Dependency Dashboard

[renovate[bot]]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• [ ] Update dependency fakeredis to v2.20.0
• [ ] Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.10.4
• [ ] Update docker.io/clickhouse/clickhouse-server Docker tag to v23.10
• [ ] Update docker.io/postgres Docker tag to v13.12
• [ ] Update docker.io/python Docker tag to v3.12
• [ ] Update postgres Docker tag to v13.12
• [ ] Update actions/checkout action to v4
• [ ] Update actions/setup-node action to v4
• [ ] Update dependency pgcli to v4
• [ ] Update docker.io/postgres Docker tag to v16
• [ ] Update docker.io/redis Docker tag to v7
• [ ] Update postgres Docker tag to v16

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• [ ] Update docker.io/nginx Docker tag to v1.25.3

Detected dependencies

docker-compose

docker-compose.yml

- `docker.io/postgres 13.10-alpine` - `docker.io/postgres 13.10-alpine` - `docker.io/clickhouse/clickhouse-server 23.4-alpine` - `docker.io/redis 4.0.14` - `docker.elastic.co/elasticsearch/elasticsearch 8.8.2`

frontend/docker-compose.playwright.yml

dockerfile

api/Dockerfile

- `docker.io/nginx 1.25.2-alpine`

catalog/Dockerfile

docker/upstream_db/Dockerfile

- `postgres 13.10`

frontend/Dockerfile

frontend/Dockerfile.nginx

- `docker.io/nginx 1.25.2-alpine`

frontend/Dockerfile.playwright

ingestion_server/Dockerfile

utilities/load_testing/Dockerfile

- `docker.io/python 3.11-slim`

github-actions

.github/actions/get-changes/action.yml

- `actions/checkout v3` - `dorny/paths-filter v2`

.github/actions/load-img/action.yml

- `actions/checkout v3` - `actions/github-script v6`

.github/actions/setup-env/action.yml

- `extractions/setup-just v1` - `actions/setup-python v4` - `pnpm/action-setup v2` - `actions/setup-node v3`

.github/workflows/actionlint.yml

- `actions/checkout v4`

.github/workflows/bundle_size.yml

- `actions/checkout v4` - `actions/checkout v4` - `preactjs/compressed-size-action 2.5.0` - `actions/checkout v4`

.github/workflows/ci_cd.yml

- `actions/checkout v4` - `actions/checkout v4` - `actions/checkout v4` - `actions/cache v3` - `actions/github-script v6` - `actions/checkout v4` - `docker/setup-buildx-action v3` - `docker/build-push-action v5` - `actions/upload-artifact v3` - `actions/checkout v4` - `actions/checkout v4` - `actions/checkout v4` - `actions/upload-artifact v3` - `actions/checkout v4` - `actions/upload-artifact v3` - `actions/checkout v4` - `actions/upload-artifact v3` - `actions/checkout v4` - `actions/checkout v4` - `actions/checkout v4` - `actions/checkout v4` - `actions/upload-artifact v3` - `peter-evans/find-comment v2` - `actions/github-script v6` - `peter-evans/create-or-update-comment v3` - `actions/checkout v4` - `actions/upload-artifact v3` - `actions/download-artifact v3` - `actions/checkout v4` - `actions/checkout v4` - `peaceiris/actions-gh-pages v3` - `peter-evans/find-comment v2` - `peter-evans/create-or-update-comment v3` - `actions/checkout v4` - `actions/checkout v4` - `docker/login-action v3` - `actions/checkout v4` - `felixp8/dispatch-and-wait v0.1.0` - `actions/checkout v4` - `felixp8/dispatch-and-wait v0.1.0` - `felixp8/dispatch-and-wait v0.1.0` - `actions/checkout v4` - `slackapi/slack-github-action v1.24.0`

.github/workflows/discussion_ping.yml

.github/workflows/generate_pot.yml

- `actions/checkout v4` - `actions/checkout v4` - `actions/checkout v4`

.github/workflows/label_new_pr.yml

- `felixp8/dispatch-and-wait v0.1.0` - `actions/checkout v4` - `actions-ecosystem/action-add-labels v1`

.github/workflows/label_pr.yml

- `actions/checkout v4`

.github/workflows/label_sync.yml

- `actions/checkout v4`

.github/workflows/migration_safety_warning.yml

- `actions/checkout v4` - `peter-evans/find-comment v2` - `actions/github-script v6` - `peter-evans/create-or-update-comment v3` - `banyan/auto-label 1.2`

.github/workflows/new_issues.yml

- `bulatt3/add-to-project-and-label v0.0.2`

.github/workflows/pr_closed.yml

- `actions/checkout v4`

.github/workflows/pr_label_check.yml

- `actions/checkout v4` - `agilepathway/pull-request-label-checker v1.6.3` - `agilepathway/pull-request-label-checker v1.6.3` - `agilepathway/pull-request-label-checker v1.6.3` - `agilepathway/pull-request-label-checker v1.6.3`

