Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Repository Problems

These problems occurred while renovating this repository. View logs.

• ⚠️ WARN: Package lookup failures

Note

These dependencies have not received updates for an extended period and may be unmaintained:

View abandoned dependencies (3)

Datasource	Name	Last Updated
github-actions	pavelzw/pytest-action	2023-10-18
pep621	pytest-emoji	2019-02-19
pep621	pytest-md	2019-07-11

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release.
Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• Update actions/checkout digest to 8e8c483
• Update astral-sh/setup-uv digest to 681c641
• Update cgr.dev/chainguard/wolfi-base:latest Docker digest to 0d8efc7
• Update endersonmenezes/free-disk-space digest to e6ed9b0
• Update dependency pytest to >=9.0.2
• Update softprops/action-gh-release action to v2.5.0
• Update step-security/harden-runner action to v2.14.0
• Update dependency gradio-client to v2
• Update GitHub Artifact Actions (major) (actions/download-artifact, actions/upload-artifact)
• 🔐 Create all rate-limited PRs at once 🔐

Edited/Blocked

The following updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox below.

• Update mikefarah/yq action to v4.49.2
• Update dependency pytest-mergify to >=2025.12.1.1

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package pypa/gh-action-pypi-publish).

Files affected: .github/workflows/release.yaml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• Update docker/metadata-action digest to c299e40
• Update dependency ruff to >=0.14.9
• Update dependency ty to >=0.0.1a34
• Update dependency uv-build to >=0.9.17
• Update Python to >=3.14.2, <3.15
• Update dependency gradio to v6
• Update razorblade23/pycrucible-action action to v4
• Lock file maintenance
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Renovate has not found any CVEs on osv.dev.

Detected Dependencies

docker-compose (1)

compose.yaml (1)

• ghcr.io/alphaspheredotai/vocalizr latest@sha256:df1f4fa0615ae3f34249454ddc3a74e3fd955332da507ff2c7d5373190037863

dockerfile (1)

Dockerfile (2)

• cgr.dev/chainguard/wolfi-base latest@sha256:42012fa027adc864efbb7cf68d9fc575ea45fe1b9fb0d16602e00438ce3901b1
• cgr.dev/chainguard/wolfi-base latest@sha256:42012fa027adc864efbb7cf68d9fc575ea45fe1b9fb0d16602e00438ce3901b1

github-actions (7)

.github/workflows/.docker.yaml (24)

• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• docker/login-action v3@5e57cd118135c172c3672efd75eb46360885c0ef
• docker/build-push-action v6@263435318d21b8e681c14492fe198d362a7d2c83
• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• endersonmenezes/free-disk-space v3@6c4664f43348c8c7011b53488d5ca65e9fc5cd1a
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• mikefarah/yq v4.49.1@45be35c06387d692bb6bf689919919e0e32e796f
• docker/login-action v3@5e57cd118135c172c3672efd75eb46360885c0ef
• docker/setup-qemu-action v3@c7c53464625b32c7a7e944ae62b3e17d2b600130
• docker/setup-buildx-action v3@e468171a9de216ec08956ac3ada2f0791b6bd435
• docker/metadata-action v5@318604b99e75e41977312d83839a89be02ca4893
• docker/build-push-action v6@263435318d21b8e681c14492fe198d362a7d2c83
• actions/attest-build-provenance v3@977bb373ede98d70efdf65b84cb5f73e068dcc2a
• peter-evans/dockerhub-description v5.0.0@1b9a80c056b620d92cedb9d9b5a223409c68ddfa
• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• docker/login-action v3@5e57cd118135c172c3672efd75eb46360885c0ef
• docker/scout-action v1@f8c776824083494ab0d56b8105ba2ca85c86e4de
• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• astral-sh/setup-uv v7@1e862dfacbd1d6d858c55d9b792c756523627244
• pavelzw/pytest-action v2@510c5e90c360a185039bea56ce8b3e7e51a16507
• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• snok/container-retention-policy v3.0.1@3b0972b2276b171b212f8c4efbca59ebba26eceb

.github/workflows/.lint.yaml (9)

• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• astral-sh/setup-uv v7@1e862dfacbd1d6d858c55d9b792c756523627244
• trunk-io/trunk-action v1@75699af9e26881e564e9d832ef7dc3af25ec031b
• stefanzweifel/git-auto-commit-action v7@28e16e81777b558cc906c8750092100bbb34c5e3
• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• astral-sh/setup-uv v7@1e862dfacbd1d6d858c55d9b792c756523627244
• trunk-io/trunk-action v1@75699af9e26881e564e9d832ef7dc3af25ec031b

.github/workflows/build.yaml (10)

• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• astral-sh/setup-uv v7@1e862dfacbd1d6d858c55d9b792c756523627244
• razorblade23/pycrucible-action v2@6a5ce925bc1b078000d5540f44ebea266fa95cbd
• actions/upload-artifact v5@330a01c490aca151604b8cf639adc76d48f6c5d4
• stefanzweifel/git-auto-commit-action v7@28e16e81777b558cc906c8750092100bbb34c5e3
• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• actions/download-artifact v6@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
• softprops/action-gh-release v2.4.2@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe

.github/workflows/ci_tools.yaml (6)

• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• trunk-io/trunk-action v1@75699af9e26881e564e9d832ef7dc3af25ec031b
• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• trunk-io/trunk-action v1@75699af9e26881e564e9d832ef7dc3af25ec031b

.github/workflows/release.yaml (3)

• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• robinraju/release-downloader v1@daf26c55d821e836577a15f77d86ddc078948b05
• pypa/gh-action-pypi-publish release/v1@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e

.github/workflows/test.yaml (4)

• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• tj-actions/changed-files v47@24d32ffd492484c1d75e0c0b894501ddb9d30d62
• astral-sh/setup-uv v7@1e862dfacbd1d6d858c55d9b792c756523627244

.github/workflows/version.yaml (5)

• step-security/harden-runner v2.13.2@95d9a5deda9de15063e7595e9719c11c38c90ae2
• actions/checkout v6@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
• astral-sh/setup-uv v7@1e862dfacbd1d6d858c55d9b792c756523627244
• mikefarah/yq v4.49.1@45be35c06387d692bb6bf689919919e0e32e796f
• stefanzweifel/git-auto-commit-action v7@28e16e81777b558cc906c8750092100bbb34c5e3

pep621 (1)

pyproject.toml (17)

• python >=3.12, <3.13
• gradio >=5.50.0
• kokoro >=0.9.4
• pip >=25.3
• pyfiglet >=1.0.4
• soundfile >=0.13.1
• gitpython >=3.1.45
• gradio-client >=2.0.0
• pycrucible >=0.3.9
• pytest-cov >=7.0.0
• pytest-emoji >=0.2.0
• pytest-md >=0.2.0
• pytest-mergify >=2025.11.19.1
• pytest >=9.0.1
• ruff >=0.14.6
• ty >=0.0.1a27
• uv-build >=0.9.11

---

• Check this box to trigger a request for Renovate to run again on this repository