package Files

• .devcontainer/devcontainer.json (devcontainer)
• Dockerfile (dockerfile)
• docker/s3fs/Dockerfile (dockerfile)
• .github/workflows/lint.yml (github-actions)
• .github/workflows/plugin-test.yml (github-actions)
• .github/workflows/publish-plugin.yml (github-actions)
• .github/workflows/publish.yml (github-actions)
• .github/workflows/test-e2e.yml (github-actions)
• .github/workflows/test.yml (github-actions)
• go.mod (gomod)
• config/manager/kustomization.yaml (kustomize)
• plugin/pyproject.toml (pep621)
• renovate.json (renovate-config-presets)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Hopefully safe environment variables to allow users to configure.
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
• Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
• Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
• Correctly link to the source code for golang.org/x packages
• Link to pkg.go.dev/... for golang.org/x packages' title
• Pin Docker digests.
• Pin github-action digests.
• Enable Renovate configuration migration PRs when needed.
• Pin dependency versions for development dependencies.
• Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
• Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.
• Run lock file maintenance (updates) early Monday mornings.
• Show OpenSSF badge on pull requests.
• Group all minor and patch updates together.

---

What to Expect

With your current configuration, Renovate will create 14 Pull Requests:

chore(deps): update dependency pytest to v9.0.3 [security]

• Branch name: renovate/pypi-pytest-vulnerability
• Merge into: main
• Upgrade pytest to 9.0.3

chore(deps): pin dependencies

• Schedule: ["before 5am on the first day of the month"]
• Branch name: renovate/digest-pins
• Merge into: main
• Upgrade alpine to sha256:d9e853e87e55526f6b2917df91a2115c36dd7c696a35be12163d44e6e2a4b6bc
• Upgrade gcr.io/distroless/static to sha256:e3f945647ffb95b5839c07038d64f9811adf17308b9121d8a2b87b6a22a80a39
• Upgrade ghcr.io/marimo-team/marimo-operator to sha256:a799b8eef160c2318992a3f11a5d4546426d5686b2b00b43a206690aac86927c
• Upgrade golang to sha256:d2d2bc1c84f7e60d7d2438a3836ae7d0c847f4888464e7ec9ba3a1339a1ee804
• Upgrade pypa/gh-action-pypi-publish to cef221092ed1bacb1cc03d23a2d87d1d172e277b

fix(deps): update all non-major dependencies

• Schedule: ["at any time"]
• Branch name: renovate/all-minor-patch
• Merge into: main
• Upgrade alpine to sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11
• Upgrade github.com/onsi/ginkgo/v2 to v2.28.1
• Upgrade github.com/onsi/gomega to v1.39.1
• Upgrade golang to sha256:5f3787b7f902c07c7ec4f3aa91a301a3eda8133aa32661a3b3a3a86ab3a68a36
• Upgrade golang to 1.26
• Upgrade golangci/golangci-lint to v2.11.4
• Upgrade k8s.io/api to v0.35.4
• Upgrade k8s.io/apimachinery to v0.35.4
• Upgrade k8s.io/client-go to v0.35.4
• Upgrade python to 3.14
• Upgrade sigs.k8s.io/controller-runtime to v0.23.3

chore(deps): update actions/checkout action to v6

• Schedule: ["at any time"]
• Branch name: renovate/actions-checkout-6.x
• Merge into: main
• Upgrade actions/checkout to de0fac2e4500dabe0009e67214ff5f5447ce83dd

chore(deps): update actions/setup-go action to v6

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-go-6.x
• Merge into: main
• Upgrade actions/setup-go to 4a3601121dd01d1626a1e23e37211e3254c1c06c

chore(deps): update actions/setup-python action to v6

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-python-6.x
• Merge into: main
• Upgrade actions/setup-python to a309ff8b426b58ec0e2a45f0f869d46889d02405

chore(deps): update astral-sh/setup-uv action to v7

• Schedule: ["at any time"]
• Branch name: renovate/astral-sh-setup-uv-7.x
• Merge into: main
• Upgrade astral-sh/setup-uv to 37802adc94f370d6bfd71619e3f0bf239e1f3b78

chore(deps): update docker/build-push-action action to v7

• Schedule: ["at any time"]
• Branch name: renovate/docker-build-push-action-7.x
• Merge into: main
• Upgrade docker/build-push-action to bcafcacb16a39f128d818304e6c9c0c18556b85f

chore(deps): update docker/login-action action to v4

• Schedule: ["at any time"]
• Branch name: renovate/docker-login-action-4.x
• Merge into: main
• Upgrade docker/login-action to 4907a6ddec9925e35a0a9e82d7399ccc52663121

chore(deps): update docker/metadata-action action to v6

• Schedule: ["at any time"]
• Branch name: renovate/docker-metadata-action-6.x
• Merge into: main
• Upgrade docker/metadata-action to 030e881283bb7a6894de51c315a6bfe6a94e05cf

chore(deps): update docker/setup-buildx-action action to v4

• Schedule: ["at any time"]
• Branch name: renovate/docker-setup-buildx-action-4.x
• Merge into: main
• Upgrade docker/setup-buildx-action to 4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd

chore(deps): update docker/setup-qemu-action action to v4

• Schedule: ["at any time"]
• Branch name: renovate/docker-setup-qemu-action-4.x
• Merge into: main
• Upgrade docker/setup-qemu-action to ce360397dd3f832beb865e1373c09c0e9f86d70a

chore(deps): update golangci/golangci-lint-action action to v9

• Schedule: ["at any time"]
• Branch name: renovate/golangci-golangci-lint-action-9.x
• Merge into: main
• Upgrade golangci/golangci-lint-action to 1e7e51e771db61008b38414a730f564565cf7c20

chore(deps): lock file maintenance

• Schedule: ["before 5am on the first day of the month"]
• Branch name: renovate/lock-file-maintenance
• Merge into: main
• Regenerate lock files to use latest dependency versions

🚸 PR creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prHourlyLimit for details.

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.