.github/workflows/pr_limit_reminders.yml

- `actions/checkout v4` - `actions/github-script v6`

.github/workflows/pr_ping.yml

.github/workflows/project_thread_update_reminders.yml

- `actions/checkout v4` - `actions/github-script v6`

.github/workflows/push_docker_image.yml

- `docker/login-action v3` - `dawidd6/action-download-artifact v2`

.github/workflows/release-app.yml

- `actions/checkout v4` - `actions/github-script v6` - `docker/login-action v3` - `felixp8/dispatch-and-wait v0.1.0` - `felixp8/dispatch-and-wait v0.1.0` - `release-drafter/release-drafter v5` - `actions/cache v3` - `peter-evans/create-pull-request v5`

.github/workflows/renovate.yml

- `actions/checkout v4` - `renovatebot/github-action v39.1.1`

.github/workflows/subscribe_to_label.yml

- `bytecodealliance/subscribe-to-label-action v1`

.github/workflows/sync_meta.yml

- `actions/checkout v4` - `BetaHuhn/repo-file-sync-action v1`

.github/workflows/weekly_updates.yml

- `actions/checkout v4`

pip_requirements

archive/requirements.txt

pipenv

api/Pipfile

- `aiohttp ~=3.8` - `aws-requests-auth ~=0.4` - `deepdiff ~=6.4` - `Django ~=4.2` - `django-cors-headers ~=4.2` - `django-log-request-id ~=2.0` - `django-oauth-toolkit ~=2.3` - `django-redis ~=5.4` - `django-tqdm ~=1.3` - `django-uuslug ~=2.0` - `djangorestframework ~=3.14` - `elasticsearch ==8.10.1` - `elasticsearch-dsl ~=8.9` - `future ~=0.18` - `gunicorn ~=21.2` - `limit ~=0.2` - `Pillow ~=10.1.0` - `python-decouple ~=3.8` - `python-xmp-toolkit ~=2.0` - `sentry-sdk ~=1.30` - `uvloop ~=0.17` - `psycopg ~=3.1` - `factory-boy ~=3.2` - `fakeredis ==2.19.0` - `ipython ~=8.17` - `pycodestyle ~=2.10` - `pytest ~=7.4` - `pytest-django ~=4.6` - `pytest-raises ~=0.11` - `remote-pdb ~=2.1` - `pgcli ~=3.5` - `freezegun ~=1.2.2` - `pytest-sugar ~=0.9`

automations/python/Pipfile

documentation/Pipfile

- `sphinx ~=7.2` - `sphinx-autobuild ~=2021.3` - `sphinx-copybutton ~=0.5` - `sphinx-reredirects ~=0.1` - `sphinx-notfound-page ~=1.0` - `furo >=2023.8.19` - `myst-parser ~=2.0` - `sphinxcontrib-mermaid ~=0.9`

ingestion_server/Pipfile

- `aws-requests-auth ~=0.4` - `boto3 ~=1.28` - `bottle ~=0.12` - `elasticsearch ==8.10.1` - `elasticsearch-dsl ~=8.9` - `falcon ~=3.1` - `filelock ~=3.13` - `gunicorn ~=21.2` - `jsonschema ~=4.19` - `psycopg2 ~=2.9` - `python-decouple ~=3.8` - `PyYAML ~=6.0` - `tldextract ~=5.0` - `ipython ~=8.16` - `pytest ~=7.4` - `pytest-order ~=1.1` - `pytest-sugar ~=0.9` - `remote-pdb ~=2.1` - `pook ~=1.0`

utilities/dead_links/Pipfile

utilities/provider_tallies/Pipfile

---

• [ ] Check this box to trigger a request for Renovate to run again on this repository

[sarayourfriend]

I'm not sure whether we should pin dependencies in package.json as described by the renovate docs. The trade-off of shipping a bigger bundle is a bad one to me!

Maybe for development dependencies we could do so, but for runtime (and some build dependencies I'm imagining) it seems like something that would increase our bundle sizes.

At the very least, before we do that, it'd be nice to have visibility into the bundle sizes (both for this and generally). I opened WordPress/openverse-frontend#567 a while ago to explore adding automation for it in PRs. Maybe the openverse-bot would make that easier.

cc @WordPress/openverse-frontend

[zackkrida]

@sarayourfriend why would the bundle size increase, something with multiple versions of subdeps or something?

[sarayourfriend]

Yes, exactly.

[sarayourfriend]

Superceded by https://github.com/WordPress/openverse/issues/255