Dependabot Support for Go 1.21 #65431
Answered
by
ivan-penchev
maxmoehl
asked this question in
Code Security
-
Select Topic AreaQuestion BodyI noticed that a recent dependabot PR couldn't be rebased anymore. The Dependabot dashboard (Insights > Dependency Graph > Dependabot) showed that go1.21 is not yet supported:
I have two questions:
Thanks :) Edit: This is the full log from Dependabot: Click me!proxy | 2023/08/31 07:34:19 proxy starting, commit: 93c4a893d794d736d84e940a79420e8d1180c0bd proxy | 2023/08/31 07:34:19 Listening (:1080) updater | 2023-08-31T07:34:21.015633870 [716218820:main:WARN:src/devices/src/legacy/serial.rs:222] Detached the serial input due to peer close/error. updater | time="2023-08-31T07:34:23Z" level=info msg="guest starting" commit=4411563f7e792aa216b0b1ea4b056506b2613759 updater | time="2023-08-31T07:34:23Z" level=info msg="starting job..." fetcher_timeout=10m0s job_id=716218820 updater_timeout=45m0s updater_version=bce68d39b350f6975c0967648f2cc56d4b41e6aa-gomod updater | 2023/08/31 07:34:25 INFO Raven 3.1.2 ready to catch errors updater | 2023/08/31 07:34:26 INFO Starting job processing proxy | 2023/08/31 07:34:27 [002] GET https://github.com:443/maxmoehl/harald/info/refs?service=git-upload-pack proxy | 2023/08/31 07:34:27 [002] * authenticating git server request (host: github.com) proxy | 2023/08/31 07:34:27 [002] 200 https://github.com:443/maxmoehl/harald/info/refs?service=git-upload-pack proxy | 2023/08/31 07:34:27 [004] POST https://github.com:443/maxmoehl/harald/git-upload-pack proxy | 2023/08/31 07:34:27 [004] * authenticating git server request (host: github.com) proxy | 2023/08/31 07:34:27 [004] 200 https://github.com:443/maxmoehl/harald/git-upload-pack proxy | 2023/08/31 07:34:27 [006] POST https://github.com:443/maxmoehl/harald/git-upload-pack proxy | 2023/08/31 07:34:27 [006] * authenticating git server request (host: github.com) proxy | 2023/08/31 07:34:27 [006] 200 https://github.com:443/maxmoehl/harald/git-upload-pack updater | 2023/08/31 07:34:28 INFO Finished job processing updater | time="2023-08-31T07:34:28Z" level=info msg="task complete" container_id=job-716218820-file-fetcher exit_code=0 job_id=716218820 step=fetcher updater | 2023/08/31 07:34:29 INFO Raven 3.1.2 ready to catch errors updater | 2023/08/31 07:34:30 INFO Starting job processing proxy | 2023/08/31 07:34:31 [010] GET https://proxy.golang.org:443/golang.org/toolchain/@v/v0.0.1-go1.21.linux-amd64.zip proxy | 2023/08/31 07:34:31 [010] 404 https://proxy.golang.org:443/golang.org/toolchain/@v/v0.0.1-go1.21.linux-amd64.zip proxy | 2023/08/31 07:34:31 [012] GET https://golang.org:443/toolchain?go-get=1 proxy | 2023/08/31 07:34:31 [012] 200 https://golang.org:443/toolchain?go-get=1 proxy | 2023/08/31 07:34:32 [014] GET https://go.dev:443/dl/mod/golang.org/toolchain/@v/v0.0.1-go1.21.linux-amd64.zip proxy | 2023/08/31 07:34:32 [014] 302 https://go.dev:443/dl/mod/golang.org/toolchain/@v/v0.0.1-go1.21.linux-amd64.zip proxy | 2023/08/31 07:34:32 [016] GET https://dl.google.com:443/go/v0.0.1-go1.21.linux-amd64.zip proxy | 2023/08/31 07:34:32 [016] 404 https://dl.google.com:443/go/v0.0.1-go1.21.linux-amd64.zip updater | 2023/08/31 07:34:32 INFO Finished job processing updater | 2023/08/31 07:34:32 INFO Results: updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details. updater | +-------------------------------+ updater | | Errors | updater | +-------------------------------+ updater | | dependency_file_not_parseable | updater | +-------------------------------+ updater | time="2023-08-31T07:34:32Z" level=info msg="task complete" container_id=job-716218820-updater exit_code=0 job_id=716218820 step=updater |
Beta Was this translation helpful? Give feedback.
Answered by
ivan-penchev
Aug 31, 2023
Replies: 1 comment 1 reply
-
this is as expected: In general if you want to specify a development version in the go line, you must also give a concrete toolchain version. So modifying your go.mod in either of these should work: go 1.21.0 go 1.21
toolchain go1.21.0 |
Beta Was this translation helpful? Give feedback.
1 reply
Answer selected by
maxmoehl
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
this is as expected:
go 1.21
was a development version of the language, for which there is no downloadable release (because it is not a specific version). The release version would bego 1.21.0
.In general if you want to specify a development version in the go line, you must also give a concrete toolchain version. So modifying your go.mod in either of these should work: