github/troubleshoot
1
0
Fork 0
mirror of https://github.com/replicatedhq/troubleshoot.git synced 2026-02-14 10:19:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): enable Go toolchain updates in Dependabot

Browse Source 
Configure Dependabot to track Go toolchain versions in addition to
Go module dependencies. This ensures stdlib CVEs are caught and fixed
automatically via Dependabot PRs.

Changes:
- Add "allow: dependency-type: all" to enable Go toolchain tracking
- Apply to both root and examples/sdk/helm-template directories

Context:
Previously, Dependabot only tracked Go module dependencies (like
github.com/opencontainers/selinux) but not the Go version itself.
This meant stdlib CVEs in go.mod (e.g., go 1.24.6 → 1.24.9) were
not automatically detected.

With this change, Dependabot will create PRs for Go version updates
when new patch releases contain security fixes.

Related: https://github.com/replicated-collab/git-guardian-kots/issues/287
This commit is contained in:
Nicholas Mullen
2025-11-19 11:16:19 -06:00
parent e9111edd47
commit f5a90552f1
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/dependabot.yml vendored
View File

@@ -13,6 +13,9 @@ updates:
- "type::security" - "type::security"
schedule: schedule:
interval: "weekly" interval: "weekly"
# Enable Go toolchain updates to catch stdlib CVEs
allow:
- dependency-type: "all"
groups: groups:
security: security:
update-types: update-types:
@@ -26,6 +29,9 @@ updates:
- "type::security" - "type::security"
schedule: schedule:
interval: "weekly" interval: "weekly"
# Enable Go toolchain updates to catch stdlib CVEs
allow:
- dependency-type: "all"
groups: groups:
security: security:
update-types: update-types: