Renovate bot not identifying new tfsec versions
Summary
Currently the most recent MR created by the renovate bot for updating the tfsec/tfsec
dependency is https://repo1.dso.mil/dsop/opensource/tfsec/tfsec/-/merge_requests/22 from 7 months ago, which changed it from v0.61.3
to v0.62.0
.
The public upstream source for the tfsec/tfsec
docker image (https://hub.docker.com/r/tfsec/tfsec-scratch/tags) shows there are numerous newer versions available. This indicates that renovate isn't identifying there are later versions available, which will eventually result in obsolete software being used and likely a higher number of vulnerabilities.
Steps to reproduce
Issue is occurring whenever the renovate schedule is running against this repository and not creating an MR for updating tfsec/tfsec
.
What is the current bug behavior?
Renovate is not detecting newer versions of the tfsec/tfsec
dependency.
What is the expected correct behavior?
At this point in time, the renovate bot should have created an MR to update the tfsec/tfsec
dependency to v1.32.2-amd64
(assuming just building for x64 architecture).
Relevant logs and/or screenshots
The debug logs for the renovate runner schedule may provide some insight (I either cannot find the renovate runner repo, or don't have permissions to view it).
Possible fixes
My assumption is that renovate isn't identifying the new versions because they now have an architecture classifier included (i.e. -amd64
and -arm64v8
).
I'm not really familiar with the renovate configuration, but if this is the case one of the following may resolve the problem:
- Update the renovate configuration for this repo to include the classifier when searching for new versions of
tfsec/tfsec
- Manually increment the version of
tfsec/tfsec
to a newer version that includes the classifier (and perhaps renovate will work without changes based on the new version format?)
Tasks
-
Bug has been identified and corrected within the container