Skip to content

Add Go modules "ecosystem" to Dependabot configuration #680

New issue
New issue
Open
Open
Add Go modules "ecosystem" to Dependabot configuration#680
Assignees
per1234
Labels
topic: infrastructureRelated to project infrastructuretype: enhancementProposed improvement
@per1234

Description

@per1234
per1234
opened on Nov 3, 2025

Describe the request

Once support is added to Dependabot for updating tool dependencies managed via the Go modules framework, add an entry for the Go modules "package ecosystem" to the project's Dependabot configuration file:

https://github.com/arduino/tooling-project-assets/blob/main/.github/dependabot.yml

🙂 Dependabot will submit pull requests for updates to the project's Go module-based tool dependencies.

Describe the current behavior

The Dependabot service is used to update the project dependencies. This service opens a pull request to update a dependency when a newer version becomes available.

Various tools are used to facilitate the development and maintenance of the project.

Most of these tools are built on one of the following popular software development frameworks:

  • Go
  • Node.js
  • Python

We use the package manager systems for each of those individual frameworks to manage the tool dependencies.

Dependabot supports updates of the Node.js-based tools (managed via npm), and the Python-based tools (managed via Poetry), and so entries for these "package ecosystems" are included in the project's Dependabot configuration file to cause it to facilitate the updates of the tool dependencies.

Unfortunately, although Dependabot does support updating standard code dependencies on Go modules, it does not currently support updates for tool dependencies (dependabot/dependabot-core#12050). Since the project doesn't have any code dependencies on Go modules, and since Dependabot is not usable for the tool dependencies, an entry for the Go modules "package ecosystem" has not been added to the project's Dependabot configuration file. These tool dependencies must be managed entirely manually.

Support for managing tool dependencies was added to the Go modules system relatively recently. It seems likely that support for updating Go module-managed tool dependencies will eventually be added to Dependabot.

Issue checklist

  • I searched for previous requests in the issue tracker
  • I verified the feature was still missing when using the latest nightly build
  • My request contains all necessary details

Metadata

Metadata

Assignees

Labels

topic: infrastructureRelated to project infrastructuretype: enhancementProposed improvement

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions