New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
go.mod: Do not remove other dependencies #3300
Comments
Thanks @mdreizin, I guess this happens because we run We actually already create such a file if no I think if you commit the file you mention to the repo, that would also work. Another option would be to make |
@jurre Thank you for the instant reply. I am going to use that temporary workaround, but it would be nice to have that approach out of the box. |
Please keep the current default of running |
Closing, as I don't see us moving away from executing As noted in #3617 (comment), a potential workaround here is comitting a |
If
Dependabot
updates ie.github.com/golang/protobuf
from1.4.3
to1.5.1
and the repo contains some auto-generated code or unused ones thenDependabot
will remove all dependencies.Package manager/ecosystem
go:modules
Manifest contents prior to update
Updated dependency
What you expected to see, versus what you actually saw
It would be nice if
Dependabot
updates only actual dependency and do not remove other ones.It is easy to fix by telling
Dependabot
to create a temporary file ie.dependabot.go
and copy all deps from originalgo.mod
todependabot.go
:and after that run update and create a new diffs for
go.mod
andgo.sum
.Images of the diff or a link to the PR, issue or logs
The text was updated successfully, but these errors were encountered: