Skip to content

chore: Allows dependabot to update indirect go dependencies#1596

Merged
EspenAlbert merged 1 commit intomasterfrom
dependabot-go-indirect-dependencies
Feb 24, 2026
Merged

chore: Allows dependabot to update indirect go dependencies#1596
EspenAlbert merged 1 commit intomasterfrom
dependabot-go-indirect-dependencies

Conversation

@EspenAlbert
Copy link
Copy Markdown
Contributor

@EspenAlbert EspenAlbert commented Feb 24, 2026
edited
Loading

Summary

  • Adds allow: - dependency-type: "all" to the gomod dependabot config
  • By default dependabot only updates direct go dependencies; this enables updates for indirect (transitive) dependencies to fix security warnings

References

@EspenAlbert @cursoragent
chore(deps): allow dependabot to update indirect go dependencies
55657da 
Co-authored-by: Cursor <cursoragent@cursor.com>
@EspenAlbert EspenAlbert requested a review from a team as a code owner February 24, 2026 09:30
Copilot AI review requested due to automatic review settings February 24, 2026 09:30
Copilot AI reviewed Feb 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Dependabot configuration to enable automatic updates for indirect (transitive) Go dependencies, in addition to the default direct dependencies. This helps ensure security vulnerabilities in the entire dependency tree can be addressed automatically.

Changes:

  • Added allow configuration with dependency-type: "all" to the gomod package ecosystem in .github/dependabot.yml

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@EspenAlbert EspenAlbert added this pull request to the merge queue Feb 24, 2026
Merged via the queue into master with commit 54f2f0f Feb 24, 2026
56 checks passed
@EspenAlbert EspenAlbert deleted the dependabot-go-indirect-dependencies branch February 24, 2026 09:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@manupedrozo manupedrozo manupedrozo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@EspenAlbert @manupedrozo